From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 18 May 2018 14:31:08 +0000 (+0200)
Subject: 4.4-stable patches
X-Git-Tag: v4.16.10~2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a6f4422b27e25fd7aa43c6a3b9d763ecb0dee48a;p=thirdparty%2Fkernel%2Fstable-queue.git

4.4-stable patches

added patches:
	kernel-exit.c-avoid-undefined-behaviour-when-calling-wait4.patch
---

diff --git a/queue-4.4/kernel-exit.c-avoid-undefined-behaviour-when-calling-wait4.patch b/queue-4.4/kernel-exit.c-avoid-undefined-behaviour-when-calling-wait4.patch
new file mode 100644
index 00000000000..a2222a213e3
--- /dev/null
+++ b/queue-4.4/kernel-exit.c-avoid-undefined-behaviour-when-calling-wait4.patch
@@ -0,0 +1,54 @@
+From dd83c161fbcc5d8be637ab159c0de015cbff5ba4 Mon Sep 17 00:00:00 2001
+From: zhongjiang <zhongjiang@huawei.com>
+Date: Mon, 10 Jul 2017 15:53:01 -0700
+Subject: kernel/exit.c: avoid undefined behaviour when calling wait4()
+
+From: zhongjiang <zhongjiang@huawei.com>
+
+commit dd83c161fbcc5d8be637ab159c0de015cbff5ba4 upstream.
+
+wait4(-2147483648, 0x20, 0, 0xdd0000) triggers:
+UBSAN: Undefined behaviour in kernel/exit.c:1651:9
+
+The related calltrace is as follows:
+
+  negation of -2147483648 cannot be represented in type 'int':
+  CPU: 9 PID: 16482 Comm: zj Tainted: G    B          ---- -------   3.10.0-327.53.58.71.x86_64+ #66
+  Hardware name: Huawei Technologies Co., Ltd. Tecal RH2285          /BC11BTSA              , BIOS CTSAV036 04/27/2011
+  Call Trace:
+    dump_stack+0x19/0x1b
+    ubsan_epilogue+0xd/0x50
+    __ubsan_handle_negate_overflow+0x109/0x14e
+    SyS_wait4+0x1cb/0x1e0
+    system_call_fastpath+0x16/0x1b
+
+Exclude the overflow to avoid the UBSAN warning.
+
+Link: http://lkml.kernel.org/r/1497264618-20212-1-git-send-email-zhongjiang@huawei.com
+Signed-off-by: zhongjiang <zhongjiang@huawei.com>
+Cc: Oleg Nesterov <oleg@redhat.com>
+Cc: David Rientjes <rientjes@google.com>
+Cc: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
+Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
+Cc: Xishi Qiu <qiuxishi@huawei.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/exit.c |    4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/kernel/exit.c
++++ b/kernel/exit.c
+@@ -1608,6 +1608,10 @@ SYSCALL_DEFINE4(wait4, pid_t, upid, int
+ 			__WNOTHREAD|__WCLONE|__WALL))
+ 		return -EINVAL;
+ 
++	/* -INT_MIN is not defined */
++	if (upid == INT_MIN)
++		return -ESRCH;
++
+ 	if (upid == -1)
+ 		type = PIDTYPE_MAX;
+ 	else if (upid < 0) {
diff --git a/queue-4.4/series b/queue-4.4/series
index 4944ad98a9a..94728da5267 100644
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -29,3 +29,4 @@ revert-arm-dts-imx6qdl-wandboard-fix-audio-channel-swap.patch
 l2tp-revert-l2tp-fix-missing-print-session-offset-info.patch
 pipe-cap-initial-pipe-capacity-according-to-pipe-max-size-limit.patch
 futex-futex_wake_op-fix-sign_extend32-sign-bits.patch
+kernel-exit.c-avoid-undefined-behaviour-when-calling-wait4.patch