From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 27 Nov 2017 12:39:59 +0000 (+0100)
Subject: 3.18-stable patches
X-Git-Tag: v3.18.85~44
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d543e54b2cc18818228d32a76a30d52dc43280f3;p=thirdparty%2Fkernel%2Fstable-queue.git

3.18-stable patches

added patches:
	arm-8721-1-mm-dump-check-hardware-ro-bit-for-lpae.patch
	x86-decoder-add-new-test-instruction-pattern.patch
---

diff --git a/queue-3.18/arm-8721-1-mm-dump-check-hardware-ro-bit-for-lpae.patch b/queue-3.18/arm-8721-1-mm-dump-check-hardware-ro-bit-for-lpae.patch
new file mode 100644
index 00000000000..20e78a89f83
--- /dev/null
+++ b/queue-3.18/arm-8721-1-mm-dump-check-hardware-ro-bit-for-lpae.patch
@@ -0,0 +1,55 @@
+From 3b0c0c922ff4be275a8beb87ce5657d16f355b54 Mon Sep 17 00:00:00 2001
+From: Philip Derrin <philip@cog.systems>
+Date: Tue, 14 Nov 2017 00:55:26 +0100
+Subject: ARM: 8721/1: mm: dump: check hardware RO bit for LPAE
+
+From: Philip Derrin <philip@cog.systems>
+
+commit 3b0c0c922ff4be275a8beb87ce5657d16f355b54 upstream.
+
+When CONFIG_ARM_LPAE is set, the PMD dump relies on the software
+read-only bit to determine whether a page is writable. This
+concealed a bug which left the kernel text section writable
+(AP2=0) while marked read-only in the software bit.
+
+In a kernel with the AP2 bug, the dump looks like this:
+
+    ---[ Kernel Mapping ]---
+    0xc0000000-0xc0200000           2M RW NX SHD
+    0xc0200000-0xc0600000           4M ro x  SHD
+    0xc0600000-0xc0800000           2M ro NX SHD
+    0xc0800000-0xc4800000          64M RW NX SHD
+
+The fix is to check that the software and hardware bits are both
+set before displaying "ro". The dump then shows the true perms:
+
+    ---[ Kernel Mapping ]---
+    0xc0000000-0xc0200000           2M RW NX SHD
+    0xc0200000-0xc0600000           4M RW x  SHD
+    0xc0600000-0xc0800000           2M RW NX SHD
+    0xc0800000-0xc4800000          64M RW NX SHD
+
+Fixes: ded947798469 ("ARM: 8109/1: mm: Modify pte_write and pmd_write logic for LPAE")
+Signed-off-by: Philip Derrin <philip@cog.systems>
+Tested-by: Neil Dick <neil@cog.systems>
+Reviewed-by: Kees Cook <keescook@chromium.org>
+Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/mm/dump.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/arch/arm/mm/dump.c
++++ b/arch/arm/mm/dump.c
+@@ -126,8 +126,8 @@ static const struct prot_bits section_bi
+ 		.val	= PMD_SECT_USER,
+ 		.set	= "USR",
+ 	}, {
+-		.mask	= L_PMD_SECT_RDONLY,
+-		.val	= L_PMD_SECT_RDONLY,
++		.mask	= L_PMD_SECT_RDONLY | PMD_SECT_AP2,
++		.val	= L_PMD_SECT_RDONLY | PMD_SECT_AP2,
+ 		.set	= "ro",
+ 		.clear	= "RW",
+ #elif __LINUX_ARM_ARCH__ >= 6
diff --git a/queue-3.18/series b/queue-3.18/series
index 72110f9907f..d6e9095b74d 100644
--- a/queue-3.18/series
+++ b/queue-3.18/series
@@ -2,3 +2,5 @@ s390-disassembler-increase-show_code-buffer-size.patch
 ipv6-only-call-ip6_route_dev_notify-once-for-netdev_unregister.patch
 sched-make-resched_cpu-unconditional.patch
 lib-mpi-call-cond_resched-from-mpi_powm-loop.patch
+x86-decoder-add-new-test-instruction-pattern.patch
+arm-8721-1-mm-dump-check-hardware-ro-bit-for-lpae.patch
diff --git a/queue-3.18/x86-decoder-add-new-test-instruction-pattern.patch b/queue-3.18/x86-decoder-add-new-test-instruction-pattern.patch
new file mode 100644
index 00000000000..db21f2e1879
--- /dev/null
+++ b/queue-3.18/x86-decoder-add-new-test-instruction-pattern.patch
@@ -0,0 +1,58 @@
+From 12a78d43de767eaf8fb272facb7a7b6f2dc6a9df Mon Sep 17 00:00:00 2001
+From: Masami Hiramatsu <mhiramat@kernel.org>
+Date: Fri, 24 Nov 2017 13:56:30 +0900
+Subject: x86/decoder: Add new TEST instruction pattern
+
+From: Masami Hiramatsu <mhiramat@kernel.org>
+
+commit 12a78d43de767eaf8fb272facb7a7b6f2dc6a9df upstream.
+
+The kbuild test robot reported this build warning:
+
+  Warning: arch/x86/tools/test_get_len found difference at <jump_table>:ffffffff8103dd2c
+
+  Warning: ffffffff8103dd82: f6 09 d8 testb $0xd8,(%rcx)
+  Warning: objdump says 3 bytes, but insn_get_length() says 2
+  Warning: decoded and checked 1569014 instructions with 1 warnings
+
+This sequence seems to be a new instruction not in the opcode map in the Intel SDM.
+
+The instruction sequence is "F6 09 d8", means Group3(F6), MOD(00)REG(001)RM(001), and 0xd8.
+Intel SDM vol2 A.4 Table A-6 said the table index in the group is "Encoding of Bits 5,4,3 of
+the ModR/M Byte (bits 2,1,0 in parenthesis)"
+
+In that table, opcodes listed by the index REG bits as:
+
+  000         001       010 011  100        101        110         111
+ TEST Ib/Iz,(undefined),NOT,NEG,MUL AL/rAX,IMUL AL/rAX,DIV AL/rAX,IDIV AL/rAX
+
+So, it seems TEST Ib is assigned to 001.
+
+Add the new pattern.
+
+Reported-by: kbuild test robot <fengguang.wu@intel.com>
+Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
+Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Cc: H. Peter Anvin <hpa@zytor.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: linux-kernel@vger.kernel.org
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/lib/x86-opcode-map.txt |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/lib/x86-opcode-map.txt
++++ b/arch/x86/lib/x86-opcode-map.txt
+@@ -814,7 +814,7 @@ EndTable
+ 
+ GrpTable: Grp3_1
+ 0: TEST Eb,Ib
+-1:
++1: TEST Eb,Ib
+ 2: NOT Eb
+ 3: NEG Eb
+ 4: MUL AL,Eb