From 9141d3bc5668a1a8948c0bb759709a098f469d4b Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 7 Dec 2018 16:50:34 +0100
Subject: [PATCH] 4.9-stable patches

added patches:
	hugetlbfs-fix-bug-in-pgoff-overflow-checking.patch
---
 ...s-fix-bug-in-pgoff-overflow-checking.patch | 58 +++++++++++++++++++
 queue-4.9/series                              |  1 +
 2 files changed, 59 insertions(+)
 create mode 100644 queue-4.9/hugetlbfs-fix-bug-in-pgoff-overflow-checking.patch

diff --git a/queue-4.9/hugetlbfs-fix-bug-in-pgoff-overflow-checking.patch b/queue-4.9/hugetlbfs-fix-bug-in-pgoff-overflow-checking.patch
new file mode 100644
index 00000000000..9f96bfe7198
--- /dev/null
+++ b/queue-4.9/hugetlbfs-fix-bug-in-pgoff-overflow-checking.patch
@@ -0,0 +1,58 @@
+From 5df63c2a149ae65a9ec239e7c2af44efa6f79beb Mon Sep 17 00:00:00 2001
+From: Mike Kravetz <mike.kravetz@oracle.com>
+Date: Thu, 5 Apr 2018 16:18:21 -0700
+Subject: hugetlbfs: fix bug in pgoff overflow checking
+
+From: Mike Kravetz <mike.kravetz@oracle.com>
+
+commit 5df63c2a149ae65a9ec239e7c2af44efa6f79beb upstream.
+
+This is a fix for a regression in 32 bit kernels caused by an invalid
+check for pgoff overflow in hugetlbfs mmap setup.  The check incorrectly
+specified that the size of a loff_t was the same as the size of a long.
+The regression prevents mapping hugetlbfs files at offsets greater than
+4GB on 32 bit kernels.
+
+On 32 bit kernels conversion from a page based unsigned long can not
+overflow a loff_t byte offset.  Therefore, skip this check if
+sizeof(unsigned long) != sizeof(loff_t).
+
+Link: http://lkml.kernel.org/r/20180330145402.5053-1-mike.kravetz@oracle.com
+Fixes: 63489f8e8211 ("hugetlbfs: check for pgoff value overflow")
+Reported-by: Dan Rue <dan.rue@linaro.org>
+Signed-off-by: Mike Kravetz <mike.kravetz@oracle.com>
+Tested-by: Anders Roxell <anders.roxell@linaro.org>
+Cc: Michal Hocko <mhocko@kernel.org>
+Cc: Yisheng Xie <xieyisheng1@huawei.com>
+Cc: "Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>
+Cc: Nic Losby <blurbdust@gmail.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Ben Hutchings <ben.hutchings@codethink.co.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/hugetlbfs/inode.c |   10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+--- a/fs/hugetlbfs/inode.c
++++ b/fs/hugetlbfs/inode.c
+@@ -148,10 +148,14 @@ static int hugetlbfs_file_mmap(struct fi
+ 
+ 	/*
+ 	 * page based offset in vm_pgoff could be sufficiently large to
+-	 * overflow a (l)off_t when converted to byte offset.
++	 * overflow a loff_t when converted to byte offset.  This can
++	 * only happen on architectures where sizeof(loff_t) ==
++	 * sizeof(unsigned long).  So, only check in those instances.
+ 	 */
+-	if (vma->vm_pgoff & PGOFF_LOFFT_MAX)
+-		return -EINVAL;
++	if (sizeof(unsigned long) == sizeof(loff_t)) {
++		if (vma->vm_pgoff & PGOFF_LOFFT_MAX)
++			return -EINVAL;
++	}
+ 
+ 	/* must be huge page aligned */
+ 	if (vma->vm_pgoff & (~huge_page_mask(h) >> PAGE_SHIFT))
diff --git a/queue-4.9/series b/queue-4.9/series
index a9a7dedd47e..e1883fb68c9 100644
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -99,3 +99,4 @@ f2fs-fix-to-do-sanity-check-with-block-address-in-main-area-v2.patch
 f2fs-free-meta-pages-if-sanity-check-for-ckpt-is-failed.patch
 f2fs-fix-to-do-sanity-check-with-cp_pack_start_sum.patch
 xfs-don-t-fail-when-converting-shortform-attr-to-long-form-during-attr_replace.patch
+hugetlbfs-fix-bug-in-pgoff-overflow-checking.patch
-- 
2.47.3