From b48ccaa516847f6d8855fe3df7954962f2ec0768 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 11 Jun 2018 07:26:13 +0200
Subject: [PATCH] 3.18-stable patches

added patches:
	drm-set-fmode_unsigned_offset-for-drm-files.patch
---
 ...-fmode_unsigned_offset-for-drm-files.patch | 36 +++++++++++++++++++
 queue-3.18/series                             |  1 +
 2 files changed, 37 insertions(+)
 create mode 100644 queue-3.18/drm-set-fmode_unsigned_offset-for-drm-files.patch

diff --git a/queue-3.18/drm-set-fmode_unsigned_offset-for-drm-files.patch b/queue-3.18/drm-set-fmode_unsigned_offset-for-drm-files.patch
new file mode 100644
index 00000000000..3ad8e78364b
--- /dev/null
+++ b/queue-3.18/drm-set-fmode_unsigned_offset-for-drm-files.patch
@@ -0,0 +1,36 @@
+From 76ef6b28ea4f81c3d511866a9b31392caa833126 Mon Sep 17 00:00:00 2001
+From: Dave Airlie <airlied@redhat.com>
+Date: Tue, 15 May 2018 13:38:15 +1000
+Subject: drm: set FMODE_UNSIGNED_OFFSET for drm files
+
+From: Dave Airlie <airlied@redhat.com>
+
+commit 76ef6b28ea4f81c3d511866a9b31392caa833126 upstream.
+
+Since we have the ttm and gem vma managers using a subset
+of the file address space for objects, and these start at
+0x100000000 they will overflow the new mmap checks.
+
+I've checked all the mmap routines I could see for any
+bad behaviour but overall most people use GEM/TTM VMA
+managers even the legacy drivers have a hashtable.
+
+Reported-and-Tested-by: Arthur Marsh (amarsh04 on #radeon)
+Fixes: be83bbf8068 (mmap: introduce sane default mmap limits)
+Signed-off-by: Dave Airlie <airlied@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/gpu/drm/drm_fops.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/gpu/drm/drm_fops.c
++++ b/drivers/gpu/drm/drm_fops.c
+@@ -155,6 +155,7 @@ static int drm_open_helper(struct file *
+ 		return -ENOMEM;
+ 
+ 	filp->private_data = priv;
++	filp->f_mode |= FMODE_UNSIGNED_OFFSET;
+ 	priv->filp = filp;
+ 	priv->uid = current_euid();
+ 	priv->pid = get_pid(task_pid(current));
diff --git a/queue-3.18/series b/queue-3.18/series
index 52de08f8771..7232d6ede89 100644
--- a/queue-3.18/series
+++ b/queue-3.18/series
@@ -8,3 +8,4 @@ fix-io_destroy-aio_complete-race.patch
 mm-fix-the-null-mapping-case-in-__isolate_lru_page.patch
 mmap-introduce-sane-default-mmap-limits.patch
 mmap-relax-file-size-limit-for-regular-files.patch
+drm-set-fmode_unsigned_offset-for-drm-files.patch
-- 
2.47.3