From: Hugh Dickins <hughd@google.com>
Date: Mon, 18 Dec 2017 03:53:01 +0000 (-0800)
Subject: kaiser: alloc_ldt_struct() use get_zeroed_page()
X-Git-Tag: v3.2.98~23
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c03f7fe82cc62ebeb81851247897b36d5bbba61d;p=thirdparty%2Fkernel%2Fstable.git

kaiser: alloc_ldt_struct() use get_zeroed_page()

Change the 3.2.96 and 3.18.72 alloc_ldt_struct() to allocate its entries
with get_zeroed_page(), as 4.3 onwards does since f454b4788613 ("x86/ldt:
Fix small LDT allocation for Xen").  This then matches the free_page()
I had misported in __free_ldt_struct(), and fixes the
"BUG: Bad page state in process ldt_gdt_32 ... flags: 0x80(slab)"
reported by Kees Cook and Jiri Kosina, and analysed by Jiri.

Signed-off-by: Hugh Dickins <hughd@google.com>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---

diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c
index 836a4c2d5cebc..8d4e15f59b5f6 100644
--- a/arch/x86/kernel/ldt.c
+++ b/arch/x86/kernel/ldt.c
@@ -70,7 +70,7 @@ static struct ldt_struct *alloc_ldt_struct(int size)
 	if (alloc_size > PAGE_SIZE)
 		new_ldt->entries = vzalloc(alloc_size);
 	else
-		new_ldt->entries = kzalloc(PAGE_SIZE, GFP_KERNEL);
+		new_ldt->entries = (void *)get_zeroed_page(GFP_KERNEL);
 
 	if (!new_ldt->entries) {
 		kfree(new_ldt);