--- /dev/null
+From 8cb68751c115d176ec851ca56ecfbb411568c9e8 Mon Sep 17 00:00:00 2001
+From: Marc Kleine-Budde <mkl@pengutronix.de>
+Date: Tue, 16 Jan 2018 19:30:14 +0100
+Subject: can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once
+
+From: Marc Kleine-Budde <mkl@pengutronix.de>
+
+commit 8cb68751c115d176ec851ca56ecfbb411568c9e8 upstream.
+
+If an invalid CAN frame is received, from a driver or from a tun
+interface, a Kernel warning is generated.
+
+This patch replaces the WARN_ONCE by a simple pr_warn_once, so that a
+kernel, bootet with panic_on_warn, does not panic. A printk seems to be
+more appropriate here.
+
+Reported-by: syzbot+4386709c0c1284dca827@syzkaller.appspotmail.com
+Suggested-by: Dmitry Vyukov <dvyukov@google.com>
+Acked-by: Oliver Hartkopp <socketcan@hartkopp.net>
+Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
+Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+
+---
+ net/can/af_can.c | 11 +++++------
+ 1 file changed, 5 insertions(+), 6 deletions(-)
+
+--- a/net/can/af_can.c
++++ b/net/can/af_can.c
+@@ -722,13 +722,12 @@ static int can_rcv(struct sk_buff *skb,
+ if (unlikely(!net_eq(dev_net(dev), &init_net)))
+ goto drop;
+
+- if (WARN_ONCE(dev->type != ARPHRD_CAN ||
+- skb->len != CAN_MTU ||
+- cfd->len > CAN_MAX_DLEN,
+- "PF_CAN: dropped non conform CAN skbuf: "
+- "dev type %d, len %d, datalen %d\n",
+- dev->type, skb->len, cfd->len))
++ if (unlikely(dev->type != ARPHRD_CAN || skb->len != CAN_MTU ||
++ cfd->len > CAN_MAX_DLEN)) {
++ pr_warn_once("PF_CAN: dropped non conform CAN skbuf: dev type %d, len %d, datalen %d\n",
++ dev->type, skb->len, cfd->len);
+ goto drop;
++ }
+
+ can_receive(skb, dev);
+ return NET_RX_SUCCESS;
--- /dev/null
+From d4689846881d160a4d12a514e991a740bcb5d65a Mon Sep 17 00:00:00 2001
+From: Marc Kleine-Budde <mkl@pengutronix.de>
+Date: Tue, 16 Jan 2018 19:30:14 +0100
+Subject: can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once
+
+From: Marc Kleine-Budde <mkl@pengutronix.de>
+
+commit d4689846881d160a4d12a514e991a740bcb5d65a upstream.
+
+If an invalid CANFD frame is received, from a driver or from a tun
+interface, a Kernel warning is generated.
+
+This patch replaces the WARN_ONCE by a simple pr_warn_once, so that a
+kernel, bootet with panic_on_warn, does not panic. A printk seems to be
+more appropriate here.
+
+Reported-by: syzbot+e3b775f40babeff6e68b@syzkaller.appspotmail.com
+Suggested-by: Dmitry Vyukov <dvyukov@google.com>
+Acked-by: Oliver Hartkopp <socketcan@hartkopp.net>
+Cc: linux-stable <stable@vger.kernel.org>
+Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
+Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/can/af_can.c | 11 +++++------
+ 1 file changed, 5 insertions(+), 6 deletions(-)
+
+--- a/net/can/af_can.c
++++ b/net/can/af_can.c
+@@ -745,13 +745,12 @@ static int canfd_rcv(struct sk_buff *skb
+ if (unlikely(!net_eq(dev_net(dev), &init_net)))
+ goto drop;
+
+- if (WARN_ONCE(dev->type != ARPHRD_CAN ||
+- skb->len != CANFD_MTU ||
+- cfd->len > CANFD_MAX_DLEN,
+- "PF_CAN: dropped non conform CAN FD skbuf: "
+- "dev type %d, len %d, datalen %d\n",
+- dev->type, skb->len, cfd->len))
++ if (unlikely(dev->type != ARPHRD_CAN || skb->len != CANFD_MTU ||
++ cfd->len > CANFD_MAX_DLEN)) {
++ pr_warn_once("PF_CAN: dropped non conform CAN FD skbuf: dev type %d, len %d, datalen %d\n",
++ dev->type, skb->len, cfd->len);
+ goto drop;
++ }
+
+ can_receive(skb, dev);
+ return NET_RX_SUCCESS;
--- /dev/null
+From c507babf10ead4d5c8cca704539b170752a8ac84 Mon Sep 17 00:00:00 2001
+From: Punit Agrawal <punit.agrawal@arm.com>
+Date: Thu, 4 Jan 2018 18:24:33 +0000
+Subject: KVM: arm/arm64: Check pagesize when allocating a hugepage at Stage 2
+
+From: Punit Agrawal <punit.agrawal@arm.com>
+
+commit c507babf10ead4d5c8cca704539b170752a8ac84 upstream.
+
+KVM only supports PMD hugepages at stage 2 but doesn't actually check
+that the provided hugepage memory pagesize is PMD_SIZE before populating
+stage 2 entries.
+
+In cases where the backing hugepage size is smaller than PMD_SIZE (such
+as when using contiguous hugepages), KVM can end up creating stage 2
+mappings that extend beyond the supplied memory.
+
+Fix this by checking for the pagesize of userspace vma before creating
+PMD hugepage at stage 2.
+
+Fixes: 66b3923a1a0f77a ("arm64: hugetlb: add support for PTE contiguous bit")
+Signed-off-by: Punit Agrawal <punit.agrawal@arm.com>
+Cc: Marc Zyngier <marc.zyngier@arm.com>
+Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
+Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/kvm/mmu.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/arm/kvm/mmu.c
++++ b/arch/arm/kvm/mmu.c
+@@ -1284,7 +1284,7 @@ static int user_mem_abort(struct kvm_vcp
+ return -EFAULT;
+ }
+
+- if (is_vm_hugetlb_page(vma) && !logging_active) {
++ if (vma_kernel_pagesize(vma) && !logging_active) {
+ hugetlb = true;
+ gfn = (fault_ipa & PMD_MASK) >> PAGE_SHIFT;
+ } else {
usbip-prevent-vhci_hcd-driver-from-leaking-a-socket-pointer-address.patch
usbip-fix-implicit-fallthrough-warning.patch
usbip-fix-potential-format-overflow-in-userspace-tools.patch
+can-af_can-can_rcv-replace-warn_once-by-pr_warn_once.patch
+can-af_can-canfd_rcv-replace-warn_once-by-pr_warn_once.patch
+kvm-arm-arm64-check-pagesize-when-allocating-a-hugepage-at-stage-2.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
