4.9-stable patches

added patches:
	x86-apic-vector-handle-legacy-irq-data-correctly.patch

diff --git a/queue-4.9/series b/queue-4.9/series
index 26af0750b6e8b62b95ca52ee23c587ea59c82e5c..046dcd0f89970902866bf36223fc5d4c905be8b9 100644 (file)
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -29,3 +29,4 @@ x86-mm-give-each-mm-tlb-flush-generation-a-unique-id.patch
 x86-speculation-use-indirect-branch-prediction-barrier-in-context-switch.patch
 md-only-allow-remove_and_add_spares-when-no-sync_thread-running.patch
 netlink-put-module-reference-if-dump-start-fails.patch
+x86-apic-vector-handle-legacy-irq-data-correctly.patch

diff --git a/queue-4.9/x86-apic-vector-handle-legacy-irq-data-correctly.patch b/queue-4.9/x86-apic-vector-handle-legacy-irq-data-correctly.patch
new file mode 100644 (file)
index 0000000..34f50d7
--- /dev/null
+++ b/queue-4.9/x86-apic-vector-handle-legacy-irq-data-correctly.patch
@@ -0,0 +1,67 @@
+From ben.hutchings@codethink.co.uk  Wed Mar  7 11:01:18 2018
+From: Ben Hutchings <ben.hutchings@codethink.co.uk>
+Date: Wed, 7 Mar 2018 18:36:43 +0000
+Subject: x86/apic/vector: Handle legacy irq data correctly
+To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>, stable@vger.kernel.org
+Message-ID: <20180307183643.7vy7znqgismeh62p@xylophone.i.decadent.org.uk>
+Content-Disposition: inline
+
+
+From: Thomas Gleixner <tglx@linutronix.de>
+
+The backport of upstream commit 45d55e7bac40 ("x86/apic/vector: Fix off by
+one in error path") missed to fixup the legacy interrupt data which is not
+longer available upstream.
+
+Handle legacy irq data correctly by clearing the legacy storage to prevent
+use after free.
+
+Fixes: 7fd133539289 ("x86/apic/vector: Fix off by one in error path") - 4.4.y
+Fixes: c557481a9491 ("x86/apic/vector: Fix off by one in error path") - 4.9.y
+Reported-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/kernel/apic/vector.c |   14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+--- a/arch/x86/kernel/apic/vector.c
++++ b/arch/x86/kernel/apic/vector.c
+@@ -93,8 +93,12 @@ out_data:
+       return NULL;
+ }
+ 
+-static void free_apic_chip_data(struct apic_chip_data *data)
++static void free_apic_chip_data(unsigned int virq, struct apic_chip_data *data)
+ {
++#ifdef        CONFIG_X86_IO_APIC
++      if (virq  < nr_legacy_irqs())
++              legacy_irq_data[virq] = NULL;
++#endif
+       if (data) {
+               free_cpumask_var(data->domain);
+               free_cpumask_var(data->old_domain);
+@@ -318,11 +322,7 @@ static void x86_vector_free_irqs(struct
+                       apic_data = irq_data->chip_data;
+                       irq_domain_reset_irq_data(irq_data);
+                       raw_spin_unlock_irqrestore(&vector_lock, flags);
+-                      free_apic_chip_data(apic_data);
+-#ifdef        CONFIG_X86_IO_APIC
+-                      if (virq + i < nr_legacy_irqs())
+-                              legacy_irq_data[virq + i] = NULL;
+-#endif
++                      free_apic_chip_data(virq + i, apic_data);
+               }
+       }
+ }
+@@ -363,7 +363,7 @@ static int x86_vector_alloc_irqs(struct
+               err = assign_irq_vector_policy(virq + i, node, data, info);
+               if (err) {
+                       irq_data->chip_data = NULL;
+-                      free_apic_chip_data(data);
++                      free_apic_chip_data(virq + i, data);
+                       goto error;
+               }
+       }