From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 14 Dec 2017 20:46:38 +0000 (+0100)
Subject: 3.18-stable patches
X-Git-Tag: v3.18.88~14
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=be5d67c742beeaf092b9a9b0584c79dd1cab576f;p=thirdparty%2Fkernel%2Fstable-queue.git

3.18-stable patches

added patches:
	arm-kvm-fix-vttbr_baddr_mask-bug_on-off-by-one.patch
---

diff --git a/queue-3.18/arm-kvm-fix-vttbr_baddr_mask-bug_on-off-by-one.patch b/queue-3.18/arm-kvm-fix-vttbr_baddr_mask-bug_on-off-by-one.patch
new file mode 100644
index 00000000000..7ff32afbd82
--- /dev/null
+++ b/queue-3.18/arm-kvm-fix-vttbr_baddr_mask-bug_on-off-by-one.patch
@@ -0,0 +1,41 @@
+From 5553b142be11e794ebc0805950b2e8313f93d718 Mon Sep 17 00:00:00 2001
+From: Marc Zyngier <marc.zyngier@arm.com>
+Date: Thu, 16 Nov 2017 17:58:21 +0000
+Subject: arm: KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one
+
+From: Marc Zyngier <marc.zyngier@arm.com>
+
+commit 5553b142be11e794ebc0805950b2e8313f93d718 upstream.
+
+VTTBR_BADDR_MASK is used to sanity check the size and alignment of the
+VTTBR address. It seems to currently be off by one, thereby only
+allowing up to 39-bit addresses (instead of 40-bit) and also
+insufficiently checking the alignment. This patch fixes it.
+
+This patch is the 32bit pendent of Kristina's arm64 fix, and
+she deserves the actual kudos for pinpointing that one.
+
+Fixes: f7ed45be3ba52 ("KVM: ARM: World-switch implementation")
+Cc: <stable@vger.kernel.org> # 3.9
+Reported-by: Kristina Martsenko <kristina.martsenko@arm.com>
+Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
+Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
+Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/include/asm/kvm_arm.h |    3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/arch/arm/include/asm/kvm_arm.h
++++ b/arch/arm/include/asm/kvm_arm.h
+@@ -161,8 +161,7 @@
+ #else
+ #define VTTBR_X		(5 - KVM_T0SZ)
+ #endif
+-#define VTTBR_BADDR_SHIFT (VTTBR_X - 1)
+-#define VTTBR_BADDR_MASK  (((1LLU << (40 - VTTBR_X)) - 1) << VTTBR_BADDR_SHIFT)
++#define VTTBR_BADDR_MASK  (((1LLU << (40 - VTTBR_X)) - 1) << VTTBR_X)
+ #define VTTBR_VMID_SHIFT  (48LLU)
+ #define VTTBR_VMID_MASK	  (0xffLLU << VTTBR_VMID_SHIFT)
+ 
diff --git a/queue-3.18/series b/queue-3.18/series
index 422863b4b96..decfda876a2 100644
--- a/queue-3.18/series
+++ b/queue-3.18/series
@@ -60,3 +60,4 @@ ib-mlx4-increase-maximal-message-size-under-ud-qp.patch
 ib-mlx5-assign-send-cq-and-recv-cq-of-umr-qp.patch
 afs-connect-up-the-cb.probeuuid.patch
 audit-ensure-that-audit-1-actually-enables-audit-for-pid-1.patch
+arm-kvm-fix-vttbr_baddr_mask-bug_on-off-by-one.patch