From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 14 Dec 2017 21:29:15 +0000 (+0100)
Subject: 4.4-stable patches
X-Git-Tag: v3.18.88~7
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=cc4be0cbc19db185a5f6e5cbb79db808f074586a;p=thirdparty%2Fkernel%2Fstable-queue.git

4.4-stable patches

added patches:
	arm-kvm-fix-vttbr_baddr_mask-bug_on-off-by-one.patch
---

diff --git a/queue-4.4/arm-kvm-fix-vttbr_baddr_mask-bug_on-off-by-one.patch b/queue-4.4/arm-kvm-fix-vttbr_baddr_mask-bug_on-off-by-one.patch
new file mode 100644
index 00000000000..7ff32afbd82
--- /dev/null
+++ b/queue-4.4/arm-kvm-fix-vttbr_baddr_mask-bug_on-off-by-one.patch
@@ -0,0 +1,41 @@
+From 5553b142be11e794ebc0805950b2e8313f93d718 Mon Sep 17 00:00:00 2001
+From: Marc Zyngier <marc.zyngier@arm.com>
+Date: Thu, 16 Nov 2017 17:58:21 +0000
+Subject: arm: KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one
+
+From: Marc Zyngier <marc.zyngier@arm.com>
+
+commit 5553b142be11e794ebc0805950b2e8313f93d718 upstream.
+
+VTTBR_BADDR_MASK is used to sanity check the size and alignment of the
+VTTBR address. It seems to currently be off by one, thereby only
+allowing up to 39-bit addresses (instead of 40-bit) and also
+insufficiently checking the alignment. This patch fixes it.
+
+This patch is the 32bit pendent of Kristina's arm64 fix, and
+she deserves the actual kudos for pinpointing that one.
+
+Fixes: f7ed45be3ba52 ("KVM: ARM: World-switch implementation")
+Cc: <stable@vger.kernel.org> # 3.9
+Reported-by: Kristina Martsenko <kristina.martsenko@arm.com>
+Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
+Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
+Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/include/asm/kvm_arm.h |    3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/arch/arm/include/asm/kvm_arm.h
++++ b/arch/arm/include/asm/kvm_arm.h
+@@ -161,8 +161,7 @@
+ #else
+ #define VTTBR_X		(5 - KVM_T0SZ)
+ #endif
+-#define VTTBR_BADDR_SHIFT (VTTBR_X - 1)
+-#define VTTBR_BADDR_MASK  (((1LLU << (40 - VTTBR_X)) - 1) << VTTBR_BADDR_SHIFT)
++#define VTTBR_BADDR_MASK  (((1LLU << (40 - VTTBR_X)) - 1) << VTTBR_X)
+ #define VTTBR_VMID_SHIFT  (48LLU)
+ #define VTTBR_VMID_MASK	  (0xffLLU << VTTBR_VMID_SHIFT)
+ 
diff --git a/queue-4.4/series b/queue-4.4/series
index cdc49ba7791..7e1a716430c 100644
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -103,3 +103,4 @@ net-packet-fix-a-race-in-packet_bind-and-packet_notifier.patch
 revert-x86-efi-build-our-own-page-table-structures.patch
 revert-x86-efi-hoist-page-table-switching-code-into-efi_call_virt.patch
 revert-x86-mm-pat-ensure-cpa-pfn-only-contains-page-frame-numbers.patch
+arm-kvm-fix-vttbr_baddr_mask-bug_on-off-by-one.patch