From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 18 Sep 2017 08:05:03 +0000 (+0200)
Subject: drop queue-4.4/x86-fsgsbase-64-fully-initialize-fs-and-gs-state-in-start_thread_commo... 
X-Git-Tag: v4.9.51~13
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ccf0610cbb794a4a64bd6447912156c9f1b55fc6;p=thirdparty%2Fkernel%2Fstable-queue.git

drop queue-4.4/x86-fsgsbase-64-fully-initialize-fs-and-gs-state-in-start_thread_common.patch
---

diff --git a/queue-4.4/series b/queue-4.4/series
index af337b0500b..2bb3cc9cb8f 100644
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -10,5 +10,4 @@ gianfar-fix-tx-flow-control-deactivation.patch
 ipv6-fix-memory-leak-with-multiple-tables-during-netns-destruction.patch
 ipv6-fix-typo-in-fib6_net_exit.patch
 f2fs-check-hot_data-for-roll-forward-recovery.patch
-x86-fsgsbase-64-fully-initialize-fs-and-gs-state-in-start_thread_common.patch
 x86-fsgsbase-64-report-fsbase-and-gsbase-correctly-in-core-dumps.patch
diff --git a/queue-4.4/x86-fsgsbase-64-fully-initialize-fs-and-gs-state-in-start_thread_common.patch b/queue-4.4/x86-fsgsbase-64-fully-initialize-fs-and-gs-state-in-start_thread_common.patch
deleted file mode 100644
index cee2485f774..00000000000
--- a/queue-4.4/x86-fsgsbase-64-fully-initialize-fs-and-gs-state-in-start_thread_common.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From 767d035d838f4fd6b5a5bbd7a3f6d293b7f65a49 Mon Sep 17 00:00:00 2001
-From: Andy Lutomirski <luto@kernel.org>
-Date: Tue, 1 Aug 2017 07:11:34 -0700
-Subject: x86/fsgsbase/64: Fully initialize FS and GS state in start_thread_common
-
-From: Andy Lutomirski <luto@kernel.org>
-
-commit 767d035d838f4fd6b5a5bbd7a3f6d293b7f65a49 upstream.
-
-execve used to leak FSBASE and GSBASE on AMD CPUs.  Fix it.
-
-The security impact of this bug is small but not quite zero -- it
-could weaken ASLR when a privileged task execs a less privileged
-program, but only if program changed bitness across the exec, or the
-child binary was highly unusual or actively malicious.  A child
-program that was compromised after the exec would not have access to
-the leaked base.
-
-Signed-off-by: Andy Lutomirski <luto@kernel.org>
-Cc: Borislav Petkov <bp@alien8.de>
-Cc: Borislav Petkov <bpetkov@suse.de>
-Cc: Brian Gerst <brgerst@gmail.com>
-Cc: Chang Seok <chang.seok.bae@intel.com>
-Cc: Denys Vlasenko <dvlasenk@redhat.com>
-Cc: H. Peter Anvin <hpa@zytor.com>
-Cc: Josh Poimboeuf <jpoimboe@redhat.com>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Thomas Gleixner <tglx@linutronix.de>
-Signed-off-by: Ingo Molnar <mingo@kernel.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- arch/x86/kernel/process_64.c |    9 +++++++++
- 1 file changed, 9 insertions(+)
-
---- a/arch/x86/kernel/process_64.c
-+++ b/arch/x86/kernel/process_64.c
-@@ -232,10 +232,19 @@ start_thread_common(struct pt_regs *regs
- 		    unsigned long new_sp,
- 		    unsigned int _cs, unsigned int _ss, unsigned int _ds)
- {
-+	WARN_ON_ONCE(regs != current_pt_regs());
-+
-+	if (static_cpu_has(X86_BUG_NULL_SEG)) {
-+		/* Loading zero below won't clear the base. */
-+		loadsegment(fs, __USER_DS);
-+		load_gs_index(__USER_DS);
-+	}
-+
- 	loadsegment(fs, 0);
- 	loadsegment(es, _ds);
- 	loadsegment(ds, _ds);
- 	load_gs_index(0);
-+
- 	regs->ip		= new_ip;
- 	regs->sp		= new_sp;
- 	regs->cs		= _cs;