From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S933403AbcECBsi (ORCPT <rfc822;w@1wt.eu>);
	Mon, 2 May 2016 21:48:38 -0400
Received: from mail.linuxfoundation.org ([140.211.169.12]:59679 "EHLO
	mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S932619AbcECAQb (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Mon, 2 May 2016 20:16:31 -0400
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>, stable@vger.kernel.org,
        Vitaly Kuznetsov <vkuznets@redhat.com>,
        Jan Beulich <jbeulich@suse.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Andy Lutomirski <luto@amacapital.net>,
        Boris Ostrovsky <boris.ostrovsky@oracle.com>,
        Borislav Petkov <bp@alien8.de>, Brian Gerst <brgerst@gmail.com>,
        David Vrabel <david.vrabel@citrix.com>,
        Denys Vlasenko <dvlasenk@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
        Juergen Gross <JGross@suse.com>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        "Luis R. Rodriguez" <mcgrof@suse.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Thomas Gleixner <tglx@linutronix.de>, Toshi Kani <toshi.kani@hp.com>,
        xen-devel <xen-devel@lists.xenproject.org>,
        Ingo Molnar <mingo@kernel.org>
Subject: [PATCH 4.4 027/163] x86/mm/xen: Suppress hugetlbfs in PV guests
Date: Mon,  2 May 2016 17:10:55 -0700
Message-Id: <20160503000509.429736944@linuxfoundation.org>
X-Mailer: git-send-email 2.8.2
In-Reply-To: <20160503000508.556845508@linuxfoundation.org>
References: <20160503000508.556845508@linuxfoundation.org>
User-Agent: quilt/0.64
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Jan Beulich <JBeulich@suse.com>

commit 103f6112f253017d7062cd74d17f4a514ed4485c upstream.

Huge pages are not normally available to PV guests. Not suppressing
hugetlbfs use results in an endless loop of page faults when user mode
code tries to access a hugetlbfs mapped area (since the hypervisor
denies such PTEs to be created, but error indications can't be
propagated out of xen_set_pte_at(), just like for various of its
siblings), and - once killed in an oops like this:

  kernel BUG at .../fs/hugetlbfs/inode.c:428!
  invalid opcode: 0000 [#1] SMP
  ...
  RIP: e030:[<ffffffff811c333b>]  [<ffffffff811c333b>] remove_inode_hugepages+0x25b/0x320
  ...
  Call Trace:
   [<ffffffff811c3415>] hugetlbfs_evict_inode+0x15/0x40
   [<ffffffff81167b3d>] evict+0xbd/0x1b0
   [<ffffffff8116514a>] __dentry_kill+0x19a/0x1f0
   [<ffffffff81165b0e>] dput+0x1fe/0x220
   [<ffffffff81150535>] __fput+0x155/0x200
   [<ffffffff81079fc0>] task_work_run+0x60/0xa0
   [<ffffffff81063510>] do_exit+0x160/0x400
   [<ffffffff810637eb>] do_group_exit+0x3b/0xa0
   [<ffffffff8106e8bd>] get_signal+0x1ed/0x470
   [<ffffffff8100f854>] do_signal+0x14/0x110
   [<ffffffff810030e9>] prepare_exit_to_usermode+0xe9/0xf0
   [<ffffffff814178a5>] retint_user+0x8/0x13

This is CVE-2016-3961 / XSA-174.

Reported-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Juergen Gross <JGross@suse.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Luis R. Rodriguez <mcgrof@suse.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Toshi Kani <toshi.kani@hp.com>
Cc: xen-devel <xen-devel@lists.xenproject.org>
Link: http://lkml.kernel.org/r/57188ED802000078000E431C@prv-mh.provo.novell.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/x86/include/asm/hugetlb.h |    1 +
 1 file changed, 1 insertion(+)

--- a/arch/x86/include/asm/hugetlb.h
+++ b/arch/x86/include/asm/hugetlb.h
@@ -4,6 +4,7 @@
 #include <asm/page.h>
 #include <asm-generic/hugetlb.h>
 
+#define hugepages_supported() cpu_has_pse
 
 static inline int is_hugepage_only_range(struct mm_struct *mm,
 					 unsigned long addr,

From mboxrd@z Thu Jan  1 00:00:00 1970
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Subject: [PATCH 4.4 027/163] x86/mm/xen: Suppress hugetlbfs in
	PV guests
Date: Mon,  2 May 2016 17:10:55 -0700
Message-ID: <20160503000509.429736944@linuxfoundation.org>
References: <20160503000508.556845508@linuxfoundation.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta14.messagelabs.com ([193.109.254.103])
 by lists.xenproject.org with esmtp (Exim 4.84_2)
 (envelope-from <gregkh@linuxfoundation.org>) id 1axO0w-0007t4-Kb
 for xen-devel@lists.xenproject.org; Tue, 03 May 2016 00:16:34 +0000
In-Reply-To: <20160503000508.556845508@linuxfoundation.org>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
To: linux-kernel@vger.kernel.org
Cc: Juergen Gross <JGross@suse.com>, Denys Vlasenko <dvlasenk@redhat.com>, xen-devel <xen-devel@lists.xenproject.org>, Thomas Gleixner <tglx@linutronix.de>, Boris Ostrovsky <boris.ostrovsky@oracle.com>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, "Luis R. Rodriguez" <mcgrof@suse.com>, "H. Peter Anvin" <hpa@zytor.com>, stable@vger.kernel.org, Andy Lutomirski <luto@amacapital.net>, Peter Zijlstra <peterz@infradead.org>, Ingo Molnar <mingo@kernel.org>, Borislav Petkov <bp@alien8.de>, David Vrabel <david.vrabel@citrix.com>, Jan Beulich <jbeulich@suse.com>, Brian Gerst <brgerst@gmail.com>, Toshi Kani <toshi.kani@hp.com>, Andrew Morton <akpm@linux-foundation.org>, Linus Torvalds <torvalds@linux-foundation.org>, Vitaly Kuznetsov <vkuznets@redhat.com>
List-Id: xen-devel@lists.xenproject.org

NC40LXN0YWJsZSByZXZpZXcgcGF0Y2guICBJZiBhbnlvbmUgaGFzIGFueSBvYmplY3Rpb25zLCBw
bGVhc2UgbGV0IG1lIGtub3cuCgotLS0tLS0tLS0tLS0tLS0tLS0KCkZyb206IEphbiBCZXVsaWNo
IDxKQmV1bGljaEBzdXNlLmNvbT4KCmNvbW1pdCAxMDNmNjExMmYyNTMwMTdkNzA2MmNkNzRkMTdm
NGE1MTRlZDQ0ODVjIHVwc3RyZWFtLgoKSHVnZSBwYWdlcyBhcmUgbm90IG5vcm1hbGx5IGF2YWls
YWJsZSB0byBQViBndWVzdHMuIE5vdCBzdXBwcmVzc2luZwpodWdldGxiZnMgdXNlIHJlc3VsdHMg
aW4gYW4gZW5kbGVzcyBsb29wIG9mIHBhZ2UgZmF1bHRzIHdoZW4gdXNlciBtb2RlCmNvZGUgdHJp
ZXMgdG8gYWNjZXNzIGEgaHVnZXRsYmZzIG1hcHBlZCBhcmVhIChzaW5jZSB0aGUgaHlwZXJ2aXNv
cgpkZW5pZXMgc3VjaCBQVEVzIHRvIGJlIGNyZWF0ZWQsIGJ1dCBlcnJvciBpbmRpY2F0aW9ucyBj
YW4ndCBiZQpwcm9wYWdhdGVkIG91dCBvZiB4ZW5fc2V0X3B0ZV9hdCgpLCBqdXN0IGxpa2UgZm9y
IHZhcmlvdXMgb2YgaXRzCnNpYmxpbmdzKSwgYW5kIC0gb25jZSBraWxsZWQgaW4gYW4gb29wcyBs
aWtlIHRoaXM6CgogIGtlcm5lbCBCVUcgYXQgLi4uL2ZzL2h1Z2V0bGJmcy9pbm9kZS5jOjQyOCEK
ICBpbnZhbGlkIG9wY29kZTogMDAwMCBbIzFdIFNNUAogIC4uLgogIFJJUDogZTAzMDpbPGZmZmZm
ZmZmODExYzMzM2I+XSAgWzxmZmZmZmZmZjgxMWMzMzNiPl0gcmVtb3ZlX2lub2RlX2h1Z2VwYWdl
cysweDI1Yi8weDMyMAogIC4uLgogIENhbGwgVHJhY2U6CiAgIFs8ZmZmZmZmZmY4MTFjMzQxNT5d
IGh1Z2V0bGJmc19ldmljdF9pbm9kZSsweDE1LzB4NDAKICAgWzxmZmZmZmZmZjgxMTY3YjNkPl0g
ZXZpY3QrMHhiZC8weDFiMAogICBbPGZmZmZmZmZmODExNjUxNGE+XSBfX2RlbnRyeV9raWxsKzB4
MTlhLzB4MWYwCiAgIFs8ZmZmZmZmZmY4MTE2NWIwZT5dIGRwdXQrMHgxZmUvMHgyMjAKICAgWzxm
ZmZmZmZmZjgxMTUwNTM1Pl0gX19mcHV0KzB4MTU1LzB4MjAwCiAgIFs8ZmZmZmZmZmY4MTA3OWZj
MD5dIHRhc2tfd29ya19ydW4rMHg2MC8weGEwCiAgIFs8ZmZmZmZmZmY4MTA2MzUxMD5dIGRvX2V4
aXQrMHgxNjAvMHg0MDAKICAgWzxmZmZmZmZmZjgxMDYzN2ViPl0gZG9fZ3JvdXBfZXhpdCsweDNi
LzB4YTAKICAgWzxmZmZmZmZmZjgxMDZlOGJkPl0gZ2V0X3NpZ25hbCsweDFlZC8weDQ3MAogICBb
PGZmZmZmZmZmODEwMGY4NTQ+XSBkb19zaWduYWwrMHgxNC8weDExMAogICBbPGZmZmZmZmZmODEw
MDMwZTk+XSBwcmVwYXJlX2V4aXRfdG9fdXNlcm1vZGUrMHhlOS8weGYwCiAgIFs8ZmZmZmZmZmY4
MTQxNzhhNT5dIHJldGludF91c2VyKzB4OC8weDEzCgpUaGlzIGlzIENWRS0yMDE2LTM5NjEgLyBY
U0EtMTc0LgoKUmVwb3J0ZWQtYnk6IFZpdGFseSBLdXpuZXRzb3YgPHZrdXpuZXRzQHJlZGhhdC5j
b20+ClNpZ25lZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KQ2M6IEFu
ZHJldyBNb3J0b24gPGFrcG1AbGludXgtZm91bmRhdGlvbi5vcmc+CkNjOiBBbmR5IEx1dG9taXJz
a2kgPGx1dG9AYW1hY2FwaXRhbC5uZXQ+CkNjOiBCb3JpcyBPc3Ryb3Zza3kgPGJvcmlzLm9zdHJv
dnNreUBvcmFjbGUuY29tPgpDYzogQm9yaXNsYXYgUGV0a292IDxicEBhbGllbjguZGU+CkNjOiBC
cmlhbiBHZXJzdCA8YnJnZXJzdEBnbWFpbC5jb20+CkNjOiBEYXZpZCBWcmFiZWwgPGRhdmlkLnZy
YWJlbEBjaXRyaXguY29tPgpDYzogRGVueXMgVmxhc2Vua28gPGR2bGFzZW5rQHJlZGhhdC5jb20+
CkNjOiBILiBQZXRlciBBbnZpbiA8aHBhQHp5dG9yLmNvbT4KQ2M6IEp1ZXJnZW4gR3Jvc3MgPEpH
cm9zc0BzdXNlLmNvbT4KQ2M6IExpbnVzIFRvcnZhbGRzIDx0b3J2YWxkc0BsaW51eC1mb3VuZGF0
aW9uLm9yZz4KQ2M6IEx1aXMgUi4gUm9kcmlndWV6IDxtY2dyb2ZAc3VzZS5jb20+CkNjOiBQZXRl
ciBaaWpsc3RyYSA8cGV0ZXJ6QGluZnJhZGVhZC5vcmc+CkNjOiBUaG9tYXMgR2xlaXhuZXIgPHRn
bHhAbGludXRyb25peC5kZT4KQ2M6IFRvc2hpIEthbmkgPHRvc2hpLmthbmlAaHAuY29tPgpDYzog
eGVuLWRldmVsIDx4ZW4tZGV2ZWxAbGlzdHMueGVucHJvamVjdC5vcmc+Ckxpbms6IGh0dHA6Ly9s
a21sLmtlcm5lbC5vcmcvci81NzE4OEVEODAyMDAwMDc4MDAwRTQzMUNAcHJ2LW1oLnByb3ZvLm5v
dmVsbC5jb20KU2lnbmVkLW9mZi1ieTogSW5nbyBNb2xuYXIgPG1pbmdvQGtlcm5lbC5vcmc+ClNp
Z25lZC1vZmYtYnk6IEdyZWcgS3JvYWgtSGFydG1hbiA8Z3JlZ2toQGxpbnV4Zm91bmRhdGlvbi5v
cmc+CgotLS0KIGFyY2gveDg2L2luY2x1ZGUvYXNtL2h1Z2V0bGIuaCB8ICAgIDEgKwogMSBmaWxl
IGNoYW5nZWQsIDEgaW5zZXJ0aW9uKCspCgotLS0gYS9hcmNoL3g4Ni9pbmNsdWRlL2FzbS9odWdl
dGxiLmgKKysrIGIvYXJjaC94ODYvaW5jbHVkZS9hc20vaHVnZXRsYi5oCkBAIC00LDYgKzQsNyBA
QAogI2luY2x1ZGUgPGFzbS9wYWdlLmg+CiAjaW5jbHVkZSA8YXNtLWdlbmVyaWMvaHVnZXRsYi5o
PgogCisjZGVmaW5lIGh1Z2VwYWdlc19zdXBwb3J0ZWQoKSBjcHVfaGFzX3BzZQogCiBzdGF0aWMg
aW5saW5lIGludCBpc19odWdlcGFnZV9vbmx5X3JhbmdlKHN0cnVjdCBtbV9zdHJ1Y3QgKm1tLAog
CQkJCQkgdW5zaWduZWQgbG9uZyBhZGRyLAoKCgpfX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fXwpYZW4tZGV2ZWwgbWFpbGluZyBsaXN0Clhlbi1kZXZlbEBsaXN0
cy54ZW4ub3JnCmh0dHA6Ly9saXN0cy54ZW4ub3JnL3hlbi1kZXZlbAo=