From patchwork Sun May  1 22:17:14 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
X-Patchwork-Id: 8989621
Return-Path: <xen-devel-bounces@lists.xen.org>
X-Original-To: patchwork-xen-devel@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.136])
	by patchwork1.web.kernel.org (Postfix) with ESMTP id 28A5E9F372
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Sun,  1 May 2016 22:19:32 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 6D19E200C1
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Sun,  1 May 2016 22:19:27 +0000 (UTC)
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
	(using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 2B08F20117
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Sun,  1 May 2016 22:19:21 +0000 (UTC)
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <xen-devel-bounces@lists.xen.org>)
	id 1awzg0-0008KY-2U; Sun, 01 May 2016 22:17:20 +0000
Received: from mail6.bemta14.messagelabs.com ([193.109.254.103])
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <gregkh@linuxfoundation.org>) id 1awzfy-0008KN-MW
	for xen-devel@lists.xenproject.org; Sun, 01 May 2016 22:17:18 +0000
Received: from [193.109.254.147] by server-12.bemta-14.messagelabs.com id
	C7/E0-13115-D6086275; Sun, 01 May 2016 22:17:17 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrPLMWRWlGSWpSXmKPExsXSc3klj25ug1q
	4wYaX7Bbft0xmcmD0OPzhCksAYxRrZl5SfkUCa8au1b/ZCk5JVTye8IC1gXGGeBcjF4eQwDZG
	iZlbjzN1MXJyCAskSXz9uJwJJCEisIBZoqXjCgtIglnATmJy9zOwIjYBJYlvC8+B2SwCqhIfz
	m9kA7F5BdQkujY2M0PYghInZz6B6jWQOHt8GSuELS/RvHU28wRGrllIymYhKZuFpGwBI/MqRo
	3i1KKy1CJdQ2O9pKLM9IyS3MTMHF1DQxO93NTi4sT01JzEpGK95PzcTYzAgKhnYGDcwbhru+c
	hRkkOJiVR3hlzVcKF+JLyUyozEosz4otKc1KLDzHKcHAoSfBeq1cLFxIsSk1PrUjLzAGGJkxa
	goNHSYSXvQ4ozVtckJhbnJkOkTrFqCglzrscpE8AJJFRmgfXBouHS4yyUsK8jAwMDEI8BalFu
	ZklqPKvGMU5GJWEeZtApvBk5pXATX8FtJgJaHH2elWQxSWJCCmpBkbJEhf3lljlTbdZky6tS/
	U0qqj/xR6Z33YlSu9N8me7N0pnHG6t052/uvbvmqRPhSnG+3/6rFr+mYe5vcwwzoFb4I1bzqx
	C0UazDXaC6RYZ7pO7n6efWru4hNXaQPjEU/va6MU7PfrPKJau3JTZk5A8VeuQUfWkhHSriOUN
	dyI809ODp8z9rMRSnJFoqMVcVJwIAP158PeCAgAA
X-Env-Sender: gregkh@linuxfoundation.org
X-Msg-Ref: server-16.tower-27.messagelabs.com!1462141035!38870212!1
X-Originating-IP: [140.211.169.12]
X-SpamReason: No, hits=0.0 required=7.0 tests=
X-StarScan-Received: 
X-StarScan-Version: 8.34; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 5175 invoked from network); 1 May 2016 22:17:16 -0000
Received: from mail.linuxfoundation.org (HELO mail.linuxfoundation.org)
	(140.211.169.12)
	by server-16.tower-27.messagelabs.com with DHE-RSA-AES256-GCM-SHA384
	encrypted SMTP; 1 May 2016 22:17:16 -0000
Received: from localhost (c-50-170-35-168.hsd1.wa.comcast.net
	[50.170.35.168])
	by mail.linuxfoundation.org (Postfix) with ESMTPSA id D3C1B42F;
	Sun,  1 May 2016 22:17:14 +0000 (UTC)
To: JBeulich@suse.com, JGross@suse.com, akpm@linux-foundation.org,
	boris.ostrovsky@oracle.com, bp@alien8.de, brgerst@gmail.com,
	david.vrabel@citrix.com, dvlasenk@redhat.com,
	gregkh@linuxfoundation.org,
	hpa@zytor.com, jbeulich@suse.com, luto@amacapital.net, mcgrof@suse.com,
	mingo@kernel.org, peterz@infradead.org, tglx@linutronix.de,
	torvalds@linux-foundation.org, toshi.kani@hp.com, vkuznets@redhat.com,
	xen-devel@lists.xenproject.org
From: <gregkh@linuxfoundation.org>
Date: Sun, 01 May 2016 15:17:14 -0700
Message-ID: <14621410343581@kroah.com>
MIME-Version: 1.0
Cc: stable@vger.kernel.org, stable-commits@vger.kernel.org
Subject: [Xen-devel] Patch "x86/mm/xen: Suppress hugetlbfs in PV guests" has
	been added to the 4.4-stable tree
X-BeenThere: xen-devel@lists.xen.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xen.org>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_MED,
	UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

This is a note to let you know that I've just added the patch titled

    x86/mm/xen: Suppress hugetlbfs in PV guests

to the 4.4-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     x86-mm-xen-suppress-hugetlbfs-in-pv-guests.patch
and it can be found in the queue-4.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


From 103f6112f253017d7062cd74d17f4a514ed4485c Mon Sep 17 00:00:00 2001
From: Jan Beulich <JBeulich@suse.com>
Date: Thu, 21 Apr 2016 00:27:04 -0600
Subject: x86/mm/xen: Suppress hugetlbfs in PV guests

From: Jan Beulich <JBeulich@suse.com>

commit 103f6112f253017d7062cd74d17f4a514ed4485c upstream.

Huge pages are not normally available to PV guests. Not suppressing
hugetlbfs use results in an endless loop of page faults when user mode
code tries to access a hugetlbfs mapped area (since the hypervisor
denies such PTEs to be created, but error indications can't be
propagated out of xen_set_pte_at(), just like for various of its
siblings), and - once killed in an oops like this:

  kernel BUG at .../fs/hugetlbfs/inode.c:428!
  invalid opcode: 0000 [#1] SMP
  ...
  RIP: e030:[<ffffffff811c333b>]  [<ffffffff811c333b>] remove_inode_hugepages+0x25b/0x320
  ...
  Call Trace:
   [<ffffffff811c3415>] hugetlbfs_evict_inode+0x15/0x40
   [<ffffffff81167b3d>] evict+0xbd/0x1b0
   [<ffffffff8116514a>] __dentry_kill+0x19a/0x1f0
   [<ffffffff81165b0e>] dput+0x1fe/0x220
   [<ffffffff81150535>] __fput+0x155/0x200
   [<ffffffff81079fc0>] task_work_run+0x60/0xa0
   [<ffffffff81063510>] do_exit+0x160/0x400
   [<ffffffff810637eb>] do_group_exit+0x3b/0xa0
   [<ffffffff8106e8bd>] get_signal+0x1ed/0x470
   [<ffffffff8100f854>] do_signal+0x14/0x110
   [<ffffffff810030e9>] prepare_exit_to_usermode+0xe9/0xf0
   [<ffffffff814178a5>] retint_user+0x8/0x13

This is CVE-2016-3961 / XSA-174.

Reported-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Juergen Gross <JGross@suse.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Luis R. Rodriguez <mcgrof@suse.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Toshi Kani <toshi.kani@hp.com>
Cc: xen-devel <xen-devel@lists.xenproject.org>
Link: http://lkml.kernel.org/r/57188ED802000078000E431C@prv-mh.provo.novell.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/x86/include/asm/hugetlb.h |    1 +
 1 file changed, 1 insertion(+)



Patches currently in stable-queue which might be from JBeulich@suse.com are

queue-4.4/x86-mm-xen-suppress-hugetlbfs-in-pv-guests.patch

--- a/arch/x86/include/asm/hugetlb.h
+++ b/arch/x86/include/asm/hugetlb.h
@@ -4,6 +4,7 @@
 #include <asm/page.h>
 #include <asm-generic/hugetlb.h>
 
+#define hugepages_supported() cpu_has_pse
 
 static inline int is_hugepage_only_range(struct mm_struct *mm,
 					 unsigned long addr,