hwmon-tmp513-fix-interpretation-of-values-of-shunt-v.patch
hwmon-tmp513-fix-current-register-value-interpretati.patch
hwmon-tmp513-fix-interpretation-of-values-of-tempera.patch
+zram-refuse-to-use-zero-sized-block-device-as-backing-device.patch
+zram-fix-uninitialized-zram-not-releasing-backing-device.patch
+vmalloc-fix-accounting-with-i915.patch
--- /dev/null
+From a2e740e216f5bf49ccb83b6d490c72a340558a43 Mon Sep 17 00:00:00 2001
+From: "Matthew Wilcox (Oracle)" <willy@infradead.org>
+Date: Wed, 11 Dec 2024 20:25:37 +0000
+Subject: vmalloc: fix accounting with i915
+
+From: Matthew Wilcox (Oracle) <willy@infradead.org>
+
+commit a2e740e216f5bf49ccb83b6d490c72a340558a43 upstream.
+
+If the caller of vmap() specifies VM_MAP_PUT_PAGES (currently only the
+i915 driver), we will decrement nr_vmalloc_pages and MEMCG_VMALLOC in
+vfree(). These counters are incremented by vmalloc() but not by vmap() so
+this will cause an underflow. Check the VM_MAP_PUT_PAGES flag before
+decrementing either counter.
+
+Link: https://lkml.kernel.org/r/20241211202538.168311-1-willy@infradead.org
+Fixes: b944afc9d64d ("mm: add a VM_MAP_PUT_PAGES flag for vmap")
+Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>
+Acked-by: Johannes Weiner <hannes@cmpxchg.org>
+Reviewed-by: Shakeel Butt <shakeel.butt@linux.dev>
+Reviewed-by: Balbir Singh <balbirs@nvidia.com>
+Acked-by: Michal Hocko <mhocko@suse.com>
+Cc: Christoph Hellwig <hch@lst.de>
+Cc: Muchun Song <muchun.song@linux.dev>
+Cc: Roman Gushchin <roman.gushchin@linux.dev>
+Cc: "Uladzislau Rezki (Sony)" <urezki@gmail.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ mm/vmalloc.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/mm/vmalloc.c
++++ b/mm/vmalloc.c
+@@ -2851,7 +2851,8 @@ void vfree(const void *addr)
+ struct page *page = vm->pages[i];
+
+ BUG_ON(!page);
+- mod_memcg_page_state(page, MEMCG_VMALLOC, -1);
++ if (!(vm->flags & VM_MAP_PUT_PAGES))
++ mod_memcg_page_state(page, MEMCG_VMALLOC, -1);
+ /*
+ * High-order allocs for huge vmallocs are split, so
+ * can be freed as an array of order-0 allocations
+@@ -2859,7 +2860,8 @@ void vfree(const void *addr)
+ __free_page(page);
+ cond_resched();
+ }
+- atomic_long_sub(vm->nr_pages, &nr_vmalloc_pages);
++ if (!(vm->flags & VM_MAP_PUT_PAGES))
++ atomic_long_sub(vm->nr_pages, &nr_vmalloc_pages);
+ kvfree(vm->pages);
+ kfree(vm);
+ }
--- /dev/null
+From 74363ec674cb172d8856de25776c8f3103f05e2f Mon Sep 17 00:00:00 2001
+From: Kairui Song <kasong@tencent.com>
+Date: Tue, 10 Dec 2024 00:57:16 +0800
+Subject: zram: fix uninitialized ZRAM not releasing backing device
+
+From: Kairui Song <kasong@tencent.com>
+
+commit 74363ec674cb172d8856de25776c8f3103f05e2f upstream.
+
+Setting backing device is done before ZRAM initialization. If we set the
+backing device, then remove the ZRAM module without initializing the
+device, the backing device reference will be leaked and the device will be
+hold forever.
+
+Fix this by always reset the ZRAM fully on rmmod or reset store.
+
+Link: https://lkml.kernel.org/r/20241209165717.94215-3-ryncsn@gmail.com
+Fixes: 013bf95a83ec ("zram: add interface to specif backing device")
+Signed-off-by: Kairui Song <kasong@tencent.com>
+Reported-by: Desheng Wu <deshengwu@tencent.com>
+Suggested-by: Sergey Senozhatsky <senozhatsky@chromium.org>
+Reviewed-by: Sergey Senozhatsky <senozhatsky@chromium.org>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/block/zram/zram_drv.c | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+--- a/drivers/block/zram/zram_drv.c
++++ b/drivers/block/zram/zram_drv.c
+@@ -1238,12 +1238,16 @@ static void zram_meta_free(struct zram *
+ size_t num_pages = disksize >> PAGE_SHIFT;
+ size_t index;
+
++ if (!zram->table)
++ return;
++
+ /* Free all pages that are still in this zram device */
+ for (index = 0; index < num_pages; index++)
+ zram_free_page(zram, index);
+
+ zs_destroy_pool(zram->mem_pool);
+ vfree(zram->table);
++ zram->table = NULL;
+ }
+
+ static bool zram_meta_alloc(struct zram *zram, u64 disksize)
+@@ -2023,11 +2027,6 @@ static void zram_reset_device(struct zra
+
+ zram->limit_pages = 0;
+
+- if (!init_done(zram)) {
+- up_write(&zram->init_lock);
+- return;
+- }
+-
+ set_capacity_and_notify(zram->disk, 0);
+ part_stat_set_all(zram->disk->part0, 0);
+
--- /dev/null
+From be48c412f6ebf38849213c19547bc6d5b692b5e5 Mon Sep 17 00:00:00 2001
+From: Kairui Song <kasong@tencent.com>
+Date: Tue, 10 Dec 2024 00:57:15 +0800
+Subject: zram: refuse to use zero sized block device as backing device
+
+From: Kairui Song <kasong@tencent.com>
+
+commit be48c412f6ebf38849213c19547bc6d5b692b5e5 upstream.
+
+Patch series "zram: fix backing device setup issue", v2.
+
+This series fixes two bugs of backing device setting:
+
+- ZRAM should reject using a zero sized (or the uninitialized ZRAM
+ device itself) as the backing device.
+- Fix backing device leaking when removing a uninitialized ZRAM
+ device.
+
+
+This patch (of 2):
+
+Setting a zero sized block device as backing device is pointless, and one
+can easily create a recursive loop by setting the uninitialized ZRAM
+device itself as its own backing device by (zram0 is uninitialized):
+
+ echo /dev/zram0 > /sys/block/zram0/backing_dev
+
+It's definitely a wrong config, and the module will pin itself, kernel
+should refuse doing so in the first place.
+
+By refusing to use zero sized device we avoided misuse cases including
+this one above.
+
+Link: https://lkml.kernel.org/r/20241209165717.94215-1-ryncsn@gmail.com
+Link: https://lkml.kernel.org/r/20241209165717.94215-2-ryncsn@gmail.com
+Fixes: 013bf95a83ec ("zram: add interface to specif backing device")
+Signed-off-by: Kairui Song <kasong@tencent.com>
+Reported-by: Desheng Wu <deshengwu@tencent.com>
+Reviewed-by: Sergey Senozhatsky <senozhatsky@chromium.org>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/block/zram/zram_drv.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/drivers/block/zram/zram_drv.c
++++ b/drivers/block/zram/zram_drv.c
+@@ -538,6 +538,12 @@ static ssize_t backing_dev_store(struct
+ }
+
+ nr_pages = i_size_read(inode) >> PAGE_SHIFT;
++ /* Refuse to use zero sized device (also prevents self reference) */
++ if (!nr_pages) {
++ err = -EINVAL;
++ goto out;
++ }
++
+ bitmap_sz = BITS_TO_LONGS(nr_pages) * sizeof(long);
+ bitmap = kvzalloc(bitmap_sz, GFP_KERNEL);
+ if (!bitmap) {
projects / thirdparty / kernel / stable-queue.git / commitdiff
