5.15-stable patches

author Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Mon, 28 Aug 2023 09:58:51 +0000 (11:58 +0200)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Mon, 28 Aug 2023 09:58:51 +0000 (11:58 +0200)
author Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 28 Aug 2023 09:58:51 +0000 (11:58 +0200)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 28 Aug 2023 09:58:51 +0000 (11:58 +0200)
diff --git a/queue-5.15/mm-ima-kexec-of-use-memblock_free_late-from-ima_free_kexec_buffer.patch b/queue-5.15/mm-ima-kexec-of-use-memblock_free_late-from-ima_free_kexec_buffer.patch

new file mode 100644 (file)

index 0000000..05ac7d9
--- /dev/null
+++ b/queue-5.15/mm-ima-kexec-of-use-memblock_free_late-from-ima_free_kexec_buffer.patch
@@ -0,0 +1,44 @@
+From f0362a253606e2031f8d61c74195d4d6556e12a4 Mon Sep 17 00:00:00 2001
+From: Rik van Riel <riel@surriel.com>
+Date: Thu, 17 Aug 2023 13:57:59 -0400
+Subject: mm,ima,kexec,of: use memblock_free_late from ima_free_kexec_buffer
+
+From: Rik van Riel <riel@surriel.com>
+
+commit f0362a253606e2031f8d61c74195d4d6556e12a4 upstream.
+
+The code calling ima_free_kexec_buffer runs long after the memblock
+allocator has already been torn down, potentially resulting in a use
+after free in memblock_isolate_range.
+
+With KASAN or KFENCE, this use after free will result in a BUG
+from the idle task, and a subsequent kernel panic.
+
+Switch ima_free_kexec_buffer over to memblock_free_late to avoid
+that issue.
+
+Fixes: fee3ff99bc67 ("powerpc: Move arch independent ima kexec functions to drivers/of/kexec.c")
+Cc: stable@kernel.org
+Signed-off-by: Rik van Riel <riel@surriel.com>
+Suggested-by: Mike Rappoport <rppt@kernel.org>
+Link: https://lore.kernel.org/r/20230817135759.0888e5ef@imladris.surriel.com
+Signed-off-by: Rob Herring <robh@kernel.org>
+Signed-off-by: Mike Rappoport (IBM) <rppt@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/of/kexec.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/of/kexec.c
++++ b/drivers/of/kexec.c
+@@ -187,8 +187,8 @@ int ima_free_kexec_buffer(void)
+       if (ret)
+               return ret;
+ 
+-      return memblock_free(addr, size);
+-
++      memblock_free_late(addr, size);
++      return 0;
+ }
+ 
+ /**
diff --git a/queue-5.15/series b/queue-5.15/series

index 92906d03ec38dec850449907c76c95c2eba6e0b7..e7c0266b929271ed1bffdf5bbe976ba2e1286731 100644 (file)
--- a/queue-5.15/series
+++ b/queue-5.15/series
@@ -88,3 +88,4 @@ pinctrl-renesas-rza2-add-lock-around-pinctrl_generic.patch
  dma-buf-sw_sync-avoid-recursive-lock-during-fence-si.patch
  mm-memory-failure-kill-soft_offline_free_page.patch
  mm-memory-failure-fix-unexpected-return-value-in-sof.patch
+mm-ima-kexec-of-use-memblock_free_late-from-ima_free_kexec_buffer.patch
author	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Mon, 28 Aug 2023 09:58:51 +0000 (11:58 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Mon, 28 Aug 2023 09:58:51 +0000 (11:58 +0200)
queue-5.15/mm-ima-kexec-of-use-memblock_free_late-from-ima_free_kexec_buffer.patch	[new file with mode: 0644]	patch \| blob
queue-5.15/series		patch \| blob \| blame \| history