From: Greg Kroah-Hartman Date: Mon, 23 Dec 2024 10:24:54 +0000 (+0100) Subject: 6.6-stable patches X-Git-Tag: v6.1.122~28 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=590acffa1da56114a295afbaa510a5d69913beba;p=thirdparty%2Fkernel%2Fstable-queue.git 6.6-stable patches added patches: vmalloc-fix-accounting-with-i915.patch zram-fix-uninitialized-zram-not-releasing-backing-device.patch zram-refuse-to-use-zero-sized-block-device-as-backing-device.patch --- diff --git a/queue-6.6/series b/queue-6.6/series index 32d6627ed87..350dd44cf36 100644 --- a/queue-6.6/series +++ b/queue-6.6/series @@ -82,3 +82,6 @@ hwmon-tmp513-use-si-constants-from-units.h.patch hwmon-tmp513-fix-interpretation-of-values-of-shunt-v.patch hwmon-tmp513-fix-current-register-value-interpretati.patch hwmon-tmp513-fix-interpretation-of-values-of-tempera.patch +zram-refuse-to-use-zero-sized-block-device-as-backing-device.patch +zram-fix-uninitialized-zram-not-releasing-backing-device.patch +vmalloc-fix-accounting-with-i915.patch diff --git a/queue-6.6/vmalloc-fix-accounting-with-i915.patch b/queue-6.6/vmalloc-fix-accounting-with-i915.patch new file mode 100644 index 00000000000..eaf0361ac70 --- /dev/null +++ b/queue-6.6/vmalloc-fix-accounting-with-i915.patch @@ -0,0 +1,55 @@ +From a2e740e216f5bf49ccb83b6d490c72a340558a43 Mon Sep 17 00:00:00 2001 +From: "Matthew Wilcox (Oracle)" +Date: Wed, 11 Dec 2024 20:25:37 +0000 +Subject: vmalloc: fix accounting with i915 + +From: Matthew Wilcox (Oracle) + +commit a2e740e216f5bf49ccb83b6d490c72a340558a43 upstream. + +If the caller of vmap() specifies VM_MAP_PUT_PAGES (currently only the +i915 driver), we will decrement nr_vmalloc_pages and MEMCG_VMALLOC in +vfree(). These counters are incremented by vmalloc() but not by vmap() so +this will cause an underflow. Check the VM_MAP_PUT_PAGES flag before +decrementing either counter. + +Link: https://lkml.kernel.org/r/20241211202538.168311-1-willy@infradead.org +Fixes: b944afc9d64d ("mm: add a VM_MAP_PUT_PAGES flag for vmap") +Signed-off-by: Matthew Wilcox (Oracle) +Acked-by: Johannes Weiner +Reviewed-by: Shakeel Butt +Reviewed-by: Balbir Singh +Acked-by: Michal Hocko +Cc: Christoph Hellwig +Cc: Muchun Song +Cc: Roman Gushchin +Cc: "Uladzislau Rezki (Sony)" +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + mm/vmalloc.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/mm/vmalloc.c ++++ b/mm/vmalloc.c +@@ -2851,7 +2851,8 @@ void vfree(const void *addr) + struct page *page = vm->pages[i]; + + BUG_ON(!page); +- mod_memcg_page_state(page, MEMCG_VMALLOC, -1); ++ if (!(vm->flags & VM_MAP_PUT_PAGES)) ++ mod_memcg_page_state(page, MEMCG_VMALLOC, -1); + /* + * High-order allocs for huge vmallocs are split, so + * can be freed as an array of order-0 allocations +@@ -2859,7 +2860,8 @@ void vfree(const void *addr) + __free_page(page); + cond_resched(); + } +- atomic_long_sub(vm->nr_pages, &nr_vmalloc_pages); ++ if (!(vm->flags & VM_MAP_PUT_PAGES)) ++ atomic_long_sub(vm->nr_pages, &nr_vmalloc_pages); + kvfree(vm->pages); + kfree(vm); + } diff --git a/queue-6.6/zram-fix-uninitialized-zram-not-releasing-backing-device.patch b/queue-6.6/zram-fix-uninitialized-zram-not-releasing-backing-device.patch new file mode 100644 index 00000000000..315a2f30d38 --- /dev/null +++ b/queue-6.6/zram-fix-uninitialized-zram-not-releasing-backing-device.patch @@ -0,0 +1,60 @@ +From 74363ec674cb172d8856de25776c8f3103f05e2f Mon Sep 17 00:00:00 2001 +From: Kairui Song +Date: Tue, 10 Dec 2024 00:57:16 +0800 +Subject: zram: fix uninitialized ZRAM not releasing backing device + +From: Kairui Song + +commit 74363ec674cb172d8856de25776c8f3103f05e2f upstream. + +Setting backing device is done before ZRAM initialization. If we set the +backing device, then remove the ZRAM module without initializing the +device, the backing device reference will be leaked and the device will be +hold forever. + +Fix this by always reset the ZRAM fully on rmmod or reset store. + +Link: https://lkml.kernel.org/r/20241209165717.94215-3-ryncsn@gmail.com +Fixes: 013bf95a83ec ("zram: add interface to specif backing device") +Signed-off-by: Kairui Song +Reported-by: Desheng Wu +Suggested-by: Sergey Senozhatsky +Reviewed-by: Sergey Senozhatsky +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + drivers/block/zram/zram_drv.c | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +--- a/drivers/block/zram/zram_drv.c ++++ b/drivers/block/zram/zram_drv.c +@@ -1238,12 +1238,16 @@ static void zram_meta_free(struct zram * + size_t num_pages = disksize >> PAGE_SHIFT; + size_t index; + ++ if (!zram->table) ++ return; ++ + /* Free all pages that are still in this zram device */ + for (index = 0; index < num_pages; index++) + zram_free_page(zram, index); + + zs_destroy_pool(zram->mem_pool); + vfree(zram->table); ++ zram->table = NULL; + } + + static bool zram_meta_alloc(struct zram *zram, u64 disksize) +@@ -2023,11 +2027,6 @@ static void zram_reset_device(struct zra + + zram->limit_pages = 0; + +- if (!init_done(zram)) { +- up_write(&zram->init_lock); +- return; +- } +- + set_capacity_and_notify(zram->disk, 0); + part_stat_set_all(zram->disk->part0, 0); + diff --git a/queue-6.6/zram-refuse-to-use-zero-sized-block-device-as-backing-device.patch b/queue-6.6/zram-refuse-to-use-zero-sized-block-device-as-backing-device.patch new file mode 100644 index 00000000000..a3e4be57c29 --- /dev/null +++ b/queue-6.6/zram-refuse-to-use-zero-sized-block-device-as-backing-device.patch @@ -0,0 +1,61 @@ +From be48c412f6ebf38849213c19547bc6d5b692b5e5 Mon Sep 17 00:00:00 2001 +From: Kairui Song +Date: Tue, 10 Dec 2024 00:57:15 +0800 +Subject: zram: refuse to use zero sized block device as backing device + +From: Kairui Song + +commit be48c412f6ebf38849213c19547bc6d5b692b5e5 upstream. + +Patch series "zram: fix backing device setup issue", v2. + +This series fixes two bugs of backing device setting: + +- ZRAM should reject using a zero sized (or the uninitialized ZRAM + device itself) as the backing device. +- Fix backing device leaking when removing a uninitialized ZRAM + device. + + +This patch (of 2): + +Setting a zero sized block device as backing device is pointless, and one +can easily create a recursive loop by setting the uninitialized ZRAM +device itself as its own backing device by (zram0 is uninitialized): + + echo /dev/zram0 > /sys/block/zram0/backing_dev + +It's definitely a wrong config, and the module will pin itself, kernel +should refuse doing so in the first place. + +By refusing to use zero sized device we avoided misuse cases including +this one above. + +Link: https://lkml.kernel.org/r/20241209165717.94215-1-ryncsn@gmail.com +Link: https://lkml.kernel.org/r/20241209165717.94215-2-ryncsn@gmail.com +Fixes: 013bf95a83ec ("zram: add interface to specif backing device") +Signed-off-by: Kairui Song +Reported-by: Desheng Wu +Reviewed-by: Sergey Senozhatsky +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + drivers/block/zram/zram_drv.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/drivers/block/zram/zram_drv.c ++++ b/drivers/block/zram/zram_drv.c +@@ -538,6 +538,12 @@ static ssize_t backing_dev_store(struct + } + + nr_pages = i_size_read(inode) >> PAGE_SHIFT; ++ /* Refuse to use zero sized device (also prevents self reference) */ ++ if (!nr_pages) { ++ err = -EINVAL; ++ goto out; ++ } ++ + bitmap_sz = BITS_TO_LONGS(nr_pages) * sizeof(long); + bitmap = kvzalloc(bitmap_sz, GFP_KERNEL); + if (!bitmap) {