From: Greg Kroah-Hartman Date: Thu, 22 May 2025 08:54:19 +0000 (+0200) Subject: 5.15-stable patches X-Git-Tag: v5.15.184~2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5fe7bfae923821292e3585ce28476914459a246f;p=thirdparty%2Fkernel%2Fstable-queue.git 5.15-stable patches added patches: x86-modules-set-vm_flush_reset_perms-in-module_alloc.patch --- diff --git a/queue-5.15/series b/queue-5.15/series index 72f0ebb7d3..3a18f9ca5c 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -57,3 +57,4 @@ netfilter-nf_tables-pass-nft_chain-to-destroy-function-not-nft_ctx.patch netfilter-nf_tables-wait-for-rcu-grace-period-on-net_device-removal.patch netfilter-nf_tables-do-not-defer-rule-destruction-via-call_rcu.patch ice-arfs-fix-use-after-free-when-freeing-rx_cpu_rmap.patch +x86-modules-set-vm_flush_reset_perms-in-module_alloc.patch diff --git a/queue-5.15/x86-modules-set-vm_flush_reset_perms-in-module_alloc.patch b/queue-5.15/x86-modules-set-vm_flush_reset_perms-in-module_alloc.patch new file mode 100644 index 0000000000..e4656586d5 --- /dev/null +++ b/queue-5.15/x86-modules-set-vm_flush_reset_perms-in-module_alloc.patch @@ -0,0 +1,61 @@ +From 4c4eb3ecc91f4fee6d6bf7cfbc1e21f2e38d19ff Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Thu, 15 Sep 2022 13:10:44 +0200 +Subject: x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc() + +From: Thomas Gleixner + +commit 4c4eb3ecc91f4fee6d6bf7cfbc1e21f2e38d19ff upstream. + +Instead of resetting permissions all over the place when freeing module +memory tell the vmalloc code to do so. Avoids the exercise for the next +upcoming user. + +Signed-off-by: Thomas Gleixner +Signed-off-by: Peter Zijlstra (Intel) +Link: https://lore.kernel.org/r/20220915111143.406703869@infradead.org +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kernel/ftrace.c | 2 -- + arch/x86/kernel/kprobes/core.c | 1 - + arch/x86/kernel/module.c | 8 ++++---- + 3 files changed, 4 insertions(+), 7 deletions(-) + +--- a/arch/x86/kernel/ftrace.c ++++ b/arch/x86/kernel/ftrace.c +@@ -422,8 +422,6 @@ create_trampoline(struct ftrace_ops *ops + /* ALLOC_TRAMP flags lets us know we created it */ + ops->flags |= FTRACE_OPS_FL_ALLOC_TRAMP; + +- set_vm_flush_reset_perms(trampoline); +- + if (likely(system_state != SYSTEM_BOOTING)) + set_memory_ro((unsigned long)trampoline, npages); + set_memory_x((unsigned long)trampoline, npages); +--- a/arch/x86/kernel/kprobes/core.c ++++ b/arch/x86/kernel/kprobes/core.c +@@ -403,7 +403,6 @@ void *alloc_insn_page(void) + if (!page) + return NULL; + +- set_vm_flush_reset_perms(page); + /* + * First make the page read-only, and only then make it executable to + * prevent it from being W+X in between. +--- a/arch/x86/kernel/module.c ++++ b/arch/x86/kernel/module.c +@@ -74,10 +74,10 @@ void *module_alloc(unsigned long size) + return NULL; + + p = __vmalloc_node_range(size, MODULE_ALIGN, +- MODULES_VADDR + get_module_load_offset(), +- MODULES_END, gfp_mask, +- PAGE_KERNEL, VM_DEFER_KMEMLEAK, NUMA_NO_NODE, +- __builtin_return_address(0)); ++ MODULES_VADDR + get_module_load_offset(), ++ MODULES_END, gfp_mask, PAGE_KERNEL, ++ VM_FLUSH_RESET_PERMS | VM_DEFER_KMEMLEAK, ++ NUMA_NO_NODE, __builtin_return_address(0)); + if (p && (kasan_module_alloc(p, size, gfp_mask) < 0)) { + vfree(p); + return NULL;