From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 21 Feb 2025 15:16:28 +0000 (+0100)
Subject: 6.12-stable patches
X-Git-Tag: v6.6.80~31
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bc670a04dcbc02f54e7bc4071694505210b23bd3;p=thirdparty%2Fkernel%2Fstable-queue.git

6.12-stable patches

added patches:
	arm64-mte-do-not-allow-prot_mte-on-map_hugetlb-user-mappings.patch
	series
---

diff --git a/queue-6.12/arm64-mte-do-not-allow-prot_mte-on-map_hugetlb-user-mappings.patch b/queue-6.12/arm64-mte-do-not-allow-prot_mte-on-map_hugetlb-user-mappings.patch
new file mode 100644
index 0000000000..19f1be605d
--- /dev/null
+++ b/queue-6.12/arm64-mte-do-not-allow-prot_mte-on-map_hugetlb-user-mappings.patch
@@ -0,0 +1,52 @@
+From stable+bounces-118464-greg=kroah.com@vger.kernel.org Thu Feb 20 16:59:39 2025
+From: Catalin Marinas <catalin.marinas@arm.com>
+Date: Thu, 20 Feb 2025 15:58:01 +0000
+Subject: arm64: mte: Do not allow PROT_MTE on MAP_HUGETLB user mappings
+To: <stable@vger.kernel.org>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Cc: yang@os.amperecomputing.com, Naresh Kamboju <naresh.kamboju@linaro.org>
+Message-ID: <20250220155801.1731061-1-catalin.marinas@arm.com>
+
+From: Catalin Marinas <catalin.marinas@arm.com>
+
+PROT_MTE (memory tagging extensions) is not supported on all user mmap()
+types for various reasons (memory attributes, backing storage, CoW
+handling). The arm64 arch_validate_flags() function checks whether the
+VM_MTE_ALLOWED flag has been set for a vma during mmap(), usually by
+arch_calc_vm_flag_bits().
+
+Linux prior to 6.13 does not support PROT_MTE hugetlb mappings. This was
+added by commit 25c17c4b55de ("hugetlb: arm64: add mte support").
+However, earlier kernels inadvertently set VM_MTE_ALLOWED on
+(MAP_ANONYMOUS | MAP_HUGETLB) mappings by only checking for
+MAP_ANONYMOUS.
+
+Explicitly check MAP_HUGETLB in arch_calc_vm_flag_bits() and avoid
+setting VM_MTE_ALLOWED for such mappings.
+
+Fixes: 9f3419315f3c ("arm64: mte: Add PROT_MTE support to mmap() and mprotect()")
+Cc: <stable@vger.kernel.org> # 5.10.x-6.12.x
+Reported-by: Naresh Kamboju <naresh.kamboju@linaro.org>
+Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/arm64/include/asm/mman.h |    9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+--- a/arch/arm64/include/asm/mman.h
++++ b/arch/arm64/include/asm/mman.h
+@@ -41,9 +41,12 @@ static inline unsigned long arch_calc_vm
+ 	 * backed by tags-capable memory. The vm_flags may be overridden by a
+ 	 * filesystem supporting MTE (RAM-based).
+ 	 */
+-	if (system_supports_mte() &&
+-	    ((flags & MAP_ANONYMOUS) || shmem_file(file)))
+-		return VM_MTE_ALLOWED;
++	if (system_supports_mte()) {
++		if ((flags & MAP_ANONYMOUS) && !(flags & MAP_HUGETLB))
++			return VM_MTE_ALLOWED;
++		if (shmem_file(file))
++			return VM_MTE_ALLOWED;
++	}
+ 
+ 	return 0;
+ }
diff --git a/queue-6.12/series b/queue-6.12/series
new file mode 100644
index 0000000000..23ce9dbdbe
--- /dev/null
+++ b/queue-6.12/series
@@ -0,0 +1 @@
+arm64-mte-do-not-allow-prot_mte-on-map_hugetlb-user-mappings.patch