From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 16 May 2022 13:35:22 +0000 (+0200)
Subject: 5.17-stable patches
X-Git-Tag: v4.9.315~10
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e9d905b510faa03016df488b3efc505b621d5522;p=thirdparty%2Fkernel%2Fstable-queue.git

5.17-stable patches

added patches:
	mm-kfence-reset-pg_slab-and-memcg_data-before-freeing-__kfence_pool.patch
	net-phy-micrel-fix-incorrect-variable-type-in-micrel.patch
---

diff --git a/queue-5.17/mm-kfence-reset-pg_slab-and-memcg_data-before-freeing-__kfence_pool.patch b/queue-5.17/mm-kfence-reset-pg_slab-and-memcg_data-before-freeing-__kfence_pool.patch
new file mode 100644
index 00000000000..1d9c027e8df
--- /dev/null
+++ b/queue-5.17/mm-kfence-reset-pg_slab-and-memcg_data-before-freeing-__kfence_pool.patch
@@ -0,0 +1,83 @@
+From 2839b0999c20c9f6bf353849c69370e121e2fa1a Mon Sep 17 00:00:00 2001
+From: Hyeonggon Yoo <42.hyeyoo@gmail.com>
+Date: Mon, 9 May 2022 17:34:29 -0700
+Subject: mm/kfence: reset PG_slab and memcg_data before freeing __kfence_pool
+
+From: Hyeonggon Yoo <42.hyeyoo@gmail.com>
+
+commit 2839b0999c20c9f6bf353849c69370e121e2fa1a upstream.
+
+When kfence fails to initialize kfence pool, it frees the pool.  But it
+does not reset memcg_data and PG_slab flag.
+
+Below is a BUG because of this. Let's fix it by resetting memcg_data
+and PG_slab flag before free.
+
+[    0.089149] BUG: Bad page state in process swapper/0  pfn:3d8e06
+[    0.089149] page:ffffea46cf638180 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3d8e06
+[    0.089150] memcg:ffffffff94a475d1
+[    0.089150] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)
+[    0.089151] raw: 0017ffffc0000200 ffffea46cf638188 ffffea46cf638188 0000000000000000
+[    0.089152] raw: 0000000000000000 0000000000000000 00000000ffffffff ffffffff94a475d1
+[    0.089152] page dumped because: page still charged to cgroup
+[    0.089153] Modules linked in:
+[    0.089153] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G    B   W         5.18.0-rc1+ #965
+[    0.089154] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014
+[    0.089154] Call Trace:
+[    0.089155]  <TASK>
+[    0.089155]  dump_stack_lvl+0x49/0x5f
+[    0.089157]  dump_stack+0x10/0x12
+[    0.089158]  bad_page.cold+0x63/0x94
+[    0.089159]  check_free_page_bad+0x66/0x70
+[    0.089160]  __free_pages_ok+0x423/0x530
+[    0.089161]  __free_pages_core+0x8e/0xa0
+[    0.089162]  memblock_free_pages+0x10/0x12
+[    0.089164]  memblock_free_late+0x8f/0xb9
+[    0.089165]  kfence_init+0x68/0x92
+[    0.089166]  start_kernel+0x789/0x992
+[    0.089167]  x86_64_start_reservations+0x24/0x26
+[    0.089168]  x86_64_start_kernel+0xa9/0xaf
+[    0.089170]  secondary_startup_64_no_verify+0xd5/0xdb
+[    0.089171]  </TASK>
+
+Link: https://lkml.kernel.org/r/YnPG3pQrqfcgOlVa@hyeyoo
+Fixes: 0ce20dd84089 ("mm: add Kernel Electric-Fence infrastructure")
+Fixes: 8f0b36497303 ("mm: kfence: fix objcgs vector allocation")
+Signed-off-by: Hyeonggon Yoo <42.hyeyoo@gmail.com>
+Reviewed-by: Marco Elver <elver@google.com>
+Reviewed-by: Muchun Song <songmuchun@bytedance.com>
+Cc: Alexander Potapenko <glider@google.com>
+Cc: Dmitry Vyukov <dvyukov@google.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ mm/kfence/core.c |   11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+--- a/mm/kfence/core.c
++++ b/mm/kfence/core.c
+@@ -515,6 +515,7 @@ static bool __init kfence_init_pool(void
+ {
+ 	unsigned long addr = (unsigned long)__kfence_pool;
+ 	struct page *pages;
++	char *p;
+ 	int i;
+ 
+ 	if (!__kfence_pool)
+@@ -598,6 +599,16 @@ err:
+ 	 * fails for the first page, and therefore expect addr==__kfence_pool in
+ 	 * most failure cases.
+ 	 */
++	for (p = (char *)addr; p < __kfence_pool + KFENCE_POOL_SIZE; p += PAGE_SIZE) {
++		struct slab *slab = virt_to_slab(p);
++
++		if (!slab)
++			continue;
++#ifdef CONFIG_MEMCG
++		slab->memcg_data = 0;
++#endif
++		__folio_clear_slab(slab_folio(slab));
++	}
+ 	memblock_free_late(__pa(addr), KFENCE_POOL_SIZE - (addr - (unsigned long)__kfence_pool));
+ 	__kfence_pool = NULL;
+ 	return false;
diff --git a/queue-5.17/net-phy-micrel-fix-incorrect-variable-type-in-micrel.patch b/queue-5.17/net-phy-micrel-fix-incorrect-variable-type-in-micrel.patch
new file mode 100644
index 00000000000..bf193ae43d7
--- /dev/null
+++ b/queue-5.17/net-phy-micrel-fix-incorrect-variable-type-in-micrel.patch
@@ -0,0 +1,33 @@
+From 12a4d677b1c34717443470c1492fe520638ef39a Mon Sep 17 00:00:00 2001
+From: Wan Jiabing <wanjiabing@vivo.com>
+Date: Mon, 9 May 2022 22:45:19 +0800
+Subject: net: phy: micrel: Fix incorrect variable type in micrel
+
+From: Wan Jiabing <wanjiabing@vivo.com>
+
+commit 12a4d677b1c34717443470c1492fe520638ef39a upstream.
+
+In lanphy_read_page_reg, calling __phy_read() might return a negative
+error code. Use 'int' to check the error code.
+
+Fixes: 7c2dcfa295b1 ("net: phy: micrel: Add support for LAN8804 PHY")
+Signed-off-by: Wan Jiabing <wanjiabing@vivo.com>
+Reviewed-by: Andrew Lunn <andrew@lunn.ch>
+Link: https://lore.kernel.org/r/20220509144519.2343399-1-wanjiabing@vivo.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/phy/micrel.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/phy/micrel.c
++++ b/drivers/net/phy/micrel.c
+@@ -1594,7 +1594,7 @@ static int ksz886x_cable_test_get_status
+ 
+ static int lanphy_read_page_reg(struct phy_device *phydev, int page, u32 addr)
+ {
+-	u32 data;
++	int data;
+ 
+ 	phy_lock_mdio_bus(phydev);
+ 	__phy_write(phydev, LAN_EXT_PAGE_ACCESS_CONTROL, page);
diff --git a/queue-5.17/series b/queue-5.17/series
index 512c22051a5..ea2008dc60e 100644
--- a/queue-5.17/series
+++ b/queue-5.17/series
@@ -110,3 +110,5 @@ drm-vmwgfx-initialize-drm_mode_fb_cmd2.patch
 revert-drm-amd-pm-keep-the-baco-feature-enabled-for-suspend.patch
 dma-buf-call-dma_buf_stats_setup-after-dmabuf-is-in-valid-list.patch
 mm-hwpoison-use-pr_err-instead-of-dump_page-in-get_any_page.patch
+net-phy-micrel-fix-incorrect-variable-type-in-micrel.patch
+mm-kfence-reset-pg_slab-and-memcg_data-before-freeing-__kfence_pool.patch