From: Greg Kroah-Hartman Date: Tue, 26 Mar 2019 07:17:09 +0000 (+0900) Subject: drop mm-mempolicy-fix-uninit-memory-access.patch from all branches. X-Git-Tag: v4.9.166~1 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=eeedb0e9902d4df10a64048aae75a60ca27306d7;p=thirdparty%2Fkernel%2Fstable-queue.git drop mm-mempolicy-fix-uninit-memory-access.patch from all branches. --- diff --git a/queue-4.14/mm-mempolicy-fix-uninit-memory-access.patch b/queue-4.14/mm-mempolicy-fix-uninit-memory-access.patch deleted file mode 100644 index ec0b2aae223..00000000000 --- a/queue-4.14/mm-mempolicy-fix-uninit-memory-access.patch +++ /dev/null @@ -1,93 +0,0 @@ -From 2e25644e8da4ed3a27e7b8315aaae74660be72dc Mon Sep 17 00:00:00 2001 -From: Vlastimil Babka -Date: Tue, 5 Mar 2019 15:46:50 -0800 -Subject: mm, mempolicy: fix uninit memory access - -From: Vlastimil Babka - -commit 2e25644e8da4ed3a27e7b8315aaae74660be72dc upstream. - -Syzbot with KMSAN reports (excerpt): - -================================================================== -BUG: KMSAN: uninit-value in mpol_rebind_policy mm/mempolicy.c:353 [inline] -BUG: KMSAN: uninit-value in mpol_rebind_mm+0x249/0x370 mm/mempolicy.c:384 -CPU: 1 PID: 17420 Comm: syz-executor4 Not tainted 4.20.0-rc7+ #15 -Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS -Google 01/01/2011 -Call Trace: - __dump_stack lib/dump_stack.c:77 [inline] - dump_stack+0x173/0x1d0 lib/dump_stack.c:113 - kmsan_report+0x12e/0x2a0 mm/kmsan/kmsan.c:613 - __msan_warning+0x82/0xf0 mm/kmsan/kmsan_instr.c:295 - mpol_rebind_policy mm/mempolicy.c:353 [inline] - mpol_rebind_mm+0x249/0x370 mm/mempolicy.c:384 - update_tasks_nodemask+0x608/0xca0 kernel/cgroup/cpuset.c:1120 - update_nodemasks_hier kernel/cgroup/cpuset.c:1185 [inline] - update_nodemask kernel/cgroup/cpuset.c:1253 [inline] - cpuset_write_resmask+0x2a98/0x34b0 kernel/cgroup/cpuset.c:1728 - -... - -Uninit was created at: - kmsan_save_stack_with_flags mm/kmsan/kmsan.c:204 [inline] - kmsan_internal_poison_shadow+0x92/0x150 mm/kmsan/kmsan.c:158 - kmsan_kmalloc+0xa6/0x130 mm/kmsan/kmsan_hooks.c:176 - kmem_cache_alloc+0x572/0xb90 mm/slub.c:2777 - mpol_new mm/mempolicy.c:276 [inline] - do_mbind mm/mempolicy.c:1180 [inline] - kernel_mbind+0x8a7/0x31a0 mm/mempolicy.c:1347 - __do_sys_mbind mm/mempolicy.c:1354 [inline] - -As it's difficult to report where exactly the uninit value resides in -the mempolicy object, we have to guess a bit. mm/mempolicy.c:353 -contains this part of mpol_rebind_policy(): - - if (!mpol_store_user_nodemask(pol) && - nodes_equal(pol->w.cpuset_mems_allowed, *newmask)) - -"mpol_store_user_nodemask(pol)" is testing pol->flags, which I couldn't -ever see being uninitialized after leaving mpol_new(). So I'll guess -it's actually about accessing pol->w.cpuset_mems_allowed on line 354, -but still part of statement starting on line 353. - -For w.cpuset_mems_allowed to be not initialized, and the nodes_equal() -reachable for a mempolicy where mpol_set_nodemask() is called in -do_mbind(), it seems the only possibility is a MPOL_PREFERRED policy -with empty set of nodes, i.e. MPOL_LOCAL equivalent, with MPOL_F_LOCAL -flag. Let's exclude such policies from the nodes_equal() check. Note -the uninit access should be benign anyway, as rebinding this kind of -policy is always a no-op. Therefore no actual need for stable -inclusion. - -Link: http://lkml.kernel.org/r/a71997c3-e8ae-a787-d5ce-3db05768b27c@suse.cz -Link: http://lkml.kernel.org/r/73da3e9c-cc84-509e-17d9-0c434bb9967d@suse.cz -Signed-off-by: Vlastimil Babka -Reported-by: syzbot+b19c2dc2c990ea657a71@syzkaller.appspotmail.com -Cc: Alexander Potapenko -Cc: Dmitry Vyukov -Cc: Andrea Arcangeli -Cc: "Kirill A. Shutemov" -Cc: Michal Hocko -Cc: David Rientjes -Cc: Yisheng Xie -Cc: zhong jiang -Signed-off-by: Andrew Morton -Signed-off-by: Linus Torvalds -Signed-off-by: Greg Kroah-Hartman - ---- - mm/mempolicy.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/mm/mempolicy.c -+++ b/mm/mempolicy.c -@@ -349,7 +349,7 @@ static void mpol_rebind_policy(struct me - { - if (!pol) - return; -- if (!mpol_store_user_nodemask(pol) && -+ if (!mpol_store_user_nodemask(pol) && !(pol->flags & MPOL_F_LOCAL) && - nodes_equal(pol->w.cpuset_mems_allowed, *newmask)) - return; - diff --git a/queue-4.14/series b/queue-4.14/series index 0aee950ab9f..9cdb8796952 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -25,7 +25,6 @@ netfilter-ebtables-remove-bugprint-messages.patch x86-unwind-handle-null-pointer-calls-better-in-frame-unwinder.patch x86-unwind-add-hardcoded-orc-entry-for-null.patch locking-lockdep-add-debug_locks-check-in-__lock_downgrade.patch -mm-mempolicy-fix-uninit-memory-access.patch alsa-hda-record-the-current-power-state-before-suspend-resume-calls.patch alsa-hda-enforces-runtime_resume-after-s3-and-s4-for-each-codec.patch lib-int_sqrt-optimize-small-argument.patch diff --git a/queue-4.19/mm-mempolicy-fix-uninit-memory-access.patch b/queue-4.19/mm-mempolicy-fix-uninit-memory-access.patch deleted file mode 100644 index 3e18f81d849..00000000000 --- a/queue-4.19/mm-mempolicy-fix-uninit-memory-access.patch +++ /dev/null @@ -1,93 +0,0 @@ -From 2e25644e8da4ed3a27e7b8315aaae74660be72dc Mon Sep 17 00:00:00 2001 -From: Vlastimil Babka -Date: Tue, 5 Mar 2019 15:46:50 -0800 -Subject: mm, mempolicy: fix uninit memory access - -From: Vlastimil Babka - -commit 2e25644e8da4ed3a27e7b8315aaae74660be72dc upstream. - -Syzbot with KMSAN reports (excerpt): - -================================================================== -BUG: KMSAN: uninit-value in mpol_rebind_policy mm/mempolicy.c:353 [inline] -BUG: KMSAN: uninit-value in mpol_rebind_mm+0x249/0x370 mm/mempolicy.c:384 -CPU: 1 PID: 17420 Comm: syz-executor4 Not tainted 4.20.0-rc7+ #15 -Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS -Google 01/01/2011 -Call Trace: - __dump_stack lib/dump_stack.c:77 [inline] - dump_stack+0x173/0x1d0 lib/dump_stack.c:113 - kmsan_report+0x12e/0x2a0 mm/kmsan/kmsan.c:613 - __msan_warning+0x82/0xf0 mm/kmsan/kmsan_instr.c:295 - mpol_rebind_policy mm/mempolicy.c:353 [inline] - mpol_rebind_mm+0x249/0x370 mm/mempolicy.c:384 - update_tasks_nodemask+0x608/0xca0 kernel/cgroup/cpuset.c:1120 - update_nodemasks_hier kernel/cgroup/cpuset.c:1185 [inline] - update_nodemask kernel/cgroup/cpuset.c:1253 [inline] - cpuset_write_resmask+0x2a98/0x34b0 kernel/cgroup/cpuset.c:1728 - -... - -Uninit was created at: - kmsan_save_stack_with_flags mm/kmsan/kmsan.c:204 [inline] - kmsan_internal_poison_shadow+0x92/0x150 mm/kmsan/kmsan.c:158 - kmsan_kmalloc+0xa6/0x130 mm/kmsan/kmsan_hooks.c:176 - kmem_cache_alloc+0x572/0xb90 mm/slub.c:2777 - mpol_new mm/mempolicy.c:276 [inline] - do_mbind mm/mempolicy.c:1180 [inline] - kernel_mbind+0x8a7/0x31a0 mm/mempolicy.c:1347 - __do_sys_mbind mm/mempolicy.c:1354 [inline] - -As it's difficult to report where exactly the uninit value resides in -the mempolicy object, we have to guess a bit. mm/mempolicy.c:353 -contains this part of mpol_rebind_policy(): - - if (!mpol_store_user_nodemask(pol) && - nodes_equal(pol->w.cpuset_mems_allowed, *newmask)) - -"mpol_store_user_nodemask(pol)" is testing pol->flags, which I couldn't -ever see being uninitialized after leaving mpol_new(). So I'll guess -it's actually about accessing pol->w.cpuset_mems_allowed on line 354, -but still part of statement starting on line 353. - -For w.cpuset_mems_allowed to be not initialized, and the nodes_equal() -reachable for a mempolicy where mpol_set_nodemask() is called in -do_mbind(), it seems the only possibility is a MPOL_PREFERRED policy -with empty set of nodes, i.e. MPOL_LOCAL equivalent, with MPOL_F_LOCAL -flag. Let's exclude such policies from the nodes_equal() check. Note -the uninit access should be benign anyway, as rebinding this kind of -policy is always a no-op. Therefore no actual need for stable -inclusion. - -Link: http://lkml.kernel.org/r/a71997c3-e8ae-a787-d5ce-3db05768b27c@suse.cz -Link: http://lkml.kernel.org/r/73da3e9c-cc84-509e-17d9-0c434bb9967d@suse.cz -Signed-off-by: Vlastimil Babka -Reported-by: syzbot+b19c2dc2c990ea657a71@syzkaller.appspotmail.com -Cc: Alexander Potapenko -Cc: Dmitry Vyukov -Cc: Andrea Arcangeli -Cc: "Kirill A. Shutemov" -Cc: Michal Hocko -Cc: David Rientjes -Cc: Yisheng Xie -Cc: zhong jiang -Signed-off-by: Andrew Morton -Signed-off-by: Linus Torvalds -Signed-off-by: Greg Kroah-Hartman - ---- - mm/mempolicy.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/mm/mempolicy.c -+++ b/mm/mempolicy.c -@@ -350,7 +350,7 @@ static void mpol_rebind_policy(struct me - { - if (!pol) - return; -- if (!mpol_store_user_nodemask(pol) && -+ if (!mpol_store_user_nodemask(pol) && !(pol->flags & MPOL_F_LOCAL) && - nodes_equal(pol->w.cpuset_mems_allowed, *newmask)) - return; - diff --git a/queue-4.19/series b/queue-4.19/series index 491028bd21c..428fcb40209 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -39,7 +39,6 @@ loop-access-lo_backing_file-only-when-the-loop-device-is-lo_bound.patch x86-unwind-handle-null-pointer-calls-better-in-frame-unwinder.patch x86-unwind-add-hardcoded-orc-entry-for-null.patch locking-lockdep-add-debug_locks-check-in-__lock_downgrade.patch -mm-mempolicy-fix-uninit-memory-access.patch alsa-hda-record-the-current-power-state-before-suspend-resume-calls.patch alsa-hda-enforces-runtime_resume-after-s3-and-s4-for-each-codec.patch power-supply-charger-manager-fix-incorrect-return-value.patch diff --git a/queue-5.0/mm-mempolicy-fix-uninit-memory-access.patch b/queue-5.0/mm-mempolicy-fix-uninit-memory-access.patch deleted file mode 100644 index 3e18f81d849..00000000000 --- a/queue-5.0/mm-mempolicy-fix-uninit-memory-access.patch +++ /dev/null @@ -1,93 +0,0 @@ -From 2e25644e8da4ed3a27e7b8315aaae74660be72dc Mon Sep 17 00:00:00 2001 -From: Vlastimil Babka -Date: Tue, 5 Mar 2019 15:46:50 -0800 -Subject: mm, mempolicy: fix uninit memory access - -From: Vlastimil Babka - -commit 2e25644e8da4ed3a27e7b8315aaae74660be72dc upstream. - -Syzbot with KMSAN reports (excerpt): - -================================================================== -BUG: KMSAN: uninit-value in mpol_rebind_policy mm/mempolicy.c:353 [inline] -BUG: KMSAN: uninit-value in mpol_rebind_mm+0x249/0x370 mm/mempolicy.c:384 -CPU: 1 PID: 17420 Comm: syz-executor4 Not tainted 4.20.0-rc7+ #15 -Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS -Google 01/01/2011 -Call Trace: - __dump_stack lib/dump_stack.c:77 [inline] - dump_stack+0x173/0x1d0 lib/dump_stack.c:113 - kmsan_report+0x12e/0x2a0 mm/kmsan/kmsan.c:613 - __msan_warning+0x82/0xf0 mm/kmsan/kmsan_instr.c:295 - mpol_rebind_policy mm/mempolicy.c:353 [inline] - mpol_rebind_mm+0x249/0x370 mm/mempolicy.c:384 - update_tasks_nodemask+0x608/0xca0 kernel/cgroup/cpuset.c:1120 - update_nodemasks_hier kernel/cgroup/cpuset.c:1185 [inline] - update_nodemask kernel/cgroup/cpuset.c:1253 [inline] - cpuset_write_resmask+0x2a98/0x34b0 kernel/cgroup/cpuset.c:1728 - -... - -Uninit was created at: - kmsan_save_stack_with_flags mm/kmsan/kmsan.c:204 [inline] - kmsan_internal_poison_shadow+0x92/0x150 mm/kmsan/kmsan.c:158 - kmsan_kmalloc+0xa6/0x130 mm/kmsan/kmsan_hooks.c:176 - kmem_cache_alloc+0x572/0xb90 mm/slub.c:2777 - mpol_new mm/mempolicy.c:276 [inline] - do_mbind mm/mempolicy.c:1180 [inline] - kernel_mbind+0x8a7/0x31a0 mm/mempolicy.c:1347 - __do_sys_mbind mm/mempolicy.c:1354 [inline] - -As it's difficult to report where exactly the uninit value resides in -the mempolicy object, we have to guess a bit. mm/mempolicy.c:353 -contains this part of mpol_rebind_policy(): - - if (!mpol_store_user_nodemask(pol) && - nodes_equal(pol->w.cpuset_mems_allowed, *newmask)) - -"mpol_store_user_nodemask(pol)" is testing pol->flags, which I couldn't -ever see being uninitialized after leaving mpol_new(). So I'll guess -it's actually about accessing pol->w.cpuset_mems_allowed on line 354, -but still part of statement starting on line 353. - -For w.cpuset_mems_allowed to be not initialized, and the nodes_equal() -reachable for a mempolicy where mpol_set_nodemask() is called in -do_mbind(), it seems the only possibility is a MPOL_PREFERRED policy -with empty set of nodes, i.e. MPOL_LOCAL equivalent, with MPOL_F_LOCAL -flag. Let's exclude such policies from the nodes_equal() check. Note -the uninit access should be benign anyway, as rebinding this kind of -policy is always a no-op. Therefore no actual need for stable -inclusion. - -Link: http://lkml.kernel.org/r/a71997c3-e8ae-a787-d5ce-3db05768b27c@suse.cz -Link: http://lkml.kernel.org/r/73da3e9c-cc84-509e-17d9-0c434bb9967d@suse.cz -Signed-off-by: Vlastimil Babka -Reported-by: syzbot+b19c2dc2c990ea657a71@syzkaller.appspotmail.com -Cc: Alexander Potapenko -Cc: Dmitry Vyukov -Cc: Andrea Arcangeli -Cc: "Kirill A. Shutemov" -Cc: Michal Hocko -Cc: David Rientjes -Cc: Yisheng Xie -Cc: zhong jiang -Signed-off-by: Andrew Morton -Signed-off-by: Linus Torvalds -Signed-off-by: Greg Kroah-Hartman - ---- - mm/mempolicy.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/mm/mempolicy.c -+++ b/mm/mempolicy.c -@@ -350,7 +350,7 @@ static void mpol_rebind_policy(struct me - { - if (!pol) - return; -- if (!mpol_store_user_nodemask(pol) && -+ if (!mpol_store_user_nodemask(pol) && !(pol->flags & MPOL_F_LOCAL) && - nodes_equal(pol->w.cpuset_mems_allowed, *newmask)) - return; - diff --git a/queue-5.0/series b/queue-5.0/series index a8a26d768ea..26e071cf507 100644 --- a/queue-5.0/series +++ b/queue-5.0/series @@ -47,6 +47,5 @@ loop-access-lo_backing_file-only-when-the-loop-device-is-lo_bound.patch x86-unwind-handle-null-pointer-calls-better-in-frame-unwinder.patch x86-unwind-add-hardcoded-orc-entry-for-null.patch locking-lockdep-add-debug_locks-check-in-__lock_downgrade.patch -mm-mempolicy-fix-uninit-memory-access.patch alsa-hda-record-the-current-power-state-before-suspend-resume-calls.patch alsa-hda-enforces-runtime_resume-after-s3-and-s4-for-each-codec.patch