From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 5 Feb 2025 11:01:56 +0000 (+0100)
Subject: 6.12-stable patches
X-Git-Tag: v6.6.76~14
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f0e3ead81932c6b288bb00616e181b25c26701f1;p=thirdparty%2Fkernel%2Fstable-queue.git

6.12-stable patches

added patches:
	revert-s390-mm-allow-large-pages-for-kasan-shadow-mapping.patch
---

diff --git a/queue-6.12/revert-s390-mm-allow-large-pages-for-kasan-shadow-mapping.patch b/queue-6.12/revert-s390-mm-allow-large-pages-for-kasan-shadow-mapping.patch
new file mode 100644
index 0000000000..af5260b6cc
--- /dev/null
+++ b/queue-6.12/revert-s390-mm-allow-large-pages-for-kasan-shadow-mapping.patch
@@ -0,0 +1,53 @@
+From cc00550b2ae7ab1c7c56669fc004a13d880aaf0a Mon Sep 17 00:00:00 2001
+From: Vasily Gorbik <gor@linux.ibm.com>
+Date: Fri, 29 Nov 2024 01:07:01 +0100
+Subject: Revert "s390/mm: Allow large pages for KASAN shadow mapping"
+
+From: Vasily Gorbik <gor@linux.ibm.com>
+
+commit cc00550b2ae7ab1c7c56669fc004a13d880aaf0a upstream.
+
+This reverts commit ff123eb7741638d55abf82fac090bb3a543c1e74.
+
+Allowing large pages for KASAN shadow mappings isn't inherently wrong,
+but adding POPULATE_KASAN_MAP_SHADOW to large_allowed() exposes an issue
+in can_large_pud() and can_large_pmd().
+
+Since commit d8073dc6bc04 ("s390/mm: Allow large pages only for aligned
+physical addresses"), both can_large_pud() and can_large_pmd() call _pa()
+to check if large page physical addresses are aligned. However, _pa()
+has a side effect: it allocates memory in POPULATE_KASAN_MAP_SHADOW
+mode. This results in massive memory leaks.
+
+The proper fix would be to address both large_allowed() and _pa()'s side
+effects, but for now, revert this change to avoid the leaks.
+
+Fixes: ff123eb77416 ("s390/mm: Allow large pages for KASAN shadow mapping")
+Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
+Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/s390/boot/vmem.c |   12 +-----------
+ 1 file changed, 1 insertion(+), 11 deletions(-)
+
+--- a/arch/s390/boot/vmem.c
++++ b/arch/s390/boot/vmem.c
+@@ -264,17 +264,7 @@ static unsigned long _pa(unsigned long a
+ 
+ static bool large_allowed(enum populate_mode mode)
+ {
+-	switch (mode) {
+-	case POPULATE_DIRECT:
+-	case POPULATE_IDENTITY:
+-	case POPULATE_KERNEL:
+-#ifdef CONFIG_KASAN
+-	case POPULATE_KASAN_MAP_SHADOW:
+-#endif
+-		return true;
+-	default:
+-		return false;
+-	}
++	return (mode == POPULATE_DIRECT) || (mode == POPULATE_IDENTITY) || (mode == POPULATE_KERNEL);
+ }
+ 
+ static bool can_large_pud(pud_t *pu_dir, unsigned long addr, unsigned long end,
diff --git a/queue-6.12/series b/queue-6.12/series
index a7d45ef1cf..2a9520a4c5 100644
--- a/queue-6.12/series
+++ b/queue-6.12/series
@@ -579,3 +579,4 @@ xfrm-add-error-handling-when-nla_put_u32-returns-an-error.patch
 xfrm-fix-acquire-state-insertion.patch
 ethtool-fix-access-to-uninitialized-fields-in-set-rxnfc-command.patch
 phy-freescale-fsl-samsung-hdmi-fix-64-by-32-division-cocci-warnings.patch
+revert-s390-mm-allow-large-pages-for-kasan-shadow-mapping.patch