drop queue-5.15/mm-fix-copy_from_user_nofault.patch

Breaks the build

diff --git a/queue-5.15/mm-fix-copy_from_user_nofault.patch b/queue-5.15/mm-fix-copy_from_user_nofault.patch
deleted file mode 100644 (file)
index 36f6538..0000000
--- a/queue-5.15/mm-fix-copy_from_user_nofault.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-From stable+bounces-206300-greg=kroah.com@vger.kernel.org Thu Jan  8 14:49:31 2026
-From: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
-Date: Thu,  8 Jan 2026 07:15:45 -0300
-Subject: mm: Fix copy_from_user_nofault().
-To: stable@vger.kernel.org
-Cc: Kees Cook <kees@kernel.org>, Alexei Starovoitov <ast@kernel.org>, Hsin-Wei Hung <hsinweih@uci.edu>, Florian Lehner <dev@der-flo.net>, Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
-Message-ID: <20260108101545.2982626-2-cascardo@igalia.com>
-
-From: Alexei Starovoitov <ast@kernel.org>
-
-commit d319f344561de23e810515d109c7278919bff7b0 upstream.
-
-There are several issues with copy_from_user_nofault():
-
-- access_ok() is designed for user context only and for that reason
-it has WARN_ON_IN_IRQ() which triggers when bpf, kprobe, eprobe
-and perf on ppc are calling it from irq.
-
-- it's missing nmi_uaccess_okay() which is a nop on all architectures
-except x86 where it's required.
-The comment in arch/x86/mm/tlb.c explains the details why it's necessary.
-Calling copy_from_user_nofault() from bpf, [ke]probe without this check is not safe.
-
-- __copy_from_user_inatomic() under CONFIG_HARDENED_USERCOPY is calling
-check_object_size()->__check_object_size()->check_heap_object()->find_vmap_area()->spin_lock()
-which is not safe to do from bpf, [ke]probe and perf due to potential deadlock.
-
-Fix all three issues. At the end the copy_from_user_nofault() becomes
-equivalent to copy_from_user_nmi() from safety point of view with
-a difference in the return value.
-
-Reported-by: Hsin-Wei Hung <hsinweih@uci.edu>
-Signed-off-by: Alexei Starovoitov <ast@kernel.org>
-Signed-off-by: Florian Lehner <dev@der-flo.net>
-Tested-by: Hsin-Wei Hung <hsinweih@uci.edu>
-Tested-by: Florian Lehner <dev@der-flo.net>
-Link: https://lore.kernel.org/r/20230410174345.4376-2-dev@der-flo.net
-Signed-off-by: Alexei Starovoitov <ast@kernel.org>
-[cascardo: the test in check_heap_objects did not exist]
-Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- mm/maccess.c |   16 +++++++++++-----
- 1 file changed, 11 insertions(+), 5 deletions(-)
-
---- a/mm/maccess.c
-+++ b/mm/maccess.c
-@@ -5,6 +5,7 @@
- #include <linux/export.h>
- #include <linux/mm.h>
- #include <linux/uaccess.h>
-+#include <asm/tlb.h>
- 
- bool __weak copy_from_kernel_nofault_allowed(const void *unsafe_src,
-               size_t size)
-@@ -223,11 +224,16 @@ long copy_from_user_nofault(void *dst, c
-       long ret = -EFAULT;
-       mm_segment_t old_fs = force_uaccess_begin();
- 
--      if (access_ok(src, size)) {
--              pagefault_disable();
--              ret = __copy_from_user_inatomic(dst, src, size);
--              pagefault_enable();
--      }
-+      if (!__access_ok(src, size))
-+              return ret;
-+
-+      if (!nmi_uaccess_okay())
-+              return ret;
-+
-+      pagefault_disable();
-+      ret = __copy_from_user_inatomic(dst, src, size);
-+      pagefault_enable();
-+
-       force_uaccess_end(old_fs);
- 
-       if (ret)

diff --git a/queue-5.15/series b/queue-5.15/series
index e6732e24c1baf5ff8af79b14bbe17e1b005ab3ca..7e327162a6783f63a149a622e88d3afb1271589b 100644 (file)
--- a/queue-5.15/series
+++ b/queue-5.15/series
@@ -491,7 +491,6 @@ ipv6-fix-potential-uninit-value-access-in-__ip6_make_skb.patch
 ipv4-fix-uninit-value-access-in-__ip_make_skb.patch
 selftests-net-test_vxlan_under_vrf-fix-hv-connectivity-test.patch
 x86-remove-__range_not_ok.patch
-mm-fix-copy_from_user_nofault.patch
 pwm-stm32-always-program-polarity.patch
 ext4-filesystems-without-casefold-feature-cannot-be-mounted-with-siphash.patch
 ext4-factor-out-ext4_hash_info_init.patch