From 06fe06c9283f21b4cdd750d582fc9f6cb11e8693 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 22 Jan 2024 09:50:51 -0800
Subject: [PATCH] 5.10-stable patches

added patches:
	kprobes-fix-to-handle-forcibly-unoptimized-kprobes-on-freeing_list.patch
	net-ethernet-mtk_eth_soc-remove-duplicate-if-statements.patch
---
 ...-unoptimized-kprobes-on-freeing_list.patch | 95 +++++++++++++++++++
 ...h_soc-remove-duplicate-if-statements.patch | 34 +++++++
 queue-5.10/series                             |  2 +
 3 files changed, 131 insertions(+)
 create mode 100644 queue-5.10/kprobes-fix-to-handle-forcibly-unoptimized-kprobes-on-freeing_list.patch
 create mode 100644 queue-5.10/net-ethernet-mtk_eth_soc-remove-duplicate-if-statements.patch

diff --git a/queue-5.10/kprobes-fix-to-handle-forcibly-unoptimized-kprobes-on-freeing_list.patch b/queue-5.10/kprobes-fix-to-handle-forcibly-unoptimized-kprobes-on-freeing_list.patch
new file mode 100644
index 00000000000..a76a614117f
--- /dev/null
+++ b/queue-5.10/kprobes-fix-to-handle-forcibly-unoptimized-kprobes-on-freeing_list.patch
@@ -0,0 +1,95 @@
+From 4fbd2f83fda0ca44a2ec6421ca3508b355b31858 Mon Sep 17 00:00:00 2001
+From: "Masami Hiramatsu (Google)" <mhiramat@kernel.org>
+Date: Tue, 21 Feb 2023 08:49:16 +0900
+Subject: kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list
+
+From: Masami Hiramatsu (Google) <mhiramat@kernel.org>
+
+commit 4fbd2f83fda0ca44a2ec6421ca3508b355b31858 upstream.
+
+Since forcibly unoptimized kprobes will be put on the freeing_list directly
+in the unoptimize_kprobe(), do_unoptimize_kprobes() must continue to check
+the freeing_list even if unoptimizing_list is empty.
+
+This bug can happen if a kprobe is put in an instruction which is in the
+middle of the jump-replaced instruction sequence of an optprobe, *and* the
+optprobe is recently unregistered and queued on unoptimizing_list.
+In this case, the optprobe will be unoptimized forcibly (means immediately)
+and put it into the freeing_list, expecting the optprobe will be handled in
+do_unoptimize_kprobe().
+But if there is no other optprobes on the unoptimizing_list, current code
+returns from the do_unoptimize_kprobe() soon and does not handle the
+optprobe which is on the freeing_list. Then the optprobe will hit the
+WARN_ON_ONCE() in the do_free_cleaned_kprobes(), because it is not handled
+in the latter loop of the do_unoptimize_kprobe().
+
+To solve this issue, do not return from do_unoptimize_kprobes() immediately
+even if unoptimizing_list is empty.
+
+Moreover, this change affects another case. kill_optimized_kprobes() expects
+kprobe_optimizer() will just free the optprobe on freeing_list.
+So I changed it to just do list_move() to freeing_list if optprobes are on
+unoptimizing list. And the do_unoptimize_kprobe() will skip
+arch_disarm_kprobe() if the probe on freeing_list has gone flag.
+
+Link: https://lore.kernel.org/all/Y8URdIfVr3pq2X8w@xpf.sh.intel.com/
+Link: https://lore.kernel.org/all/167448024501.3253718.13037333683110512967.stgit@devnote3/
+
+Fixes: e4add247789e ("kprobes: Fix optimize_kprobe()/unoptimize_kprobe() cancellation logic")
+Reported-by: Pengfei Xu <pengfei.xu@intel.com>
+Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
+Cc: stable@vger.kernel.org
+Acked-by: Steven Rostedt (Google) <rostedt@goodmis.org>
+[fp: adjust comment conflict regarding commit 223a76b268c9 ("kprobes: Fix
+ coding style issues")]
+Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/kprobes.c |   23 ++++++++++-------------
+ 1 file changed, 10 insertions(+), 13 deletions(-)
+
+--- a/kernel/kprobes.c
++++ b/kernel/kprobes.c
+@@ -545,17 +545,15 @@ static void do_unoptimize_kprobes(void)
+ 	/* See comment in do_optimize_kprobes() */
+ 	lockdep_assert_cpus_held();
+ 
+-	/* Unoptimization must be done anytime */
+-	if (list_empty(&unoptimizing_list))
+-		return;
++	if (!list_empty(&unoptimizing_list))
++		arch_unoptimize_kprobes(&unoptimizing_list, &freeing_list);
+ 
+-	arch_unoptimize_kprobes(&unoptimizing_list, &freeing_list);
+-	/* Loop free_list for disarming */
++	/* Loop on 'freeing_list' for disarming and removing from kprobe hash list */
+ 	list_for_each_entry_safe(op, tmp, &freeing_list, list) {
+ 		/* Switching from detour code to origin */
+ 		op->kp.flags &= ~KPROBE_FLAG_OPTIMIZED;
+-		/* Disarm probes if marked disabled */
+-		if (kprobe_disabled(&op->kp))
++		/* Disarm probes if marked disabled and not gone */
++		if (kprobe_disabled(&op->kp) && !kprobe_gone(&op->kp))
+ 			arch_disarm_kprobe(&op->kp);
+ 		if (kprobe_unused(&op->kp)) {
+ 			/*
+@@ -784,14 +782,13 @@ static void kill_optimized_kprobe(struct
+ 	op->kp.flags &= ~KPROBE_FLAG_OPTIMIZED;
+ 
+ 	if (kprobe_unused(p)) {
+-		/* Enqueue if it is unused */
+-		list_add(&op->list, &freeing_list);
+ 		/*
+-		 * Remove unused probes from the hash list. After waiting
+-		 * for synchronization, this probe is reclaimed.
+-		 * (reclaiming is done by do_free_cleaned_kprobes().)
++		 * Unused kprobe is on unoptimizing or freeing list. We move it
++		 * to freeing_list and let the kprobe_optimizer() remove it from
++		 * the kprobe hash list and free it.
+ 		 */
+-		hlist_del_rcu(&op->kp.hlist);
++		if (optprobe_queued_unopt(op))
++			list_move(&op->list, &freeing_list);
+ 	}
+ 
+ 	/* Don't touch the code, because it is already freed. */
diff --git a/queue-5.10/net-ethernet-mtk_eth_soc-remove-duplicate-if-statements.patch b/queue-5.10/net-ethernet-mtk_eth_soc-remove-duplicate-if-statements.patch
new file mode 100644
index 00000000000..eec090d3cda
--- /dev/null
+++ b/queue-5.10/net-ethernet-mtk_eth_soc-remove-duplicate-if-statements.patch
@@ -0,0 +1,34 @@
+From amadeus@jmu.edu.cn  Mon Jan 22 09:48:15 2024
+From: Chukun Pan <amadeus@jmu.edu.cn>
+Date: Mon, 22 Jan 2024 21:02:19 +0800
+Subject: net: ethernet: mtk_eth_soc: remove duplicate if statements
+To: Sasha Levin <sashal@kernel.org>
+Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>, stable@vger.kernel.org, Chukun Pan <amadeus@jmu.edu.cn>
+Message-ID: <20240122130219.220316-1-amadeus@jmu.edu.cn>
+
+From: Chukun Pan <amadeus@jmu.edu.cn>
+
+It seems that there was something wrong with backport,
+causing `if (err)` to appear twice in the same place.
+
+Fixes: da86a63479e ("net: ethernet: mtk_eth_soc: fix error handling in mtk_open()")
+Cc: Liu Jian <liujian56@huawei.com>
+Cc: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
+Cc: Jakub Kicinski <kuba@kernel.org>
+Cc: Sasha Levin <sashal@kernel.org>
+Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/mediatek/mtk_eth_soc.c |    1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/drivers/net/ethernet/mediatek/mtk_eth_soc.c
++++ b/drivers/net/ethernet/mediatek/mtk_eth_soc.c
+@@ -2302,7 +2302,6 @@ static int mtk_open(struct net_device *d
+ 	if (!refcount_read(&eth->dma_refcnt)) {
+ 		int err = mtk_start_dma(eth);
+ 
+-		if (err)
+ 		if (err) {
+ 			phylink_disconnect_phy(mac->phylink);
+ 			return err;
diff --git a/queue-5.10/series b/queue-5.10/series
index 20c9e1865a4..981f836411f 100644
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -203,3 +203,5 @@ dma-mapping-fix-build-error-unused-value.patch
 virtio-crypto-fix-memory-leak.patch
 virtio-crypto-fix-memory-leak-in-virtio_crypto_alg_skcipher_close_session.patch
 revert-asoc-atmel-remove-system-clock-tree-configuration-for-at91sam9g20ek.patch
+kprobes-fix-to-handle-forcibly-unoptimized-kprobes-on-freeing_list.patch
+net-ethernet-mtk_eth_soc-remove-duplicate-if-statements.patch
-- 
2.47.3