From 92cdad0a4a4be732ade1a0b57e54dc77de44cb43 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Thu, 5 Feb 2026 15:08:16 +0100 Subject: [PATCH] drop queue-5.15/mm-kfence-randomize-the-freelist-on-initialization.patch --- ...omize-the-freelist-on-initialization.patch | 86 ------------------- queue-5.15/series | 1 - 2 files changed, 87 deletions(-) delete mode 100644 queue-5.15/mm-kfence-randomize-the-freelist-on-initialization.patch diff --git a/queue-5.15/mm-kfence-randomize-the-freelist-on-initialization.patch b/queue-5.15/mm-kfence-randomize-the-freelist-on-initialization.patch deleted file mode 100644 index ede798d3e7..0000000000 --- a/queue-5.15/mm-kfence-randomize-the-freelist-on-initialization.patch +++ /dev/null @@ -1,86 +0,0 @@ -From 870ff19251bf3910dda7a7245da826924045fedd Mon Sep 17 00:00:00 2001 -From: Pimyn Girgis -Date: Tue, 20 Jan 2026 17:15:10 +0100 -Subject: mm/kfence: randomize the freelist on initialization - -From: Pimyn Girgis - -commit 870ff19251bf3910dda7a7245da826924045fedd upstream. - -Randomize the KFENCE freelist during pool initialization to make -allocation patterns less predictable. This is achieved by shuffling the -order in which metadata objects are added to the freelist using -get_random_u32_below(). - -Additionally, ensure the error path correctly calculates the address range -to be reset if initialization fails, as the address increment logic has -been moved to a separate loop. - -Link: https://lkml.kernel.org/r/20260120161510.3289089-1-pimyn@google.com -Fixes: 0ce20dd84089 ("mm: add Kernel Electric-Fence infrastructure") -Signed-off-by: Pimyn Girgis -Reviewed-by: Alexander Potapenko -Cc: Dmitry Vyukov -Cc: Marco Elver -Cc: Ernesto Martnez Garca -Cc: Greg KH -Cc: Kees Cook -Cc: -Signed-off-by: Andrew Morton -Signed-off-by: Pimyn Girgis -Signed-off-by: Greg Kroah-Hartman ---- - mm/kfence/core.c | 24 ++++++++++++++++++++---- - 1 file changed, 20 insertions(+), 4 deletions(-) - ---- a/mm/kfence/core.c -+++ b/mm/kfence/core.c -@@ -520,7 +520,7 @@ static bool __init kfence_init_pool(void - { - unsigned long addr = (unsigned long)__kfence_pool; - struct page *pages; -- int i; -+ int i, rand; - char *p; - - if (!__kfence_pool) -@@ -576,13 +576,28 @@ static bool __init kfence_init_pool(void - INIT_LIST_HEAD(&meta->list); - raw_spin_lock_init(&meta->lock); - meta->state = KFENCE_OBJECT_UNUSED; -- meta->addr = addr; /* Initialize for validation in metadata_to_pageaddr(). */ -- list_add_tail(&meta->list, &kfence_freelist); -+ /* Use addr to randomize the freelist. */ -+ meta->addr = i; - - /* Protect the right redzone. */ -- if (unlikely(!kfence_protect(addr + PAGE_SIZE))) -+ if (unlikely(!kfence_protect(addr + 2 * i * PAGE_SIZE + PAGE_SIZE))) - goto err; -+ } -+ -+ for (i = CONFIG_KFENCE_NUM_OBJECTS; i > 0; i--) { -+ rand = get_random_u32() % i; -+ swap(kfence_metadata[i - 1].addr, kfence_metadata[rand].addr); -+ } -+ -+ for (i = 0; i < CONFIG_KFENCE_NUM_OBJECTS; i++) { -+ struct kfence_metadata *meta_1 = &kfence_metadata[i]; -+ struct kfence_metadata *meta_2 = &kfence_metadata[meta_1->addr]; -+ -+ list_add_tail(&meta_2->list, &kfence_freelist); -+ } - -+ for (i = 0; i < CONFIG_KFENCE_NUM_OBJECTS; i++) { -+ kfence_metadata[i].addr = addr; - addr += 2 * PAGE_SIZE; - } - -@@ -597,6 +612,7 @@ static bool __init kfence_init_pool(void - return true; - - err: -+ addr += 2 * i * PAGE_SIZE; - /* - * Only release unprotected pages, and do not try to go back and change - * page attributes due to risk of failing to do so as well. If changing diff --git a/queue-5.15/series b/queue-5.15/series index 7cd24303e6..e8a9c44e0e 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -191,7 +191,6 @@ can-esd_usb-esd_usb_read_bulk_callback-fix-urb-memory-leak.patch drm-amdkfd-fix-a-memory-leak-in-device_queue_manager_init.patch btrfs-prevent-use-after-free-on-page-private-data-in-btrfs_subpage_clear_uptodate.patch net-sched-act_ife-convert-comma-to-semicolon.patch -mm-kfence-randomize-the-freelist-on-initialization.patch pinctrl-lpass-lpi-implement-.get_direction-for-the-gpio-driver.patch drm-imx-tve-fix-probe-device-leak.patch writeback-fix-100-cpu-usage-when-dirtytime_expire_interval-is-0.patch -- 2.47.3