From 9be98c16d2603479695e2a7323749b10bf5e2b8e Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 31 Oct 2022 08:39:21 +0100
Subject: [PATCH] 5.10-stable patches

added patches:
	mm-memory-add-non-anonymous-page-check-in-the-copy_present_page.patch
---
 ...-page-check-in-the-copy_present_page.patch | 105 ++++++++++++++++++
 queue-5.10/series                             |   1 +
 2 files changed, 106 insertions(+)
 create mode 100644 queue-5.10/mm-memory-add-non-anonymous-page-check-in-the-copy_present_page.patch

diff --git a/queue-5.10/mm-memory-add-non-anonymous-page-check-in-the-copy_present_page.patch b/queue-5.10/mm-memory-add-non-anonymous-page-check-in-the-copy_present_page.patch
new file mode 100644
index 00000000000..759dad0968f
--- /dev/null
+++ b/queue-5.10/mm-memory-add-non-anonymous-page-check-in-the-copy_present_page.patch
@@ -0,0 +1,105 @@
+From songyuanzheng@huawei.com  Mon Oct 31 08:38:39 2022
+From: Yuanzheng Song <songyuanzheng@huawei.com>
+Date: Fri, 28 Oct 2022 03:07:05 +0000
+Subject: mm/memory: add non-anonymous page check in the copy_present_page()
+To: <akpm@linux-foundation.org>, <peterx@redhat.com>, <david@redhat.com>
+Cc: <hughd@google.com>, <gregkh@linuxfoundation.org>, <linux-mm@kvack.org>, <linux-kernel@vger.kernel.org>, <stable@vger.kernel.org>
+Message-ID: <20221028030705.2840539-1-songyuanzheng@huawei.com>
+
+From: Yuanzheng Song <songyuanzheng@huawei.com>
+
+The vma->anon_vma of the child process may be NULL because
+the entire vma does not contain anonymous pages. In this
+case, a BUG will occur when the copy_present_page() passes
+a copy of a non-anonymous page of that vma to the
+page_add_new_anon_rmap() to set up new anonymous rmap.
+
+------------[ cut here ]------------
+kernel BUG at mm/rmap.c:1044!
+Internal error: Oops - BUG: 0 [#1] SMP
+Modules linked in:
+CPU: 2 PID: 3617 Comm: test Not tainted 5.10.149 #1
+Hardware name: linux,dummy-virt (DT)
+pstate: 80000005 (Nzcv daif -PAN -UAO -TCO BTYPE=--)
+pc : __page_set_anon_rmap+0xbc/0xf8
+lr : __page_set_anon_rmap+0xbc/0xf8
+sp : ffff800014c1b870
+x29: ffff800014c1b870 x28: 0000000000000001
+x27: 0000000010100073 x26: ffff1d65c517baa8
+x25: ffff1d65cab0f000 x24: ffff1d65c416d800
+x23: ffff1d65cab5f248 x22: 0000000020000000
+x21: 0000000000000001 x20: 0000000000000000
+x19: fffffe75970023c0 x18: 0000000000000000
+x17: 0000000000000000 x16: 0000000000000000
+x15: 0000000000000000 x14: 0000000000000000
+x13: 0000000000000000 x12: 0000000000000000
+x11: 0000000000000000 x10: 0000000000000000
+x9 : ffffc3096d5fb858 x8 : 0000000000000000
+x7 : 0000000000000011 x6 : ffff5a5c9089c000
+x5 : 0000000000020000 x4 : ffff5a5c9089c000
+x3 : ffffc3096d200000 x2 : ffffc3096e8d0000
+x1 : ffff1d65ca3da740 x0 : 0000000000000000
+Call trace:
+ __page_set_anon_rmap+0xbc/0xf8
+ page_add_new_anon_rmap+0x1e0/0x390
+ copy_pte_range+0xd00/0x1248
+ copy_page_range+0x39c/0x620
+ dup_mmap+0x2e0/0x5a8
+ dup_mm+0x78/0x140
+ copy_process+0x918/0x1a20
+ kernel_clone+0xac/0x638
+ __do_sys_clone+0x78/0xb0
+ __arm64_sys_clone+0x30/0x40
+ el0_svc_common.constprop.0+0xb0/0x308
+ do_el0_svc+0x48/0xb8
+ el0_svc+0x24/0x38
+ el0_sync_handler+0x160/0x168
+ el0_sync+0x180/0x1c0
+Code: 97f8ff85 f9400294 17ffffeb 97f8ff82 (d4210000)
+---[ end trace a972347688dc9bd4 ]---
+Kernel panic - not syncing: Oops - BUG: Fatal exception
+SMP: stopping secondary CPUs
+Kernel Offset: 0x43095d200000 from 0xffff800010000000
+PHYS_OFFSET: 0xffffe29a80000000
+CPU features: 0x08200022,61806082
+Memory Limit: none
+---[ end Kernel panic - not syncing: Oops - BUG: Fatal exception ]---
+
+This problem has been fixed by the commit <fb3d824d1a46>
+("mm/rmap: split page_dup_rmap() into page_dup_file_rmap()
+and page_try_dup_anon_rmap()"), but still exists in the
+linux-5.10.y branch.
+
+This patch is not applicable to this version because
+of the large version differences. Therefore, fix it by
+adding non-anonymous page check in the copy_present_page().
+
+Cc: stable@vger.kernel.org
+Fixes: 70e806e4e645 ("mm: Do early cow for pinned pages during fork() for ptes")
+Signed-off-by: Yuanzheng Song <songyuanzheng@huawei.com>
+Acked-by: Peter Xu <peterx@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ mm/memory.c |   11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+--- a/mm/memory.c
++++ b/mm/memory.c
+@@ -823,6 +823,17 @@ copy_present_page(struct vm_area_struct
+ 	if (likely(!page_maybe_dma_pinned(page)))
+ 		return 1;
+ 
++	/*
++	 * The vma->anon_vma of the child process may be NULL
++	 * because the entire vma does not contain anonymous pages.
++	 * A BUG will occur when the copy_present_page() passes
++	 * a copy of a non-anonymous page of that vma to the
++	 * page_add_new_anon_rmap() to set up new anonymous rmap.
++	 * Return 1 if the page is not an anonymous page.
++	 */
++	if (!PageAnon(page))
++		return 1;
++
+ 	new_page = *prealloc;
+ 	if (!new_page)
+ 		return -EAGAIN;
diff --git a/queue-5.10/series b/queue-5.10/series
index 48cd623d8b4..0253ab19b43 100644
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -31,3 +31,4 @@ s390-futex-add-missing-ex_table-entry-to-__futex_atomic_op.patch
 s390-pci-add-missing-ex_table-entries-to-__pcistg_mio_inuser-__pcilg_mio_inuser.patch
 xen-gntdev-don-t-ignore-kernel-unmapping-error.patch
 xen-gntdev-prevent-leaking-grants.patch
+mm-memory-add-non-anonymous-page-check-in-the-copy_present_page.patch
-- 
2.47.3