4.19-stable patches

added patches:
	mm-slub-fix-mismatch-between-reconstructed-freelist-depth-and-cnt.patch

diff --git a/queue-4.19/mm-slub-fix-mismatch-between-reconstructed-freelist-depth-and-cnt.patch b/queue-4.19/mm-slub-fix-mismatch-between-reconstructed-freelist-depth-and-cnt.patch
new file mode 100644 (file)
index 0000000..a98d56f
--- /dev/null
+++ b/queue-4.19/mm-slub-fix-mismatch-between-reconstructed-freelist-depth-and-cnt.patch
@@ -0,0 +1,72 @@
+From 899447f669da76cc3605665e1a95ee877bc464cc Mon Sep 17 00:00:00 2001
+From: Miaohe Lin <linmiaohe@huawei.com>
+Date: Mon, 18 Oct 2021 15:15:55 -0700
+Subject: mm, slub: fix mismatch between reconstructed freelist depth and cnt
+
+From: Miaohe Lin <linmiaohe@huawei.com>
+
+commit 899447f669da76cc3605665e1a95ee877bc464cc upstream.
+
+If object's reuse is delayed, it will be excluded from the reconstructed
+freelist.  But we forgot to adjust the cnt accordingly.  So there will
+be a mismatch between reconstructed freelist depth and cnt.  This will
+lead to free_debug_processing() complaining about freelist count or a
+incorrect slub inuse count.
+
+Link: https://lkml.kernel.org/r/20210916123920.48704-3-linmiaohe@huawei.com
+Fixes: c3895391df38 ("kasan, slub: fix handling of kasan_slab_free hook")
+Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
+Reviewed-by: Vlastimil Babka <vbabka@suse.cz>
+Cc: Andrey Konovalov <andreyknvl@gmail.com>
+Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
+Cc: Bharata B Rao <bharata@linux.ibm.com>
+Cc: Christoph Lameter <cl@linux.com>
+Cc: David Rientjes <rientjes@google.com>
+Cc: Faiyaz Mohammed <faiyazm@codeaurora.org>
+Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
+Cc: Kees Cook <keescook@chromium.org>
+Cc: Pekka Enberg <penberg@kernel.org>
+Cc: Roman Gushchin <guro@fb.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ mm/slub.c |   11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+--- a/mm/slub.c
++++ b/mm/slub.c
+@@ -1392,7 +1392,8 @@ static __always_inline bool slab_free_ho
+ }
+ 
+ static inline bool slab_free_freelist_hook(struct kmem_cache *s,
+-                                         void **head, void **tail)
++                                         void **head, void **tail,
++                                         int *cnt)
+ {
+ /*
+  * Compiler cannot detect this function can be removed if slab_free_hook()
+@@ -1421,6 +1422,12 @@ static inline bool slab_free_freelist_ho
+                       *head = object;
+                       if (!*tail)
+                               *tail = object;
++              } else {
++                      /*
++                       * Adjust the reconstructed freelist depth
++                       * accordingly if object's reuse is delayed.
++                       */
++                      --(*cnt);
+               }
+       } while (object != old_tail);
+ 
+@@ -2988,7 +2995,7 @@ static __always_inline void slab_free(st
+        * With KASAN enabled slab_free_freelist_hook modifies the freelist
+        * to remove objects, whose reuse must be delayed.
+        */
+-      if (slab_free_freelist_hook(s, &head, &tail))
++      if (slab_free_freelist_hook(s, &head, &tail, &cnt))
+               do_slab_free(s, page, head, tail, cnt, addr);
+ }
+ 

diff --git a/queue-4.19/series b/queue-4.19/series
index 70688d683109190433f0caf8e865ca4ec22cc0ea..7ef523574e1331604129c80d412583469f41ac30 100644 (file)
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -19,3 +19,4 @@ vfs-check-fd-has-read-access-in-kernel_read_file_from_fd.patch
 alsa-usb-audio-provide-quirk-for-sennheiser-gsp670-headset.patch
 alsa-hda-realtek-add-quirk-for-clevo-pc50hs.patch
 asoc-dapm-fix-missing-kctl-change-notifications.patch
+mm-slub-fix-mismatch-between-reconstructed-freelist-depth-and-cnt.patch