--- /dev/null
+From 1935f0deb6116dd785ea64d8035eab0ff441255b Mon Sep 17 00:00:00 2001
+From: Daniel Vetter <daniel.vetter@ffwll.ch>
+Date: Tue, 4 Apr 2023 21:40:36 +0200
+Subject: drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var
+
+From: Daniel Vetter <daniel.vetter@ffwll.ch>
+
+commit 1935f0deb6116dd785ea64d8035eab0ff441255b upstream.
+
+Drivers are supposed to fix this up if needed if they don't outright
+reject it. Uncovered by 6c11df58fd1a ("fbmem: Check virtual screen
+sizes in fb_set_var()").
+
+Reported-by: syzbot+20dcf81733d43ddff661@syzkaller.appspotmail.com
+Link: https://syzkaller.appspot.com/bug?id=c5faf983bfa4a607de530cd3bb008888bf06cefc
+Cc: stable@vger.kernel.org # v5.4+
+Cc: Daniel Vetter <daniel@ffwll.ch>
+Cc: Javier Martinez Canillas <javierm@redhat.com>
+Cc: Thomas Zimmermann <tzimmermann@suse.de>
+Reviewed-by: Javier Martinez Canillas <javierm@redhat.com>
+Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
+Link: https://patchwork.freedesktop.org/patch/msgid/20230404194038.472803-1-daniel.vetter@ffwll.ch
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/drm_fb_helper.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/drivers/gpu/drm/drm_fb_helper.c
++++ b/drivers/gpu/drm/drm_fb_helper.c
+@@ -1713,6 +1713,9 @@ int drm_fb_helper_check_var(struct fb_va
+ return -EINVAL;
+ }
+
++ var->xres_virtual = fb->width;
++ var->yres_virtual = fb->height;
++
+ /*
+ * Workaround for SDL 1.2, which is known to be setting all pixel format
+ * fields values to zero in some cases. We treat this situation as a
--- /dev/null
+From 6a4746ba06191e23d30230738e94334b26590a8a Mon Sep 17 00:00:00 2001
+From: Vasily Averin <vvs@virtuozzo.com>
+Date: Sat, 11 Sep 2021 10:40:08 +0300
+Subject: ipc: remove memcg accounting for sops objects in do_semtimedop()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Vasily Averin <vvs@virtuozzo.com>
+
+commit 6a4746ba06191e23d30230738e94334b26590a8a upstream.
+
+Linus proposes to revert an accounting for sops objects in
+do_semtimedop() because it's really just a temporary buffer
+for a single semtimedop() system call.
+
+This object can consume up to 2 pages, syscall is sleeping
+one, size and duration can be controlled by user, and this
+allocation can be repeated by many thread at the same time.
+
+However Shakeel Butt pointed that there are much more popular
+objects with the same life time and similar memory
+consumption, the accounting of which was decided to be
+rejected for performance reasons.
+
+Considering at least 2 pages for task_struct and 2 pages for
+the kernel stack, a back of the envelope calculation gives a
+footprint amplification of <1.5 so this temporal buffer can be
+safely ignored.
+
+The factor would IMO be interesting if it was >> 2 (from the
+PoV of excessive (ab)use, fine-grained accounting seems to be
+currently unfeasible due to performance impact).
+
+Link: https://lore.kernel.org/lkml/90e254df-0dfe-f080-011e-b7c53ee7fd20@virtuozzo.com/
+Fixes: 18319498fdd4 ("memcg: enable accounting of ipc resources")
+Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
+Acked-by: Michal Hocko <mhocko@suse.com>
+Reviewed-by: Michal Koutný <mkoutny@suse.com>
+Acked-by: Shakeel Butt <shakeelb@google.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ ipc/sem.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/ipc/sem.c
++++ b/ipc/sem.c
+@@ -1962,8 +1962,7 @@ static long do_semtimedop(int semid, str
+ if (nsops > ns->sc_semopm)
+ return -E2BIG;
+ if (nsops > SEMOPM_FAST) {
+- sops = kvmalloc_array(nsops, sizeof(*sops),
+- GFP_KERNEL_ACCOUNT);
++ sops = kvmalloc_array(nsops, sizeof(*sops), GFP_KERNEL);
+ if (sops == NULL)
+ return -ENOMEM;
+ }
projects / thirdparty / kernel / stable-queue.git / commitdiff
