6.1-stable patches

added patches:
	bootmem-remove-the-vmemmap-pages-from-kmemleak-in-free_bootmem_page.patch
	mm-call-arch_swap_restore-from-do_swap_page.patch

diff --git a/queue-6.1/bootmem-remove-the-vmemmap-pages-from-kmemleak-in-free_bootmem_page.patch b/queue-6.1/bootmem-remove-the-vmemmap-pages-from-kmemleak-in-free_bootmem_page.patch
new file mode 100644 (file)
index 0000000..4c7b000
--- /dev/null
+++ b/queue-6.1/bootmem-remove-the-vmemmap-pages-from-kmemleak-in-free_bootmem_page.patch
@@ -0,0 +1,49 @@
+From 028725e73375a1ff080bbdf9fb503306d0116f28 Mon Sep 17 00:00:00 2001
+From: Liu Shixin <liushixin2@huawei.com>
+Date: Tue, 4 Jul 2023 18:19:42 +0800
+Subject: bootmem: remove the vmemmap pages from kmemleak in free_bootmem_page
+
+From: Liu Shixin <liushixin2@huawei.com>
+
+commit 028725e73375a1ff080bbdf9fb503306d0116f28 upstream.
+
+commit dd0ff4d12dd2 ("bootmem: remove the vmemmap pages from kmemleak in
+put_page_bootmem") fix an overlaps existing problem of kmemleak.  But the
+problem still existed when HAVE_BOOTMEM_INFO_NODE is disabled, because in
+this case, free_bootmem_page() will call free_reserved_page() directly.
+
+Fix the problem by adding kmemleak_free_part() in free_bootmem_page() when
+HAVE_BOOTMEM_INFO_NODE is disabled.
+
+Link: https://lkml.kernel.org/r/20230704101942.2819426-1-liushixin2@huawei.com
+Fixes: f41f2ed43ca5 ("mm: hugetlb: free the vmemmap pages associated with each HugeTLB page")
+Signed-off-by: Liu Shixin <liushixin2@huawei.com>
+Acked-by: Muchun Song <songmuchun@bytedance.com>
+Cc: Matthew Wilcox <willy@infradead.org>
+Cc: Mike Kravetz <mike.kravetz@oracle.com>
+Cc: Oscar Salvador <osalvador@suse.de>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ include/linux/bootmem_info.h |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/include/linux/bootmem_info.h
++++ b/include/linux/bootmem_info.h
+@@ -3,6 +3,7 @@
+ #define __LINUX_BOOTMEM_INFO_H
+ 
+ #include <linux/mm.h>
++#include <linux/kmemleak.h>
+ 
+ /*
+  * Types for free bootmem stored in page->lru.next. These have to be in
+@@ -59,6 +60,7 @@ static inline void get_page_bootmem(unsi
+ 
+ static inline void free_bootmem_page(struct page *page)
+ {
++      kmemleak_free_part(page_to_virt(page), PAGE_SIZE);
+       free_reserved_page(page);
+ }
+ #endif

diff --git a/queue-6.1/mm-call-arch_swap_restore-from-do_swap_page.patch b/queue-6.1/mm-call-arch_swap_restore-from-do_swap_page.patch
new file mode 100644 (file)
index 0000000..d311db9
--- /dev/null
+++ b/queue-6.1/mm-call-arch_swap_restore-from-do_swap_page.patch
@@ -0,0 +1,53 @@
+From 6dca4ac6fc91fd41ea4d6c4511838d37f4e0eab2 Mon Sep 17 00:00:00 2001
+From: Peter Collingbourne <pcc@google.com>
+Date: Mon, 22 May 2023 17:43:08 -0700
+Subject: mm: call arch_swap_restore() from do_swap_page()
+
+From: Peter Collingbourne <pcc@google.com>
+
+commit 6dca4ac6fc91fd41ea4d6c4511838d37f4e0eab2 upstream.
+
+Commit c145e0b47c77 ("mm: streamline COW logic in do_swap_page()") moved
+the call to swap_free() before the call to set_pte_at(), which meant that
+the MTE tags could end up being freed before set_pte_at() had a chance to
+restore them.  Fix it by adding a call to the arch_swap_restore() hook
+before the call to swap_free().
+
+Link: https://lkml.kernel.org/r/20230523004312.1807357-2-pcc@google.com
+Link: https://linux-review.googlesource.com/id/I6470efa669e8bd2f841049b8c61020c510678965
+Fixes: c145e0b47c77 ("mm: streamline COW logic in do_swap_page()")
+Signed-off-by: Peter Collingbourne <pcc@google.com>
+Reported-by: Qun-wei Lin <Qun-wei.Lin@mediatek.com>
+Closes: https://lore.kernel.org/all/5050805753ac469e8d727c797c2218a9d780d434.camel@mediatek.com/
+Acked-by: David Hildenbrand <david@redhat.com>
+Acked-by: "Huang, Ying" <ying.huang@intel.com>
+Reviewed-by: Steven Price <steven.price@arm.com>
+Acked-by: Catalin Marinas <catalin.marinas@arm.com>
+Cc: <stable@vger.kernel.org>   [6.1+]
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ mm/memory.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/mm/memory.c b/mm/memory.c
+index 0ae594703021..01f39e8144ef 100644
+--- a/mm/memory.c
++++ b/mm/memory.c
+@@ -3950,6 +3950,13 @@ vm_fault_t do_swap_page(struct vm_fault *vmf)
+               }
+       }
+ 
++      /*
++       * Some architectures may have to restore extra metadata to the page
++       * when reading from swap. This metadata may be indexed by swap entry
++       * so this must be called before swap_free().
++       */
++      arch_swap_restore(entry, folio);
++
+       /*
+        * Remove the swap entry and conditionally try to free up the swapcache.
+        * We're already holding a reference on the page but haven't mapped it
+-- 
+2.41.0
+

diff --git a/queue-6.1/series b/queue-6.1/series
index 3db857001a25b8a8e7cca8dcd050217fd28e3cac..5768959b665e194a8298f85466118c62c13b212b 100644 (file)
--- a/queue-6.1/series
+++ b/queue-6.1/series
@@ -156,7 +156,9 @@ drm-bridge-tc358768-fix-ths_trailcnt-computation.patch
 drm-vram-helper-fix-function-names-in-vram-helper-do.patch
 arm-dts-bcm5301x-drop-clock-names-from-the-spi-node.patch
 arm-dts-meson8b-correct-uart_b-and-uart_c-clock-refe.patch
+mm-call-arch_swap_restore-from-do_swap_page.patch
 clk-vc5-use-clamp-to-restrict-pll-range.patch
+bootmem-remove-the-vmemmap-pages-from-kmemleak-in-free_bootmem_page.patch
 clk-vc5-fix-.driver_data-content-in-i2c_device_id.patch
 clk-vc7-fix-.driver_data-content-in-i2c_device_id.patch
 clk-rs9-fix-.driver_data-content-in-i2c_device_id.patch