From: Greg Kroah-Hartman Date: Mon, 3 Jul 2023 18:13:52 +0000 (+0200) Subject: 6.4-stable patches X-Git-Tag: v5.15.120~18 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7d69cdf94d5a97b71a97eb5ddecbf79d409d9ad7;p=thirdparty%2Fkernel%2Fstable-queue.git 6.4-stable patches added patches: execve-always-mark-stack-as-growing-down-during-early-stack-setup.patch --- diff --git a/queue-6.4/execve-always-mark-stack-as-growing-down-during-early-stack-setup.patch b/queue-6.4/execve-always-mark-stack-as-growing-down-during-early-stack-setup.patch new file mode 100644 index 00000000000..c978ddc399b --- /dev/null +++ b/queue-6.4/execve-always-mark-stack-as-growing-down-during-early-stack-setup.patch @@ -0,0 +1,79 @@ +From f66066bc5136f25e36a2daff4896c768f18c211e Mon Sep 17 00:00:00 2001 +From: Linus Torvalds +Date: Sun, 2 Jul 2023 23:20:17 -0700 +Subject: execve: always mark stack as growing down during early stack setup + +From: Linus Torvalds + +commit f66066bc5136f25e36a2daff4896c768f18c211e upstream. + +While our user stacks can grow either down (all common architectures) or +up (parisc and the ia64 register stack), the initial stack setup when we +copy the argument and environment strings to the new stack at execve() +time is always done by extending the stack downwards. + +But it turns out that in commit 8d7071af8907 ("mm: always expand the +stack with the mmap write lock held"), as part of making the stack +growing code more robust, 'expand_downwards()' was now made to actually +check the vma flags: + + if (!(vma->vm_flags & VM_GROWSDOWN)) + return -EFAULT; + +and that meant that this execve-time stack expansion started failing on +parisc, because on that architecture, the stack flags do not contain the +VM_GROWSDOWN bit. + +At the same time the new check in expand_downwards() is clearly correct, +and simplified the callers, so let's not remove it. + +The solution is instead to just codify the fact that yes, during +execve(), the stack grows down. This not only matches reality, it ends +up being particularly simple: we already have special execve-time flags +for the stack (VM_STACK_INCOMPLETE_SETUP) and use those flags to avoid +page migration during this setup time (see vma_is_temporary_stack() and +invalid_migration_vma()). + +So just add VM_GROWSDOWN to that set of temporary flags, and now our +stack flags automatically match reality, and the parisc stack expansion +works again. + +Note that the VM_STACK_INCOMPLETE_SETUP bits will be cleared when the +stack is finalized, so we only add the extra VM_GROWSDOWN bit on +CONFIG_STACK_GROWSUP architectures (ie parisc) rather than adding it in +general. + +Link: https://lore.kernel.org/all/612eaa53-6904-6e16-67fc-394f4faa0e16@bell.net/ +Link: https://lore.kernel.org/all/5fd98a09-4792-1433-752d-029ae3545168@gmx.de/ +Fixes: 8d7071af8907 ("mm: always expand the stack with the mmap write lock held") +Reported-by: John David Anglin +Reported-and-tested-by: Helge Deller +Reported-and-tested-by: Guenter Roeck +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman +--- + include/linux/mm.h | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/include/linux/mm.h ++++ b/include/linux/mm.h +@@ -377,7 +377,7 @@ extern unsigned int kobjsize(const void + #endif /* CONFIG_HAVE_ARCH_USERFAULTFD_MINOR */ + + /* Bits set in the VMA until the stack is in its final location */ +-#define VM_STACK_INCOMPLETE_SETUP (VM_RAND_READ | VM_SEQ_READ) ++#define VM_STACK_INCOMPLETE_SETUP (VM_RAND_READ | VM_SEQ_READ | VM_STACK_EARLY) + + #define TASK_EXEC ((current->personality & READ_IMPLIES_EXEC) ? VM_EXEC : 0) + +@@ -399,8 +399,10 @@ extern unsigned int kobjsize(const void + + #ifdef CONFIG_STACK_GROWSUP + #define VM_STACK VM_GROWSUP ++#define VM_STACK_EARLY VM_GROWSDOWN + #else + #define VM_STACK VM_GROWSDOWN ++#define VM_STACK_EARLY 0 + #endif + + #define VM_STACK_FLAGS (VM_STACK | VM_STACK_DEFAULT_FLAGS | VM_ACCOUNT) diff --git a/queue-6.4/series b/queue-6.4/series index 0e4b12c7bb1..8600a26ad43 100644 --- a/queue-6.4/series +++ b/queue-6.4/series @@ -2,3 +2,4 @@ xtensa-fix-lock_mm_and_find_vma-in-case-vma-not-found.patch tools-nolibc-x86_64-disable-stack-protector-for-_start.patch pci-acpi-validate-acpi_pci_set_power_state-parameter.patch pci-acpi-call-_reg-when-transitioning-d-states.patch +execve-always-mark-stack-as-growing-down-during-early-stack-setup.patch