From: Sasha Levin <sashal@kernel.org>
Date: Tue, 12 May 2020 15:05:47 +0000 (-0400)
Subject: Fixes for 4.9
X-Git-Tag: v4.19.123~15^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7f094e08645ab59501652e2807ba570acf9d4a54;p=thirdparty%2Fkernel%2Fstable-queue.git

Fixes for 4.9

Signed-off-by: Sasha Levin <sashal@kernel.org>
---

diff --git a/queue-4.9/arm64-hugetlb-avoid-potential-null-dereference.patch b/queue-4.9/arm64-hugetlb-avoid-potential-null-dereference.patch
new file mode 100644
index 00000000000..e350fcea5c2
--- /dev/null
+++ b/queue-4.9/arm64-hugetlb-avoid-potential-null-dereference.patch
@@ -0,0 +1,60 @@
+From 57097abe9f98cc9acf2d7a730974069608c165ca Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 5 May 2020 13:59:30 +0100
+Subject: arm64: hugetlb: avoid potential NULL dereference
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Mark Rutland <mark.rutland@arm.com>
+
+[ Upstream commit 027d0c7101f50cf03aeea9eebf484afd4920c8d3 ]
+
+The static analyzer in GCC 10 spotted that in huge_pte_alloc() we may
+pass a NULL pmdp into pte_alloc_map() when pmd_alloc() returns NULL:
+
+|   CC      arch/arm64/mm/pageattr.o
+|   CC      arch/arm64/mm/hugetlbpage.o
+|                  from arch/arm64/mm/hugetlbpage.c:10:
+| arch/arm64/mm/hugetlbpage.c: In function âhuge_pte_allocâ:
+| ./arch/arm64/include/asm/pgtable-types.h:28:24: warning: dereference of NULL âpmdpâ [CWE-690] [-Wanalyzer-null-dereference]
+| ./arch/arm64/include/asm/pgtable.h:436:26: note: in expansion of macro âpmd_valâ
+| arch/arm64/mm/hugetlbpage.c:242:10: note: in expansion of macro âpte_alloc_mapâ
+|     |arch/arm64/mm/hugetlbpage.c:232:10:
+|     |./arch/arm64/include/asm/pgtable-types.h:28:24:
+| ./arch/arm64/include/asm/pgtable.h:436:26: note: in expansion of macro âpmd_valâ
+| arch/arm64/mm/hugetlbpage.c:242:10: note: in expansion of macro âpte_alloc_mapâ
+
+This can only occur when the kernel cannot allocate a page, and so is
+unlikely to happen in practice before other systems start failing.
+
+We can avoid this by bailing out if pmd_alloc() fails, as we do earlier
+in the function if pud_alloc() fails.
+
+Fixes: 66b3923a1a0f ("arm64: hugetlb: add support for PTE contiguous bit")
+Signed-off-by: Mark Rutland <mark.rutland@arm.com>
+Reported-by: Kyrill Tkachov <kyrylo.tkachov@arm.com>
+Cc: <stable@vger.kernel.org> # 4.5.x-
+Cc: Will Deacon <will@kernel.org>
+Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/arm64/mm/hugetlbpage.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/arch/arm64/mm/hugetlbpage.c b/arch/arm64/mm/hugetlbpage.c
+index 45bec627bae3e..848d13d9a553e 100644
+--- a/arch/arm64/mm/hugetlbpage.c
++++ b/arch/arm64/mm/hugetlbpage.c
+@@ -103,6 +103,8 @@ pte_t *huge_pte_alloc(struct mm_struct *mm,
+ 		pte = (pte_t *)pud;
+ 	} else if (sz == (PAGE_SIZE * CONT_PTES)) {
+ 		pmd_t *pmd = pmd_alloc(mm, pud, addr);
++		if (!pmdp)
++			return NULL;
+ 
+ 		WARN_ON(addr & (sz - 1));
+ 		/*
+-- 
+2.20.1
+
diff --git a/queue-4.9/series b/queue-4.9/series
index 6d5e517c6f0..173e2516e3e 100644
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -22,3 +22,4 @@ batman-adv-fix-refcnt-leak-in-batadv_store_throughput_override.patch
 batman-adv-fix-refcnt-leak-in-batadv_v_ogm_process.patch
 objtool-fix-stack-offset-tracking-for-indirect-cfas.patch
 scripts-decodecode-fix-trapping-instruction-formatting.patch
+arm64-hugetlb-avoid-potential-null-dereference.patch