From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 11 Apr 2022 07:35:21 +0000 (+0200)
Subject: 4.9-stable patches
X-Git-Tag: v4.9.310~91
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b3cb3123ac5bc28e15ce2705d514b8546c90e442;p=thirdparty%2Fkernel%2Fstable-queue.git

4.9-stable patches

added patches:
	mmmremap.c-avoid-pointless-invalidate_range_start-end-on-mremap-old_size-0.patch
---

diff --git a/queue-4.9/mmmremap.c-avoid-pointless-invalidate_range_start-end-on-mremap-old_size-0.patch b/queue-4.9/mmmremap.c-avoid-pointless-invalidate_range_start-end-on-mremap-old_size-0.patch
new file mode 100644
index 00000000000..ad84e511219
--- /dev/null
+++ b/queue-4.9/mmmremap.c-avoid-pointless-invalidate_range_start-end-on-mremap-old_size-0.patch
@@ -0,0 +1,45 @@
+From 01e67e04c28170c47700c2c226d732bbfedb1ad0 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Fri, 8 Apr 2022 13:09:04 -0700
+Subject: mmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0)
+
+From: Paolo Bonzini <pbonzini@redhat.com>
+
+commit 01e67e04c28170c47700c2c226d732bbfedb1ad0 upstream.
+
+If an mremap() syscall with old_size=0 ends up in move_page_tables(), it
+will call invalidate_range_start()/invalidate_range_end() unnecessarily,
+i.e.  with an empty range.
+
+This causes a WARN in KVM's mmu_notifier.  In the past, empty ranges
+have been diagnosed to be off-by-one bugs, hence the WARNing.  Given the
+low (so far) number of unique reports, the benefits of detecting more
+buggy callers seem to outweigh the cost of having to fix cases such as
+this one, where userspace is doing something silly.  In this particular
+case, an early return from move_page_tables() is enough to fix the
+issue.
+
+Link: https://lkml.kernel.org/r/20220329173155.172439-1-pbonzini@redhat.com
+Reported-by: syzbot+6bde52d89cfdf9f61425@syzkaller.appspotmail.com
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Cc: Sean Christopherson <seanjc@google.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ mm/mremap.c |    3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/mm/mremap.c
++++ b/mm/mremap.c
+@@ -192,6 +192,9 @@ unsigned long move_page_tables(struct vm
+ 	unsigned long mmun_start;	/* For mmu_notifiers */
+ 	unsigned long mmun_end;		/* For mmu_notifiers */
+ 
++	if (!len)
++		return 0;
++
+ 	old_end = old_addr + len;
+ 	flush_cache_range(vma, old_addr, old_end);
+ 
diff --git a/queue-4.9/series b/queue-4.9/series
index cf3520f0916..863aa3f08ed 100644
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -189,3 +189,4 @@ scsi-zorro7xx-fix-a-resource-leak-in-zorro7xx_remove.patch
 net-stmmac-fix-unset-max_speed-difference-between-dt.patch
 drm-imx-fix-memory-leak-in-imx_pd_connector_get_mode.patch
 drbd-fix-five-use-after-free-bugs-in-get_initial_sta.patch
+mmmremap.c-avoid-pointless-invalidate_range_start-end-on-mremap-old_size-0.patch