From: Greg Kroah-Hartman Date: Wed, 22 Jan 2025 08:06:27 +0000 (+0100) Subject: drop some zram patches from 5.15 and 5.10 X-Git-Tag: v5.15.177~3 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c5ed1dc7f4c5156091fc9c593afb9d5fc07f0f7d;p=thirdparty%2Fkernel%2Fstable-queue.git drop some zram patches from 5.15 and 5.10 --- diff --git a/queue-5.10/drivers-block-zram-zram_drv.c-do-not-keep-dangling-z.patch b/queue-5.10/drivers-block-zram-zram_drv.c-do-not-keep-dangling-z.patch deleted file mode 100644 index 5f821fc13e..0000000000 --- a/queue-5.10/drivers-block-zram-zram_drv.c-do-not-keep-dangling-z.patch +++ /dev/null @@ -1,66 +0,0 @@ -From 08db8a0c5b9907a453d3fbffab435d7727daa8d0 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Wed, 24 Aug 2022 12:51:00 +0900 -Subject: drivers/block/zram/zram_drv.c: do not keep dangling zcomp pointer - after zram reset - -From: Sergey Senozhatsky - -[ Upstream commit 6d2453c3dbc5f70eafc1c866289a90a1fc57ce18 ] - -We do all reset operations under write lock, so we don't need to save -->disksize and ->comp to stack variables. Another thing is that ->comp is -freed during zram reset, but comp pointer is not NULL-ed, so zram keeps -the freed pointer value. - -Link: https://lkml.kernel.org/r/20220824035100.971816-1-senozhatsky@chromium.org -Signed-off-by: Sergey Senozhatsky -Cc: Minchan Kim -Cc: Nitin Gupta -Signed-off-by: Andrew Morton -Stable-dep-of: 74363ec674cb ("zram: fix uninitialized ZRAM not releasing backing device") -Signed-off-by: Sasha Levin ---- - drivers/block/zram/zram_drv.c | 13 ++++--------- - 1 file changed, 4 insertions(+), 9 deletions(-) - -diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c -index 8f38e5a1a63f..8e13586be8c9 100644 ---- a/drivers/block/zram/zram_drv.c -+++ b/drivers/block/zram/zram_drv.c -@@ -1690,9 +1690,6 @@ static int zram_rw_page(struct block_device *bdev, sector_t sector, - - static void zram_reset_device(struct zram *zram) - { -- struct zcomp *comp; -- u64 disksize; -- - down_write(&zram->init_lock); - - zram->limit_pages = 0; -@@ -1702,18 +1699,16 @@ static void zram_reset_device(struct zram *zram) - return; - } - -- comp = zram->comp; -- disksize = zram->disksize; -- zram->disksize = 0; -- - set_capacity_and_notify(zram->disk, 0); - part_stat_set_all(&zram->disk->part0, 0); - - up_write(&zram->init_lock); - /* I/O operation under all of CPU are done so let's free */ -- zram_meta_free(zram, disksize); -+ zram_meta_free(zram, zram->disksize); -+ zram->disksize = 0; - memset(&zram->stats, 0, sizeof(zram->stats)); -- zcomp_destroy(comp); -+ zcomp_destroy(zram->comp); -+ zram->comp = NULL; - reset_bdev(zram); - } - --- -2.39.5 - diff --git a/queue-5.10/series b/queue-5.10/series index a3755cbdfd..2c7949896f 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -54,9 +54,6 @@ loop-let-set_capacity_revalidate_and_notify-update-t.patch nvme-let-set_capacity_revalidate_and_notify-update-t.patch sd-update-the-bdev-size-in-sd_revalidate_disk.patch block-remove-the-update_bdev-parameter-to-set_capaci.patch -zram-use-set_capacity_and_notify.patch -drivers-block-zram-zram_drv.c-do-not-keep-dangling-z.patch -zram-fix-uninitialized-zram-not-releasing-backing-de.patch phy-usb-add-wake-on-functionality-for-newer-synopsis.patch phy-usb-toggle-the-phy-power-during-init.patch ocfs2-correct-return-value-of-ocfs2_local_free_info.patch @@ -91,7 +88,6 @@ fs-fix-missing-declaration-of-init_files.patch kheaders-ignore-silly-rename-files.patch poll_wait-add-mb-to-fix-theoretical-race-between-wai.patch nvmet-propagate-npwg-topology.patch -zram-fix-potential-uaf-of-zram-table.patch x86-asm-make-serialize-always_inline.patch net-ethernet-xgbe-re-add-aneg-to-supported-features-in-phy-quirks.patch vsock-virtio-cancel-close-work-in-the-destructor.patch diff --git a/queue-5.10/zram-fix-potential-uaf-of-zram-table.patch b/queue-5.10/zram-fix-potential-uaf-of-zram-table.patch deleted file mode 100644 index 6a6de419e3..0000000000 --- a/queue-5.10/zram-fix-potential-uaf-of-zram-table.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 46bbd50b48a377def1d596d292299ba95ca67e64 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Tue, 7 Jan 2025 14:54:46 +0800 -Subject: zram: fix potential UAF of zram table - -From: Kairui Song - -[ Upstream commit 212fe1c0df4a150fb6298db2cfff267ceaba5402 ] - -If zram_meta_alloc failed early, it frees allocated zram->table without -setting it NULL. Which will potentially cause zram_meta_free to access -the table if user reset an failed and uninitialized device. - -Link: https://lkml.kernel.org/r/20250107065446.86928-1-ryncsn@gmail.com -Fixes: 74363ec674cb ("zram: fix uninitialized ZRAM not releasing backing device") -Signed-off-by: Kairui Song -Reviewed-by: Sergey Senozhatsky -Cc: -Signed-off-by: Andrew Morton -Signed-off-by: Sasha Levin ---- - drivers/block/zram/zram_drv.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c -index 05a46fbe0ea98..6bd672a133344 100644 ---- a/drivers/block/zram/zram_drv.c -+++ b/drivers/block/zram/zram_drv.c -@@ -1170,6 +1170,7 @@ static bool zram_meta_alloc(struct zram *zram, u64 disksize) - zram->mem_pool = zs_create_pool(zram->disk->disk_name); - if (!zram->mem_pool) { - vfree(zram->table); -+ zram->table = NULL; - return false; - } - --- -2.39.5 - diff --git a/queue-5.10/zram-fix-uninitialized-zram-not-releasing-backing-de.patch b/queue-5.10/zram-fix-uninitialized-zram-not-releasing-backing-de.patch deleted file mode 100644 index c81db4290c..0000000000 --- a/queue-5.10/zram-fix-uninitialized-zram-not-releasing-backing-de.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 592137471373262c25f7e8773160c6e022b55c0e Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Tue, 10 Dec 2024 00:57:16 +0800 -Subject: zram: fix uninitialized ZRAM not releasing backing device - -From: Kairui Song - -[ Upstream commit 74363ec674cb172d8856de25776c8f3103f05e2f ] - -Setting backing device is done before ZRAM initialization. If we set the -backing device, then remove the ZRAM module without initializing the -device, the backing device reference will be leaked and the device will be -hold forever. - -Fix this by always reset the ZRAM fully on rmmod or reset store. - -Link: https://lkml.kernel.org/r/20241209165717.94215-3-ryncsn@gmail.com -Fixes: 013bf95a83ec ("zram: add interface to specif backing device") -Signed-off-by: Kairui Song -Reported-by: Desheng Wu -Suggested-by: Sergey Senozhatsky -Reviewed-by: Sergey Senozhatsky -Cc: -Signed-off-by: Andrew Morton -Signed-off-by: Sasha Levin ---- - drivers/block/zram/zram_drv.c | 9 ++++----- - 1 file changed, 4 insertions(+), 5 deletions(-) - -diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c -index 8e13586be8c9..05a46fbe0ea9 100644 ---- a/drivers/block/zram/zram_drv.c -+++ b/drivers/block/zram/zram_drv.c -@@ -1146,12 +1146,16 @@ static void zram_meta_free(struct zram *zram, u64 disksize) - size_t num_pages = disksize >> PAGE_SHIFT; - size_t index; - -+ if (!zram->table) -+ return; -+ - /* Free all pages that are still in this zram device */ - for (index = 0; index < num_pages; index++) - zram_free_page(zram, index); - - zs_destroy_pool(zram->mem_pool); - vfree(zram->table); -+ zram->table = NULL; - } - - static bool zram_meta_alloc(struct zram *zram, u64 disksize) -@@ -1694,11 +1698,6 @@ static void zram_reset_device(struct zram *zram) - - zram->limit_pages = 0; - -- if (!init_done(zram)) { -- up_write(&zram->init_lock); -- return; -- } -- - set_capacity_and_notify(zram->disk, 0); - part_stat_set_all(&zram->disk->part0, 0); - --- -2.39.5 - diff --git a/queue-5.10/zram-use-set_capacity_and_notify.patch b/queue-5.10/zram-use-set_capacity_and_notify.patch deleted file mode 100644 index 166194e9a6..0000000000 --- a/queue-5.10/zram-use-set_capacity_and_notify.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 6e7bbd86b21ac8e554be9809d3db48dbe050ce4e Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Mon, 16 Nov 2020 15:57:09 +0100 -Subject: zram: use set_capacity_and_notify - -From: Christoph Hellwig - -[ Upstream commit 6e017a3931d7722260e3656a6fc9b02de5fb3c5d ] - -Use set_capacity_and_notify to set the size of both the disk and block -device. This also gets the uevent notifications for the resize for free. - -Signed-off-by: Christoph Hellwig -Signed-off-by: Jens Axboe -Stable-dep-of: 74363ec674cb ("zram: fix uninitialized ZRAM not releasing backing device") -Signed-off-by: Sasha Levin ---- - drivers/block/zram/zram_drv.c | 7 ++----- - 1 file changed, 2 insertions(+), 5 deletions(-) - -diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c -index 16db4fae5145..8f38e5a1a63f 100644 ---- a/drivers/block/zram/zram_drv.c -+++ b/drivers/block/zram/zram_drv.c -@@ -1706,7 +1706,7 @@ static void zram_reset_device(struct zram *zram) - disksize = zram->disksize; - zram->disksize = 0; - -- set_capacity(zram->disk, 0); -+ set_capacity_and_notify(zram->disk, 0); - part_stat_set_all(&zram->disk->part0, 0); - - up_write(&zram->init_lock); -@@ -1752,9 +1752,7 @@ static ssize_t disksize_store(struct device *dev, - - zram->comp = comp; - zram->disksize = disksize; -- set_capacity(zram->disk, zram->disksize >> SECTOR_SHIFT); -- -- revalidate_disk_size(zram->disk, true); -+ set_capacity_and_notify(zram->disk, zram->disksize >> SECTOR_SHIFT); - up_write(&zram->init_lock); - - return len; -@@ -1801,7 +1799,6 @@ static ssize_t reset_store(struct device *dev, - /* Make sure all the pending I/O are finished */ - fsync_bdev(bdev); - zram_reset_device(zram); -- revalidate_disk_size(zram->disk, true); - bdput(bdev); - - mutex_lock(&bdev->bd_mutex); --- -2.39.5 - diff --git a/queue-5.15/drivers-block-zram-zram_drv.c-do-not-keep-dangling-zcomp-pointer-after-zram-reset.patch b/queue-5.15/drivers-block-zram-zram_drv.c-do-not-keep-dangling-zcomp-pointer-after-zram-reset.patch deleted file mode 100644 index e9a07be3a1..0000000000 --- a/queue-5.15/drivers-block-zram-zram_drv.c-do-not-keep-dangling-zcomp-pointer-after-zram-reset.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 6d2453c3dbc5f70eafc1c866289a90a1fc57ce18 Mon Sep 17 00:00:00 2001 -From: Sergey Senozhatsky -Date: Wed, 24 Aug 2022 12:51:00 +0900 -Subject: drivers/block/zram/zram_drv.c: do not keep dangling zcomp pointer after zram reset - -From: Sergey Senozhatsky - -commit 6d2453c3dbc5f70eafc1c866289a90a1fc57ce18 upstream. - -We do all reset operations under write lock, so we don't need to save -->disksize and ->comp to stack variables. Another thing is that ->comp is -freed during zram reset, but comp pointer is not NULL-ed, so zram keeps -the freed pointer value. - -Link: https://lkml.kernel.org/r/20220824035100.971816-1-senozhatsky@chromium.org -Signed-off-by: Sergey Senozhatsky -Cc: Minchan Kim -Cc: Nitin Gupta -Signed-off-by: Andrew Morton -Stable-dep-of: 74363ec674cb ("zram: fix uninitialized ZRAM not releasing backing device") -Signed-off-by: Sasha Levin -Signed-off-by: Dominique Martinet -Signed-off-by: Greg Kroah-Hartman ---- - drivers/block/zram/zram_drv.c | 13 ++++--------- - 1 file changed, 4 insertions(+), 9 deletions(-) - ---- a/drivers/block/zram/zram_drv.c -+++ b/drivers/block/zram/zram_drv.c -@@ -1695,9 +1695,6 @@ out: - - static void zram_reset_device(struct zram *zram) - { -- struct zcomp *comp; -- u64 disksize; -- - down_write(&zram->init_lock); - - zram->limit_pages = 0; -@@ -1707,18 +1704,16 @@ static void zram_reset_device(struct zra - return; - } - -- comp = zram->comp; -- disksize = zram->disksize; -- zram->disksize = 0; -- - set_capacity_and_notify(zram->disk, 0); - part_stat_set_all(zram->disk->part0, 0); - - up_write(&zram->init_lock); - /* I/O operation under all of CPU are done so let's free */ -- zram_meta_free(zram, disksize); -+ zram_meta_free(zram, zram->disksize); -+ zram->disksize = 0; - memset(&zram->stats, 0, sizeof(zram->stats)); -- zcomp_destroy(comp); -+ zcomp_destroy(zram->comp); -+ zram->comp = NULL; - reset_bdev(zram); - } - diff --git a/queue-5.15/series b/queue-5.15/series index d9811f3614..069d130645 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -31,9 +31,6 @@ riscv-fix-sleeping-in-invalid-context-in-die.patch acpi-resource-add-tongfang-gm5hg0a-to-irq1_edge_low_force_override.patch acpi-resource-add-asus-vivobook-x1504vap-to-irq1_level_low_skip_override.patch drm-amd-display-increase-max_surfaces-to-the-value-supported-by-hw.patch -drivers-block-zram-zram_drv.c-do-not-keep-dangling-zcomp-pointer-after-zram-reset.patch -zram-check-comp-is-non-null-before-calling-comp_destroy.patch -zram-fix-uninitialized-zram-not-releasing-backing-device.patch scripts-sorttable-fix-orc_sort_cmp-to-maintain-symmetry-and-transitivity.patch md-raid5-fix-atomicity-violation-in-raid5_cache_count.patch usb-serial-option-add-meig-smart-srm815.patch @@ -100,7 +97,6 @@ kheaders-ignore-silly-rename-files.patch acpi-resource-acpi_dev_irq_override-check-dmi-match-.patch poll_wait-add-mb-to-fix-theoretical-race-between-wai.patch nvmet-propagate-npwg-topology.patch -zram-fix-potential-uaf-of-zram-table.patch x86-asm-make-serialize-always_inline.patch net-ethernet-xgbe-re-add-aneg-to-supported-features-in-phy-quirks.patch vsock-virtio-cancel-close-work-in-the-destructor.patch diff --git a/queue-5.15/zram-check-comp-is-non-null-before-calling-comp_destroy.patch b/queue-5.15/zram-check-comp-is-non-null-before-calling-comp_destroy.patch deleted file mode 100644 index 332395becc..0000000000 --- a/queue-5.15/zram-check-comp-is-non-null-before-calling-comp_destroy.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 677294e4da96547b9ea2955661a4bbf1d13552a3 Mon Sep 17 00:00:00 2001 -From: Dominique Martinet -Date: Tue, 7 Jan 2025 16:16:04 +0900 -Subject: zram: check comp is non-NULL before calling comp_destroy - -From: Dominique Martinet - -commit 677294e4da96547b9ea2955661a4bbf1d13552a3 upstream. - -This is a pre-requisite for the backport of commit 74363ec674cb ("zram: -fix uninitialized ZRAM not releasing backing device"), which has been -implemented differently in commit 7ac07a26dea7 ("zram: preparation for -multi-zcomp support") upstream. - -We only need to ensure that zcomp_destroy is not called with a NULL -comp, so add this check as the other commit cannot be backported easily. - -Stable-dep-of: 74363ec674cb ("zram: fix uninitialized ZRAM not releasing backing device") -Link: https://lore.kernel.org/Z3ytcILx4S1v_ueJ@codewreck.org -Suggested-by: Kairui Song -Signed-off-by: Dominique Martinet -Signed-off-by: Greg Kroah-Hartman ---- - drivers/block/zram/zram_drv.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - ---- a/drivers/block/zram/zram_drv.c -+++ b/drivers/block/zram/zram_drv.c -@@ -1712,7 +1712,8 @@ static void zram_reset_device(struct zra - zram_meta_free(zram, zram->disksize); - zram->disksize = 0; - memset(&zram->stats, 0, sizeof(zram->stats)); -- zcomp_destroy(zram->comp); -+ if (zram->comp) -+ zcomp_destroy(zram->comp); - zram->comp = NULL; - reset_bdev(zram); - } diff --git a/queue-5.15/zram-fix-potential-uaf-of-zram-table.patch b/queue-5.15/zram-fix-potential-uaf-of-zram-table.patch deleted file mode 100644 index fa4db8f5da..0000000000 --- a/queue-5.15/zram-fix-potential-uaf-of-zram-table.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 75182400c908f3406b9b4b2327fcfa032002ee58 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Tue, 7 Jan 2025 14:54:46 +0800 -Subject: zram: fix potential UAF of zram table - -From: Kairui Song - -[ Upstream commit 212fe1c0df4a150fb6298db2cfff267ceaba5402 ] - -If zram_meta_alloc failed early, it frees allocated zram->table without -setting it NULL. Which will potentially cause zram_meta_free to access -the table if user reset an failed and uninitialized device. - -Link: https://lkml.kernel.org/r/20250107065446.86928-1-ryncsn@gmail.com -Fixes: 74363ec674cb ("zram: fix uninitialized ZRAM not releasing backing device") -Signed-off-by: Kairui Song -Reviewed-by: Sergey Senozhatsky -Cc: -Signed-off-by: Andrew Morton -Signed-off-by: Sasha Levin ---- - drivers/block/zram/zram_drv.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c -index 4e008cd0ef655..6da0c98a1016f 100644 ---- a/drivers/block/zram/zram_drv.c -+++ b/drivers/block/zram/zram_drv.c -@@ -1174,6 +1174,7 @@ static bool zram_meta_alloc(struct zram *zram, u64 disksize) - zram->mem_pool = zs_create_pool(zram->disk->disk_name); - if (!zram->mem_pool) { - vfree(zram->table); -+ zram->table = NULL; - return false; - } - --- -2.39.5 - diff --git a/queue-5.15/zram-fix-uninitialized-zram-not-releasing-backing-device.patch b/queue-5.15/zram-fix-uninitialized-zram-not-releasing-backing-device.patch deleted file mode 100644 index 39357e81db..0000000000 --- a/queue-5.15/zram-fix-uninitialized-zram-not-releasing-backing-device.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 74363ec674cb172d8856de25776c8f3103f05e2f Mon Sep 17 00:00:00 2001 -From: Kairui Song -Date: Tue, 10 Dec 2024 00:57:16 +0800 -Subject: zram: fix uninitialized ZRAM not releasing backing device - -From: Kairui Song - -commit 74363ec674cb172d8856de25776c8f3103f05e2f upstream. - -Setting backing device is done before ZRAM initialization. If we set the -backing device, then remove the ZRAM module without initializing the -device, the backing device reference will be leaked and the device will be -hold forever. - -Fix this by always reset the ZRAM fully on rmmod or reset store. - -Link: https://lkml.kernel.org/r/20241209165717.94215-3-ryncsn@gmail.com -Fixes: 013bf95a83ec ("zram: add interface to specif backing device") -Signed-off-by: Kairui Song -Reported-by: Desheng Wu -Suggested-by: Sergey Senozhatsky -Reviewed-by: Sergey Senozhatsky -Cc: -Signed-off-by: Andrew Morton -Signed-off-by: Dominique Martinet -Signed-off-by: Greg Kroah-Hartman ---- - drivers/block/zram/zram_drv.c | 9 ++++----- - 1 file changed, 4 insertions(+), 5 deletions(-) - ---- a/drivers/block/zram/zram_drv.c -+++ b/drivers/block/zram/zram_drv.c -@@ -1150,12 +1150,16 @@ static void zram_meta_free(struct zram * - size_t num_pages = disksize >> PAGE_SHIFT; - size_t index; - -+ if (!zram->table) -+ return; -+ - /* Free all pages that are still in this zram device */ - for (index = 0; index < num_pages; index++) - zram_free_page(zram, index); - - zs_destroy_pool(zram->mem_pool); - vfree(zram->table); -+ zram->table = NULL; - } - - static bool zram_meta_alloc(struct zram *zram, u64 disksize) -@@ -1699,11 +1703,6 @@ static void zram_reset_device(struct zra - - zram->limit_pages = 0; - -- if (!init_done(zram)) { -- up_write(&zram->init_lock); -- return; -- } -- - set_capacity_and_notify(zram->disk, 0); - part_stat_set_all(zram->disk->part0, 0); -