From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sun, 9 Jul 2023 09:44:22 +0000 (+0200)
Subject: 6.1-stable patches
X-Git-Tag: v6.4.3~15
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d7ec649e0713cb5290cbceecf79942dcd2a8607f;p=thirdparty%2Fkernel%2Fstable-queue.git

6.1-stable patches

added patches:
	bootmem-remove-the-vmemmap-pages-from-kmemleak-in-free_bootmem_page.patch
	mm-call-arch_swap_restore-from-do_swap_page.patch
---

diff --git a/queue-6.1/bootmem-remove-the-vmemmap-pages-from-kmemleak-in-free_bootmem_page.patch b/queue-6.1/bootmem-remove-the-vmemmap-pages-from-kmemleak-in-free_bootmem_page.patch
new file mode 100644
index 00000000000..4c7b000f9ed
--- /dev/null
+++ b/queue-6.1/bootmem-remove-the-vmemmap-pages-from-kmemleak-in-free_bootmem_page.patch
@@ -0,0 +1,49 @@
+From 028725e73375a1ff080bbdf9fb503306d0116f28 Mon Sep 17 00:00:00 2001
+From: Liu Shixin <liushixin2@huawei.com>
+Date: Tue, 4 Jul 2023 18:19:42 +0800
+Subject: bootmem: remove the vmemmap pages from kmemleak in free_bootmem_page
+
+From: Liu Shixin <liushixin2@huawei.com>
+
+commit 028725e73375a1ff080bbdf9fb503306d0116f28 upstream.
+
+commit dd0ff4d12dd2 ("bootmem: remove the vmemmap pages from kmemleak in
+put_page_bootmem") fix an overlaps existing problem of kmemleak.  But the
+problem still existed when HAVE_BOOTMEM_INFO_NODE is disabled, because in
+this case, free_bootmem_page() will call free_reserved_page() directly.
+
+Fix the problem by adding kmemleak_free_part() in free_bootmem_page() when
+HAVE_BOOTMEM_INFO_NODE is disabled.
+
+Link: https://lkml.kernel.org/r/20230704101942.2819426-1-liushixin2@huawei.com
+Fixes: f41f2ed43ca5 ("mm: hugetlb: free the vmemmap pages associated with each HugeTLB page")
+Signed-off-by: Liu Shixin <liushixin2@huawei.com>
+Acked-by: Muchun Song <songmuchun@bytedance.com>
+Cc: Matthew Wilcox <willy@infradead.org>
+Cc: Mike Kravetz <mike.kravetz@oracle.com>
+Cc: Oscar Salvador <osalvador@suse.de>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ include/linux/bootmem_info.h |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/include/linux/bootmem_info.h
++++ b/include/linux/bootmem_info.h
+@@ -3,6 +3,7 @@
+ #define __LINUX_BOOTMEM_INFO_H
+ 
+ #include <linux/mm.h>
++#include <linux/kmemleak.h>
+ 
+ /*
+  * Types for free bootmem stored in page->lru.next. These have to be in
+@@ -59,6 +60,7 @@ static inline void get_page_bootmem(unsi
+ 
+ static inline void free_bootmem_page(struct page *page)
+ {
++	kmemleak_free_part(page_to_virt(page), PAGE_SIZE);
+ 	free_reserved_page(page);
+ }
+ #endif
diff --git a/queue-6.1/mm-call-arch_swap_restore-from-do_swap_page.patch b/queue-6.1/mm-call-arch_swap_restore-from-do_swap_page.patch
new file mode 100644
index 00000000000..d311db9d059
--- /dev/null
+++ b/queue-6.1/mm-call-arch_swap_restore-from-do_swap_page.patch
@@ -0,0 +1,53 @@
+From 6dca4ac6fc91fd41ea4d6c4511838d37f4e0eab2 Mon Sep 17 00:00:00 2001
+From: Peter Collingbourne <pcc@google.com>
+Date: Mon, 22 May 2023 17:43:08 -0700
+Subject: mm: call arch_swap_restore() from do_swap_page()
+
+From: Peter Collingbourne <pcc@google.com>
+
+commit 6dca4ac6fc91fd41ea4d6c4511838d37f4e0eab2 upstream.
+
+Commit c145e0b47c77 ("mm: streamline COW logic in do_swap_page()") moved
+the call to swap_free() before the call to set_pte_at(), which meant that
+the MTE tags could end up being freed before set_pte_at() had a chance to
+restore them.  Fix it by adding a call to the arch_swap_restore() hook
+before the call to swap_free().
+
+Link: https://lkml.kernel.org/r/20230523004312.1807357-2-pcc@google.com
+Link: https://linux-review.googlesource.com/id/I6470efa669e8bd2f841049b8c61020c510678965
+Fixes: c145e0b47c77 ("mm: streamline COW logic in do_swap_page()")
+Signed-off-by: Peter Collingbourne <pcc@google.com>
+Reported-by: Qun-wei Lin <Qun-wei.Lin@mediatek.com>
+Closes: https://lore.kernel.org/all/5050805753ac469e8d727c797c2218a9d780d434.camel@mediatek.com/
+Acked-by: David Hildenbrand <david@redhat.com>
+Acked-by: "Huang, Ying" <ying.huang@intel.com>
+Reviewed-by: Steven Price <steven.price@arm.com>
+Acked-by: Catalin Marinas <catalin.marinas@arm.com>
+Cc: <stable@vger.kernel.org>	[6.1+]
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ mm/memory.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/mm/memory.c b/mm/memory.c
+index 0ae594703021..01f39e8144ef 100644
+--- a/mm/memory.c
++++ b/mm/memory.c
+@@ -3950,6 +3950,13 @@ vm_fault_t do_swap_page(struct vm_fault *vmf)
+ 		}
+ 	}
+ 
++	/*
++	 * Some architectures may have to restore extra metadata to the page
++	 * when reading from swap. This metadata may be indexed by swap entry
++	 * so this must be called before swap_free().
++	 */
++	arch_swap_restore(entry, folio);
++
+ 	/*
+ 	 * Remove the swap entry and conditionally try to free up the swapcache.
+ 	 * We're already holding a reference on the page but haven't mapped it
+-- 
+2.41.0
+
diff --git a/queue-6.1/series b/queue-6.1/series
index 3db857001a2..5768959b665 100644
--- a/queue-6.1/series
+++ b/queue-6.1/series
@@ -156,7 +156,9 @@ drm-bridge-tc358768-fix-ths_trailcnt-computation.patch
 drm-vram-helper-fix-function-names-in-vram-helper-do.patch
 arm-dts-bcm5301x-drop-clock-names-from-the-spi-node.patch
 arm-dts-meson8b-correct-uart_b-and-uart_c-clock-refe.patch
+mm-call-arch_swap_restore-from-do_swap_page.patch
 clk-vc5-use-clamp-to-restrict-pll-range.patch
+bootmem-remove-the-vmemmap-pages-from-kmemleak-in-free_bootmem_page.patch
 clk-vc5-fix-.driver_data-content-in-i2c_device_id.patch
 clk-vc7-fix-.driver_data-content-in-i2c_device_id.patch
 clk-rs9-fix-.driver_data-content-in-i2c_device_id.patch