From 4bfd399c10ed8d7d0419efadf269d1089d95dd25 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sat, 24 Sep 2022 10:49:05 +0200
Subject: [PATCH] 4.19-stable patches

added patches:
	mm-slub-fix-to-return-errno-if-kmalloc-fails.patch
	riscv-fix-a-nasty-sigreturn-bug.patch
---
 ...fix-to-return-errno-if-kmalloc-fails.patch | 70 +++++++++++++++++++
 .../riscv-fix-a-nasty-sigreturn-bug.patch     | 40 +++++++++++
 queue-4.19/series                             |  2 +
 3 files changed, 112 insertions(+)
 create mode 100644 queue-4.19/mm-slub-fix-to-return-errno-if-kmalloc-fails.patch
 create mode 100644 queue-4.19/riscv-fix-a-nasty-sigreturn-bug.patch

diff --git a/queue-4.19/mm-slub-fix-to-return-errno-if-kmalloc-fails.patch b/queue-4.19/mm-slub-fix-to-return-errno-if-kmalloc-fails.patch
new file mode 100644
index 00000000000..adac62a4449
--- /dev/null
+++ b/queue-4.19/mm-slub-fix-to-return-errno-if-kmalloc-fails.patch
@@ -0,0 +1,70 @@
+From 7e9c323c52b379d261a72dc7bd38120a761a93cd Mon Sep 17 00:00:00 2001
+From: Chao Yu <chao.yu@oppo.com>
+Date: Wed, 31 Aug 2022 22:54:54 +0800
+Subject: mm/slub: fix to return errno if kmalloc() fails
+
+From: Chao Yu <chao.yu@oppo.com>
+
+commit 7e9c323c52b379d261a72dc7bd38120a761a93cd upstream.
+
+In create_unique_id(), kmalloc(, GFP_KERNEL) can fail due to
+out-of-memory, if it fails, return errno correctly rather than
+triggering panic via BUG_ON();
+
+kernel BUG at mm/slub.c:5893!
+Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
+
+Call trace:
+ sysfs_slab_add+0x258/0x260 mm/slub.c:5973
+ __kmem_cache_create+0x60/0x118 mm/slub.c:4899
+ create_cache mm/slab_common.c:229 [inline]
+ kmem_cache_create_usercopy+0x19c/0x31c mm/slab_common.c:335
+ kmem_cache_create+0x1c/0x28 mm/slab_common.c:390
+ f2fs_kmem_cache_create fs/f2fs/f2fs.h:2766 [inline]
+ f2fs_init_xattr_caches+0x78/0xb4 fs/f2fs/xattr.c:808
+ f2fs_fill_super+0x1050/0x1e0c fs/f2fs/super.c:4149
+ mount_bdev+0x1b8/0x210 fs/super.c:1400
+ f2fs_mount+0x44/0x58 fs/f2fs/super.c:4512
+ legacy_get_tree+0x30/0x74 fs/fs_context.c:610
+ vfs_get_tree+0x40/0x140 fs/super.c:1530
+ do_new_mount+0x1dc/0x4e4 fs/namespace.c:3040
+ path_mount+0x358/0x914 fs/namespace.c:3370
+ do_mount fs/namespace.c:3383 [inline]
+ __do_sys_mount fs/namespace.c:3591 [inline]
+ __se_sys_mount fs/namespace.c:3568 [inline]
+ __arm64_sys_mount+0x2f8/0x408 fs/namespace.c:3568
+
+Cc: <stable@kernel.org>
+Fixes: 81819f0fc8285 ("SLUB core")
+Reported-by: syzbot+81684812ea68216e08c5@syzkaller.appspotmail.com
+Reviewed-by: Muchun Song <songmuchun@bytedance.com>
+Reviewed-by: Hyeonggon Yoo <42.hyeyoo@gmail.com>
+Signed-off-by: Chao Yu <chao.yu@oppo.com>
+Acked-by: David Rientjes <rientjes@google.com>
+Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ mm/slub.c |    5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- a/mm/slub.c
++++ b/mm/slub.c
+@@ -5688,7 +5688,8 @@ static char *create_unique_id(struct kme
+ 	char *name = kmalloc(ID_STR_LENGTH, GFP_KERNEL);
+ 	char *p = name;
+ 
+-	BUG_ON(!name);
++	if (!name)
++		return ERR_PTR(-ENOMEM);
+ 
+ 	*p++ = ':';
+ 	/*
+@@ -5770,6 +5771,8 @@ static int sysfs_slab_add(struct kmem_ca
+ 		 * for the symlinks.
+ 		 */
+ 		name = create_unique_id(s);
++		if (IS_ERR(name))
++			return PTR_ERR(name);
+ 	}
+ 
+ 	s->kobj.kset = kset;
diff --git a/queue-4.19/riscv-fix-a-nasty-sigreturn-bug.patch b/queue-4.19/riscv-fix-a-nasty-sigreturn-bug.patch
new file mode 100644
index 00000000000..c63ab52ee31
--- /dev/null
+++ b/queue-4.19/riscv-fix-a-nasty-sigreturn-bug.patch
@@ -0,0 +1,40 @@
+From 762df359aa5849e010ef04c3ed79d57588ce17d9 Mon Sep 17 00:00:00 2001
+From: Al Viro <viro@zeniv.linux.org.uk>
+Date: Fri, 24 Sep 2021 01:55:27 +0000
+Subject: riscv: fix a nasty sigreturn bug...
+
+From: Al Viro <viro@zeniv.linux.org.uk>
+
+commit 762df359aa5849e010ef04c3ed79d57588ce17d9 upstream.
+
+riscv has an equivalent of arm bug fixed by 653d48b22166 ("arm: fix
+really nasty sigreturn bug"); if signal gets caught by an interrupt that
+hits when we have the right value in a0 (-513), *and* another signal
+gets delivered upon sigreturn() (e.g. included into the blocked mask for
+the first signal and posted while the handler had been running), the
+syscall restart logics will see regs->cause equal to EXC_SYSCALL (we are
+in a syscall, after all) and a0 already restored to its original value
+(-513, which happens to be -ERESTARTNOINTR) and assume that we need to
+apply the usual syscall restart logics.
+
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Fixes: e2c0cdfba7f6 ("RISC-V: User-facing API")
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/YxJEiSq%2FCGaL6Gm9@ZenIV/
+Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/riscv/kernel/signal.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/arch/riscv/kernel/signal.c
++++ b/arch/riscv/kernel/signal.c
+@@ -105,6 +105,8 @@ SYSCALL_DEFINE0(rt_sigreturn)
+ 	if (restore_altstack(&frame->uc.uc_stack))
+ 		goto badframe;
+ 
++	regs->cause = -1UL;
++
+ 	return regs->a0;
+ 
+ badframe:
diff --git a/queue-4.19/series b/queue-4.19/series
index cbfdbdc3b3c..ad7d1cb81b0 100644
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -29,3 +29,5 @@ alsa-hda-tegra-set-depop-delay-for-tegra.patch
 alsa-hda-add-intel-5-series-3400-pci-did.patch
 alsa-hda-realtek-enable-4-speaker-output-dell-precision-5530-laptop.patch
 efi-libstub-check-shim-mode-using-moksbstatert.patch
+riscv-fix-a-nasty-sigreturn-bug.patch
+mm-slub-fix-to-return-errno-if-kmalloc-fails.patch
-- 
2.47.3