From af9d8543999848a6eaeeab708d45eeffef63e923 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 29 Mar 2022 13:27:37 +0200
Subject: [PATCH] drop
 queue-5.4/locking-lockdep-avoid-potential-access-of-invalid-memory-in-lock_class.patch

---
 ...cess-of-invalid-memory-in-lock_class.patch | 87 -------------------
 queue-5.4/series                              |  1 -
 2 files changed, 88 deletions(-)
 delete mode 100644 queue-5.4/locking-lockdep-avoid-potential-access-of-invalid-memory-in-lock_class.patch

diff --git a/queue-5.4/locking-lockdep-avoid-potential-access-of-invalid-memory-in-lock_class.patch b/queue-5.4/locking-lockdep-avoid-potential-access-of-invalid-memory-in-lock_class.patch
deleted file mode 100644
index d88f6036e63..00000000000
--- a/queue-5.4/locking-lockdep-avoid-potential-access-of-invalid-memory-in-lock_class.patch
+++ /dev/null
@@ -1,87 +0,0 @@
-From 61cc4534b6550997c97a03759ab46b29d44c0017 Mon Sep 17 00:00:00 2001
-From: Waiman Long <longman@redhat.com>
-Date: Sun, 2 Jan 2022 21:35:58 -0500
-Subject: locking/lockdep: Avoid potential access of invalid memory in lock_class
-
-From: Waiman Long <longman@redhat.com>
-
-commit 61cc4534b6550997c97a03759ab46b29d44c0017 upstream.
-
-It was found that reading /proc/lockdep after a lockdep splat may
-potentially cause an access to freed memory if lockdep_unregister_key()
-is called after the splat but before access to /proc/lockdep [1]. This
-is due to the fact that graph_lock() call in lockdep_unregister_key()
-fails after the clearing of debug_locks by the splat process.
-
-After lockdep_unregister_key() is called, the lock_name may be freed
-but the corresponding lock_class structure still have a reference to
-it. That invalid memory pointer will then be accessed when /proc/lockdep
-is read by a user and a use-after-free (UAF) error will be reported if
-KASAN is enabled.
-
-To fix this problem, lockdep_unregister_key() is now modified to always
-search for a matching key irrespective of the debug_locks state and
-zap the corresponding lock class if a matching one is found.
-
-[1] https://lore.kernel.org/lkml/77f05c15-81b6-bddd-9650-80d5f23fe330@i-love.sakura.ne.jp/
-
-Fixes: 8b39adbee805 ("locking/lockdep: Make lockdep_unregister_key() honor 'debug_locks' again")
-Reported-by: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
-Signed-off-by: Waiman Long <longman@redhat.com>
-Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
-Reviewed-by: Bart Van Assche <bvanassche@acm.org>
-Cc: Cheng-Jui Wang <cheng-jui.wang@mediatek.com>
-Link: https://lkml.kernel.org/r/20220103023558.1377055-1-longman@redhat.com
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- kernel/locking/lockdep.c |   24 +++++++++++++++---------
- 1 file changed, 15 insertions(+), 9 deletions(-)
-
---- a/kernel/locking/lockdep.c
-+++ b/kernel/locking/lockdep.c
-@@ -5289,7 +5289,13 @@ void lockdep_reset_lock(struct lockdep_m
- 		lockdep_reset_lock_reg(lock);
- }
- 
--/* Unregister a dynamically allocated key. */
-+/*
-+ * Unregister a dynamically allocated key.
-+ *
-+ * Unlike lockdep_register_key(), a search is always done to find a matching
-+ * key irrespective of debug_locks to avoid potential invalid access to freed
-+ * memory in lock_class entry.
-+ */
- void lockdep_unregister_key(struct lock_class_key *key)
- {
- 	struct hlist_head *hash_head = keyhashentry(key);
-@@ -5304,10 +5310,8 @@ void lockdep_unregister_key(struct lock_
- 		return;
- 
- 	raw_local_irq_save(flags);
--	if (!graph_lock())
--		goto out_irq;
-+	lockdep_lock();
- 
--	pf = get_pending_free();
- 	hlist_for_each_entry_rcu(k, hash_head, hash_entry) {
- 		if (k == key) {
- 			hlist_del_rcu(&k->hash_entry);
-@@ -5315,11 +5319,13 @@ void lockdep_unregister_key(struct lock_
- 			break;
- 		}
- 	}
--	WARN_ON_ONCE(!found);
--	__lockdep_free_key_range(pf, key, 1);
--	call_rcu_zapped(pf);
--	graph_unlock();
--out_irq:
-+	WARN_ON_ONCE(!found && debug_locks);
-+	if (found) {
-+		pf = get_pending_free();
-+		__lockdep_free_key_range(pf, key, 1);
-+		call_rcu_zapped(pf);
-+	}
-+	lockdep_unlock();
- 	raw_local_irq_restore(flags);
- 
- 	/* Wait until is_dynamic_key() has finished accessing k->hash_entry. */
diff --git a/queue-5.4/series b/queue-5.4/series
index a1c1e124c4e..613d381b47d 100644
--- a/queue-5.4/series
+++ b/queue-5.4/series
@@ -12,4 +12,3 @@ net-mcf8390-use-platform_get_irq-to-get-the-interrup.patch
 spi-fix-erroneous-sgs-value-with-min_t.patch
 af_key-add-__gfp_zero-flag-for-compose_sadb_supporte.patch
 net-dsa-microchip-add-spi_device_id-tables.patch
-locking-lockdep-avoid-potential-access-of-invalid-memory-in-lock_class.patch
-- 
2.47.3