From c29910f1ee921ae6e186bdf1e8061276fc049a31 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Sun, 9 Jul 2023 11:44:00 +0200 Subject: [PATCH] 5.10-stable patches added patches: mm-call-arch_swap_restore-from-do_swap_page.patch --- ...-arch_swap_restore-from-do_swap_page.patch | 53 +++++++++++++++++++ queue-5.10/series | 1 + 2 files changed, 54 insertions(+) create mode 100644 queue-5.10/mm-call-arch_swap_restore-from-do_swap_page.patch diff --git a/queue-5.10/mm-call-arch_swap_restore-from-do_swap_page.patch b/queue-5.10/mm-call-arch_swap_restore-from-do_swap_page.patch new file mode 100644 index 00000000000..d311db9d059 --- /dev/null +++ b/queue-5.10/mm-call-arch_swap_restore-from-do_swap_page.patch @@ -0,0 +1,53 @@ +From 6dca4ac6fc91fd41ea4d6c4511838d37f4e0eab2 Mon Sep 17 00:00:00 2001 +From: Peter Collingbourne +Date: Mon, 22 May 2023 17:43:08 -0700 +Subject: mm: call arch_swap_restore() from do_swap_page() + +From: Peter Collingbourne + +commit 6dca4ac6fc91fd41ea4d6c4511838d37f4e0eab2 upstream. + +Commit c145e0b47c77 ("mm: streamline COW logic in do_swap_page()") moved +the call to swap_free() before the call to set_pte_at(), which meant that +the MTE tags could end up being freed before set_pte_at() had a chance to +restore them. Fix it by adding a call to the arch_swap_restore() hook +before the call to swap_free(). + +Link: https://lkml.kernel.org/r/20230523004312.1807357-2-pcc@google.com +Link: https://linux-review.googlesource.com/id/I6470efa669e8bd2f841049b8c61020c510678965 +Fixes: c145e0b47c77 ("mm: streamline COW logic in do_swap_page()") +Signed-off-by: Peter Collingbourne +Reported-by: Qun-wei Lin +Closes: https://lore.kernel.org/all/5050805753ac469e8d727c797c2218a9d780d434.camel@mediatek.com/ +Acked-by: David Hildenbrand +Acked-by: "Huang, Ying" +Reviewed-by: Steven Price +Acked-by: Catalin Marinas +Cc: [6.1+] +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + mm/memory.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/mm/memory.c b/mm/memory.c +index 0ae594703021..01f39e8144ef 100644 +--- a/mm/memory.c ++++ b/mm/memory.c +@@ -3950,6 +3950,13 @@ vm_fault_t do_swap_page(struct vm_fault *vmf) + } + } + ++ /* ++ * Some architectures may have to restore extra metadata to the page ++ * when reading from swap. This metadata may be indexed by swap entry ++ * so this must be called before swap_free(). ++ */ ++ arch_swap_restore(entry, folio); ++ + /* + * Remove the swap entry and conditionally try to free up the swapcache. + * We're already holding a reference on the page but haven't mapped it +-- +2.41.0 + diff --git a/queue-5.10/series b/queue-5.10/series index 07253119463..0cfaad4f3b2 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -7,6 +7,7 @@ fbdev-imsttfb-fix-use-after-free-bug-in-imsttfb_probe.patch hid-wacom-use-ktime_t-rather-than-int-when-dealing-with-timestamps.patch hid-logitech-hidpp-add-hidpp_quirk_delayed_init-for-the-t651.patch revert-thermal-drivers-mediatek-use-devm_of_iomap-to-avoid-resource-leak-in-mtk_thermal_probe.patch +mm-call-arch_swap_restore-from-do_swap_page.patch scripts-tags.sh-resolve-gtags-empty-index-generation.patch drm-amdgpu-validate-vm-ioctl-flags.patch nubus-partially-revert-proc_create_single_data-conversion.patch -- 2.47.3