/[packages]/backports/8/kernel/current/SOURCES/arm64-mte-fix-double-freeing-of-the-temporary-tag-storage-during-coredump.patch
ViewVC logotype

Contents of /backports/8/kernel/current/SOURCES/arm64-mte-fix-double-freeing-of-the-temporary-tag-storage-during-coredump.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1932881 - (show annotations) (download)
Sat Jan 14 11:15:03 2023 UTC (14 months, 1 week ago) by tmb
File size: 1444 byte(s)
- update to 6.1.6
  * drop merged patches
- add current -stable queue
- Revert "mm/compaction: fix set skip in fast_find_migrateblock"
- wifi: brcmfmac: fix regression for Broadcom PCIe wifi devices


1 From 736eedc974eaafbf4360e0ea85fc892cea72a223 Mon Sep 17 00:00:00 2001
2 From: Catalin Marinas <catalin.marinas@arm.com>
3 Date: Thu, 22 Dec 2022 18:12:49 +0000
4 Subject: arm64: mte: Fix double-freeing of the temporary tag storage during coredump
5
6 From: Catalin Marinas <catalin.marinas@arm.com>
7
8 commit 736eedc974eaafbf4360e0ea85fc892cea72a223 upstream.
9
10 Commit 16decce22efa ("arm64: mte: Fix the stack frame size warning in
11 mte_dump_tag_range()") moved the temporary tag storage array from the
12 stack to slab but it also introduced an error in double freeing this
13 object. Remove the in-loop freeing.
14
15 Fixes: 16decce22efa ("arm64: mte: Fix the stack frame size warning in mte_dump_tag_range()")
16 Cc: <stable@vger.kernel.org> # 5.18.x
17 Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
18 Reported-by: Seth Jenkins <sethjenkins@google.com>
19 Cc: Will Deacon <will@kernel.org>
20 Link: https://lore.kernel.org/r/20221222181251.1345752-2-catalin.marinas@arm.com
21 Signed-off-by: Will Deacon <will@kernel.org>
22 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
23 ---
24 arch/arm64/kernel/elfcore.c | 1 -
25 1 file changed, 1 deletion(-)
26
27 --- a/arch/arm64/kernel/elfcore.c
28 +++ b/arch/arm64/kernel/elfcore.c
29 @@ -65,7 +65,6 @@ static int mte_dump_tag_range(struct cor
30 mte_save_page_tags(page_address(page), tags);
31 put_page(page);
32 if (!dump_emit(cprm, tags, MTE_PAGE_TAG_STORAGE)) {
33 - mte_free_tag_storage(tags);
34 ret = 0;
35 break;
36 }

  ViewVC Help
Powered by ViewVC 1.1.30