Bug#1102914:

[Milan Broz]

Hi,

I tried upstream stable git and bisect, this is the conclusion:

- upstream 6.1.134 is still broken

- bisect points to this patch
(Patch cannot be easily reverted, it need some other patches, anyway, it can be 
used as reference what need to be backported)

476c1dfefab8b98ae9c3e3ad283c2ac10d30c774 is the first bad commit
commit 476c1dfefab8b98ae9c3e3ad283c2ac10d30c774
Author: David Howells <dhowe...@redhat.com>
Date:   Fri May 26 22:41:40 2023 +0100

    mm: Don't pin ZERO_PAGE in pin_user_pages()

    [ Upstream commit c8070b78751955e59b42457b974bea4a4fe00187 ]

    Make pin_user_pages*() leave a ZERO_PAGE unpinned if it extracts a pointer
    to it from the page tables and make unpin_user_page*() correspondingly
    ignore a ZERO_PAGE when unpinning.  We don't want to risk overrunning a
    zero page's refcount as we're only allowed ~2 million pins on it -
    something that userspace can conceivably trigger.

    Add a pair of functions to test whether a page or a folio is a ZERO_PAGE.

    Signed-off-by: David Howells <dhowe...@redhat.com>
    cc: Christoph Hellwig <h...@infradead.org>
    cc: David Hildenbrand <da...@redhat.com>
    cc: Lorenzo Stoakes <lstoa...@gmail.com>
    cc: Andrew Morton <a...@linux-foundation.org>
    cc: Jens Axboe <ax...@kernel.dk>
    cc: Al Viro <v...@zeniv.linux.org.uk>
    cc: Matthew Wilcox <wi...@infradead.org>
    cc: Jan Kara <j...@suse.cz>
    cc: Jeff Layton <jlay...@kernel.org>
    cc: Jason Gunthorpe <j...@nvidia.com>
    cc: Logan Gunthorpe <log...@deltatee.com>
    cc: Hillf Danton <hdan...@sina.com>
    cc: Christian Brauner <brau...@kernel.org>
    cc: Linus Torvalds <torva...@linux-foundation.org>
    cc: linux-fsde...@vger.kernel.org
    cc: linux-bl...@vger.kernel.org
    cc: linux-ker...@vger.kernel.org
    cc: linux...@kvack.org
    Reviewed-by: Lorenzo Stoakes <lstoa...@gmail.com>
    Reviewed-by: Christoph Hellwig <h...@lst.de>
    Acked-by: David Hildenbrand <da...@redhat.com>
    Link: https://lore.kernel.org/r/20230526214142.958751-2-dhowe...@redhat.com
    Signed-off-by: Jens Axboe <ax...@kernel.dk>
    Stable-dep-of: bddf10d26e6e ("uprobes: Reject the shared zeropage in 
uprobe_write_opcode()")
    Signed-off-by: Sasha Levin <sas...@kernel.org>

 Documentation/core-api/pin_user_pages.rst |  6 ++++++
 include/linux/mm.h                        | 26 ++++++++++++++++++++++++--
 mm/gup.c                                  | 31 ++++++++++++++++++++++++++++++-
 3 files changed, 60 insertions(+), 3 deletions(-)

If you are going to write a mail to upstream kernel list, please cc me.

Thanks,
Milan