From af6f33ad44a6c0251e5155157431aeec55f19016 Mon Sep 17 00:00:00 2001
From: Michal Suchanek <msuchanek@suse.de>
Date: Mar 28 2024 14:52:52 +0000
Subject: powerpc/mm: Fix null-pointer dereference in pgtable_cache_add

(CVE-2023-52607 bsc#1221061).

---

diff --git a/patches.suse/powerpc-mm-Fix-null-pointer-dereference-in-pgtable_c.patch b/patches.suse/powerpc-mm-Fix-null-pointer-dereference-in-pgtable_c.patch
new file mode 100644
index 0000000..6913555
--- /dev/null
+++ b/patches.suse/powerpc-mm-Fix-null-pointer-dereference-in-pgtable_c.patch
@@ -0,0 +1,48 @@
+From f46c8a75263f97bda13c739ba1c90aced0d3b071 Mon Sep 17 00:00:00 2001
+From: Kunwu Chan <chentao@kylinos.cn>
+Date: Mon, 4 Dec 2023 10:32:23 +0800
+Subject: [PATCH] powerpc/mm: Fix null-pointer dereference in pgtable_cache_add
+
+References: CVE-2023-52607 bsc#1221061
+Patch-mainline: v6.8-rc1
+Git-commit: f46c8a75263f97bda13c739ba1c90aced0d3b071
+
+kasprintf() returns a pointer to dynamically allocated memory
+which can be NULL upon failure. Ensure the allocation was successful
+by checking the pointer validity.
+
+Suggested-by: Christophe Leroy <christophe.leroy@csgroup.eu>
+Suggested-by: Michael Ellerman <mpe@ellerman.id.au>
+Signed-off-by: Kunwu Chan <chentao@kylinos.cn>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Link: https://msgid.link/20231204023223.2447523-1-chentao@kylinos.cn
+Acked-by: Michal Suchanek <msuchanek@suse.de>
+---
+ arch/powerpc/mm/init-common.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/arch/powerpc/mm/init-common.c b/arch/powerpc/mm/init-common.c
+--- a/arch/powerpc/mm/init-common.c
++++ b/arch/powerpc/mm/init-common.c
+@@ -126,7 +126,7 @@ void pgtable_cache_add(unsigned int shift)
+ 	 * as to leave enough 0 bits in the address to contain it. */
+ 	unsigned long minalign = max(MAX_PGTABLE_INDEX_SIZE + 1,
+ 				     HUGEPD_SHIFT_MASK + 1);
+-	struct kmem_cache *new;
++	struct kmem_cache *new = NULL;
+ 
+ 	/* It would be nice if this was a BUILD_BUG_ON(), but at the
+ 	 * moment, gcc doesn't seem to recognize is_power_of_2 as a
+@@ -139,7 +139,8 @@ void pgtable_cache_add(unsigned int shift)
+ 
+ 	align = max_t(unsigned long, align, minalign);
+ 	name = kasprintf(GFP_KERNEL, "pgtable-2^%d", shift);
+-	new = kmem_cache_create(name, table_size, align, 0, ctor);
++	if (name)
++		new = kmem_cache_create(name, table_size, align, 0, ctor);
+ 	if (!new)
+ 		panic("Could not allocate pgtable cache for order %d", shift);
+ 
+-- 
+2.44.0
+
diff --git a/series.conf b/series.conf
index 3fa8a94..631aacd 100644
--- a/series.conf
+++ b/series.conf
@@ -64962,6 +64962,7 @@
 	patches.suse/EDAC-thunderx-Fix-possible-out-of-bounds-string-access.patch
 	patches.suse/x86-lib-Fix-overflow-when-counting-digits.patch
 	patches.suse/powerpc-pseries-memhp-Fix-access-beyond-end-of-drmem.patch
+	patches.suse/powerpc-mm-Fix-null-pointer-dereference-in-pgtable_c.patch
 	patches.suse/powerpc-powernv-Add-a-null-pointer-check-in-opal_eve.patch
 	patches.suse/powerpc-powernv-Add-a-null-pointer-check-in-opal_pow.patch
 	patches.suse/mtd-Fix-gluebi-NULL-pointer-dereference-caused-by-ftl-notifier.patch