Integrate security patch 2023-05-05-CVE-2023-21666 Change-Id: Ic1d3ed9d6e9e221a4167103869d9171843841705 (cherry picked from commit 0c2393ad78868accfa3a35fad95d6dd54dcb0f4f)

commit: 92f9a389429e6f63908f3169c2e48097fc72b1e8 [log] [tgz]
author: android-t1 <xiaocong.gu@t2mobile.com> Thu May 04 15:04:10 2023 +0800
committer: Fairphone ODM <fairphone-odm@localhost> Thu May 04 15:51:29 2023 +0800
tree: 17bcd0931153ed2b2fe494cc7a1ac76ceb2d5a04
parent: 17acc8cf63ea135fd824eb6a28f710e0dab4c29f [diff]
diff --git a/drivers/gpu/msm/kgsl_pool.c b/drivers/gpu/msm/kgsl_pool.c
index ecb05b9..b5429cb 100644
--- a/drivers/gpu/msm/kgsl_pool.c
+++ b/drivers/gpu/msm/kgsl_pool.c

@@ -1,6 +1,7 @@
 // SPDX-License-Identifier: GPL-2.0-only
 /*
  * Copyright (c) 2016-2021, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
  */
 
 #include <asm/cacheflush.h>
@@ -61,6 +62,15 @@
 static void
 _kgsl_pool_add_page(struct kgsl_page_pool *pool, struct page *p)
 {
+	/*
+	 * Sanity check to make sure we don't re-pool a page that
+	 * somebody else has a reference to.
+	 */
+	if (WARN_ON_ONCE(unlikely(page_count(p) > 1))) {
+		__free_pages(p, pool->pool_order);
+		return;
+	}
+
 	kgsl_zero_page(p, pool->pool_order);
 
 	spin_lock(&pool->list_lock);
commit	92f9a389429e6f63908f3169c2e48097fc72b1e8	[log] [tgz]
author	android-t1 <xiaocong.gu@t2mobile.com>	Thu May 04 15:04:10 2023 +0800
committer	Fairphone ODM <fairphone-odm@localhost>	Thu May 04 15:51:29 2023 +0800
tree	17bcd0931153ed2b2fe494cc7a1ac76ceb2d5a04
parent	17acc8cf63ea135fd824eb6a28f710e0dab4c29f [diff]