--- /dev/null
+From b583ef82b671c9a752fbe3e95bd4c1c51eab764d Mon Sep 17 00:00:00 2001
+From: Jiri Olsa <jolsa@kernel.org>
+Date: Thu, 9 Jan 2025 15:14:40 +0100
+Subject: uprobes: Fix race in uprobe_free_utask
+
+From: Jiri Olsa <jolsa@kernel.org>
+
+commit b583ef82b671c9a752fbe3e95bd4c1c51eab764d upstream.
+
+Max Makarov reported kernel panic [1] in perf user callchain code.
+
+The reason for that is the race between uprobe_free_utask and bpf
+profiler code doing the perf user stack unwind and is triggered
+within uprobe_free_utask function:
+ - after current->utask is freed and
+ - before current->utask is set to NULL
+
+ general protection fault, probably for non-canonical address 0x9e759c37ee555c76: 0000 [#1] SMP PTI
+ RIP: 0010:is_uprobe_at_func_entry+0x28/0x80
+ ...
+ ? die_addr+0x36/0x90
+ ? exc_general_protection+0x217/0x420
+ ? asm_exc_general_protection+0x26/0x30
+ ? is_uprobe_at_func_entry+0x28/0x80
+ perf_callchain_user+0x20a/0x360
+ get_perf_callchain+0x147/0x1d0
+ bpf_get_stackid+0x60/0x90
+ bpf_prog_9aac297fb833e2f5_do_perf_event+0x434/0x53b
+ ? __smp_call_single_queue+0xad/0x120
+ bpf_overflow_handler+0x75/0x110
+ ...
+ asm_sysvec_apic_timer_interrupt+0x1a/0x20
+ RIP: 0010:__kmem_cache_free+0x1cb/0x350
+ ...
+ ? uprobe_free_utask+0x62/0x80
+ ? acct_collect+0x4c/0x220
+ uprobe_free_utask+0x62/0x80
+ mm_release+0x12/0xb0
+ do_exit+0x26b/0xaa0
+ __x64_sys_exit+0x1b/0x20
+ do_syscall_64+0x5a/0x80
+
+It can be easily reproduced by running following commands in
+separate terminals:
+
+ # while :; do bpftrace -e 'uprobe:/bin/ls:_start { printf("hit\n"); }' -c ls; done
+ # bpftrace -e 'profile:hz:100000 { @[ustack()] = count(); }'
+
+Fixing this by making sure current->utask pointer is set to NULL
+before we start to release the utask object.
+
+[1] https://github.com/grafana/pyroscope/issues/3673
+
+Fixes: cfa7f3d2c526 ("perf,x86: avoid missing caller address in stack traces captured in uprobe")
+Reported-by: Max Makarov <maxpain@linux.com>
+Signed-off-by: Jiri Olsa <jolsa@kernel.org>
+Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Acked-by: Oleg Nesterov <oleg@redhat.com>
+Acked-by: Andrii Nakryiko <andrii@kernel.org>
+Link: https://lore.kernel.org/r/20250109141440.2692173-1-jolsa@kernel.org
+[Christian Simon: Rebased for 6.12.y, due to mainline change https://lore.kernel.org/all/20240929144239.GA9475@redhat.com/]
+Signed-off-by: Christian Simon <simon@swine.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/events/uprobes.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/kernel/events/uprobes.c
++++ b/kernel/events/uprobes.c
+@@ -1724,6 +1724,7 @@ void uprobe_free_utask(struct task_struc
+ if (!utask)
+ return;
+
++ t->utask = NULL;
+ if (utask->active_uprobe)
+ put_uprobe(utask->active_uprobe);
+
+@@ -1733,7 +1734,6 @@ void uprobe_free_utask(struct task_struc
+
+ xol_free_insn_slot(t);
+ kfree(utask);
+- t->utask = NULL;
+ }
+
+ /*
--- /dev/null
+From f24f669d03f884a6ef95cca84317d0f329e93961 Mon Sep 17 00:00:00 2001
+From: Xi Ruoyao <xry111@xry111.site>
+Date: Wed, 22 May 2024 10:06:24 +0800
+Subject: x86/mm: Don't disable PCID when INVLPG has been fixed by microcode
+
+From: Xi Ruoyao <xry111@xry111.site>
+
+commit f24f669d03f884a6ef95cca84317d0f329e93961 upstream.
+
+Per the "Processor Specification Update" documentations referred by
+the intel-microcode-20240312 release note, this microcode release has
+fixed the issue for all affected models.
+
+So don't disable PCID if the microcode is new enough. The precise
+minimum microcode revision fixing the issue was provided by Pawan
+Intel.
+
+[ dhansen: comment and changelog tweaks ]
+
+Signed-off-by: Xi Ruoyao <xry111@xry111.site>
+Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
+Acked-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
+Link: https://lore.kernel.org/all/168436059559.404.13934972543631851306.tip-bot2@tip-bot2/
+Link: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312
+Link: https://cdrdv2.intel.com/v1/dl/getContent/740518 # RPL042, rev. 13
+Link: https://cdrdv2.intel.com/v1/dl/getContent/682436 # ADL063, rev. 24
+Link: https://lore.kernel.org/all/20240325231300.qrltbzf6twm43ftb@desk/
+Link: https://lore.kernel.org/all/20240522020625.69418-1-xry111%40xry111.site
+Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/mm/init.c | 23 ++++++++++++++---------
+ 1 file changed, 14 insertions(+), 9 deletions(-)
+
+--- a/arch/x86/mm/init.c
++++ b/arch/x86/mm/init.c
+@@ -263,28 +263,33 @@ static void __init probe_page_size_mask(
+ }
+
+ /*
+- * INVLPG may not properly flush Global entries
+- * on these CPUs when PCIDs are enabled.
++ * INVLPG may not properly flush Global entries on
++ * these CPUs. New microcode fixes the issue.
+ */
+ static const struct x86_cpu_id invlpg_miss_ids[] = {
+- X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE, 0),
+- X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE_L, 0),
+- X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE_N, 0),
+- X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE, 0),
+- X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE_P, 0),
+- X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE_S, 0),
++ X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE, 0x2e),
++ X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE_L, 0x42c),
++ X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE_N, 0x11),
++ X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE, 0x118),
++ X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE_P, 0x4117),
++ X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE_S, 0x2e),
+ {}
+ };
+
+ static void setup_pcid(void)
+ {
++ const struct x86_cpu_id *invlpg_miss_match;
++
+ if (!IS_ENABLED(CONFIG_X86_64))
+ return;
+
+ if (!boot_cpu_has(X86_FEATURE_PCID))
+ return;
+
+- if (x86_match_cpu(invlpg_miss_ids)) {
++ invlpg_miss_match = x86_match_cpu(invlpg_miss_ids);
++
++ if (invlpg_miss_match &&
++ boot_cpu_data.microcode < invlpg_miss_match->driver_data) {
+ pr_info("Incomplete global flushes, disabling PCID");
+ setup_clear_cpu_cap(X86_FEATURE_PCID);
+ return;
projects / thirdparty / kernel / stable-queue.git / commitdiff
