--- /dev/null
+From 689fbb14915100080aa97d3199e5a867fce0b63a Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 26 Jan 2023 16:38:17 +0300
+Subject: Bluetooth: hci_sync: cancel cmd_timer if hci_open failed
+
+From: Archie Pusaka <apusaka@chromium.org>
+
+commit 97dfaf073f5881c624856ef293be307b6166115c upstream.
+
+If a command is already sent, we take care of freeing it, but we
+also need to cancel the timeout as well.
+
+Signed-off-by: Archie Pusaka <apusaka@chromium.org>
+Reviewed-by: Abhishek Pandit-Subedi <abhishekpandit@google.com>
+Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/bluetooth/hci_core.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
+index a41b4dcf1a7a..cabe8eb4c14f 100644
+--- a/net/bluetooth/hci_core.c
++++ b/net/bluetooth/hci_core.c
+@@ -1632,6 +1632,7 @@ static int hci_dev_do_open(struct hci_dev *hdev)
+ hdev->flush(hdev);
+
+ if (hdev->sent_cmd) {
++ cancel_delayed_work_sync(&hdev->cmd_timer);
+ kfree_skb(hdev->sent_cmd);
+ hdev->sent_cmd = NULL;
+ }
+--
+2.39.0
+
--- /dev/null
+From b67aa01b8323eed7db29a9baff206dbe71ba839a Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 24 Jan 2023 10:51:00 -0800
+Subject: csky: Fix function name in csky_alignment() and die()
+
+From: Nathan Chancellor <nathan@kernel.org>
+
+commit 751971af2e3615dc5bd12674080bc795505fefeb upstream.
+
+When building ARCH=csky defconfig:
+
+arch/csky/kernel/traps.c: In function 'die':
+arch/csky/kernel/traps.c:112:17: error: implicit declaration of function
+'make_dead_task' [-Werror=implicit-function-declaration]
+ 112 | make_dead_task(SIGSEGV);
+ | ^~~~~~~~~~~~~~
+
+The function's name is make_task_dead(), change it so there is no more
+build error.
+
+Fixes: 0e25498f8cd4 ("exit: Add and use make_task_dead.")
+Signed-off-by: Nathan Chancellor <nathan@kernel.org>
+Reviewed-by: Guo Ren <guoren@kernel.org>
+Link: https://lkml.kernel.org/r/20211227184851.2297759-4-nathan@kernel.org
+Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/csky/abiv1/alignment.c | 2 +-
+ arch/csky/kernel/traps.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/arch/csky/abiv1/alignment.c b/arch/csky/abiv1/alignment.c
+index 5e2fb45d605c..2df115d0e210 100644
+--- a/arch/csky/abiv1/alignment.c
++++ b/arch/csky/abiv1/alignment.c
+@@ -294,7 +294,7 @@ void csky_alignment(struct pt_regs *regs)
+ __func__, opcode, rz, rx, imm, addr);
+ show_regs(regs);
+ bust_spinlocks(0);
+- make_dead_task(SIGKILL);
++ make_task_dead(SIGKILL);
+ }
+
+ force_sig_fault(SIGBUS, BUS_ADRALN, (void __user *)addr);
+diff --git a/arch/csky/kernel/traps.c b/arch/csky/kernel/traps.c
+index b445c5aee220..6e426fba0119 100644
+--- a/arch/csky/kernel/traps.c
++++ b/arch/csky/kernel/traps.c
+@@ -109,7 +109,7 @@ void die(struct pt_regs *regs, const char *str)
+ if (panic_on_oops)
+ panic("Fatal exception");
+ if (ret != NOTIFY_STOP)
+- make_dead_task(SIGSEGV);
++ make_task_dead(SIGSEGV);
+ }
+
+ void do_trap(struct pt_regs *regs, int signo, int code, unsigned long addr)
+--
+2.39.0
+
--- /dev/null
+From 26841ec434b22038c32f6141321633b2fcb4ef4c Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 24 Jan 2023 10:51:09 -0800
+Subject: docs: Fix path paste-o for /sys/kernel/warn_count
+
+From: Kees Cook <keescook@chromium.org>
+
+commit 00dd027f721e0458418f7750d8a5a664ed3e5994 upstream.
+
+Running "make htmldocs" shows that "/sys/kernel/oops_count" was
+duplicated. This should have been "warn_count":
+
+ Warning: /sys/kernel/oops_count is defined 2 times:
+ ./Documentation/ABI/testing/sysfs-kernel-warn_count:0
+ ./Documentation/ABI/testing/sysfs-kernel-oops_count:0
+
+Fix the typo.
+
+Reported-by: kernel test robot <lkp@intel.com>
+Link: https://lore.kernel.org/linux-doc/202212110529.A3Qav8aR-lkp@intel.com
+Fixes: 8b05aa263361 ("panic: Expose "warn_count" to sysfs")
+Cc: linux-hardening@vger.kernel.org
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ Documentation/ABI/testing/sysfs-kernel-warn_count | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Documentation/ABI/testing/sysfs-kernel-warn_count b/Documentation/ABI/testing/sysfs-kernel-warn_count
+index 08f083d2fd51..90a029813717 100644
+--- a/Documentation/ABI/testing/sysfs-kernel-warn_count
++++ b/Documentation/ABI/testing/sysfs-kernel-warn_count
+@@ -1,4 +1,4 @@
+-What: /sys/kernel/oops_count
++What: /sys/kernel/warn_count
+ Date: November 2022
+ KernelVersion: 6.2.0
+ Contact: Linux Kernel Hardening List <linux-hardening@vger.kernel.org>
+--
+2.39.0
+
--- /dev/null
+From 8b684719d5195b31cffe5ec9721a0ecea00d9421 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 24 Jan 2023 10:50:56 -0800
+Subject: exit: Add and use make_task_dead.
+
+From: Eric W. Biederman <ebiederm@xmission.com>
+
+commit 0e25498f8cd43c1b5aa327f373dd094e9a006da7 upstream.
+
+There are two big uses of do_exit. The first is it's design use to be
+the guts of the exit(2) system call. The second use is to terminate
+a task after something catastrophic has happened like a NULL pointer
+in kernel code.
+
+Add a function make_task_dead that is initialy exactly the same as
+do_exit to cover the cases where do_exit is called to handle
+catastrophic failure. In time this can probably be reduced to just a
+light wrapper around do_task_dead. For now keep it exactly the same so
+that there will be no behavioral differences introducing this new
+concept.
+
+Replace all of the uses of do_exit that use it for catastraphic
+task cleanup with make_task_dead to make it clear what the code
+is doing.
+
+As part of this rename rewind_stack_do_exit
+rewind_stack_and_make_dead.
+
+Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/alpha/kernel/traps.c | 6 +++---
+ arch/alpha/mm/fault.c | 2 +-
+ arch/arm/kernel/traps.c | 2 +-
+ arch/arm/mm/fault.c | 2 +-
+ arch/arm64/kernel/traps.c | 2 +-
+ arch/arm64/mm/fault.c | 2 +-
+ arch/csky/abiv1/alignment.c | 2 +-
+ arch/csky/kernel/traps.c | 2 +-
+ arch/csky/mm/fault.c | 2 +-
+ arch/h8300/kernel/traps.c | 2 +-
+ arch/h8300/mm/fault.c | 2 +-
+ arch/hexagon/kernel/traps.c | 2 +-
+ arch/ia64/kernel/mca_drv.c | 2 +-
+ arch/ia64/kernel/traps.c | 2 +-
+ arch/ia64/mm/fault.c | 2 +-
+ arch/m68k/kernel/traps.c | 2 +-
+ arch/m68k/mm/fault.c | 2 +-
+ arch/microblaze/kernel/exceptions.c | 4 ++--
+ arch/mips/kernel/traps.c | 2 +-
+ arch/nds32/kernel/fpu.c | 2 +-
+ arch/nds32/kernel/traps.c | 8 ++++----
+ arch/nios2/kernel/traps.c | 4 ++--
+ arch/openrisc/kernel/traps.c | 2 +-
+ arch/parisc/kernel/traps.c | 2 +-
+ arch/powerpc/kernel/traps.c | 8 ++++----
+ arch/riscv/kernel/traps.c | 2 +-
+ arch/riscv/mm/fault.c | 2 +-
+ arch/s390/kernel/dumpstack.c | 2 +-
+ arch/s390/kernel/nmi.c | 2 +-
+ arch/sh/kernel/traps.c | 2 +-
+ arch/sparc/kernel/traps_32.c | 4 +---
+ arch/sparc/kernel/traps_64.c | 4 +---
+ arch/x86/entry/entry_32.S | 6 +++---
+ arch/x86/entry/entry_64.S | 6 +++---
+ arch/x86/kernel/dumpstack.c | 4 ++--
+ arch/xtensa/kernel/traps.c | 2 +-
+ include/linux/sched/task.h | 1 +
+ kernel/exit.c | 9 +++++++++
+ tools/objtool/check.c | 3 ++-
+ 39 files changed, 63 insertions(+), 56 deletions(-)
+
+diff --git a/arch/alpha/kernel/traps.c b/arch/alpha/kernel/traps.c
+index e805106409f7..f5ba12adde67 100644
+--- a/arch/alpha/kernel/traps.c
++++ b/arch/alpha/kernel/traps.c
+@@ -192,7 +192,7 @@ die_if_kernel(char * str, struct pt_regs *regs, long err, unsigned long *r9_15)
+ local_irq_enable();
+ while (1);
+ }
+- do_exit(SIGSEGV);
++ make_task_dead(SIGSEGV);
+ }
+
+ #ifndef CONFIG_MATHEMU
+@@ -577,7 +577,7 @@ do_entUna(void * va, unsigned long opcode, unsigned long reg,
+
+ printk("Bad unaligned kernel access at %016lx: %p %lx %lu\n",
+ pc, va, opcode, reg);
+- do_exit(SIGSEGV);
++ make_task_dead(SIGSEGV);
+
+ got_exception:
+ /* Ok, we caught the exception, but we don't want it. Is there
+@@ -632,7 +632,7 @@ do_entUna(void * va, unsigned long opcode, unsigned long reg,
+ local_irq_enable();
+ while (1);
+ }
+- do_exit(SIGSEGV);
++ make_task_dead(SIGSEGV);
+ }
+
+ /*
+diff --git a/arch/alpha/mm/fault.c b/arch/alpha/mm/fault.c
+index eee5102c3d88..e9193d52222e 100644
+--- a/arch/alpha/mm/fault.c
++++ b/arch/alpha/mm/fault.c
+@@ -204,7 +204,7 @@ do_page_fault(unsigned long address, unsigned long mmcsr,
+ printk(KERN_ALERT "Unable to handle kernel paging request at "
+ "virtual address %016lx\n", address);
+ die_if_kernel("Oops", regs, cause, (unsigned long*)regs - 16);
+- do_exit(SIGKILL);
++ make_task_dead(SIGKILL);
+
+ /* We ran out of memory, or some other thing happened to us that
+ made us unable to handle the page fault gracefully. */
+diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c
+index 54abd8720dde..91e757bb054e 100644
+--- a/arch/arm/kernel/traps.c
++++ b/arch/arm/kernel/traps.c
+@@ -334,7 +334,7 @@ static void oops_end(unsigned long flags, struct pt_regs *regs, int signr)
+ if (panic_on_oops)
+ panic("Fatal exception");
+ if (signr)
+- do_exit(signr);
++ make_task_dead(signr);
+ }
+
+ /*
+diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c
+index efa402025031..af5177801fb1 100644
+--- a/arch/arm/mm/fault.c
++++ b/arch/arm/mm/fault.c
+@@ -125,7 +125,7 @@ __do_kernel_fault(struct mm_struct *mm, unsigned long addr, unsigned int fsr,
+ show_pte(KERN_ALERT, mm, addr);
+ die("Oops", regs, fsr);
+ bust_spinlocks(0);
+- do_exit(SIGKILL);
++ make_task_dead(SIGKILL);
+ }
+
+ /*
+diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c
+index f859cc870d5b..21e69a991bc8 100644
+--- a/arch/arm64/kernel/traps.c
++++ b/arch/arm64/kernel/traps.c
+@@ -235,7 +235,7 @@ void die(const char *str, struct pt_regs *regs, int err)
+ raw_spin_unlock_irqrestore(&die_lock, flags);
+
+ if (ret != NOTIFY_STOP)
+- do_exit(SIGSEGV);
++ make_task_dead(SIGSEGV);
+ }
+
+ static void arm64_show_signal(int signo, const char *str)
+diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c
+index d09b21faa0b2..97a93ee756a2 100644
+--- a/arch/arm64/mm/fault.c
++++ b/arch/arm64/mm/fault.c
+@@ -302,7 +302,7 @@ static void die_kernel_fault(const char *msg, unsigned long addr,
+ show_pte(addr);
+ die("Oops", regs, esr);
+ bust_spinlocks(0);
+- do_exit(SIGKILL);
++ make_task_dead(SIGKILL);
+ }
+
+ #ifdef CONFIG_KASAN_HW_TAGS
+diff --git a/arch/csky/abiv1/alignment.c b/arch/csky/abiv1/alignment.c
+index cb2a0d94a144..5e2fb45d605c 100644
+--- a/arch/csky/abiv1/alignment.c
++++ b/arch/csky/abiv1/alignment.c
+@@ -294,7 +294,7 @@ void csky_alignment(struct pt_regs *regs)
+ __func__, opcode, rz, rx, imm, addr);
+ show_regs(regs);
+ bust_spinlocks(0);
+- do_exit(SIGKILL);
++ make_dead_task(SIGKILL);
+ }
+
+ force_sig_fault(SIGBUS, BUS_ADRALN, (void __user *)addr);
+diff --git a/arch/csky/kernel/traps.c b/arch/csky/kernel/traps.c
+index 2020af88b636..b445c5aee220 100644
+--- a/arch/csky/kernel/traps.c
++++ b/arch/csky/kernel/traps.c
+@@ -109,7 +109,7 @@ void die(struct pt_regs *regs, const char *str)
+ if (panic_on_oops)
+ panic("Fatal exception");
+ if (ret != NOTIFY_STOP)
+- do_exit(SIGSEGV);
++ make_dead_task(SIGSEGV);
+ }
+
+ void do_trap(struct pt_regs *regs, int signo, int code, unsigned long addr)
+diff --git a/arch/csky/mm/fault.c b/arch/csky/mm/fault.c
+index 466ad949818a..7215a46b6b8e 100644
+--- a/arch/csky/mm/fault.c
++++ b/arch/csky/mm/fault.c
+@@ -67,7 +67,7 @@ static inline void no_context(struct pt_regs *regs, unsigned long addr)
+ pr_alert("Unable to handle kernel paging request at virtual "
+ "addr 0x%08lx, pc: 0x%08lx\n", addr, regs->pc);
+ die(regs, "Oops");
+- do_exit(SIGKILL);
++ make_task_dead(SIGKILL);
+ }
+
+ static inline void mm_fault_error(struct pt_regs *regs, unsigned long addr, vm_fault_t fault)
+diff --git a/arch/h8300/kernel/traps.c b/arch/h8300/kernel/traps.c
+index bdbe988d8dbc..3d4e0bde37ae 100644
+--- a/arch/h8300/kernel/traps.c
++++ b/arch/h8300/kernel/traps.c
+@@ -106,7 +106,7 @@ void die(const char *str, struct pt_regs *fp, unsigned long err)
+ dump(fp);
+
+ spin_unlock_irq(&die_lock);
+- do_exit(SIGSEGV);
++ make_dead_task(SIGSEGV);
+ }
+
+ static int kstack_depth_to_print = 24;
+diff --git a/arch/h8300/mm/fault.c b/arch/h8300/mm/fault.c
+index d4bc9c16f2df..0223528565dd 100644
+--- a/arch/h8300/mm/fault.c
++++ b/arch/h8300/mm/fault.c
+@@ -51,7 +51,7 @@ asmlinkage int do_page_fault(struct pt_regs *regs, unsigned long address,
+ printk(" at virtual address %08lx\n", address);
+ if (!user_mode(regs))
+ die("Oops", regs, error_code);
+- do_exit(SIGKILL);
++ make_dead_task(SIGKILL);
+
+ return 1;
+ }
+diff --git a/arch/hexagon/kernel/traps.c b/arch/hexagon/kernel/traps.c
+index edfc35dafeb1..6dd6cf0ab711 100644
+--- a/arch/hexagon/kernel/traps.c
++++ b/arch/hexagon/kernel/traps.c
+@@ -214,7 +214,7 @@ int die(const char *str, struct pt_regs *regs, long err)
+ panic("Fatal exception");
+
+ oops_exit();
+- do_exit(err);
++ make_dead_task(err);
+ return 0;
+ }
+
+diff --git a/arch/ia64/kernel/mca_drv.c b/arch/ia64/kernel/mca_drv.c
+index 5bfc79be4cef..23c203639a96 100644
+--- a/arch/ia64/kernel/mca_drv.c
++++ b/arch/ia64/kernel/mca_drv.c
+@@ -176,7 +176,7 @@ mca_handler_bh(unsigned long paddr, void *iip, unsigned long ipsr)
+ spin_unlock(&mca_bh_lock);
+
+ /* This process is about to be killed itself */
+- do_exit(SIGKILL);
++ make_task_dead(SIGKILL);
+ }
+
+ /**
+diff --git a/arch/ia64/kernel/traps.c b/arch/ia64/kernel/traps.c
+index e13cb905930f..753642366e12 100644
+--- a/arch/ia64/kernel/traps.c
++++ b/arch/ia64/kernel/traps.c
+@@ -85,7 +85,7 @@ die (const char *str, struct pt_regs *regs, long err)
+ if (panic_on_oops)
+ panic("Fatal exception");
+
+- do_exit(SIGSEGV);
++ make_task_dead(SIGSEGV);
+ return 0;
+ }
+
+diff --git a/arch/ia64/mm/fault.c b/arch/ia64/mm/fault.c
+index 02de2e70c587..4796cccbf74f 100644
+--- a/arch/ia64/mm/fault.c
++++ b/arch/ia64/mm/fault.c
+@@ -259,7 +259,7 @@ ia64_do_page_fault (unsigned long address, unsigned long isr, struct pt_regs *re
+ regs = NULL;
+ bust_spinlocks(0);
+ if (regs)
+- do_exit(SIGKILL);
++ make_task_dead(SIGKILL);
+ return;
+
+ out_of_memory:
+diff --git a/arch/m68k/kernel/traps.c b/arch/m68k/kernel/traps.c
+index 34d6458340b0..59fc63feb0dc 100644
+--- a/arch/m68k/kernel/traps.c
++++ b/arch/m68k/kernel/traps.c
+@@ -1131,7 +1131,7 @@ void die_if_kernel (char *str, struct pt_regs *fp, int nr)
+ pr_crit("%s: %08x\n", str, nr);
+ show_registers(fp);
+ add_taint(TAINT_DIE, LOCKDEP_NOW_UNRELIABLE);
+- do_exit(SIGSEGV);
++ make_task_dead(SIGSEGV);
+ }
+
+ asmlinkage void set_esp0(unsigned long ssp)
+diff --git a/arch/m68k/mm/fault.c b/arch/m68k/mm/fault.c
+index ef46e77e97a5..fcb3a0d8421c 100644
+--- a/arch/m68k/mm/fault.c
++++ b/arch/m68k/mm/fault.c
+@@ -48,7 +48,7 @@ int send_fault_sig(struct pt_regs *regs)
+ pr_alert("Unable to handle kernel access");
+ pr_cont(" at virtual address %p\n", addr);
+ die_if_kernel("Oops", regs, 0 /*error_code*/);
+- do_exit(SIGKILL);
++ make_task_dead(SIGKILL);
+ }
+
+ return 1;
+diff --git a/arch/microblaze/kernel/exceptions.c b/arch/microblaze/kernel/exceptions.c
+index 908788497b28..fd153d5fab98 100644
+--- a/arch/microblaze/kernel/exceptions.c
++++ b/arch/microblaze/kernel/exceptions.c
+@@ -44,10 +44,10 @@ void die(const char *str, struct pt_regs *fp, long err)
+ pr_warn("Oops: %s, sig: %ld\n", str, err);
+ show_regs(fp);
+ spin_unlock_irq(&die_lock);
+- /* do_exit() should take care of panic'ing from an interrupt
++ /* make_task_dead() should take care of panic'ing from an interrupt
+ * context so we don't handle it here
+ */
+- do_exit(err);
++ make_task_dead(err);
+ }
+
+ /* for user application debugging */
+diff --git a/arch/mips/kernel/traps.c b/arch/mips/kernel/traps.c
+index edd93430b954..afb2c955d99e 100644
+--- a/arch/mips/kernel/traps.c
++++ b/arch/mips/kernel/traps.c
+@@ -416,7 +416,7 @@ void __noreturn die(const char *str, struct pt_regs *regs)
+ if (regs && kexec_should_crash(current))
+ crash_kexec(regs);
+
+- do_exit(sig);
++ make_task_dead(sig);
+ }
+
+ extern struct exception_table_entry __start___dbe_table[];
+diff --git a/arch/nds32/kernel/fpu.c b/arch/nds32/kernel/fpu.c
+index 9edd7ed7d7bf..701c09a668de 100644
+--- a/arch/nds32/kernel/fpu.c
++++ b/arch/nds32/kernel/fpu.c
+@@ -223,7 +223,7 @@ inline void handle_fpu_exception(struct pt_regs *regs)
+ }
+ } else if (fpcsr & FPCSR_mskRIT) {
+ if (!user_mode(regs))
+- do_exit(SIGILL);
++ make_task_dead(SIGILL);
+ si_signo = SIGILL;
+ }
+
+diff --git a/arch/nds32/kernel/traps.c b/arch/nds32/kernel/traps.c
+index f06421c645af..b90030e8e546 100644
+--- a/arch/nds32/kernel/traps.c
++++ b/arch/nds32/kernel/traps.c
+@@ -141,7 +141,7 @@ void die(const char *str, struct pt_regs *regs, int err)
+
+ bust_spinlocks(0);
+ spin_unlock_irq(&die_lock);
+- do_exit(SIGSEGV);
++ make_task_dead(SIGSEGV);
+ }
+
+ EXPORT_SYMBOL(die);
+@@ -240,7 +240,7 @@ void unhandled_interruption(struct pt_regs *regs)
+ pr_emerg("unhandled_interruption\n");
+ show_regs(regs);
+ if (!user_mode(regs))
+- do_exit(SIGKILL);
++ make_task_dead(SIGKILL);
+ force_sig(SIGKILL);
+ }
+
+@@ -251,7 +251,7 @@ void unhandled_exceptions(unsigned long entry, unsigned long addr,
+ addr, type);
+ show_regs(regs);
+ if (!user_mode(regs))
+- do_exit(SIGKILL);
++ make_task_dead(SIGKILL);
+ force_sig(SIGKILL);
+ }
+
+@@ -278,7 +278,7 @@ void do_revinsn(struct pt_regs *regs)
+ pr_emerg("Reserved Instruction\n");
+ show_regs(regs);
+ if (!user_mode(regs))
+- do_exit(SIGILL);
++ make_task_dead(SIGILL);
+ force_sig(SIGILL);
+ }
+
+diff --git a/arch/nios2/kernel/traps.c b/arch/nios2/kernel/traps.c
+index 596986a74a26..85ac49d64cf7 100644
+--- a/arch/nios2/kernel/traps.c
++++ b/arch/nios2/kernel/traps.c
+@@ -37,10 +37,10 @@ void die(const char *str, struct pt_regs *regs, long err)
+ show_regs(regs);
+ spin_unlock_irq(&die_lock);
+ /*
+- * do_exit() should take care of panic'ing from an interrupt
++ * make_task_dead() should take care of panic'ing from an interrupt
+ * context so we don't handle it here
+ */
+- do_exit(err);
++ make_task_dead(err);
+ }
+
+ void _exception(int signo, struct pt_regs *regs, int code, unsigned long addr)
+diff --git a/arch/openrisc/kernel/traps.c b/arch/openrisc/kernel/traps.c
+index aa1e709405ac..9df1d85bfe1d 100644
+--- a/arch/openrisc/kernel/traps.c
++++ b/arch/openrisc/kernel/traps.c
+@@ -212,7 +212,7 @@ void die(const char *str, struct pt_regs *regs, long err)
+ __asm__ __volatile__("l.nop 1");
+ do {} while (1);
+ #endif
+- do_exit(SIGSEGV);
++ make_task_dead(SIGSEGV);
+ }
+
+ /* This is normally the 'Oops' routine */
+diff --git a/arch/parisc/kernel/traps.c b/arch/parisc/kernel/traps.c
+index 6fe5a3e98edc..70ace3687950 100644
+--- a/arch/parisc/kernel/traps.c
++++ b/arch/parisc/kernel/traps.c
+@@ -268,7 +268,7 @@ void die_if_kernel(char *str, struct pt_regs *regs, long err)
+ panic("Fatal exception");
+
+ oops_exit();
+- do_exit(SIGSEGV);
++ make_task_dead(SIGSEGV);
+ }
+
+ /* gdb uses break 4,8 */
+diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c
+index 11741703d26e..a08bb7cefdc5 100644
+--- a/arch/powerpc/kernel/traps.c
++++ b/arch/powerpc/kernel/traps.c
+@@ -245,7 +245,7 @@ static void oops_end(unsigned long flags, struct pt_regs *regs,
+
+ if (panic_on_oops)
+ panic("Fatal exception");
+- do_exit(signr);
++ make_task_dead(signr);
+ }
+ NOKPROBE_SYMBOL(oops_end);
+
+@@ -792,9 +792,9 @@ int machine_check_generic(struct pt_regs *regs)
+ void die_mce(const char *str, struct pt_regs *regs, long err)
+ {
+ /*
+- * The machine check wants to kill the interrupted context, but
+- * do_exit() checks for in_interrupt() and panics in that case, so
+- * exit the irq/nmi before calling die.
++ * The machine check wants to kill the interrupted context,
++ * but make_task_dead() checks for in_interrupt() and panics
++ * in that case, so exit the irq/nmi before calling die.
+ */
+ if (in_nmi())
+ nmi_exit();
+diff --git a/arch/riscv/kernel/traps.c b/arch/riscv/kernel/traps.c
+index 4102c97309cc..6084bd93d2f5 100644
+--- a/arch/riscv/kernel/traps.c
++++ b/arch/riscv/kernel/traps.c
+@@ -59,7 +59,7 @@ void die(struct pt_regs *regs, const char *str)
+ if (panic_on_oops)
+ panic("Fatal exception");
+ if (ret != NOTIFY_STOP)
+- do_exit(SIGSEGV);
++ make_task_dead(SIGSEGV);
+ }
+
+ void do_trap(struct pt_regs *regs, int signo, int code, unsigned long addr)
+diff --git a/arch/riscv/mm/fault.c b/arch/riscv/mm/fault.c
+index 7cfaf366463f..676a3f28811f 100644
+--- a/arch/riscv/mm/fault.c
++++ b/arch/riscv/mm/fault.c
+@@ -31,7 +31,7 @@ static void die_kernel_fault(const char *msg, unsigned long addr,
+
+ bust_spinlocks(0);
+ die(regs, "Oops");
+- do_exit(SIGKILL);
++ make_task_dead(SIGKILL);
+ }
+
+ static inline void no_context(struct pt_regs *regs, unsigned long addr)
+diff --git a/arch/s390/kernel/dumpstack.c b/arch/s390/kernel/dumpstack.c
+index db1bc00229ca..272ef8597e20 100644
+--- a/arch/s390/kernel/dumpstack.c
++++ b/arch/s390/kernel/dumpstack.c
+@@ -224,5 +224,5 @@ void die(struct pt_regs *regs, const char *str)
+ if (panic_on_oops)
+ panic("Fatal exception: panic_on_oops");
+ oops_exit();
+- do_exit(SIGSEGV);
++ make_task_dead(SIGSEGV);
+ }
+diff --git a/arch/s390/kernel/nmi.c b/arch/s390/kernel/nmi.c
+index 383b4799b6dd..d4f071e73a0a 100644
+--- a/arch/s390/kernel/nmi.c
++++ b/arch/s390/kernel/nmi.c
+@@ -175,7 +175,7 @@ void __s390_handle_mcck(void)
+ "malfunction (code 0x%016lx).\n", mcck.mcck_code);
+ printk(KERN_EMERG "mcck: task: %s, pid: %d.\n",
+ current->comm, current->pid);
+- do_exit(SIGSEGV);
++ make_task_dead(SIGSEGV);
+ }
+ }
+
+diff --git a/arch/sh/kernel/traps.c b/arch/sh/kernel/traps.c
+index e76b22157099..361b764700b7 100644
+--- a/arch/sh/kernel/traps.c
++++ b/arch/sh/kernel/traps.c
+@@ -57,7 +57,7 @@ void die(const char *str, struct pt_regs *regs, long err)
+ if (panic_on_oops)
+ panic("Fatal exception");
+
+- do_exit(SIGSEGV);
++ make_task_dead(SIGSEGV);
+ }
+
+ void die_if_kernel(const char *str, struct pt_regs *regs, long err)
+diff --git a/arch/sparc/kernel/traps_32.c b/arch/sparc/kernel/traps_32.c
+index 5630e5a395e0..179aabfa712e 100644
+--- a/arch/sparc/kernel/traps_32.c
++++ b/arch/sparc/kernel/traps_32.c
+@@ -86,9 +86,7 @@ void __noreturn die_if_kernel(char *str, struct pt_regs *regs)
+ }
+ printk("Instruction DUMP:");
+ instruction_dump ((unsigned long *) regs->pc);
+- if(regs->psr & PSR_PS)
+- do_exit(SIGKILL);
+- do_exit(SIGSEGV);
++ make_task_dead((regs->psr & PSR_PS) ? SIGKILL : SIGSEGV);
+ }
+
+ void do_hw_interrupt(struct pt_regs *regs, unsigned long type)
+diff --git a/arch/sparc/kernel/traps_64.c b/arch/sparc/kernel/traps_64.c
+index 6863025ed56d..21077821f427 100644
+--- a/arch/sparc/kernel/traps_64.c
++++ b/arch/sparc/kernel/traps_64.c
+@@ -2559,9 +2559,7 @@ void __noreturn die_if_kernel(char *str, struct pt_regs *regs)
+ }
+ if (panic_on_oops)
+ panic("Fatal exception");
+- if (regs->tstate & TSTATE_PRIV)
+- do_exit(SIGKILL);
+- do_exit(SIGSEGV);
++ make_task_dead((regs->tstate & TSTATE_PRIV)? SIGKILL : SIGSEGV);
+ }
+ EXPORT_SYMBOL(die_if_kernel);
+
+diff --git a/arch/x86/entry/entry_32.S b/arch/x86/entry/entry_32.S
+index 6b44263d7efb..e309e7156038 100644
+--- a/arch/x86/entry/entry_32.S
++++ b/arch/x86/entry/entry_32.S
+@@ -1239,14 +1239,14 @@ SYM_CODE_START(asm_exc_nmi)
+ SYM_CODE_END(asm_exc_nmi)
+
+ .pushsection .text, "ax"
+-SYM_CODE_START(rewind_stack_do_exit)
++SYM_CODE_START(rewind_stack_and_make_dead)
+ /* Prevent any naive code from trying to unwind to our caller. */
+ xorl %ebp, %ebp
+
+ movl PER_CPU_VAR(cpu_current_top_of_stack), %esi
+ leal -TOP_OF_KERNEL_STACK_PADDING-PTREGS_SIZE(%esi), %esp
+
+- call do_exit
++ call make_task_dead
+ 1: jmp 1b
+-SYM_CODE_END(rewind_stack_do_exit)
++SYM_CODE_END(rewind_stack_and_make_dead)
+ .popsection
+diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S
+index a3af2a9159b1..9f1333a9ee41 100644
+--- a/arch/x86/entry/entry_64.S
++++ b/arch/x86/entry/entry_64.S
+@@ -1487,7 +1487,7 @@ SYM_CODE_END(ignore_sysret)
+ #endif
+
+ .pushsection .text, "ax"
+-SYM_CODE_START(rewind_stack_do_exit)
++SYM_CODE_START(rewind_stack_and_make_dead)
+ UNWIND_HINT_FUNC
+ /* Prevent any naive code from trying to unwind to our caller. */
+ xorl %ebp, %ebp
+@@ -1496,6 +1496,6 @@ SYM_CODE_START(rewind_stack_do_exit)
+ leaq -PTREGS_SIZE(%rax), %rsp
+ UNWIND_HINT_REGS
+
+- call do_exit
+-SYM_CODE_END(rewind_stack_do_exit)
++ call make_task_dead
++SYM_CODE_END(rewind_stack_and_make_dead)
+ .popsection
+diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c
+index ea4fe192189d..53de044e5654 100644
+--- a/arch/x86/kernel/dumpstack.c
++++ b/arch/x86/kernel/dumpstack.c
+@@ -351,7 +351,7 @@ unsigned long oops_begin(void)
+ }
+ NOKPROBE_SYMBOL(oops_begin);
+
+-void __noreturn rewind_stack_do_exit(int signr);
++void __noreturn rewind_stack_and_make_dead(int signr);
+
+ void oops_end(unsigned long flags, struct pt_regs *regs, int signr)
+ {
+@@ -386,7 +386,7 @@ void oops_end(unsigned long flags, struct pt_regs *regs, int signr)
+ * reuse the task stack and that existing poisons are invalid.
+ */
+ kasan_unpoison_task_stack(current);
+- rewind_stack_do_exit(signr);
++ rewind_stack_and_make_dead(signr);
+ }
+ NOKPROBE_SYMBOL(oops_end);
+
+diff --git a/arch/xtensa/kernel/traps.c b/arch/xtensa/kernel/traps.c
+index 874b6efc6fb3..904086ad5682 100644
+--- a/arch/xtensa/kernel/traps.c
++++ b/arch/xtensa/kernel/traps.c
+@@ -552,5 +552,5 @@ void die(const char * str, struct pt_regs * regs, long err)
+ if (panic_on_oops)
+ panic("Fatal exception");
+
+- do_exit(err);
++ make_task_dead(err);
+ }
+diff --git a/include/linux/sched/task.h b/include/linux/sched/task.h
+index caae8e045160..d351f1b362ef 100644
+--- a/include/linux/sched/task.h
++++ b/include/linux/sched/task.h
+@@ -59,6 +59,7 @@ extern void sched_post_fork(struct task_struct *p);
+ extern void sched_dead(struct task_struct *p);
+
+ void __noreturn do_task_dead(void);
++void __noreturn make_task_dead(int signr);
+
+ extern void proc_caches_init(void);
+
+diff --git a/kernel/exit.c b/kernel/exit.c
+index aefe7445508d..5d1a507fd4ba 100644
+--- a/kernel/exit.c
++++ b/kernel/exit.c
+@@ -877,6 +877,15 @@ void __noreturn do_exit(long code)
+ }
+ EXPORT_SYMBOL_GPL(do_exit);
+
++void __noreturn make_task_dead(int signr)
++{
++ /*
++ * Take the task off the cpu after something catastrophic has
++ * happened.
++ */
++ do_exit(signr);
++}
++
+ void complete_and_exit(struct completion *comp, long code)
+ {
+ if (comp)
+diff --git a/tools/objtool/check.c b/tools/objtool/check.c
+index 308c8806ad94..82ade76dcef2 100644
+--- a/tools/objtool/check.c
++++ b/tools/objtool/check.c
+@@ -169,6 +169,7 @@ static bool __dead_end_function(struct objtool_file *file, struct symbol *func,
+ "panic",
+ "do_exit",
+ "do_task_dead",
++ "make_task_dead",
+ "__module_put_and_exit",
+ "complete_and_exit",
+ "__reiserfs_panic",
+@@ -176,7 +177,7 @@ static bool __dead_end_function(struct objtool_file *file, struct symbol *func,
+ "fortify_panic",
+ "usercopy_abort",
+ "machine_real_restart",
+- "rewind_stack_do_exit",
++ "rewind_stack_and_make_dead"
+ "kunit_try_catch_throw",
+ "xen_start_kernel",
+ "cpu_bringup_and_idle",
+--
+2.39.0
+
--- /dev/null
+From 202b8a0e7f8259ff2020d032a3dda4147d7391ce Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 24 Jan 2023 10:51:05 -0800
+Subject: exit: Allow oops_limit to be disabled
+
+From: Kees Cook <keescook@chromium.org>
+
+commit de92f65719cd672f4b48397540b9f9eff67eca40 upstream.
+
+In preparation for keeping oops_limit logic in sync with warn_limit,
+have oops_limit == 0 disable checking the Oops counter.
+
+Cc: Jann Horn <jannh@google.com>
+Cc: Jonathan Corbet <corbet@lwn.net>
+Cc: Andrew Morton <akpm@linux-foundation.org>
+Cc: Baolin Wang <baolin.wang@linux.alibaba.com>
+Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>
+Cc: Eric Biggers <ebiggers@google.com>
+Cc: Huang Ying <ying.huang@intel.com>
+Cc: "Eric W. Biederman" <ebiederm@xmission.com>
+Cc: Arnd Bergmann <arnd@arndb.de>
+Cc: linux-doc@vger.kernel.org
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ Documentation/admin-guide/sysctl/kernel.rst | 5 +++--
+ kernel/exit.c | 2 +-
+ 2 files changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/Documentation/admin-guide/sysctl/kernel.rst b/Documentation/admin-guide/sysctl/kernel.rst
+index b6e68d6f297e..d6f1d3892e71 100644
+--- a/Documentation/admin-guide/sysctl/kernel.rst
++++ b/Documentation/admin-guide/sysctl/kernel.rst
+@@ -675,8 +675,9 @@ oops_limit
+ ==========
+
+ Number of kernel oopses after which the kernel should panic when
+-``panic_on_oops`` is not set. Setting this to 0 or 1 has the same effect
+-as setting ``panic_on_oops=1``.
++``panic_on_oops`` is not set. Setting this to 0 disables checking
++the count. Setting this to 1 has the same effect as setting
++``panic_on_oops=1``. The default value is 10000.
+
+
+ osrelease, ostype & version
+diff --git a/kernel/exit.c b/kernel/exit.c
+index f68a9c6adfc9..f6c85101dba0 100644
+--- a/kernel/exit.c
++++ b/kernel/exit.c
+@@ -941,7 +941,7 @@ void __noreturn make_task_dead(int signr)
+ * To make sure this can't happen, place an upper bound on how often the
+ * kernel may oops without panic().
+ */
+- if (atomic_inc_return(&oops_count) >= READ_ONCE(oops_limit))
++ if (atomic_inc_return(&oops_count) >= READ_ONCE(oops_limit) && oops_limit)
+ panic("Oopsed too often (kernel.oops_limit is %d)", oops_limit);
+
+ do_exit(signr);
+--
+2.39.0
+
--- /dev/null
+From f9b5542e9c2120acd7f1f0f73c4c0ec5d4be301a Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 24 Jan 2023 10:51:04 -0800
+Subject: exit: Expose "oops_count" to sysfs
+
+From: Kees Cook <keescook@chromium.org>
+
+commit 9db89b41117024f80b38b15954017fb293133364 upstream.
+
+Since Oops count is now tracked and is a fairly interesting signal, add
+the entry /sys/kernel/oops_count to expose it to userspace.
+
+Cc: "Eric W. Biederman" <ebiederm@xmission.com>
+Cc: Jann Horn <jannh@google.com>
+Cc: Arnd Bergmann <arnd@arndb.de>
+Reviewed-by: Luis Chamberlain <mcgrof@kernel.org>
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Link: https://lore.kernel.org/r/20221117234328.594699-3-keescook@chromium.org
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ .../ABI/testing/sysfs-kernel-oops_count | 6 +++++
+ kernel/exit.c | 22 +++++++++++++++++--
+ 2 files changed, 26 insertions(+), 2 deletions(-)
+ create mode 100644 Documentation/ABI/testing/sysfs-kernel-oops_count
+
+diff --git a/Documentation/ABI/testing/sysfs-kernel-oops_count b/Documentation/ABI/testing/sysfs-kernel-oops_count
+new file mode 100644
+index 000000000000..156cca9dbc96
+--- /dev/null
++++ b/Documentation/ABI/testing/sysfs-kernel-oops_count
+@@ -0,0 +1,6 @@
++What: /sys/kernel/oops_count
++Date: November 2022
++KernelVersion: 6.2.0
++Contact: Linux Kernel Hardening List <linux-hardening@vger.kernel.org>
++Description:
++ Shows how many times the system has Oopsed since last boot.
+diff --git a/kernel/exit.c b/kernel/exit.c
+index 172d7f835f80..f68a9c6adfc9 100644
+--- a/kernel/exit.c
++++ b/kernel/exit.c
+@@ -64,6 +64,7 @@
+ #include <linux/rcuwait.h>
+ #include <linux/compat.h>
+ #include <linux/io_uring.h>
++#include <linux/sysfs.h>
+
+ #include <linux/uaccess.h>
+ #include <asm/unistd.h>
+@@ -96,6 +97,25 @@ static __init int kernel_exit_sysctls_init(void)
+ late_initcall(kernel_exit_sysctls_init);
+ #endif
+
++static atomic_t oops_count = ATOMIC_INIT(0);
++
++#ifdef CONFIG_SYSFS
++static ssize_t oops_count_show(struct kobject *kobj, struct kobj_attribute *attr,
++ char *page)
++{
++ return sysfs_emit(page, "%d\n", atomic_read(&oops_count));
++}
++
++static struct kobj_attribute oops_count_attr = __ATTR_RO(oops_count);
++
++static __init int kernel_exit_sysfs_init(void)
++{
++ sysfs_add_file_to_group(kernel_kobj, &oops_count_attr.attr, NULL);
++ return 0;
++}
++late_initcall(kernel_exit_sysfs_init);
++#endif
++
+ static void __unhash_process(struct task_struct *p, bool group_dead)
+ {
+ nr_threads--;
+@@ -906,8 +926,6 @@ EXPORT_SYMBOL_GPL(do_exit);
+
+ void __noreturn make_task_dead(int signr)
+ {
+- static atomic_t oops_count = ATOMIC_INIT(0);
+-
+ /*
+ * Take the task off the cpu after something catastrophic has
+ * happened.
+--
+2.39.0
+
--- /dev/null
+From b06283dbf6b66665250430893943dec1f1c6d396 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 24 Jan 2023 10:51:03 -0800
+Subject: exit: Put an upper limit on how often we can oops
+
+From: Jann Horn <jannh@google.com>
+
+commit d4ccd54d28d3c8598e2354acc13e28c060961dbb upstream.
+
+Many Linux systems are configured to not panic on oops; but allowing an
+attacker to oops the system **really** often can make even bugs that look
+completely unexploitable exploitable (like NULL dereferences and such) if
+each crash elevates a refcount by one or a lock is taken in read mode, and
+this causes a counter to eventually overflow.
+
+The most interesting counters for this are 32 bits wide (like open-coded
+refcounts that don't use refcount_t). (The ldsem reader count on 32-bit
+platforms is just 16 bits, but probably nobody cares about 32-bit platforms
+that much nowadays.)
+
+So let's panic the system if the kernel is constantly oopsing.
+
+The speed of oopsing 2^32 times probably depends on several factors, like
+how long the stack trace is and which unwinder you're using; an empirically
+important one is whether your console is showing a graphical environment or
+a text console that oopses will be printed to.
+In a quick single-threaded benchmark, it looks like oopsing in a vfork()
+child with a very short stack trace only takes ~510 microseconds per run
+when a graphical console is active; but switching to a text console that
+oopses are printed to slows it down around 87x, to ~45 milliseconds per
+run.
+(Adding more threads makes this faster, but the actual oops printing
+happens under &die_lock on x86, so you can maybe speed this up by a factor
+of around 2 and then any further improvement gets eaten up by lock
+contention.)
+
+It looks like it would take around 8-12 days to overflow a 32-bit counter
+with repeated oopsing on a multi-core X86 system running a graphical
+environment; both me (in an X86 VM) and Seth (with a distro kernel on
+normal hardware in a standard configuration) got numbers in that ballpark.
+
+12 days aren't *that* short on a desktop system, and you'd likely need much
+longer on a typical server system (assuming that people don't run graphical
+desktop environments on their servers), and this is a *very* noisy and
+violent approach to exploiting the kernel; and it also seems to take orders
+of magnitude longer on some machines, probably because stuff like EFI
+pstore will slow it down a ton if that's active.
+
+Signed-off-by: Jann Horn <jannh@google.com>
+Link: https://lore.kernel.org/r/20221107201317.324457-1-jannh@google.com
+Reviewed-by: Luis Chamberlain <mcgrof@kernel.org>
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Link: https://lore.kernel.org/r/20221117234328.594699-2-keescook@chromium.org
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ Documentation/admin-guide/sysctl/kernel.rst | 8 ++++
+ kernel/exit.c | 43 +++++++++++++++++++++
+ 2 files changed, 51 insertions(+)
+
+diff --git a/Documentation/admin-guide/sysctl/kernel.rst b/Documentation/admin-guide/sysctl/kernel.rst
+index 609b89175408..b6e68d6f297e 100644
+--- a/Documentation/admin-guide/sysctl/kernel.rst
++++ b/Documentation/admin-guide/sysctl/kernel.rst
+@@ -671,6 +671,14 @@ This is the default behavior.
+ an oops event is detected.
+
+
++oops_limit
++==========
++
++Number of kernel oopses after which the kernel should panic when
++``panic_on_oops`` is not set. Setting this to 0 or 1 has the same effect
++as setting ``panic_on_oops=1``.
++
++
+ osrelease, ostype & version
+ ===========================
+
+diff --git a/kernel/exit.c b/kernel/exit.c
+index 5d1a507fd4ba..172d7f835f80 100644
+--- a/kernel/exit.c
++++ b/kernel/exit.c
+@@ -69,6 +69,33 @@
+ #include <asm/unistd.h>
+ #include <asm/mmu_context.h>
+
++/*
++ * The default value should be high enough to not crash a system that randomly
++ * crashes its kernel from time to time, but low enough to at least not permit
++ * overflowing 32-bit refcounts or the ldsem writer count.
++ */
++static unsigned int oops_limit = 10000;
++
++#ifdef CONFIG_SYSCTL
++static struct ctl_table kern_exit_table[] = {
++ {
++ .procname = "oops_limit",
++ .data = &oops_limit,
++ .maxlen = sizeof(oops_limit),
++ .mode = 0644,
++ .proc_handler = proc_douintvec,
++ },
++ { }
++};
++
++static __init int kernel_exit_sysctls_init(void)
++{
++ register_sysctl_init("kernel", kern_exit_table);
++ return 0;
++}
++late_initcall(kernel_exit_sysctls_init);
++#endif
++
+ static void __unhash_process(struct task_struct *p, bool group_dead)
+ {
+ nr_threads--;
+@@ -879,10 +906,26 @@ EXPORT_SYMBOL_GPL(do_exit);
+
+ void __noreturn make_task_dead(int signr)
+ {
++ static atomic_t oops_count = ATOMIC_INIT(0);
++
+ /*
+ * Take the task off the cpu after something catastrophic has
+ * happened.
+ */
++
++ /*
++ * Every time the system oopses, if the oops happens while a reference
++ * to an object was held, the reference leaks.
++ * If the oops doesn't also leak memory, repeated oopsing can cause
++ * reference counters to wrap around (if they're not using refcount_t).
++ * This means that repeated oopsing can make unexploitable-looking bugs
++ * exploitable through repeated oopsing.
++ * To make sure this can't happen, place an upper bound on how often the
++ * kernel may oops without panic().
++ */
++ if (atomic_inc_return(&oops_count) >= READ_ONCE(oops_limit))
++ panic("Oopsed too often (kernel.oops_limit is %d)", oops_limit);
++
+ do_exit(signr);
+ }
+
+--
+2.39.0
+
--- /dev/null
+From 72343664e330bf8e14d01becfab6e9f20626679c Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 24 Jan 2023 10:51:10 -0800
+Subject: exit: Use READ_ONCE() for all oops/warn limit reads
+
+From: Kees Cook <keescook@chromium.org>
+
+commit 7535b832c6399b5ebfc5b53af5c51dd915ee2538 upstream.
+
+Use a temporary variable to take full advantage of READ_ONCE() behavior.
+Without this, the report (and even the test) might be out of sync with
+the initial test.
+
+Reported-by: Peter Zijlstra <peterz@infradead.org>
+Link: https://lore.kernel.org/lkml/Y5x7GXeluFmZ8E0E@hirez.programming.kicks-ass.net
+Fixes: 9fc9e278a5c0 ("panic: Introduce warn_limit")
+Fixes: d4ccd54d28d3 ("exit: Put an upper limit on how often we can oops")
+Cc: "Eric W. Biederman" <ebiederm@xmission.com>
+Cc: Jann Horn <jannh@google.com>
+Cc: Arnd Bergmann <arnd@arndb.de>
+Cc: Petr Mladek <pmladek@suse.com>
+Cc: Andrew Morton <akpm@linux-foundation.org>
+Cc: Luis Chamberlain <mcgrof@kernel.org>
+Cc: Marco Elver <elver@google.com>
+Cc: tangmeng <tangmeng@uniontech.com>
+Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
+Cc: Tiezhu Yang <yangtiezhu@loongson.cn>
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ kernel/exit.c | 6 ++++--
+ kernel/panic.c | 7 +++++--
+ 2 files changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/kernel/exit.c b/kernel/exit.c
+index f6c85101dba0..80efdfda6662 100644
+--- a/kernel/exit.c
++++ b/kernel/exit.c
+@@ -930,6 +930,7 @@ void __noreturn make_task_dead(int signr)
+ * Take the task off the cpu after something catastrophic has
+ * happened.
+ */
++ unsigned int limit;
+
+ /*
+ * Every time the system oopses, if the oops happens while a reference
+@@ -941,8 +942,9 @@ void __noreturn make_task_dead(int signr)
+ * To make sure this can't happen, place an upper bound on how often the
+ * kernel may oops without panic().
+ */
+- if (atomic_inc_return(&oops_count) >= READ_ONCE(oops_limit) && oops_limit)
+- panic("Oopsed too often (kernel.oops_limit is %d)", oops_limit);
++ limit = READ_ONCE(oops_limit);
++ if (atomic_inc_return(&oops_count) >= limit && limit)
++ panic("Oopsed too often (kernel.oops_limit is %d)", limit);
+
+ do_exit(signr);
+ }
+diff --git a/kernel/panic.c b/kernel/panic.c
+index 4aef355e9a5d..47933d4c769b 100644
+--- a/kernel/panic.c
++++ b/kernel/panic.c
+@@ -223,12 +223,15 @@ static void panic_print_sys_info(void)
+
+ void check_panic_on_warn(const char *origin)
+ {
++ unsigned int limit;
++
+ if (panic_on_warn)
+ panic("%s: panic_on_warn set ...\n", origin);
+
+- if (atomic_inc_return(&warn_count) >= READ_ONCE(warn_limit) && warn_limit)
++ limit = READ_ONCE(warn_limit);
++ if (atomic_inc_return(&warn_count) >= limit && limit)
+ panic("%s: system warned too often (kernel.warn_limit is %d)",
+- origin, warn_limit);
++ origin, limit);
+ }
+
+ /**
+--
+2.39.0
+
--- /dev/null
+From 3ba7bfc75737153f13f5cb3294b6ff0b799dfdba Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 24 Jan 2023 10:50:59 -0800
+Subject: h8300: Fix build errors from do_exit() to make_task_dead() transition
+
+From: Nathan Chancellor <nathan@kernel.org>
+
+commit ab4ababdf77ccc56c7301c751dff49c79709c51c upstream.
+
+When building ARCH=h8300 defconfig:
+
+arch/h8300/kernel/traps.c: In function 'die':
+arch/h8300/kernel/traps.c:109:2: error: implicit declaration of function
+'make_dead_task' [-Werror=implicit-function-declaration]
+ 109 | make_dead_task(SIGSEGV);
+ | ^~~~~~~~~~~~~~
+
+arch/h8300/mm/fault.c: In function 'do_page_fault':
+arch/h8300/mm/fault.c:54:2: error: implicit declaration of function
+'make_dead_task' [-Werror=implicit-function-declaration]
+ 54 | make_dead_task(SIGKILL);
+ | ^~~~~~~~~~~~~~
+
+The function's name is make_task_dead(), change it so there is no more
+build error.
+
+Additionally, include linux/sched/task.h in arch/h8300/kernel/traps.c
+to avoid the same error because do_exit()'s declaration is in kernel.h
+but make_task_dead()'s is in task.h, which is not included in traps.c.
+
+Fixes: 0e25498f8cd4 ("exit: Add and use make_task_dead.")
+Signed-off-by: Nathan Chancellor <nathan@kernel.org>
+Link: https://lkml.kernel.org/r/20211227184851.2297759-3-nathan@kernel.org
+Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/h8300/kernel/traps.c | 3 ++-
+ arch/h8300/mm/fault.c | 2 +-
+ 2 files changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/arch/h8300/kernel/traps.c b/arch/h8300/kernel/traps.c
+index 3d4e0bde37ae..a92c39e03802 100644
+--- a/arch/h8300/kernel/traps.c
++++ b/arch/h8300/kernel/traps.c
+@@ -17,6 +17,7 @@
+ #include <linux/types.h>
+ #include <linux/sched.h>
+ #include <linux/sched/debug.h>
++#include <linux/sched/task.h>
+ #include <linux/mm_types.h>
+ #include <linux/kernel.h>
+ #include <linux/errno.h>
+@@ -106,7 +107,7 @@ void die(const char *str, struct pt_regs *fp, unsigned long err)
+ dump(fp);
+
+ spin_unlock_irq(&die_lock);
+- make_dead_task(SIGSEGV);
++ make_task_dead(SIGSEGV);
+ }
+
+ static int kstack_depth_to_print = 24;
+diff --git a/arch/h8300/mm/fault.c b/arch/h8300/mm/fault.c
+index 0223528565dd..b465441f490d 100644
+--- a/arch/h8300/mm/fault.c
++++ b/arch/h8300/mm/fault.c
+@@ -51,7 +51,7 @@ asmlinkage int do_page_fault(struct pt_regs *regs, unsigned long address,
+ printk(" at virtual address %08lx\n", address);
+ if (!user_mode(regs))
+ die("Oops", regs, error_code);
+- make_dead_task(SIGKILL);
++ make_task_dead(SIGKILL);
+
+ return 1;
+ }
+--
+2.39.0
+
--- /dev/null
+From fe998c175d4c8816ca85ed687f2cf328c2104c46 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 24 Jan 2023 10:50:58 -0800
+Subject: hexagon: Fix function name in die()
+
+From: Nathan Chancellor <nathan@kernel.org>
+
+commit 4f0712ccec09c071e221242a2db9a6779a55a949 upstream.
+
+When building ARCH=hexagon defconfig:
+
+arch/hexagon/kernel/traps.c:217:2: error: implicit declaration of
+function 'make_dead_task' [-Werror,-Wimplicit-function-declaration]
+ make_dead_task(err);
+ ^
+
+The function's name is make_task_dead(), change it so there is no more
+build error.
+
+Fixes: 0e25498f8cd4 ("exit: Add and use make_task_dead.")
+Signed-off-by: Nathan Chancellor <nathan@kernel.org>
+Link: https://lkml.kernel.org/r/20211227184851.2297759-2-nathan@kernel.org
+Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/hexagon/kernel/traps.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/arch/hexagon/kernel/traps.c b/arch/hexagon/kernel/traps.c
+index 6dd6cf0ab711..1240f038cce0 100644
+--- a/arch/hexagon/kernel/traps.c
++++ b/arch/hexagon/kernel/traps.c
+@@ -214,7 +214,7 @@ int die(const char *str, struct pt_regs *regs, long err)
+ panic("Fatal exception");
+
+ oops_exit();
+- make_dead_task(err);
++ make_task_dead(err);
+ return 0;
+ }
+
+--
+2.39.0
+
--- /dev/null
+From 849360fa8411890b93e8f08f3f748cb9e320830d Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 24 Jan 2023 10:51:01 -0800
+Subject: ia64: make IA64_MCA_RECOVERY bool instead of tristate
+
+From: Randy Dunlap <rdunlap@infradead.org>
+
+commit dbecf9b8b8ce580f4e11afed9d61e8aa294cddd2 upstream.
+
+In linux-next, IA64_MCA_RECOVERY uses the (new) function
+make_task_dead(), which is not exported for use by modules. Instead of
+exporting it for one user, convert IA64_MCA_RECOVERY to be a bool
+Kconfig symbol.
+
+In a config file from "kernel test robot <lkp@intel.com>" for a
+different problem, this linker error was exposed when
+CONFIG_IA64_MCA_RECOVERY=m.
+
+Fixes this build error:
+
+ ERROR: modpost: "make_task_dead" [arch/ia64/kernel/mca_recovery.ko] undefined!
+
+Link: https://lkml.kernel.org/r/20220124213129.29306-1-rdunlap@infradead.org
+Fixes: 0e25498f8cd4 ("exit: Add and use make_task_dead.")
+Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
+Suggested-by: Christoph Hellwig <hch@infradead.org>
+Reviewed-by: Christoph Hellwig <hch@lst.de>
+Reviewed-by: "Eric W. Biederman" <ebiederm@xmission.com>
+Cc: Tony Luck <tony.luck@intel.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/ia64/Kconfig | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/arch/ia64/Kconfig b/arch/ia64/Kconfig
+index 1e33666fa679..b1f2b6ac9b1d 100644
+--- a/arch/ia64/Kconfig
++++ b/arch/ia64/Kconfig
+@@ -323,7 +323,7 @@ config ARCH_PROC_KCORE_TEXT
+ depends on PROC_KCORE
+
+ config IA64_MCA_RECOVERY
+- tristate "MCA recovery from errors other than TLB."
++ bool "MCA recovery from errors other than TLB."
+
+ config IA64_PALINFO
+ tristate "/proc/pal support"
+--
+2.39.0
+
--- /dev/null
+From 9d478734dc75f45636a9c454d6d75382b10439af Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 24 Jan 2023 10:50:55 -0800
+Subject: kasan: no need to unset panic_on_warn in end_report()
+
+From: Tiezhu Yang <yangtiezhu@loongson.cn>
+
+commit e7ce7500375a63348e1d3a703c8d5003cbe3fea6 upstream.
+
+panic_on_warn is unset inside panic(), so no need to unset it before
+calling panic() in end_report().
+
+Link: https://lkml.kernel.org/r/1644324666-15947-6-git-send-email-yangtiezhu@loongson.cn
+Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn>
+Reviewed-by: Marco Elver <elver@google.com>
+Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
+Cc: Baoquan He <bhe@redhat.com>
+Cc: Jonathan Corbet <corbet@lwn.net>
+Cc: Xuefeng Li <lixuefeng@loongson.cn>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ mm/kasan/report.c | 10 +---------
+ 1 file changed, 1 insertion(+), 9 deletions(-)
+
+diff --git a/mm/kasan/report.c b/mm/kasan/report.c
+index 884a950c7026..bf17704b302f 100644
+--- a/mm/kasan/report.c
++++ b/mm/kasan/report.c
+@@ -117,16 +117,8 @@ static void end_report(unsigned long *flags, unsigned long addr)
+ pr_err("==================================================================\n");
+ add_taint(TAINT_BAD_PAGE, LOCKDEP_NOW_UNRELIABLE);
+ spin_unlock_irqrestore(&report_lock, *flags);
+- if (panic_on_warn && !test_bit(KASAN_BIT_MULTI_SHOT, &kasan_flags)) {
+- /*
+- * This thread may hit another WARN() in the panic path.
+- * Resetting this prevents additional WARN() from panicking the
+- * system on this thread. Other threads are blocked by the
+- * panic_mutex in panic().
+- */
+- panic_on_warn = 0;
++ if (panic_on_warn && !test_bit(KASAN_BIT_MULTI_SHOT, &kasan_flags))
+ panic("panic_on_warn set ...\n");
+- }
+ if (kasan_arg_fault == KASAN_ARG_FAULT_PANIC)
+ panic("kasan.fault=panic set ...\n");
+ kasan_enable_current();
+--
+2.39.0
+
--- /dev/null
+From ee16edb8b728f0799ad308d399ab49070273d658 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 24 Jan 2023 10:50:52 -0800
+Subject: kernel/panic: move panic sysctls to its own file
+
+From: tangmeng <tangmeng@uniontech.com>
+
+commit 9df918698408fd914493aba0b7858fef50eba63a upstream.
+
+kernel/sysctl.c is a kitchen sink where everyone leaves their dirty
+dishes, this makes it very difficult to maintain.
+
+To help with this maintenance let's start by moving sysctls to places
+where they actually belong. The proc sysctl maintainers do not want to
+know what sysctl knobs you wish to add for your own piece of code, we
+just care about the core logic.
+
+All filesystem syctls now get reviewed by fs folks. This commit
+follows the commit of fs, move the oops_all_cpu_backtrace sysctl to
+its own file, kernel/panic.c.
+
+Signed-off-by: tangmeng <tangmeng@uniontech.com>
+Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ include/linux/panic.h | 6 ------
+ kernel/panic.c | 26 +++++++++++++++++++++++++-
+ kernel/sysctl.c | 11 -----------
+ 3 files changed, 25 insertions(+), 18 deletions(-)
+
+diff --git a/include/linux/panic.h b/include/linux/panic.h
+index f5844908a089..e71161da69c4 100644
+--- a/include/linux/panic.h
++++ b/include/linux/panic.h
+@@ -15,12 +15,6 @@ extern void oops_enter(void);
+ extern void oops_exit(void);
+ extern bool oops_may_print(void);
+
+-#ifdef CONFIG_SMP
+-extern unsigned int sysctl_oops_all_cpu_backtrace;
+-#else
+-#define sysctl_oops_all_cpu_backtrace 0
+-#endif /* CONFIG_SMP */
+-
+ extern int panic_timeout;
+ extern unsigned long panic_print;
+ extern int panic_on_oops;
+diff --git a/kernel/panic.c b/kernel/panic.c
+index cefd7d82366f..5ee281b996f9 100644
+--- a/kernel/panic.c
++++ b/kernel/panic.c
+@@ -42,7 +42,9 @@
+ * Should we dump all CPUs backtraces in an oops event?
+ * Defaults to 0, can be changed via sysctl.
+ */
+-unsigned int __read_mostly sysctl_oops_all_cpu_backtrace;
++static unsigned int __read_mostly sysctl_oops_all_cpu_backtrace;
++#else
++#define sysctl_oops_all_cpu_backtrace 0
+ #endif /* CONFIG_SMP */
+
+ int panic_on_oops = CONFIG_PANIC_ON_OOPS_VALUE;
+@@ -71,6 +73,28 @@ ATOMIC_NOTIFIER_HEAD(panic_notifier_list);
+
+ EXPORT_SYMBOL(panic_notifier_list);
+
++#if defined(CONFIG_SMP) && defined(CONFIG_SYSCTL)
++static struct ctl_table kern_panic_table[] = {
++ {
++ .procname = "oops_all_cpu_backtrace",
++ .data = &sysctl_oops_all_cpu_backtrace,
++ .maxlen = sizeof(int),
++ .mode = 0644,
++ .proc_handler = proc_dointvec_minmax,
++ .extra1 = SYSCTL_ZERO,
++ .extra2 = SYSCTL_ONE,
++ },
++ { }
++};
++
++static __init int kernel_panic_sysctls_init(void)
++{
++ register_sysctl_init("kernel", kern_panic_table);
++ return 0;
++}
++late_initcall(kernel_panic_sysctls_init);
++#endif
++
+ static long no_blink(int state)
+ {
+ return 0;
+diff --git a/kernel/sysctl.c b/kernel/sysctl.c
+index 34ce5953dbb0..928798f89ca1 100644
+--- a/kernel/sysctl.c
++++ b/kernel/sysctl.c
+@@ -2220,17 +2220,6 @@ static struct ctl_table kern_table[] = {
+ .proc_handler = proc_dointvec,
+ },
+ #endif
+-#ifdef CONFIG_SMP
+- {
+- .procname = "oops_all_cpu_backtrace",
+- .data = &sysctl_oops_all_cpu_backtrace,
+- .maxlen = sizeof(int),
+- .mode = 0644,
+- .proc_handler = proc_dointvec_minmax,
+- .extra1 = SYSCTL_ZERO,
+- .extra2 = SYSCTL_ONE,
+- },
+-#endif /* CONFIG_SMP */
+ {
+ .procname = "pid_max",
+ .data = &pid_max,
+--
+2.39.0
+
--- /dev/null
+From 05fda8dbd83ff02829e673ab6b1418f22237127d Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 24 Jan 2023 10:50:57 -0800
+Subject: objtool: Add a missing comma to avoid string concatenation
+
+From: Eric W. Biederman <ebiederm@xmission.com>
+
+commit 1fb466dff904e4a72282af336f2c355f011eec61 upstream.
+
+Recently the kbuild robot reported two new errors:
+
+>> lib/kunit/kunit-example-test.o: warning: objtool: .text.unlikely: unexpected end of section
+>> arch/x86/kernel/dumpstack.o: warning: objtool: oops_end() falls through to next function show_opcodes()
+
+I don't know why they did not occur in my test setup but after digging
+it I realized I had accidentally dropped a comma in
+tools/objtool/check.c when I renamed rewind_stack_do_exit to
+rewind_stack_and_make_dead.
+
+Add that comma back to fix objtool errors.
+
+Link: https://lkml.kernel.org/r/202112140949.Uq5sFKR1-lkp@intel.com
+Fixes: 0e25498f8cd4 ("exit: Add and use make_task_dead.")
+Reported-by: kernel test robot <lkp@intel.com>
+Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ tools/objtool/check.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tools/objtool/check.c b/tools/objtool/check.c
+index 82ade76dcef2..758c0ba8de35 100644
+--- a/tools/objtool/check.c
++++ b/tools/objtool/check.c
+@@ -177,7 +177,7 @@ static bool __dead_end_function(struct objtool_file *file, struct symbol *func,
+ "fortify_panic",
+ "usercopy_abort",
+ "machine_real_restart",
+- "rewind_stack_and_make_dead"
++ "rewind_stack_and_make_dead",
+ "kunit_try_catch_throw",
+ "xen_start_kernel",
+ "cpu_bringup_and_idle",
+--
+2.39.0
+
--- /dev/null
+From 113c865cc65f241259e44642172cef4de3c340d9 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 24 Jan 2023 10:51:06 -0800
+Subject: panic: Consolidate open-coded panic_on_warn checks
+
+From: Kees Cook <keescook@chromium.org>
+
+commit 79cc1ba7badf9e7a12af99695a557e9ce27ee967 upstream.
+
+Several run-time checkers (KASAN, UBSAN, KFENCE, KCSAN, sched) roll
+their own warnings, and each check "panic_on_warn". Consolidate this
+into a single function so that future instrumentation can be added in
+a single location.
+
+Cc: Marco Elver <elver@google.com>
+Cc: Dmitry Vyukov <dvyukov@google.com>
+Cc: Ingo Molnar <mingo@redhat.com>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Juri Lelli <juri.lelli@redhat.com>
+Cc: Vincent Guittot <vincent.guittot@linaro.org>
+Cc: Dietmar Eggemann <dietmar.eggemann@arm.com>
+Cc: Steven Rostedt <rostedt@goodmis.org>
+Cc: Ben Segall <bsegall@google.com>
+Cc: Mel Gorman <mgorman@suse.de>
+Cc: Daniel Bristot de Oliveira <bristot@redhat.com>
+Cc: Valentin Schneider <vschneid@redhat.com>
+Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
+Cc: Alexander Potapenko <glider@google.com>
+Cc: Andrey Konovalov <andreyknvl@gmail.com>
+Cc: Vincenzo Frascino <vincenzo.frascino@arm.com>
+Cc: Andrew Morton <akpm@linux-foundation.org>
+Cc: David Gow <davidgow@google.com>
+Cc: tangmeng <tangmeng@uniontech.com>
+Cc: Jann Horn <jannh@google.com>
+Cc: Shuah Khan <skhan@linuxfoundation.org>
+Cc: Petr Mladek <pmladek@suse.com>
+Cc: "Paul E. McKenney" <paulmck@kernel.org>
+Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
+Cc: "Guilherme G. Piccoli" <gpiccoli@igalia.com>
+Cc: Tiezhu Yang <yangtiezhu@loongson.cn>
+Cc: kasan-dev@googlegroups.com
+Cc: linux-mm@kvack.org
+Reviewed-by: Luis Chamberlain <mcgrof@kernel.org>
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Reviewed-by: Marco Elver <elver@google.com>
+Reviewed-by: Andrey Konovalov <andreyknvl@gmail.com>
+Link: https://lore.kernel.org/r/20221117234328.594699-4-keescook@chromium.org
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ include/linux/panic.h | 1 +
+ kernel/kcsan/report.c | 3 +--
+ kernel/panic.c | 9 +++++++--
+ kernel/sched/core.c | 3 +--
+ lib/ubsan.c | 3 +--
+ mm/kasan/report.c | 4 ++--
+ mm/kfence/report.c | 3 +--
+ 7 files changed, 14 insertions(+), 12 deletions(-)
+
+diff --git a/include/linux/panic.h b/include/linux/panic.h
+index e71161da69c4..8eb5897c164f 100644
+--- a/include/linux/panic.h
++++ b/include/linux/panic.h
+@@ -11,6 +11,7 @@ extern long (*panic_blink)(int state);
+ __printf(1, 2)
+ void panic(const char *fmt, ...) __noreturn __cold;
+ void nmi_panic(struct pt_regs *regs, const char *msg);
++void check_panic_on_warn(const char *origin);
+ extern void oops_enter(void);
+ extern void oops_exit(void);
+ extern bool oops_may_print(void);
+diff --git a/kernel/kcsan/report.c b/kernel/kcsan/report.c
+index 21137929d428..b88d5d5f29e4 100644
+--- a/kernel/kcsan/report.c
++++ b/kernel/kcsan/report.c
+@@ -432,8 +432,7 @@ static void print_report(enum kcsan_value_change value_change,
+ dump_stack_print_info(KERN_DEFAULT);
+ pr_err("==================================================================\n");
+
+- if (panic_on_warn)
+- panic("panic_on_warn set ...\n");
++ check_panic_on_warn("KCSAN");
+ }
+
+ static void release_report(unsigned long *flags, struct other_info *other_info)
+diff --git a/kernel/panic.c b/kernel/panic.c
+index 0b560312878c..bf0324941e43 100644
+--- a/kernel/panic.c
++++ b/kernel/panic.c
+@@ -193,6 +193,12 @@ static void panic_print_sys_info(void)
+ ftrace_dump(DUMP_ALL);
+ }
+
++void check_panic_on_warn(const char *origin)
++{
++ if (panic_on_warn)
++ panic("%s: panic_on_warn set ...\n", origin);
++}
++
+ /**
+ * panic - halt the system
+ * @fmt: The text string to print
+@@ -628,8 +634,7 @@ void __warn(const char *file, int line, void *caller, unsigned taint,
+ if (regs)
+ show_regs(regs);
+
+- if (panic_on_warn)
+- panic("panic_on_warn set ...\n");
++ check_panic_on_warn("kernel");
+
+ if (!regs)
+ dump_stack();
+diff --git a/kernel/sched/core.c b/kernel/sched/core.c
+index 2bd5e235d078..c1458fa8beb3 100644
+--- a/kernel/sched/core.c
++++ b/kernel/sched/core.c
+@@ -5560,8 +5560,7 @@ static noinline void __schedule_bug(struct task_struct *prev)
+ pr_err("Preemption disabled at:");
+ print_ip_sym(KERN_ERR, preempt_disable_ip);
+ }
+- if (panic_on_warn)
+- panic("scheduling while atomic\n");
++ check_panic_on_warn("scheduling while atomic");
+
+ dump_stack();
+ add_taint(TAINT_WARN, LOCKDEP_STILL_OK);
+diff --git a/lib/ubsan.c b/lib/ubsan.c
+index 36bd75e33426..60c7099857a0 100644
+--- a/lib/ubsan.c
++++ b/lib/ubsan.c
+@@ -154,8 +154,7 @@ static void ubsan_epilogue(void)
+
+ current->in_ubsan--;
+
+- if (panic_on_warn)
+- panic("panic_on_warn set ...\n");
++ check_panic_on_warn("UBSAN");
+ }
+
+ void __ubsan_handle_divrem_overflow(void *_data, void *lhs, void *rhs)
+diff --git a/mm/kasan/report.c b/mm/kasan/report.c
+index bf17704b302f..887af873733b 100644
+--- a/mm/kasan/report.c
++++ b/mm/kasan/report.c
+@@ -117,8 +117,8 @@ static void end_report(unsigned long *flags, unsigned long addr)
+ pr_err("==================================================================\n");
+ add_taint(TAINT_BAD_PAGE, LOCKDEP_NOW_UNRELIABLE);
+ spin_unlock_irqrestore(&report_lock, *flags);
+- if (panic_on_warn && !test_bit(KASAN_BIT_MULTI_SHOT, &kasan_flags))
+- panic("panic_on_warn set ...\n");
++ if (!test_bit(KASAN_BIT_MULTI_SHOT, &kasan_flags))
++ check_panic_on_warn("KASAN");
+ if (kasan_arg_fault == KASAN_ARG_FAULT_PANIC)
+ panic("kasan.fault=panic set ...\n");
+ kasan_enable_current();
+diff --git a/mm/kfence/report.c b/mm/kfence/report.c
+index 37e140e7f201..cbd9456359b9 100644
+--- a/mm/kfence/report.c
++++ b/mm/kfence/report.c
+@@ -267,8 +267,7 @@ void kfence_report_error(unsigned long address, bool is_write, struct pt_regs *r
+
+ lockdep_on();
+
+- if (panic_on_warn)
+- panic("panic_on_warn set ...\n");
++ check_panic_on_warn("KFENCE");
+
+ /* We encountered a memory safety error, taint the kernel! */
+ add_taint(TAINT_BAD_PAGE, LOCKDEP_STILL_OK);
+--
+2.39.0
+
--- /dev/null
+From f0c5ca7df8792fef2727845ca0db9dc9554a8826 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 24 Jan 2023 10:51:08 -0800
+Subject: panic: Expose "warn_count" to sysfs
+
+From: Kees Cook <keescook@chromium.org>
+
+commit 8b05aa26336113c4cea25f1c333ee8cd4fc212a6 upstream.
+
+Since Warn count is now tracked and is a fairly interesting signal, add
+the entry /sys/kernel/warn_count to expose it to userspace.
+
+Cc: Petr Mladek <pmladek@suse.com>
+Cc: Andrew Morton <akpm@linux-foundation.org>
+Cc: tangmeng <tangmeng@uniontech.com>
+Cc: "Guilherme G. Piccoli" <gpiccoli@igalia.com>
+Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
+Cc: Tiezhu Yang <yangtiezhu@loongson.cn>
+Reviewed-by: Luis Chamberlain <mcgrof@kernel.org>
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Link: https://lore.kernel.org/r/20221117234328.594699-6-keescook@chromium.org
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ .../ABI/testing/sysfs-kernel-warn_count | 6 +++++
+ kernel/panic.c | 22 +++++++++++++++++--
+ 2 files changed, 26 insertions(+), 2 deletions(-)
+ create mode 100644 Documentation/ABI/testing/sysfs-kernel-warn_count
+
+diff --git a/Documentation/ABI/testing/sysfs-kernel-warn_count b/Documentation/ABI/testing/sysfs-kernel-warn_count
+new file mode 100644
+index 000000000000..08f083d2fd51
+--- /dev/null
++++ b/Documentation/ABI/testing/sysfs-kernel-warn_count
+@@ -0,0 +1,6 @@
++What: /sys/kernel/oops_count
++Date: November 2022
++KernelVersion: 6.2.0
++Contact: Linux Kernel Hardening List <linux-hardening@vger.kernel.org>
++Description:
++ Shows how many times the system has Warned since last boot.
+diff --git a/kernel/panic.c b/kernel/panic.c
+index 604d7ad77042..4aef355e9a5d 100644
+--- a/kernel/panic.c
++++ b/kernel/panic.c
+@@ -32,6 +32,7 @@
+ #include <linux/bug.h>
+ #include <linux/ratelimit.h>
+ #include <linux/debugfs.h>
++#include <linux/sysfs.h>
+ #include <asm/sections.h>
+
+ #define PANIC_TIMER_STEP 100
+@@ -105,6 +106,25 @@ static __init int kernel_panic_sysctls_init(void)
+ late_initcall(kernel_panic_sysctls_init);
+ #endif
+
++static atomic_t warn_count = ATOMIC_INIT(0);
++
++#ifdef CONFIG_SYSFS
++static ssize_t warn_count_show(struct kobject *kobj, struct kobj_attribute *attr,
++ char *page)
++{
++ return sysfs_emit(page, "%d\n", atomic_read(&warn_count));
++}
++
++static struct kobj_attribute warn_count_attr = __ATTR_RO(warn_count);
++
++static __init int kernel_panic_sysfs_init(void)
++{
++ sysfs_add_file_to_group(kernel_kobj, &warn_count_attr.attr, NULL);
++ return 0;
++}
++late_initcall(kernel_panic_sysfs_init);
++#endif
++
+ static long no_blink(int state)
+ {
+ return 0;
+@@ -203,8 +223,6 @@ static void panic_print_sys_info(void)
+
+ void check_panic_on_warn(const char *origin)
+ {
+- static atomic_t warn_count = ATOMIC_INIT(0);
+-
+ if (panic_on_warn)
+ panic("%s: panic_on_warn set ...\n", origin);
+
+--
+2.39.0
+
--- /dev/null
+From 89da686194d1e0287ef1ff5e3d9685e0485d9e49 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 24 Jan 2023 10:51:07 -0800
+Subject: panic: Introduce warn_limit
+
+From: Kees Cook <keescook@chromium.org>
+
+commit 9fc9e278a5c0b708eeffaf47d6eb0c82aa74ed78 upstream.
+
+Like oops_limit, add warn_limit for limiting the number of warnings when
+panic_on_warn is not set.
+
+Cc: Jonathan Corbet <corbet@lwn.net>
+Cc: Andrew Morton <akpm@linux-foundation.org>
+Cc: Baolin Wang <baolin.wang@linux.alibaba.com>
+Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>
+Cc: Eric Biggers <ebiggers@google.com>
+Cc: Huang Ying <ying.huang@intel.com>
+Cc: Petr Mladek <pmladek@suse.com>
+Cc: tangmeng <tangmeng@uniontech.com>
+Cc: "Guilherme G. Piccoli" <gpiccoli@igalia.com>
+Cc: Tiezhu Yang <yangtiezhu@loongson.cn>
+Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
+Cc: linux-doc@vger.kernel.org
+Reviewed-by: Luis Chamberlain <mcgrof@kernel.org>
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Link: https://lore.kernel.org/r/20221117234328.594699-5-keescook@chromium.org
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ Documentation/admin-guide/sysctl/kernel.rst | 10 ++++++++++
+ kernel/panic.c | 14 ++++++++++++++
+ 2 files changed, 24 insertions(+)
+
+diff --git a/Documentation/admin-guide/sysctl/kernel.rst b/Documentation/admin-guide/sysctl/kernel.rst
+index d6f1d3892e71..48b91c485c99 100644
+--- a/Documentation/admin-guide/sysctl/kernel.rst
++++ b/Documentation/admin-guide/sysctl/kernel.rst
+@@ -1494,6 +1494,16 @@ entry will default to 2 instead of 0.
+ 2 Unprivileged calls to ``bpf()`` are disabled
+ = =============================================================
+
++
++warn_limit
++==========
++
++Number of kernel warnings after which the kernel should panic when
++``panic_on_warn`` is not set. Setting this to 0 disables checking
++the warning count. Setting this to 1 has the same effect as setting
++``panic_on_warn=1``. The default value is 0.
++
++
+ watchdog
+ ========
+
+diff --git a/kernel/panic.c b/kernel/panic.c
+index bf0324941e43..604d7ad77042 100644
+--- a/kernel/panic.c
++++ b/kernel/panic.c
+@@ -57,6 +57,7 @@ bool crash_kexec_post_notifiers;
+ int panic_on_warn __read_mostly;
+ unsigned long panic_on_taint;
+ bool panic_on_taint_nousertaint = false;
++static unsigned int warn_limit __read_mostly;
+
+ int panic_timeout = CONFIG_PANIC_TIMEOUT;
+ EXPORT_SYMBOL_GPL(panic_timeout);
+@@ -86,6 +87,13 @@ static struct ctl_table kern_panic_table[] = {
+ .extra2 = SYSCTL_ONE,
+ },
+ #endif
++ {
++ .procname = "warn_limit",
++ .data = &warn_limit,
++ .maxlen = sizeof(warn_limit),
++ .mode = 0644,
++ .proc_handler = proc_douintvec,
++ },
+ { }
+ };
+
+@@ -195,8 +203,14 @@ static void panic_print_sys_info(void)
+
+ void check_panic_on_warn(const char *origin)
+ {
++ static atomic_t warn_count = ATOMIC_INIT(0);
++
+ if (panic_on_warn)
+ panic("%s: panic_on_warn set ...\n", origin);
++
++ if (atomic_inc_return(&warn_count) >= READ_ONCE(warn_limit) && warn_limit)
++ panic("%s: system warned too often (kernel.warn_limit is %d)",
++ origin, warn_limit);
+ }
+
+ /**
+--
+2.39.0
+
--- /dev/null
+From ed126ade287233ec50527b930d369815c2e11146 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 24 Jan 2023 10:51:02 -0800
+Subject: panic: Separate sysctl logic from CONFIG_SMP
+
+From: Kees Cook <keescook@chromium.org>
+
+commit 9360d035a579d95d1e76c471061b9065b18a0eb1 upstream.
+
+In preparation for adding more sysctls directly in kernel/panic.c, split
+CONFIG_SMP from the logic that adds sysctls.
+
+Cc: Petr Mladek <pmladek@suse.com>
+Cc: Andrew Morton <akpm@linux-foundation.org>
+Cc: tangmeng <tangmeng@uniontech.com>
+Cc: "Guilherme G. Piccoli" <gpiccoli@igalia.com>
+Cc: Tiezhu Yang <yangtiezhu@loongson.cn>
+Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
+Reviewed-by: Luis Chamberlain <mcgrof@kernel.org>
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Link: https://lore.kernel.org/r/20221117234328.594699-1-keescook@chromium.org
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ kernel/panic.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/kernel/panic.c b/kernel/panic.c
+index 5ed1ad06f9a3..0b560312878c 100644
+--- a/kernel/panic.c
++++ b/kernel/panic.c
+@@ -73,8 +73,9 @@ ATOMIC_NOTIFIER_HEAD(panic_notifier_list);
+
+ EXPORT_SYMBOL(panic_notifier_list);
+
+-#if defined(CONFIG_SMP) && defined(CONFIG_SYSCTL)
++#ifdef CONFIG_SYSCTL
+ static struct ctl_table kern_panic_table[] = {
++#ifdef CONFIG_SMP
+ {
+ .procname = "oops_all_cpu_backtrace",
+ .data = &sysctl_oops_all_cpu_backtrace,
+@@ -84,6 +85,7 @@ static struct ctl_table kern_panic_table[] = {
+ .extra1 = SYSCTL_ZERO,
+ .extra2 = SYSCTL_ONE,
+ },
++#endif
+ { }
+ };
+
+--
+2.39.0
+
--- /dev/null
+From 9dd0667ca7a9da7153da80462f4a2c205c1edd94 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 24 Jan 2023 10:50:53 -0800
+Subject: panic: unset panic_on_warn inside panic()
+
+From: Tiezhu Yang <yangtiezhu@loongson.cn>
+
+commit 1a2383e8b84c0451fd9b1eec3b9aab16f30b597c upstream.
+
+In the current code, the following three places need to unset
+panic_on_warn before calling panic() to avoid recursive panics:
+
+kernel/kcsan/report.c: print_report()
+kernel/sched/core.c: __schedule_bug()
+mm/kfence/report.c: kfence_report_error()
+
+In order to avoid copy-pasting "panic_on_warn = 0" all over the places,
+it is better to move it inside panic() and then remove it from the other
+places.
+
+Link: https://lkml.kernel.org/r/1644324666-15947-4-git-send-email-yangtiezhu@loongson.cn
+Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn>
+Reviewed-by: Marco Elver <elver@google.com>
+Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
+Cc: Baoquan He <bhe@redhat.com>
+Cc: Jonathan Corbet <corbet@lwn.net>
+Cc: Xuefeng Li <lixuefeng@loongson.cn>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ kernel/panic.c | 20 +++++++++++---------
+ 1 file changed, 11 insertions(+), 9 deletions(-)
+
+diff --git a/kernel/panic.c b/kernel/panic.c
+index 5ee281b996f9..5ed1ad06f9a3 100644
+--- a/kernel/panic.c
++++ b/kernel/panic.c
+@@ -208,6 +208,16 @@ void panic(const char *fmt, ...)
+ int old_cpu, this_cpu;
+ bool _crash_kexec_post_notifiers = crash_kexec_post_notifiers;
+
++ if (panic_on_warn) {
++ /*
++ * This thread may hit another WARN() in the panic path.
++ * Resetting this prevents additional WARN() from panicking the
++ * system on this thread. Other threads are blocked by the
++ * panic_mutex in panic().
++ */
++ panic_on_warn = 0;
++ }
++
+ /*
+ * Disable local interrupts. This will prevent panic_smp_self_stop
+ * from deadlocking the first cpu that invokes the panic, since
+@@ -616,16 +626,8 @@ void __warn(const char *file, int line, void *caller, unsigned taint,
+ if (regs)
+ show_regs(regs);
+
+- if (panic_on_warn) {
+- /*
+- * This thread may hit another WARN() in the panic path.
+- * Resetting this prevents additional WARN() from panicking the
+- * system on this thread. Other threads are blocked by the
+- * panic_mutex in panic().
+- */
+- panic_on_warn = 0;
++ if (panic_on_warn)
+ panic("panic_on_warn set ...\n");
+- }
+
+ if (!regs)
+ dump_stack();
+--
+2.39.0
+
revert-selftests-bpf-check-null-propagation-only-nei.patch
drm-i915-remove-unused-variable.patch
x86-acpi-cstate-optimize-c3-entry-on-amd-cpus.patch
+sysctl-add-a-new-register_sysctl_init-interface.patch
+kernel-panic-move-panic-sysctls-to-its-own-file.patch
+panic-unset-panic_on_warn-inside-panic.patch
+ubsan-no-need-to-unset-panic_on_warn-in-ubsan_epilog.patch
+kasan-no-need-to-unset-panic_on_warn-in-end_report.patch
+exit-add-and-use-make_task_dead.patch
+objtool-add-a-missing-comma-to-avoid-string-concaten.patch
+hexagon-fix-function-name-in-die.patch
+h8300-fix-build-errors-from-do_exit-to-make_task_dea.patch
+csky-fix-function-name-in-csky_alignment-and-die.patch
+ia64-make-ia64_mca_recovery-bool-instead-of-tristate.patch
+panic-separate-sysctl-logic-from-config_smp.patch
+exit-put-an-upper-limit-on-how-often-we-can-oops.patch
+exit-expose-oops_count-to-sysfs.patch
+exit-allow-oops_limit-to-be-disabled.patch
+panic-consolidate-open-coded-panic_on_warn-checks.patch
+panic-introduce-warn_limit.patch
+panic-expose-warn_count-to-sysfs.patch
+docs-fix-path-paste-o-for-sys-kernel-warn_count.patch
+exit-use-read_once-for-all-oops-warn-limit-reads.patch
+bluetooth-hci_sync-cancel-cmd_timer-if-hci_open-fail.patch
--- /dev/null
+From 95c47346022df542d3999685ccac7c7bf36048bd Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 24 Jan 2023 10:50:51 -0800
+Subject: sysctl: add a new register_sysctl_init() interface
+
+From: Xiaoming Ni <nixiaoming@huawei.com>
+
+commit 3ddd9a808cee7284931312f2f3e854c9617f44b2 upstream.
+
+Patch series "sysctl: first set of kernel/sysctl cleanups", v2.
+
+Finally had time to respin the series of the work we had started last
+year on cleaning up the kernel/sysct.c kitchen sink. People keeps
+stuffing their sysctls in that file and this creates a maintenance
+burden. So this effort is aimed at placing sysctls where they actually
+belong.
+
+I'm going to split patches up into series as there is quite a bit of
+work.
+
+This first set adds register_sysctl_init() for uses of registerting a
+sysctl on the init path, adds const where missing to a few places,
+generalizes common values so to be more easy to share, and starts the
+move of a few kernel/sysctl.c out where they belong.
+
+The majority of rework on v2 in this first patch set is 0-day fixes.
+Eric Biederman's feedback is later addressed in subsequent patch sets.
+
+I'll only post the first two patch sets for now. We can address the
+rest once the first two patch sets get completely reviewed / Acked.
+
+This patch (of 9):
+
+The kernel/sysctl.c is a kitchen sink where everyone leaves their dirty
+dishes, this makes it very difficult to maintain.
+
+To help with this maintenance let's start by moving sysctls to places
+where they actually belong. The proc sysctl maintainers do not want to
+know what sysctl knobs you wish to add for your own piece of code, we
+just care about the core logic.
+
+Today though folks heavily rely on tables on kernel/sysctl.c so they can
+easily just extend this table with their needed sysctls. In order to
+help users move their sysctls out we need to provide a helper which can
+be used during code initialization.
+
+We special-case the initialization use of register_sysctl() since it
+*is* safe to fail, given all that sysctls do is provide a dynamic
+interface to query or modify at runtime an existing variable. So the
+use case of register_sysctl() on init should *not* stop if the sysctls
+don't end up getting registered. It would be counter productive to stop
+boot if a simple sysctl registration failed.
+
+Provide a helper for init then, and document the recommended init levels
+to use for callers of this routine. We will later use this in
+subsequent patches to start slimming down kernel/sysctl.c tables and
+moving sysctl registration to the code which actually needs these
+sysctls.
+
+[mcgrof@kernel.org: major commit log and documentation rephrasing also moved to fs/proc/proc_sysctl.c ]
+
+Link: https://lkml.kernel.org/r/20211123202347.818157-1-mcgrof@kernel.org
+Link: https://lkml.kernel.org/r/20211123202347.818157-2-mcgrof@kernel.org
+Signed-off-by: Xiaoming Ni <nixiaoming@huawei.com>
+Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
+Reviewed-by: Kees Cook <keescook@chromium.org>
+Cc: Iurii Zaikin <yzaikin@google.com>
+Cc: "Eric W. Biederman" <ebiederm@xmission.com>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Cc: Paul Turner <pjt@google.com>
+Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
+Cc: Sebastian Reichel <sre@kernel.org>
+Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
+Cc: Petr Mladek <pmladek@suse.com>
+Cc: Sergey Senozhatsky <senozhatsky@chromium.org>
+Cc: Qing Wang <wangqing@vivo.com>
+Cc: Benjamin LaHaise <bcrl@kvack.org>
+Cc: Al Viro <viro@zeniv.linux.org.uk>
+Cc: Jan Kara <jack@suse.cz>
+Cc: Amir Goldstein <amir73il@gmail.com>
+Cc: Stephen Kitt <steve@sk2.org>
+Cc: Antti Palosaari <crope@iki.fi>
+Cc: Arnd Bergmann <arnd@arndb.de>
+Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
+Cc: Clemens Ladisch <clemens@ladisch.de>
+Cc: David Airlie <airlied@linux.ie>
+Cc: Jani Nikula <jani.nikula@linux.intel.com>
+Cc: Joel Becker <jlbec@evilplan.org>
+Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
+Cc: Joseph Qi <joseph.qi@linux.alibaba.com>
+Cc: Julia Lawall <julia.lawall@inria.fr>
+Cc: Lukas Middendorf <kernel@tuxforce.de>
+Cc: Mark Fasheh <mark@fasheh.com>
+Cc: Phillip Potter <phil@philpotter.co.uk>
+Cc: Rodrigo Vivi <rodrigo.vivi@intel.com>
+Cc: Douglas Gilbert <dgilbert@interlog.com>
+Cc: James E.J. Bottomley <jejb@linux.ibm.com>
+Cc: Jani Nikula <jani.nikula@intel.com>
+Cc: John Ogness <john.ogness@linutronix.de>
+Cc: Martin K. Petersen <martin.petersen@oracle.com>
+Cc: "Rafael J. Wysocki" <rafael@kernel.org>
+Cc: Steven Rostedt (VMware) <rostedt@goodmis.org>
+Cc: Suren Baghdasaryan <surenb@google.com>
+Cc: "Theodore Ts'o" <tytso@mit.edu>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/proc/proc_sysctl.c | 33 +++++++++++++++++++++++++++++++++
+ include/linux/sysctl.h | 3 +++
+ 2 files changed, 36 insertions(+)
+
+diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
+index 013fc5931bc3..0b7a00ed6c49 100644
+--- a/fs/proc/proc_sysctl.c
++++ b/fs/proc/proc_sysctl.c
+@@ -16,6 +16,7 @@
+ #include <linux/module.h>
+ #include <linux/bpf-cgroup.h>
+ #include <linux/mount.h>
++#include <linux/kmemleak.h>
+ #include "internal.h"
+
+ static const struct dentry_operations proc_sys_dentry_operations;
+@@ -1384,6 +1385,38 @@ struct ctl_table_header *register_sysctl(const char *path, struct ctl_table *tab
+ }
+ EXPORT_SYMBOL(register_sysctl);
+
++/**
++ * __register_sysctl_init() - register sysctl table to path
++ * @path: path name for sysctl base
++ * @table: This is the sysctl table that needs to be registered to the path
++ * @table_name: The name of sysctl table, only used for log printing when
++ * registration fails
++ *
++ * The sysctl interface is used by userspace to query or modify at runtime
++ * a predefined value set on a variable. These variables however have default
++ * values pre-set. Code which depends on these variables will always work even
++ * if register_sysctl() fails. If register_sysctl() fails you'd just loose the
++ * ability to query or modify the sysctls dynamically at run time. Chances of
++ * register_sysctl() failing on init are extremely low, and so for both reasons
++ * this function does not return any error as it is used by initialization code.
++ *
++ * Context: Can only be called after your respective sysctl base path has been
++ * registered. So for instance, most base directories are registered early on
++ * init before init levels are processed through proc_sys_init() and
++ * sysctl_init().
++ */
++void __init __register_sysctl_init(const char *path, struct ctl_table *table,
++ const char *table_name)
++{
++ struct ctl_table_header *hdr = register_sysctl(path, table);
++
++ if (unlikely(!hdr)) {
++ pr_err("failed when register_sysctl %s to %s\n", table_name, path);
++ return;
++ }
++ kmemleak_not_leak(hdr);
++}
++
+ static char *append_path(const char *path, char *pos, const char *name)
+ {
+ int namelen;
+diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
+index fa372b4c2313..47cf70c8eb93 100644
+--- a/include/linux/sysctl.h
++++ b/include/linux/sysctl.h
+@@ -206,6 +206,9 @@ struct ctl_table_header *register_sysctl_paths(const struct ctl_path *path,
+ void unregister_sysctl_table(struct ctl_table_header * table);
+
+ extern int sysctl_init(void);
++extern void __register_sysctl_init(const char *path, struct ctl_table *table,
++ const char *table_name);
++#define register_sysctl_init(path, table) __register_sysctl_init(path, table, #table)
+ void do_sysctl_args(void);
+
+ extern int pwrsw_enabled;
+--
+2.39.0
+
--- /dev/null
+From 601653c09f3df08119f5c11e69665ed8ce009b1c Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 24 Jan 2023 10:50:54 -0800
+Subject: ubsan: no need to unset panic_on_warn in ubsan_epilogue()
+
+From: Tiezhu Yang <yangtiezhu@loongson.cn>
+
+commit d83ce027a54068fabb70d2c252e1ce2da86784a4 upstream.
+
+panic_on_warn is unset inside panic(), so no need to unset it before
+calling panic() in ubsan_epilogue().
+
+Link: https://lkml.kernel.org/r/1644324666-15947-5-git-send-email-yangtiezhu@loongson.cn
+Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn>
+Reviewed-by: Marco Elver <elver@google.com>
+Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
+Cc: Baoquan He <bhe@redhat.com>
+Cc: Jonathan Corbet <corbet@lwn.net>
+Cc: Xuefeng Li <lixuefeng@loongson.cn>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ lib/ubsan.c | 10 +---------
+ 1 file changed, 1 insertion(+), 9 deletions(-)
+
+diff --git a/lib/ubsan.c b/lib/ubsan.c
+index bdc380ff5d5c..36bd75e33426 100644
+--- a/lib/ubsan.c
++++ b/lib/ubsan.c
+@@ -154,16 +154,8 @@ static void ubsan_epilogue(void)
+
+ current->in_ubsan--;
+
+- if (panic_on_warn) {
+- /*
+- * This thread may hit another WARN() in the panic path.
+- * Resetting this prevents additional WARN() from panicking the
+- * system on this thread. Other threads are blocked by the
+- * panic_mutex in panic().
+- */
+- panic_on_warn = 0;
++ if (panic_on_warn)
+ panic("panic_on_warn set ...\n");
+- }
+ }
+
+ void __ubsan_handle_divrem_overflow(void *_data, void *lhs, void *rhs)
+--
+2.39.0
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
