--- /dev/null
+From d0afcfeb9e3810ec89d1ffde1a0e36621bb75dca Mon Sep 17 00:00:00 2001
+From: Nathan Chancellor <nathan@kernel.org>
+Date: Tue, 6 May 2025 14:02:01 -0700
+Subject: kbuild: Disable -Wdefault-const-init-unsafe
+
+From: Nathan Chancellor <nathan@kernel.org>
+
+commit d0afcfeb9e3810ec89d1ffde1a0e36621bb75dca upstream.
+
+A new on by default warning in clang [1] aims to flags instances where
+const variables without static or thread local storage or const members
+in aggregate types are not initialized because it can lead to an
+indeterminate value. This is quite noisy for the kernel due to
+instances originating from header files such as:
+
+ drivers/gpu/drm/i915/gt/intel_ring.h:62:2: error: default initialization of an object of type 'typeof (ring->size)' (aka 'const unsigned int') leaves the object uninitialized [-Werror,-Wdefault-const-init-var-unsafe]
+ 62 | typecheck(typeof(ring->size), next);
+ | ^
+ include/linux/typecheck.h:10:9: note: expanded from macro 'typecheck'
+ 10 | ({ type __dummy; \
+ | ^
+
+ include/net/ip.h:478:14: error: default initialization of an object of type 'typeof (rt->dst.expires)' (aka 'const unsigned long') leaves the object uninitialized [-Werror,-Wdefault-const-init-var-unsafe]
+ 478 | if (mtu && time_before(jiffies, rt->dst.expires))
+ | ^
+ include/linux/jiffies.h:138:26: note: expanded from macro 'time_before'
+ 138 | #define time_before(a,b) time_after(b,a)
+ | ^
+ include/linux/jiffies.h:128:3: note: expanded from macro 'time_after'
+ 128 | (typecheck(unsigned long, a) && \
+ | ^
+ include/linux/typecheck.h:11:12: note: expanded from macro 'typecheck'
+ 11 | typeof(x) __dummy2; \
+ | ^
+
+ include/linux/list.h:409:27: warning: default initialization of an object of type 'union (unnamed union at include/linux/list.h:409:27)' with const member leaves the object uninitialized [-Wdefault-const-init-field-unsafe]
+ 409 | struct list_head *next = smp_load_acquire(&head->next);
+ | ^
+ include/asm-generic/barrier.h:176:29: note: expanded from macro 'smp_load_acquire'
+ 176 | #define smp_load_acquire(p) __smp_load_acquire(p)
+ | ^
+ arch/arm64/include/asm/barrier.h:164:59: note: expanded from macro '__smp_load_acquire'
+ 164 | union { __unqual_scalar_typeof(*p) __val; char __c[1]; } __u; \
+ | ^
+ include/linux/list.h:409:27: note: member '__val' declared 'const' here
+
+ crypto/scatterwalk.c:66:22: error: default initialization of an object of type 'struct scatter_walk' with const member leaves the object uninitialized [-Werror,-Wdefault-const-init-field-unsafe]
+ 66 | struct scatter_walk walk;
+ | ^
+ include/crypto/algapi.h:112:15: note: member 'addr' declared 'const' here
+ 112 | void *const addr;
+ | ^
+
+ fs/hugetlbfs/inode.c:733:24: error: default initialization of an object of type 'struct vm_area_struct' with const member leaves the object uninitialized [-Werror,-Wdefault-const-init-field-unsafe]
+ 733 | struct vm_area_struct pseudo_vma;
+ | ^
+ include/linux/mm_types.h:803:20: note: member 'vm_flags' declared 'const' here
+ 803 | const vm_flags_t vm_flags;
+ | ^
+
+Silencing the instances from typecheck.h is difficult because '= {}' is
+not available in older but supported compilers and '= {0}' would cause
+warnings about a literal 0 being treated as NULL. While it might be
+possible to come up with a local hack to silence the warning for
+clang-21+, it may not be worth it since -Wuninitialized will still
+trigger if an uninitialized const variable is actually used.
+
+In all audited cases of the "field" variant of the warning, the members
+are either not used in the particular call path, modified through other
+means such as memset() / memcpy() because the containing object is not
+const, or are within a union with other non-const members.
+
+Since this warning does not appear to have a high signal to noise ratio,
+just disable it.
+
+Cc: stable@vger.kernel.org
+Link: https://github.com/llvm/llvm-project/commit/576161cb6069e2c7656a8ef530727a0f4aefff30 [1]
+Reported-by: Linux Kernel Functional Testing <lkft@linaro.org>
+Closes: https://lore.kernel.org/CA+G9fYuNjKcxFKS_MKPRuga32XbndkLGcY-PVuoSwzv6VWbY=w@mail.gmail.com/
+Reported-by: Marcus Seyfarth <m.seyfarth@gmail.com>
+Closes: https://github.com/ClangBuiltLinux/linux/issues/2088
+Signed-off-by: Nathan Chancellor <nathan@kernel.org>
+Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ scripts/Makefile.extrawarn | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+--- a/scripts/Makefile.extrawarn
++++ b/scripts/Makefile.extrawarn
+@@ -29,6 +29,18 @@ KBUILD_CFLAGS-$(CONFIG_CC_NO_ARRAY_BOUND
+ ifdef CONFIG_CC_IS_CLANG
+ # The kernel builds with '-std=gnu11' so use of GNU extensions is acceptable.
+ KBUILD_CFLAGS += -Wno-gnu
++
++# Clang may emit a warning when a const variable, such as the dummy variables
++# in typecheck(), or const member of an aggregate type are not initialized,
++# which can result in unexpected behavior. However, in many audited cases of
++# the "field" variant of the warning, this is intentional because the field is
++# never used within a particular call path, the field is within a union with
++# other non-const members, or the containing object is not const so the field
++# can be modified via memcpy() / memset(). While the variable warning also gets
++# disabled with this same switch, there should not be too much coverage lost
++# because -Wuninitialized will still flag when an uninitialized const variable
++# is used.
++KBUILD_CFLAGS += $(call cc-disable-warning, default-const-init-unsafe)
+ else
+
+ # gcc inanely warns about local variables called 'main'
--- /dev/null
+From f90fff1e152dedf52b932240ebbd670d83330eca Mon Sep 17 00:00:00 2001
+From: Oleg Nesterov <oleg@redhat.com>
+Date: Fri, 13 Jun 2025 19:26:50 +0200
+Subject: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Oleg Nesterov <oleg@redhat.com>
+
+commit f90fff1e152dedf52b932240ebbd670d83330eca upstream.
+
+If an exiting non-autoreaping task has already passed exit_notify() and
+calls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent
+or debugger right after unlock_task_sighand().
+
+If a concurrent posix_cpu_timer_del() runs at that moment, it won't be
+able to detect timer->it.cpu.firing != 0: cpu_timer_task_rcu() and/or
+lock_task_sighand() will fail.
+
+Add the tsk->exit_state check into run_posix_cpu_timers() to fix this.
+
+This fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because
+exit_task_work() is called before exit_notify(). But the check still
+makes sense, task_work_add(&tsk->posix_cputimers_work.work) will fail
+anyway in this case.
+
+Cc: stable@vger.kernel.org
+Reported-by: BenoƮt Sevens <bsevens@google.com>
+Fixes: 0bdd2ed4138e ("sched: run_posix_cpu_timers: Don't check ->exit_state, use lock_task_sighand()")
+Signed-off-by: Oleg Nesterov <oleg@redhat.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/time/posix-cpu-timers.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+--- a/kernel/time/posix-cpu-timers.c
++++ b/kernel/time/posix-cpu-timers.c
+@@ -1438,6 +1438,15 @@ void run_posix_cpu_timers(void)
+ lockdep_assert_irqs_disabled();
+
+ /*
++ * Ensure that release_task(tsk) can't happen while
++ * handle_posix_cpu_timers() is running. Otherwise, a concurrent
++ * posix_cpu_timer_del() may fail to lock_task_sighand(tsk) and
++ * miss timer->it.cpu.firing != 0.
++ */
++ if (tsk->exit_state)
++ return;
++
++ /*
+ * If the actual expiry is deferred to task work context and the
+ * work is already scheduled there is no point to do anything here.
+ */
projects / thirdparty / kernel / stable-queue.git / commitdiff
