From: Sasha Levin Date: Fri, 27 Jan 2023 02:07:30 +0000 (-0500) Subject: Fixes for 5.15 X-Git-Tag: v5.10.166~70^2~4 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=568ca32c04a41117ba75629f0b2d7f8b3dba9277;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 5.15 Signed-off-by: Sasha Levin --- diff --git a/queue-5.15/bluetooth-hci_sync-cancel-cmd_timer-if-hci_open-fail.patch b/queue-5.15/bluetooth-hci_sync-cancel-cmd_timer-if-hci_open-fail.patch new file mode 100644 index 00000000000..ad8e4ed94a8 --- /dev/null +++ b/queue-5.15/bluetooth-hci_sync-cancel-cmd_timer-if-hci_open-fail.patch @@ -0,0 +1,36 @@ +From 689fbb14915100080aa97d3199e5a867fce0b63a Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 26 Jan 2023 16:38:17 +0300 +Subject: Bluetooth: hci_sync: cancel cmd_timer if hci_open failed + +From: Archie Pusaka + +commit 97dfaf073f5881c624856ef293be307b6166115c upstream. + +If a command is already sent, we take care of freeing it, but we +also need to cancel the timeout as well. + +Signed-off-by: Archie Pusaka +Reviewed-by: Abhishek Pandit-Subedi +Signed-off-by: Luiz Augusto von Dentz +Signed-off-by: Fedor Pchelkin +Signed-off-by: Sasha Levin +--- + net/bluetooth/hci_core.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c +index a41b4dcf1a7a..cabe8eb4c14f 100644 +--- a/net/bluetooth/hci_core.c ++++ b/net/bluetooth/hci_core.c +@@ -1632,6 +1632,7 @@ static int hci_dev_do_open(struct hci_dev *hdev) + hdev->flush(hdev); + + if (hdev->sent_cmd) { ++ cancel_delayed_work_sync(&hdev->cmd_timer); + kfree_skb(hdev->sent_cmd); + hdev->sent_cmd = NULL; + } +-- +2.39.0 + diff --git a/queue-5.15/csky-fix-function-name-in-csky_alignment-and-die.patch b/queue-5.15/csky-fix-function-name-in-csky_alignment-and-die.patch new file mode 100644 index 00000000000..5cec57ae75c --- /dev/null +++ b/queue-5.15/csky-fix-function-name-in-csky_alignment-and-die.patch @@ -0,0 +1,61 @@ +From b67aa01b8323eed7db29a9baff206dbe71ba839a Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 24 Jan 2023 10:51:00 -0800 +Subject: csky: Fix function name in csky_alignment() and die() + +From: Nathan Chancellor + +commit 751971af2e3615dc5bd12674080bc795505fefeb upstream. + +When building ARCH=csky defconfig: + +arch/csky/kernel/traps.c: In function 'die': +arch/csky/kernel/traps.c:112:17: error: implicit declaration of function +'make_dead_task' [-Werror=implicit-function-declaration] + 112 | make_dead_task(SIGSEGV); + | ^~~~~~~~~~~~~~ + +The function's name is make_task_dead(), change it so there is no more +build error. + +Fixes: 0e25498f8cd4 ("exit: Add and use make_task_dead.") +Signed-off-by: Nathan Chancellor +Reviewed-by: Guo Ren +Link: https://lkml.kernel.org/r/20211227184851.2297759-4-nathan@kernel.org +Signed-off-by: Eric W. Biederman +Signed-off-by: Eric Biggers +Signed-off-by: Sasha Levin +--- + arch/csky/abiv1/alignment.c | 2 +- + arch/csky/kernel/traps.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/arch/csky/abiv1/alignment.c b/arch/csky/abiv1/alignment.c +index 5e2fb45d605c..2df115d0e210 100644 +--- a/arch/csky/abiv1/alignment.c ++++ b/arch/csky/abiv1/alignment.c +@@ -294,7 +294,7 @@ void csky_alignment(struct pt_regs *regs) + __func__, opcode, rz, rx, imm, addr); + show_regs(regs); + bust_spinlocks(0); +- make_dead_task(SIGKILL); ++ make_task_dead(SIGKILL); + } + + force_sig_fault(SIGBUS, BUS_ADRALN, (void __user *)addr); +diff --git a/arch/csky/kernel/traps.c b/arch/csky/kernel/traps.c +index b445c5aee220..6e426fba0119 100644 +--- a/arch/csky/kernel/traps.c ++++ b/arch/csky/kernel/traps.c +@@ -109,7 +109,7 @@ void die(struct pt_regs *regs, const char *str) + if (panic_on_oops) + panic("Fatal exception"); + if (ret != NOTIFY_STOP) +- make_dead_task(SIGSEGV); ++ make_task_dead(SIGSEGV); + } + + void do_trap(struct pt_regs *regs, int signo, int code, unsigned long addr) +-- +2.39.0 + diff --git a/queue-5.15/docs-fix-path-paste-o-for-sys-kernel-warn_count.patch b/queue-5.15/docs-fix-path-paste-o-for-sys-kernel-warn_count.patch new file mode 100644 index 00000000000..8ee8ab53997 --- /dev/null +++ b/queue-5.15/docs-fix-path-paste-o-for-sys-kernel-warn_count.patch @@ -0,0 +1,42 @@ +From 26841ec434b22038c32f6141321633b2fcb4ef4c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 24 Jan 2023 10:51:09 -0800 +Subject: docs: Fix path paste-o for /sys/kernel/warn_count + +From: Kees Cook + +commit 00dd027f721e0458418f7750d8a5a664ed3e5994 upstream. + +Running "make htmldocs" shows that "/sys/kernel/oops_count" was +duplicated. This should have been "warn_count": + + Warning: /sys/kernel/oops_count is defined 2 times: + ./Documentation/ABI/testing/sysfs-kernel-warn_count:0 + ./Documentation/ABI/testing/sysfs-kernel-oops_count:0 + +Fix the typo. + +Reported-by: kernel test robot +Link: https://lore.kernel.org/linux-doc/202212110529.A3Qav8aR-lkp@intel.com +Fixes: 8b05aa263361 ("panic: Expose "warn_count" to sysfs") +Cc: linux-hardening@vger.kernel.org +Signed-off-by: Kees Cook +Signed-off-by: Eric Biggers +Signed-off-by: Sasha Levin +--- + Documentation/ABI/testing/sysfs-kernel-warn_count | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Documentation/ABI/testing/sysfs-kernel-warn_count b/Documentation/ABI/testing/sysfs-kernel-warn_count +index 08f083d2fd51..90a029813717 100644 +--- a/Documentation/ABI/testing/sysfs-kernel-warn_count ++++ b/Documentation/ABI/testing/sysfs-kernel-warn_count +@@ -1,4 +1,4 @@ +-What: /sys/kernel/oops_count ++What: /sys/kernel/warn_count + Date: November 2022 + KernelVersion: 6.2.0 + Contact: Linux Kernel Hardening List +-- +2.39.0 + diff --git a/queue-5.15/exit-add-and-use-make_task_dead.patch b/queue-5.15/exit-add-and-use-make_task_dead.patch new file mode 100644 index 00000000000..ce9da263007 --- /dev/null +++ b/queue-5.15/exit-add-and-use-make_task_dead.patch @@ -0,0 +1,690 @@ +From 8b684719d5195b31cffe5ec9721a0ecea00d9421 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 24 Jan 2023 10:50:56 -0800 +Subject: exit: Add and use make_task_dead. + +From: Eric W. Biederman + +commit 0e25498f8cd43c1b5aa327f373dd094e9a006da7 upstream. + +There are two big uses of do_exit. The first is it's design use to be +the guts of the exit(2) system call. The second use is to terminate +a task after something catastrophic has happened like a NULL pointer +in kernel code. + +Add a function make_task_dead that is initialy exactly the same as +do_exit to cover the cases where do_exit is called to handle +catastrophic failure. In time this can probably be reduced to just a +light wrapper around do_task_dead. For now keep it exactly the same so +that there will be no behavioral differences introducing this new +concept. + +Replace all of the uses of do_exit that use it for catastraphic +task cleanup with make_task_dead to make it clear what the code +is doing. + +As part of this rename rewind_stack_do_exit +rewind_stack_and_make_dead. + +Signed-off-by: "Eric W. Biederman" +Signed-off-by: Eric Biggers +Signed-off-by: Sasha Levin +--- + arch/alpha/kernel/traps.c | 6 +++--- + arch/alpha/mm/fault.c | 2 +- + arch/arm/kernel/traps.c | 2 +- + arch/arm/mm/fault.c | 2 +- + arch/arm64/kernel/traps.c | 2 +- + arch/arm64/mm/fault.c | 2 +- + arch/csky/abiv1/alignment.c | 2 +- + arch/csky/kernel/traps.c | 2 +- + arch/csky/mm/fault.c | 2 +- + arch/h8300/kernel/traps.c | 2 +- + arch/h8300/mm/fault.c | 2 +- + arch/hexagon/kernel/traps.c | 2 +- + arch/ia64/kernel/mca_drv.c | 2 +- + arch/ia64/kernel/traps.c | 2 +- + arch/ia64/mm/fault.c | 2 +- + arch/m68k/kernel/traps.c | 2 +- + arch/m68k/mm/fault.c | 2 +- + arch/microblaze/kernel/exceptions.c | 4 ++-- + arch/mips/kernel/traps.c | 2 +- + arch/nds32/kernel/fpu.c | 2 +- + arch/nds32/kernel/traps.c | 8 ++++---- + arch/nios2/kernel/traps.c | 4 ++-- + arch/openrisc/kernel/traps.c | 2 +- + arch/parisc/kernel/traps.c | 2 +- + arch/powerpc/kernel/traps.c | 8 ++++---- + arch/riscv/kernel/traps.c | 2 +- + arch/riscv/mm/fault.c | 2 +- + arch/s390/kernel/dumpstack.c | 2 +- + arch/s390/kernel/nmi.c | 2 +- + arch/sh/kernel/traps.c | 2 +- + arch/sparc/kernel/traps_32.c | 4 +--- + arch/sparc/kernel/traps_64.c | 4 +--- + arch/x86/entry/entry_32.S | 6 +++--- + arch/x86/entry/entry_64.S | 6 +++--- + arch/x86/kernel/dumpstack.c | 4 ++-- + arch/xtensa/kernel/traps.c | 2 +- + include/linux/sched/task.h | 1 + + kernel/exit.c | 9 +++++++++ + tools/objtool/check.c | 3 ++- + 39 files changed, 63 insertions(+), 56 deletions(-) + +diff --git a/arch/alpha/kernel/traps.c b/arch/alpha/kernel/traps.c +index e805106409f7..f5ba12adde67 100644 +--- a/arch/alpha/kernel/traps.c ++++ b/arch/alpha/kernel/traps.c +@@ -192,7 +192,7 @@ die_if_kernel(char * str, struct pt_regs *regs, long err, unsigned long *r9_15) + local_irq_enable(); + while (1); + } +- do_exit(SIGSEGV); ++ make_task_dead(SIGSEGV); + } + + #ifndef CONFIG_MATHEMU +@@ -577,7 +577,7 @@ do_entUna(void * va, unsigned long opcode, unsigned long reg, + + printk("Bad unaligned kernel access at %016lx: %p %lx %lu\n", + pc, va, opcode, reg); +- do_exit(SIGSEGV); ++ make_task_dead(SIGSEGV); + + got_exception: + /* Ok, we caught the exception, but we don't want it. Is there +@@ -632,7 +632,7 @@ do_entUna(void * va, unsigned long opcode, unsigned long reg, + local_irq_enable(); + while (1); + } +- do_exit(SIGSEGV); ++ make_task_dead(SIGSEGV); + } + + /* +diff --git a/arch/alpha/mm/fault.c b/arch/alpha/mm/fault.c +index eee5102c3d88..e9193d52222e 100644 +--- a/arch/alpha/mm/fault.c ++++ b/arch/alpha/mm/fault.c +@@ -204,7 +204,7 @@ do_page_fault(unsigned long address, unsigned long mmcsr, + printk(KERN_ALERT "Unable to handle kernel paging request at " + "virtual address %016lx\n", address); + die_if_kernel("Oops", regs, cause, (unsigned long*)regs - 16); +- do_exit(SIGKILL); ++ make_task_dead(SIGKILL); + + /* We ran out of memory, or some other thing happened to us that + made us unable to handle the page fault gracefully. */ +diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c +index 54abd8720dde..91e757bb054e 100644 +--- a/arch/arm/kernel/traps.c ++++ b/arch/arm/kernel/traps.c +@@ -334,7 +334,7 @@ static void oops_end(unsigned long flags, struct pt_regs *regs, int signr) + if (panic_on_oops) + panic("Fatal exception"); + if (signr) +- do_exit(signr); ++ make_task_dead(signr); + } + + /* +diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c +index efa402025031..af5177801fb1 100644 +--- a/arch/arm/mm/fault.c ++++ b/arch/arm/mm/fault.c +@@ -125,7 +125,7 @@ __do_kernel_fault(struct mm_struct *mm, unsigned long addr, unsigned int fsr, + show_pte(KERN_ALERT, mm, addr); + die("Oops", regs, fsr); + bust_spinlocks(0); +- do_exit(SIGKILL); ++ make_task_dead(SIGKILL); + } + + /* +diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c +index f859cc870d5b..21e69a991bc8 100644 +--- a/arch/arm64/kernel/traps.c ++++ b/arch/arm64/kernel/traps.c +@@ -235,7 +235,7 @@ void die(const char *str, struct pt_regs *regs, int err) + raw_spin_unlock_irqrestore(&die_lock, flags); + + if (ret != NOTIFY_STOP) +- do_exit(SIGSEGV); ++ make_task_dead(SIGSEGV); + } + + static void arm64_show_signal(int signo, const char *str) +diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c +index d09b21faa0b2..97a93ee756a2 100644 +--- a/arch/arm64/mm/fault.c ++++ b/arch/arm64/mm/fault.c +@@ -302,7 +302,7 @@ static void die_kernel_fault(const char *msg, unsigned long addr, + show_pte(addr); + die("Oops", regs, esr); + bust_spinlocks(0); +- do_exit(SIGKILL); ++ make_task_dead(SIGKILL); + } + + #ifdef CONFIG_KASAN_HW_TAGS +diff --git a/arch/csky/abiv1/alignment.c b/arch/csky/abiv1/alignment.c +index cb2a0d94a144..5e2fb45d605c 100644 +--- a/arch/csky/abiv1/alignment.c ++++ b/arch/csky/abiv1/alignment.c +@@ -294,7 +294,7 @@ void csky_alignment(struct pt_regs *regs) + __func__, opcode, rz, rx, imm, addr); + show_regs(regs); + bust_spinlocks(0); +- do_exit(SIGKILL); ++ make_dead_task(SIGKILL); + } + + force_sig_fault(SIGBUS, BUS_ADRALN, (void __user *)addr); +diff --git a/arch/csky/kernel/traps.c b/arch/csky/kernel/traps.c +index 2020af88b636..b445c5aee220 100644 +--- a/arch/csky/kernel/traps.c ++++ b/arch/csky/kernel/traps.c +@@ -109,7 +109,7 @@ void die(struct pt_regs *regs, const char *str) + if (panic_on_oops) + panic("Fatal exception"); + if (ret != NOTIFY_STOP) +- do_exit(SIGSEGV); ++ make_dead_task(SIGSEGV); + } + + void do_trap(struct pt_regs *regs, int signo, int code, unsigned long addr) +diff --git a/arch/csky/mm/fault.c b/arch/csky/mm/fault.c +index 466ad949818a..7215a46b6b8e 100644 +--- a/arch/csky/mm/fault.c ++++ b/arch/csky/mm/fault.c +@@ -67,7 +67,7 @@ static inline void no_context(struct pt_regs *regs, unsigned long addr) + pr_alert("Unable to handle kernel paging request at virtual " + "addr 0x%08lx, pc: 0x%08lx\n", addr, regs->pc); + die(regs, "Oops"); +- do_exit(SIGKILL); ++ make_task_dead(SIGKILL); + } + + static inline void mm_fault_error(struct pt_regs *regs, unsigned long addr, vm_fault_t fault) +diff --git a/arch/h8300/kernel/traps.c b/arch/h8300/kernel/traps.c +index bdbe988d8dbc..3d4e0bde37ae 100644 +--- a/arch/h8300/kernel/traps.c ++++ b/arch/h8300/kernel/traps.c +@@ -106,7 +106,7 @@ void die(const char *str, struct pt_regs *fp, unsigned long err) + dump(fp); + + spin_unlock_irq(&die_lock); +- do_exit(SIGSEGV); ++ make_dead_task(SIGSEGV); + } + + static int kstack_depth_to_print = 24; +diff --git a/arch/h8300/mm/fault.c b/arch/h8300/mm/fault.c +index d4bc9c16f2df..0223528565dd 100644 +--- a/arch/h8300/mm/fault.c ++++ b/arch/h8300/mm/fault.c +@@ -51,7 +51,7 @@ asmlinkage int do_page_fault(struct pt_regs *regs, unsigned long address, + printk(" at virtual address %08lx\n", address); + if (!user_mode(regs)) + die("Oops", regs, error_code); +- do_exit(SIGKILL); ++ make_dead_task(SIGKILL); + + return 1; + } +diff --git a/arch/hexagon/kernel/traps.c b/arch/hexagon/kernel/traps.c +index edfc35dafeb1..6dd6cf0ab711 100644 +--- a/arch/hexagon/kernel/traps.c ++++ b/arch/hexagon/kernel/traps.c +@@ -214,7 +214,7 @@ int die(const char *str, struct pt_regs *regs, long err) + panic("Fatal exception"); + + oops_exit(); +- do_exit(err); ++ make_dead_task(err); + return 0; + } + +diff --git a/arch/ia64/kernel/mca_drv.c b/arch/ia64/kernel/mca_drv.c +index 5bfc79be4cef..23c203639a96 100644 +--- a/arch/ia64/kernel/mca_drv.c ++++ b/arch/ia64/kernel/mca_drv.c +@@ -176,7 +176,7 @@ mca_handler_bh(unsigned long paddr, void *iip, unsigned long ipsr) + spin_unlock(&mca_bh_lock); + + /* This process is about to be killed itself */ +- do_exit(SIGKILL); ++ make_task_dead(SIGKILL); + } + + /** +diff --git a/arch/ia64/kernel/traps.c b/arch/ia64/kernel/traps.c +index e13cb905930f..753642366e12 100644 +--- a/arch/ia64/kernel/traps.c ++++ b/arch/ia64/kernel/traps.c +@@ -85,7 +85,7 @@ die (const char *str, struct pt_regs *regs, long err) + if (panic_on_oops) + panic("Fatal exception"); + +- do_exit(SIGSEGV); ++ make_task_dead(SIGSEGV); + return 0; + } + +diff --git a/arch/ia64/mm/fault.c b/arch/ia64/mm/fault.c +index 02de2e70c587..4796cccbf74f 100644 +--- a/arch/ia64/mm/fault.c ++++ b/arch/ia64/mm/fault.c +@@ -259,7 +259,7 @@ ia64_do_page_fault (unsigned long address, unsigned long isr, struct pt_regs *re + regs = NULL; + bust_spinlocks(0); + if (regs) +- do_exit(SIGKILL); ++ make_task_dead(SIGKILL); + return; + + out_of_memory: +diff --git a/arch/m68k/kernel/traps.c b/arch/m68k/kernel/traps.c +index 34d6458340b0..59fc63feb0dc 100644 +--- a/arch/m68k/kernel/traps.c ++++ b/arch/m68k/kernel/traps.c +@@ -1131,7 +1131,7 @@ void die_if_kernel (char *str, struct pt_regs *fp, int nr) + pr_crit("%s: %08x\n", str, nr); + show_registers(fp); + add_taint(TAINT_DIE, LOCKDEP_NOW_UNRELIABLE); +- do_exit(SIGSEGV); ++ make_task_dead(SIGSEGV); + } + + asmlinkage void set_esp0(unsigned long ssp) +diff --git a/arch/m68k/mm/fault.c b/arch/m68k/mm/fault.c +index ef46e77e97a5..fcb3a0d8421c 100644 +--- a/arch/m68k/mm/fault.c ++++ b/arch/m68k/mm/fault.c +@@ -48,7 +48,7 @@ int send_fault_sig(struct pt_regs *regs) + pr_alert("Unable to handle kernel access"); + pr_cont(" at virtual address %p\n", addr); + die_if_kernel("Oops", regs, 0 /*error_code*/); +- do_exit(SIGKILL); ++ make_task_dead(SIGKILL); + } + + return 1; +diff --git a/arch/microblaze/kernel/exceptions.c b/arch/microblaze/kernel/exceptions.c +index 908788497b28..fd153d5fab98 100644 +--- a/arch/microblaze/kernel/exceptions.c ++++ b/arch/microblaze/kernel/exceptions.c +@@ -44,10 +44,10 @@ void die(const char *str, struct pt_regs *fp, long err) + pr_warn("Oops: %s, sig: %ld\n", str, err); + show_regs(fp); + spin_unlock_irq(&die_lock); +- /* do_exit() should take care of panic'ing from an interrupt ++ /* make_task_dead() should take care of panic'ing from an interrupt + * context so we don't handle it here + */ +- do_exit(err); ++ make_task_dead(err); + } + + /* for user application debugging */ +diff --git a/arch/mips/kernel/traps.c b/arch/mips/kernel/traps.c +index edd93430b954..afb2c955d99e 100644 +--- a/arch/mips/kernel/traps.c ++++ b/arch/mips/kernel/traps.c +@@ -416,7 +416,7 @@ void __noreturn die(const char *str, struct pt_regs *regs) + if (regs && kexec_should_crash(current)) + crash_kexec(regs); + +- do_exit(sig); ++ make_task_dead(sig); + } + + extern struct exception_table_entry __start___dbe_table[]; +diff --git a/arch/nds32/kernel/fpu.c b/arch/nds32/kernel/fpu.c +index 9edd7ed7d7bf..701c09a668de 100644 +--- a/arch/nds32/kernel/fpu.c ++++ b/arch/nds32/kernel/fpu.c +@@ -223,7 +223,7 @@ inline void handle_fpu_exception(struct pt_regs *regs) + } + } else if (fpcsr & FPCSR_mskRIT) { + if (!user_mode(regs)) +- do_exit(SIGILL); ++ make_task_dead(SIGILL); + si_signo = SIGILL; + } + +diff --git a/arch/nds32/kernel/traps.c b/arch/nds32/kernel/traps.c +index f06421c645af..b90030e8e546 100644 +--- a/arch/nds32/kernel/traps.c ++++ b/arch/nds32/kernel/traps.c +@@ -141,7 +141,7 @@ void die(const char *str, struct pt_regs *regs, int err) + + bust_spinlocks(0); + spin_unlock_irq(&die_lock); +- do_exit(SIGSEGV); ++ make_task_dead(SIGSEGV); + } + + EXPORT_SYMBOL(die); +@@ -240,7 +240,7 @@ void unhandled_interruption(struct pt_regs *regs) + pr_emerg("unhandled_interruption\n"); + show_regs(regs); + if (!user_mode(regs)) +- do_exit(SIGKILL); ++ make_task_dead(SIGKILL); + force_sig(SIGKILL); + } + +@@ -251,7 +251,7 @@ void unhandled_exceptions(unsigned long entry, unsigned long addr, + addr, type); + show_regs(regs); + if (!user_mode(regs)) +- do_exit(SIGKILL); ++ make_task_dead(SIGKILL); + force_sig(SIGKILL); + } + +@@ -278,7 +278,7 @@ void do_revinsn(struct pt_regs *regs) + pr_emerg("Reserved Instruction\n"); + show_regs(regs); + if (!user_mode(regs)) +- do_exit(SIGILL); ++ make_task_dead(SIGILL); + force_sig(SIGILL); + } + +diff --git a/arch/nios2/kernel/traps.c b/arch/nios2/kernel/traps.c +index 596986a74a26..85ac49d64cf7 100644 +--- a/arch/nios2/kernel/traps.c ++++ b/arch/nios2/kernel/traps.c +@@ -37,10 +37,10 @@ void die(const char *str, struct pt_regs *regs, long err) + show_regs(regs); + spin_unlock_irq(&die_lock); + /* +- * do_exit() should take care of panic'ing from an interrupt ++ * make_task_dead() should take care of panic'ing from an interrupt + * context so we don't handle it here + */ +- do_exit(err); ++ make_task_dead(err); + } + + void _exception(int signo, struct pt_regs *regs, int code, unsigned long addr) +diff --git a/arch/openrisc/kernel/traps.c b/arch/openrisc/kernel/traps.c +index aa1e709405ac..9df1d85bfe1d 100644 +--- a/arch/openrisc/kernel/traps.c ++++ b/arch/openrisc/kernel/traps.c +@@ -212,7 +212,7 @@ void die(const char *str, struct pt_regs *regs, long err) + __asm__ __volatile__("l.nop 1"); + do {} while (1); + #endif +- do_exit(SIGSEGV); ++ make_task_dead(SIGSEGV); + } + + /* This is normally the 'Oops' routine */ +diff --git a/arch/parisc/kernel/traps.c b/arch/parisc/kernel/traps.c +index 6fe5a3e98edc..70ace3687950 100644 +--- a/arch/parisc/kernel/traps.c ++++ b/arch/parisc/kernel/traps.c +@@ -268,7 +268,7 @@ void die_if_kernel(char *str, struct pt_regs *regs, long err) + panic("Fatal exception"); + + oops_exit(); +- do_exit(SIGSEGV); ++ make_task_dead(SIGSEGV); + } + + /* gdb uses break 4,8 */ +diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c +index 11741703d26e..a08bb7cefdc5 100644 +--- a/arch/powerpc/kernel/traps.c ++++ b/arch/powerpc/kernel/traps.c +@@ -245,7 +245,7 @@ static void oops_end(unsigned long flags, struct pt_regs *regs, + + if (panic_on_oops) + panic("Fatal exception"); +- do_exit(signr); ++ make_task_dead(signr); + } + NOKPROBE_SYMBOL(oops_end); + +@@ -792,9 +792,9 @@ int machine_check_generic(struct pt_regs *regs) + void die_mce(const char *str, struct pt_regs *regs, long err) + { + /* +- * The machine check wants to kill the interrupted context, but +- * do_exit() checks for in_interrupt() and panics in that case, so +- * exit the irq/nmi before calling die. ++ * The machine check wants to kill the interrupted context, ++ * but make_task_dead() checks for in_interrupt() and panics ++ * in that case, so exit the irq/nmi before calling die. + */ + if (in_nmi()) + nmi_exit(); +diff --git a/arch/riscv/kernel/traps.c b/arch/riscv/kernel/traps.c +index 4102c97309cc..6084bd93d2f5 100644 +--- a/arch/riscv/kernel/traps.c ++++ b/arch/riscv/kernel/traps.c +@@ -59,7 +59,7 @@ void die(struct pt_regs *regs, const char *str) + if (panic_on_oops) + panic("Fatal exception"); + if (ret != NOTIFY_STOP) +- do_exit(SIGSEGV); ++ make_task_dead(SIGSEGV); + } + + void do_trap(struct pt_regs *regs, int signo, int code, unsigned long addr) +diff --git a/arch/riscv/mm/fault.c b/arch/riscv/mm/fault.c +index 7cfaf366463f..676a3f28811f 100644 +--- a/arch/riscv/mm/fault.c ++++ b/arch/riscv/mm/fault.c +@@ -31,7 +31,7 @@ static void die_kernel_fault(const char *msg, unsigned long addr, + + bust_spinlocks(0); + die(regs, "Oops"); +- do_exit(SIGKILL); ++ make_task_dead(SIGKILL); + } + + static inline void no_context(struct pt_regs *regs, unsigned long addr) +diff --git a/arch/s390/kernel/dumpstack.c b/arch/s390/kernel/dumpstack.c +index db1bc00229ca..272ef8597e20 100644 +--- a/arch/s390/kernel/dumpstack.c ++++ b/arch/s390/kernel/dumpstack.c +@@ -224,5 +224,5 @@ void die(struct pt_regs *regs, const char *str) + if (panic_on_oops) + panic("Fatal exception: panic_on_oops"); + oops_exit(); +- do_exit(SIGSEGV); ++ make_task_dead(SIGSEGV); + } +diff --git a/arch/s390/kernel/nmi.c b/arch/s390/kernel/nmi.c +index 383b4799b6dd..d4f071e73a0a 100644 +--- a/arch/s390/kernel/nmi.c ++++ b/arch/s390/kernel/nmi.c +@@ -175,7 +175,7 @@ void __s390_handle_mcck(void) + "malfunction (code 0x%016lx).\n", mcck.mcck_code); + printk(KERN_EMERG "mcck: task: %s, pid: %d.\n", + current->comm, current->pid); +- do_exit(SIGSEGV); ++ make_task_dead(SIGSEGV); + } + } + +diff --git a/arch/sh/kernel/traps.c b/arch/sh/kernel/traps.c +index e76b22157099..361b764700b7 100644 +--- a/arch/sh/kernel/traps.c ++++ b/arch/sh/kernel/traps.c +@@ -57,7 +57,7 @@ void die(const char *str, struct pt_regs *regs, long err) + if (panic_on_oops) + panic("Fatal exception"); + +- do_exit(SIGSEGV); ++ make_task_dead(SIGSEGV); + } + + void die_if_kernel(const char *str, struct pt_regs *regs, long err) +diff --git a/arch/sparc/kernel/traps_32.c b/arch/sparc/kernel/traps_32.c +index 5630e5a395e0..179aabfa712e 100644 +--- a/arch/sparc/kernel/traps_32.c ++++ b/arch/sparc/kernel/traps_32.c +@@ -86,9 +86,7 @@ void __noreturn die_if_kernel(char *str, struct pt_regs *regs) + } + printk("Instruction DUMP:"); + instruction_dump ((unsigned long *) regs->pc); +- if(regs->psr & PSR_PS) +- do_exit(SIGKILL); +- do_exit(SIGSEGV); ++ make_task_dead((regs->psr & PSR_PS) ? SIGKILL : SIGSEGV); + } + + void do_hw_interrupt(struct pt_regs *regs, unsigned long type) +diff --git a/arch/sparc/kernel/traps_64.c b/arch/sparc/kernel/traps_64.c +index 6863025ed56d..21077821f427 100644 +--- a/arch/sparc/kernel/traps_64.c ++++ b/arch/sparc/kernel/traps_64.c +@@ -2559,9 +2559,7 @@ void __noreturn die_if_kernel(char *str, struct pt_regs *regs) + } + if (panic_on_oops) + panic("Fatal exception"); +- if (regs->tstate & TSTATE_PRIV) +- do_exit(SIGKILL); +- do_exit(SIGSEGV); ++ make_task_dead((regs->tstate & TSTATE_PRIV)? SIGKILL : SIGSEGV); + } + EXPORT_SYMBOL(die_if_kernel); + +diff --git a/arch/x86/entry/entry_32.S b/arch/x86/entry/entry_32.S +index 6b44263d7efb..e309e7156038 100644 +--- a/arch/x86/entry/entry_32.S ++++ b/arch/x86/entry/entry_32.S +@@ -1239,14 +1239,14 @@ SYM_CODE_START(asm_exc_nmi) + SYM_CODE_END(asm_exc_nmi) + + .pushsection .text, "ax" +-SYM_CODE_START(rewind_stack_do_exit) ++SYM_CODE_START(rewind_stack_and_make_dead) + /* Prevent any naive code from trying to unwind to our caller. */ + xorl %ebp, %ebp + + movl PER_CPU_VAR(cpu_current_top_of_stack), %esi + leal -TOP_OF_KERNEL_STACK_PADDING-PTREGS_SIZE(%esi), %esp + +- call do_exit ++ call make_task_dead + 1: jmp 1b +-SYM_CODE_END(rewind_stack_do_exit) ++SYM_CODE_END(rewind_stack_and_make_dead) + .popsection +diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S +index a3af2a9159b1..9f1333a9ee41 100644 +--- a/arch/x86/entry/entry_64.S ++++ b/arch/x86/entry/entry_64.S +@@ -1487,7 +1487,7 @@ SYM_CODE_END(ignore_sysret) + #endif + + .pushsection .text, "ax" +-SYM_CODE_START(rewind_stack_do_exit) ++SYM_CODE_START(rewind_stack_and_make_dead) + UNWIND_HINT_FUNC + /* Prevent any naive code from trying to unwind to our caller. */ + xorl %ebp, %ebp +@@ -1496,6 +1496,6 @@ SYM_CODE_START(rewind_stack_do_exit) + leaq -PTREGS_SIZE(%rax), %rsp + UNWIND_HINT_REGS + +- call do_exit +-SYM_CODE_END(rewind_stack_do_exit) ++ call make_task_dead ++SYM_CODE_END(rewind_stack_and_make_dead) + .popsection +diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c +index ea4fe192189d..53de044e5654 100644 +--- a/arch/x86/kernel/dumpstack.c ++++ b/arch/x86/kernel/dumpstack.c +@@ -351,7 +351,7 @@ unsigned long oops_begin(void) + } + NOKPROBE_SYMBOL(oops_begin); + +-void __noreturn rewind_stack_do_exit(int signr); ++void __noreturn rewind_stack_and_make_dead(int signr); + + void oops_end(unsigned long flags, struct pt_regs *regs, int signr) + { +@@ -386,7 +386,7 @@ void oops_end(unsigned long flags, struct pt_regs *regs, int signr) + * reuse the task stack and that existing poisons are invalid. + */ + kasan_unpoison_task_stack(current); +- rewind_stack_do_exit(signr); ++ rewind_stack_and_make_dead(signr); + } + NOKPROBE_SYMBOL(oops_end); + +diff --git a/arch/xtensa/kernel/traps.c b/arch/xtensa/kernel/traps.c +index 874b6efc6fb3..904086ad5682 100644 +--- a/arch/xtensa/kernel/traps.c ++++ b/arch/xtensa/kernel/traps.c +@@ -552,5 +552,5 @@ void die(const char * str, struct pt_regs * regs, long err) + if (panic_on_oops) + panic("Fatal exception"); + +- do_exit(err); ++ make_task_dead(err); + } +diff --git a/include/linux/sched/task.h b/include/linux/sched/task.h +index caae8e045160..d351f1b362ef 100644 +--- a/include/linux/sched/task.h ++++ b/include/linux/sched/task.h +@@ -59,6 +59,7 @@ extern void sched_post_fork(struct task_struct *p); + extern void sched_dead(struct task_struct *p); + + void __noreturn do_task_dead(void); ++void __noreturn make_task_dead(int signr); + + extern void proc_caches_init(void); + +diff --git a/kernel/exit.c b/kernel/exit.c +index aefe7445508d..5d1a507fd4ba 100644 +--- a/kernel/exit.c ++++ b/kernel/exit.c +@@ -877,6 +877,15 @@ void __noreturn do_exit(long code) + } + EXPORT_SYMBOL_GPL(do_exit); + ++void __noreturn make_task_dead(int signr) ++{ ++ /* ++ * Take the task off the cpu after something catastrophic has ++ * happened. ++ */ ++ do_exit(signr); ++} ++ + void complete_and_exit(struct completion *comp, long code) + { + if (comp) +diff --git a/tools/objtool/check.c b/tools/objtool/check.c +index 308c8806ad94..82ade76dcef2 100644 +--- a/tools/objtool/check.c ++++ b/tools/objtool/check.c +@@ -169,6 +169,7 @@ static bool __dead_end_function(struct objtool_file *file, struct symbol *func, + "panic", + "do_exit", + "do_task_dead", ++ "make_task_dead", + "__module_put_and_exit", + "complete_and_exit", + "__reiserfs_panic", +@@ -176,7 +177,7 @@ static bool __dead_end_function(struct objtool_file *file, struct symbol *func, + "fortify_panic", + "usercopy_abort", + "machine_real_restart", +- "rewind_stack_do_exit", ++ "rewind_stack_and_make_dead" + "kunit_try_catch_throw", + "xen_start_kernel", + "cpu_bringup_and_idle", +-- +2.39.0 + diff --git a/queue-5.15/exit-allow-oops_limit-to-be-disabled.patch b/queue-5.15/exit-allow-oops_limit-to-be-disabled.patch new file mode 100644 index 00000000000..cda2ce0da32 --- /dev/null +++ b/queue-5.15/exit-allow-oops_limit-to-be-disabled.patch @@ -0,0 +1,62 @@ +From 202b8a0e7f8259ff2020d032a3dda4147d7391ce Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 24 Jan 2023 10:51:05 -0800 +Subject: exit: Allow oops_limit to be disabled + +From: Kees Cook + +commit de92f65719cd672f4b48397540b9f9eff67eca40 upstream. + +In preparation for keeping oops_limit logic in sync with warn_limit, +have oops_limit == 0 disable checking the Oops counter. + +Cc: Jann Horn +Cc: Jonathan Corbet +Cc: Andrew Morton +Cc: Baolin Wang +Cc: "Jason A. Donenfeld" +Cc: Eric Biggers +Cc: Huang Ying +Cc: "Eric W. Biederman" +Cc: Arnd Bergmann +Cc: linux-doc@vger.kernel.org +Signed-off-by: Kees Cook +Signed-off-by: Eric Biggers +Signed-off-by: Sasha Levin +--- + Documentation/admin-guide/sysctl/kernel.rst | 5 +++-- + kernel/exit.c | 2 +- + 2 files changed, 4 insertions(+), 3 deletions(-) + +diff --git a/Documentation/admin-guide/sysctl/kernel.rst b/Documentation/admin-guide/sysctl/kernel.rst +index b6e68d6f297e..d6f1d3892e71 100644 +--- a/Documentation/admin-guide/sysctl/kernel.rst ++++ b/Documentation/admin-guide/sysctl/kernel.rst +@@ -675,8 +675,9 @@ oops_limit + ========== + + Number of kernel oopses after which the kernel should panic when +-``panic_on_oops`` is not set. Setting this to 0 or 1 has the same effect +-as setting ``panic_on_oops=1``. ++``panic_on_oops`` is not set. Setting this to 0 disables checking ++the count. Setting this to 1 has the same effect as setting ++``panic_on_oops=1``. The default value is 10000. + + + osrelease, ostype & version +diff --git a/kernel/exit.c b/kernel/exit.c +index f68a9c6adfc9..f6c85101dba0 100644 +--- a/kernel/exit.c ++++ b/kernel/exit.c +@@ -941,7 +941,7 @@ void __noreturn make_task_dead(int signr) + * To make sure this can't happen, place an upper bound on how often the + * kernel may oops without panic(). + */ +- if (atomic_inc_return(&oops_count) >= READ_ONCE(oops_limit)) ++ if (atomic_inc_return(&oops_count) >= READ_ONCE(oops_limit) && oops_limit) + panic("Oopsed too often (kernel.oops_limit is %d)", oops_limit); + + do_exit(signr); +-- +2.39.0 + diff --git a/queue-5.15/exit-expose-oops_count-to-sysfs.patch b/queue-5.15/exit-expose-oops_count-to-sysfs.patch new file mode 100644 index 00000000000..44d473ae209 --- /dev/null +++ b/queue-5.15/exit-expose-oops_count-to-sysfs.patch @@ -0,0 +1,88 @@ +From f9b5542e9c2120acd7f1f0f73c4c0ec5d4be301a Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 24 Jan 2023 10:51:04 -0800 +Subject: exit: Expose "oops_count" to sysfs + +From: Kees Cook + +commit 9db89b41117024f80b38b15954017fb293133364 upstream. + +Since Oops count is now tracked and is a fairly interesting signal, add +the entry /sys/kernel/oops_count to expose it to userspace. + +Cc: "Eric W. Biederman" +Cc: Jann Horn +Cc: Arnd Bergmann +Reviewed-by: Luis Chamberlain +Signed-off-by: Kees Cook +Link: https://lore.kernel.org/r/20221117234328.594699-3-keescook@chromium.org +Signed-off-by: Eric Biggers +Signed-off-by: Sasha Levin +--- + .../ABI/testing/sysfs-kernel-oops_count | 6 +++++ + kernel/exit.c | 22 +++++++++++++++++-- + 2 files changed, 26 insertions(+), 2 deletions(-) + create mode 100644 Documentation/ABI/testing/sysfs-kernel-oops_count + +diff --git a/Documentation/ABI/testing/sysfs-kernel-oops_count b/Documentation/ABI/testing/sysfs-kernel-oops_count +new file mode 100644 +index 000000000000..156cca9dbc96 +--- /dev/null ++++ b/Documentation/ABI/testing/sysfs-kernel-oops_count +@@ -0,0 +1,6 @@ ++What: /sys/kernel/oops_count ++Date: November 2022 ++KernelVersion: 6.2.0 ++Contact: Linux Kernel Hardening List ++Description: ++ Shows how many times the system has Oopsed since last boot. +diff --git a/kernel/exit.c b/kernel/exit.c +index 172d7f835f80..f68a9c6adfc9 100644 +--- a/kernel/exit.c ++++ b/kernel/exit.c +@@ -64,6 +64,7 @@ + #include + #include + #include ++#include + + #include + #include +@@ -96,6 +97,25 @@ static __init int kernel_exit_sysctls_init(void) + late_initcall(kernel_exit_sysctls_init); + #endif + ++static atomic_t oops_count = ATOMIC_INIT(0); ++ ++#ifdef CONFIG_SYSFS ++static ssize_t oops_count_show(struct kobject *kobj, struct kobj_attribute *attr, ++ char *page) ++{ ++ return sysfs_emit(page, "%d\n", atomic_read(&oops_count)); ++} ++ ++static struct kobj_attribute oops_count_attr = __ATTR_RO(oops_count); ++ ++static __init int kernel_exit_sysfs_init(void) ++{ ++ sysfs_add_file_to_group(kernel_kobj, &oops_count_attr.attr, NULL); ++ return 0; ++} ++late_initcall(kernel_exit_sysfs_init); ++#endif ++ + static void __unhash_process(struct task_struct *p, bool group_dead) + { + nr_threads--; +@@ -906,8 +926,6 @@ EXPORT_SYMBOL_GPL(do_exit); + + void __noreturn make_task_dead(int signr) + { +- static atomic_t oops_count = ATOMIC_INIT(0); +- + /* + * Take the task off the cpu after something catastrophic has + * happened. +-- +2.39.0 + diff --git a/queue-5.15/exit-put-an-upper-limit-on-how-often-we-can-oops.patch b/queue-5.15/exit-put-an-upper-limit-on-how-often-we-can-oops.patch new file mode 100644 index 00000000000..2c745fafdc5 --- /dev/null +++ b/queue-5.15/exit-put-an-upper-limit-on-how-often-we-can-oops.patch @@ -0,0 +1,147 @@ +From b06283dbf6b66665250430893943dec1f1c6d396 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 24 Jan 2023 10:51:03 -0800 +Subject: exit: Put an upper limit on how often we can oops + +From: Jann Horn + +commit d4ccd54d28d3c8598e2354acc13e28c060961dbb upstream. + +Many Linux systems are configured to not panic on oops; but allowing an +attacker to oops the system **really** often can make even bugs that look +completely unexploitable exploitable (like NULL dereferences and such) if +each crash elevates a refcount by one or a lock is taken in read mode, and +this causes a counter to eventually overflow. + +The most interesting counters for this are 32 bits wide (like open-coded +refcounts that don't use refcount_t). (The ldsem reader count on 32-bit +platforms is just 16 bits, but probably nobody cares about 32-bit platforms +that much nowadays.) + +So let's panic the system if the kernel is constantly oopsing. + +The speed of oopsing 2^32 times probably depends on several factors, like +how long the stack trace is and which unwinder you're using; an empirically +important one is whether your console is showing a graphical environment or +a text console that oopses will be printed to. +In a quick single-threaded benchmark, it looks like oopsing in a vfork() +child with a very short stack trace only takes ~510 microseconds per run +when a graphical console is active; but switching to a text console that +oopses are printed to slows it down around 87x, to ~45 milliseconds per +run. +(Adding more threads makes this faster, but the actual oops printing +happens under &die_lock on x86, so you can maybe speed this up by a factor +of around 2 and then any further improvement gets eaten up by lock +contention.) + +It looks like it would take around 8-12 days to overflow a 32-bit counter +with repeated oopsing on a multi-core X86 system running a graphical +environment; both me (in an X86 VM) and Seth (with a distro kernel on +normal hardware in a standard configuration) got numbers in that ballpark. + +12 days aren't *that* short on a desktop system, and you'd likely need much +longer on a typical server system (assuming that people don't run graphical +desktop environments on their servers), and this is a *very* noisy and +violent approach to exploiting the kernel; and it also seems to take orders +of magnitude longer on some machines, probably because stuff like EFI +pstore will slow it down a ton if that's active. + +Signed-off-by: Jann Horn +Link: https://lore.kernel.org/r/20221107201317.324457-1-jannh@google.com +Reviewed-by: Luis Chamberlain +Signed-off-by: Kees Cook +Link: https://lore.kernel.org/r/20221117234328.594699-2-keescook@chromium.org +Signed-off-by: Eric Biggers +Signed-off-by: Sasha Levin +--- + Documentation/admin-guide/sysctl/kernel.rst | 8 ++++ + kernel/exit.c | 43 +++++++++++++++++++++ + 2 files changed, 51 insertions(+) + +diff --git a/Documentation/admin-guide/sysctl/kernel.rst b/Documentation/admin-guide/sysctl/kernel.rst +index 609b89175408..b6e68d6f297e 100644 +--- a/Documentation/admin-guide/sysctl/kernel.rst ++++ b/Documentation/admin-guide/sysctl/kernel.rst +@@ -671,6 +671,14 @@ This is the default behavior. + an oops event is detected. + + ++oops_limit ++========== ++ ++Number of kernel oopses after which the kernel should panic when ++``panic_on_oops`` is not set. Setting this to 0 or 1 has the same effect ++as setting ``panic_on_oops=1``. ++ ++ + osrelease, ostype & version + =========================== + +diff --git a/kernel/exit.c b/kernel/exit.c +index 5d1a507fd4ba..172d7f835f80 100644 +--- a/kernel/exit.c ++++ b/kernel/exit.c +@@ -69,6 +69,33 @@ + #include + #include + ++/* ++ * The default value should be high enough to not crash a system that randomly ++ * crashes its kernel from time to time, but low enough to at least not permit ++ * overflowing 32-bit refcounts or the ldsem writer count. ++ */ ++static unsigned int oops_limit = 10000; ++ ++#ifdef CONFIG_SYSCTL ++static struct ctl_table kern_exit_table[] = { ++ { ++ .procname = "oops_limit", ++ .data = &oops_limit, ++ .maxlen = sizeof(oops_limit), ++ .mode = 0644, ++ .proc_handler = proc_douintvec, ++ }, ++ { } ++}; ++ ++static __init int kernel_exit_sysctls_init(void) ++{ ++ register_sysctl_init("kernel", kern_exit_table); ++ return 0; ++} ++late_initcall(kernel_exit_sysctls_init); ++#endif ++ + static void __unhash_process(struct task_struct *p, bool group_dead) + { + nr_threads--; +@@ -879,10 +906,26 @@ EXPORT_SYMBOL_GPL(do_exit); + + void __noreturn make_task_dead(int signr) + { ++ static atomic_t oops_count = ATOMIC_INIT(0); ++ + /* + * Take the task off the cpu after something catastrophic has + * happened. + */ ++ ++ /* ++ * Every time the system oopses, if the oops happens while a reference ++ * to an object was held, the reference leaks. ++ * If the oops doesn't also leak memory, repeated oopsing can cause ++ * reference counters to wrap around (if they're not using refcount_t). ++ * This means that repeated oopsing can make unexploitable-looking bugs ++ * exploitable through repeated oopsing. ++ * To make sure this can't happen, place an upper bound on how often the ++ * kernel may oops without panic(). ++ */ ++ if (atomic_inc_return(&oops_count) >= READ_ONCE(oops_limit)) ++ panic("Oopsed too often (kernel.oops_limit is %d)", oops_limit); ++ + do_exit(signr); + } + +-- +2.39.0 + diff --git a/queue-5.15/exit-use-read_once-for-all-oops-warn-limit-reads.patch b/queue-5.15/exit-use-read_once-for-all-oops-warn-limit-reads.patch new file mode 100644 index 00000000000..d255d3d0230 --- /dev/null +++ b/queue-5.15/exit-use-read_once-for-all-oops-warn-limit-reads.patch @@ -0,0 +1,84 @@ +From 72343664e330bf8e14d01becfab6e9f20626679c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 24 Jan 2023 10:51:10 -0800 +Subject: exit: Use READ_ONCE() for all oops/warn limit reads + +From: Kees Cook + +commit 7535b832c6399b5ebfc5b53af5c51dd915ee2538 upstream. + +Use a temporary variable to take full advantage of READ_ONCE() behavior. +Without this, the report (and even the test) might be out of sync with +the initial test. + +Reported-by: Peter Zijlstra +Link: https://lore.kernel.org/lkml/Y5x7GXeluFmZ8E0E@hirez.programming.kicks-ass.net +Fixes: 9fc9e278a5c0 ("panic: Introduce warn_limit") +Fixes: d4ccd54d28d3 ("exit: Put an upper limit on how often we can oops") +Cc: "Eric W. Biederman" +Cc: Jann Horn +Cc: Arnd Bergmann +Cc: Petr Mladek +Cc: Andrew Morton +Cc: Luis Chamberlain +Cc: Marco Elver +Cc: tangmeng +Cc: Sebastian Andrzej Siewior +Cc: Tiezhu Yang +Signed-off-by: Kees Cook +Signed-off-by: Eric Biggers +Signed-off-by: Sasha Levin +--- + kernel/exit.c | 6 ++++-- + kernel/panic.c | 7 +++++-- + 2 files changed, 9 insertions(+), 4 deletions(-) + +diff --git a/kernel/exit.c b/kernel/exit.c +index f6c85101dba0..80efdfda6662 100644 +--- a/kernel/exit.c ++++ b/kernel/exit.c +@@ -930,6 +930,7 @@ void __noreturn make_task_dead(int signr) + * Take the task off the cpu after something catastrophic has + * happened. + */ ++ unsigned int limit; + + /* + * Every time the system oopses, if the oops happens while a reference +@@ -941,8 +942,9 @@ void __noreturn make_task_dead(int signr) + * To make sure this can't happen, place an upper bound on how often the + * kernel may oops without panic(). + */ +- if (atomic_inc_return(&oops_count) >= READ_ONCE(oops_limit) && oops_limit) +- panic("Oopsed too often (kernel.oops_limit is %d)", oops_limit); ++ limit = READ_ONCE(oops_limit); ++ if (atomic_inc_return(&oops_count) >= limit && limit) ++ panic("Oopsed too often (kernel.oops_limit is %d)", limit); + + do_exit(signr); + } +diff --git a/kernel/panic.c b/kernel/panic.c +index 4aef355e9a5d..47933d4c769b 100644 +--- a/kernel/panic.c ++++ b/kernel/panic.c +@@ -223,12 +223,15 @@ static void panic_print_sys_info(void) + + void check_panic_on_warn(const char *origin) + { ++ unsigned int limit; ++ + if (panic_on_warn) + panic("%s: panic_on_warn set ...\n", origin); + +- if (atomic_inc_return(&warn_count) >= READ_ONCE(warn_limit) && warn_limit) ++ limit = READ_ONCE(warn_limit); ++ if (atomic_inc_return(&warn_count) >= limit && limit) + panic("%s: system warned too often (kernel.warn_limit is %d)", +- origin, warn_limit); ++ origin, limit); + } + + /** +-- +2.39.0 + diff --git a/queue-5.15/h8300-fix-build-errors-from-do_exit-to-make_task_dea.patch b/queue-5.15/h8300-fix-build-errors-from-do_exit-to-make_task_dea.patch new file mode 100644 index 00000000000..e3d101aabf9 --- /dev/null +++ b/queue-5.15/h8300-fix-build-errors-from-do_exit-to-make_task_dea.patch @@ -0,0 +1,78 @@ +From 3ba7bfc75737153f13f5cb3294b6ff0b799dfdba Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 24 Jan 2023 10:50:59 -0800 +Subject: h8300: Fix build errors from do_exit() to make_task_dead() transition + +From: Nathan Chancellor + +commit ab4ababdf77ccc56c7301c751dff49c79709c51c upstream. + +When building ARCH=h8300 defconfig: + +arch/h8300/kernel/traps.c: In function 'die': +arch/h8300/kernel/traps.c:109:2: error: implicit declaration of function +'make_dead_task' [-Werror=implicit-function-declaration] + 109 | make_dead_task(SIGSEGV); + | ^~~~~~~~~~~~~~ + +arch/h8300/mm/fault.c: In function 'do_page_fault': +arch/h8300/mm/fault.c:54:2: error: implicit declaration of function +'make_dead_task' [-Werror=implicit-function-declaration] + 54 | make_dead_task(SIGKILL); + | ^~~~~~~~~~~~~~ + +The function's name is make_task_dead(), change it so there is no more +build error. + +Additionally, include linux/sched/task.h in arch/h8300/kernel/traps.c +to avoid the same error because do_exit()'s declaration is in kernel.h +but make_task_dead()'s is in task.h, which is not included in traps.c. + +Fixes: 0e25498f8cd4 ("exit: Add and use make_task_dead.") +Signed-off-by: Nathan Chancellor +Link: https://lkml.kernel.org/r/20211227184851.2297759-3-nathan@kernel.org +Signed-off-by: Eric W. Biederman +Signed-off-by: Eric Biggers +Signed-off-by: Sasha Levin +--- + arch/h8300/kernel/traps.c | 3 ++- + arch/h8300/mm/fault.c | 2 +- + 2 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/arch/h8300/kernel/traps.c b/arch/h8300/kernel/traps.c +index 3d4e0bde37ae..a92c39e03802 100644 +--- a/arch/h8300/kernel/traps.c ++++ b/arch/h8300/kernel/traps.c +@@ -17,6 +17,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -106,7 +107,7 @@ void die(const char *str, struct pt_regs *fp, unsigned long err) + dump(fp); + + spin_unlock_irq(&die_lock); +- make_dead_task(SIGSEGV); ++ make_task_dead(SIGSEGV); + } + + static int kstack_depth_to_print = 24; +diff --git a/arch/h8300/mm/fault.c b/arch/h8300/mm/fault.c +index 0223528565dd..b465441f490d 100644 +--- a/arch/h8300/mm/fault.c ++++ b/arch/h8300/mm/fault.c +@@ -51,7 +51,7 @@ asmlinkage int do_page_fault(struct pt_regs *regs, unsigned long address, + printk(" at virtual address %08lx\n", address); + if (!user_mode(regs)) + die("Oops", regs, error_code); +- make_dead_task(SIGKILL); ++ make_task_dead(SIGKILL); + + return 1; + } +-- +2.39.0 + diff --git a/queue-5.15/hexagon-fix-function-name-in-die.patch b/queue-5.15/hexagon-fix-function-name-in-die.patch new file mode 100644 index 00000000000..437516b87cd --- /dev/null +++ b/queue-5.15/hexagon-fix-function-name-in-die.patch @@ -0,0 +1,45 @@ +From fe998c175d4c8816ca85ed687f2cf328c2104c46 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 24 Jan 2023 10:50:58 -0800 +Subject: hexagon: Fix function name in die() + +From: Nathan Chancellor + +commit 4f0712ccec09c071e221242a2db9a6779a55a949 upstream. + +When building ARCH=hexagon defconfig: + +arch/hexagon/kernel/traps.c:217:2: error: implicit declaration of +function 'make_dead_task' [-Werror,-Wimplicit-function-declaration] + make_dead_task(err); + ^ + +The function's name is make_task_dead(), change it so there is no more +build error. + +Fixes: 0e25498f8cd4 ("exit: Add and use make_task_dead.") +Signed-off-by: Nathan Chancellor +Link: https://lkml.kernel.org/r/20211227184851.2297759-2-nathan@kernel.org +Signed-off-by: Eric W. Biederman +Signed-off-by: Eric Biggers +Signed-off-by: Sasha Levin +--- + arch/hexagon/kernel/traps.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/hexagon/kernel/traps.c b/arch/hexagon/kernel/traps.c +index 6dd6cf0ab711..1240f038cce0 100644 +--- a/arch/hexagon/kernel/traps.c ++++ b/arch/hexagon/kernel/traps.c +@@ -214,7 +214,7 @@ int die(const char *str, struct pt_regs *regs, long err) + panic("Fatal exception"); + + oops_exit(); +- make_dead_task(err); ++ make_task_dead(err); + return 0; + } + +-- +2.39.0 + diff --git a/queue-5.15/ia64-make-ia64_mca_recovery-bool-instead-of-tristate.patch b/queue-5.15/ia64-make-ia64_mca_recovery-bool-instead-of-tristate.patch new file mode 100644 index 00000000000..f14f9b0ec46 --- /dev/null +++ b/queue-5.15/ia64-make-ia64_mca_recovery-bool-instead-of-tristate.patch @@ -0,0 +1,53 @@ +From 849360fa8411890b93e8f08f3f748cb9e320830d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 24 Jan 2023 10:51:01 -0800 +Subject: ia64: make IA64_MCA_RECOVERY bool instead of tristate + +From: Randy Dunlap + +commit dbecf9b8b8ce580f4e11afed9d61e8aa294cddd2 upstream. + +In linux-next, IA64_MCA_RECOVERY uses the (new) function +make_task_dead(), which is not exported for use by modules. Instead of +exporting it for one user, convert IA64_MCA_RECOVERY to be a bool +Kconfig symbol. + +In a config file from "kernel test robot " for a +different problem, this linker error was exposed when +CONFIG_IA64_MCA_RECOVERY=m. + +Fixes this build error: + + ERROR: modpost: "make_task_dead" [arch/ia64/kernel/mca_recovery.ko] undefined! + +Link: https://lkml.kernel.org/r/20220124213129.29306-1-rdunlap@infradead.org +Fixes: 0e25498f8cd4 ("exit: Add and use make_task_dead.") +Signed-off-by: Randy Dunlap +Suggested-by: Christoph Hellwig +Reviewed-by: Christoph Hellwig +Reviewed-by: "Eric W. Biederman" +Cc: Tony Luck +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Eric Biggers +Signed-off-by: Sasha Levin +--- + arch/ia64/Kconfig | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/ia64/Kconfig b/arch/ia64/Kconfig +index 1e33666fa679..b1f2b6ac9b1d 100644 +--- a/arch/ia64/Kconfig ++++ b/arch/ia64/Kconfig +@@ -323,7 +323,7 @@ config ARCH_PROC_KCORE_TEXT + depends on PROC_KCORE + + config IA64_MCA_RECOVERY +- tristate "MCA recovery from errors other than TLB." ++ bool "MCA recovery from errors other than TLB." + + config IA64_PALINFO + tristate "/proc/pal support" +-- +2.39.0 + diff --git a/queue-5.15/kasan-no-need-to-unset-panic_on_warn-in-end_report.patch b/queue-5.15/kasan-no-need-to-unset-panic_on_warn-in-end_report.patch new file mode 100644 index 00000000000..a9ab27ce1e7 --- /dev/null +++ b/queue-5.15/kasan-no-need-to-unset-panic_on_warn-in-end_report.patch @@ -0,0 +1,52 @@ +From 9d478734dc75f45636a9c454d6d75382b10439af Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 24 Jan 2023 10:50:55 -0800 +Subject: kasan: no need to unset panic_on_warn in end_report() + +From: Tiezhu Yang + +commit e7ce7500375a63348e1d3a703c8d5003cbe3fea6 upstream. + +panic_on_warn is unset inside panic(), so no need to unset it before +calling panic() in end_report(). + +Link: https://lkml.kernel.org/r/1644324666-15947-6-git-send-email-yangtiezhu@loongson.cn +Signed-off-by: Tiezhu Yang +Reviewed-by: Marco Elver +Cc: Andrey Ryabinin +Cc: Baoquan He +Cc: Jonathan Corbet +Cc: Xuefeng Li +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Eric Biggers +Signed-off-by: Sasha Levin +--- + mm/kasan/report.c | 10 +--------- + 1 file changed, 1 insertion(+), 9 deletions(-) + +diff --git a/mm/kasan/report.c b/mm/kasan/report.c +index 884a950c7026..bf17704b302f 100644 +--- a/mm/kasan/report.c ++++ b/mm/kasan/report.c +@@ -117,16 +117,8 @@ static void end_report(unsigned long *flags, unsigned long addr) + pr_err("==================================================================\n"); + add_taint(TAINT_BAD_PAGE, LOCKDEP_NOW_UNRELIABLE); + spin_unlock_irqrestore(&report_lock, *flags); +- if (panic_on_warn && !test_bit(KASAN_BIT_MULTI_SHOT, &kasan_flags)) { +- /* +- * This thread may hit another WARN() in the panic path. +- * Resetting this prevents additional WARN() from panicking the +- * system on this thread. Other threads are blocked by the +- * panic_mutex in panic(). +- */ +- panic_on_warn = 0; ++ if (panic_on_warn && !test_bit(KASAN_BIT_MULTI_SHOT, &kasan_flags)) + panic("panic_on_warn set ...\n"); +- } + if (kasan_arg_fault == KASAN_ARG_FAULT_PANIC) + panic("kasan.fault=panic set ...\n"); + kasan_enable_current(); +-- +2.39.0 + diff --git a/queue-5.15/kernel-panic-move-panic-sysctls-to-its-own-file.patch b/queue-5.15/kernel-panic-move-panic-sysctls-to-its-own-file.patch new file mode 100644 index 00000000000..82bff90a9d5 --- /dev/null +++ b/queue-5.15/kernel-panic-move-panic-sysctls-to-its-own-file.patch @@ -0,0 +1,117 @@ +From ee16edb8b728f0799ad308d399ab49070273d658 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 24 Jan 2023 10:50:52 -0800 +Subject: kernel/panic: move panic sysctls to its own file + +From: tangmeng + +commit 9df918698408fd914493aba0b7858fef50eba63a upstream. + +kernel/sysctl.c is a kitchen sink where everyone leaves their dirty +dishes, this makes it very difficult to maintain. + +To help with this maintenance let's start by moving sysctls to places +where they actually belong. The proc sysctl maintainers do not want to +know what sysctl knobs you wish to add for your own piece of code, we +just care about the core logic. + +All filesystem syctls now get reviewed by fs folks. This commit +follows the commit of fs, move the oops_all_cpu_backtrace sysctl to +its own file, kernel/panic.c. + +Signed-off-by: tangmeng +Signed-off-by: Luis Chamberlain +Signed-off-by: Eric Biggers +Signed-off-by: Sasha Levin +--- + include/linux/panic.h | 6 ------ + kernel/panic.c | 26 +++++++++++++++++++++++++- + kernel/sysctl.c | 11 ----------- + 3 files changed, 25 insertions(+), 18 deletions(-) + +diff --git a/include/linux/panic.h b/include/linux/panic.h +index f5844908a089..e71161da69c4 100644 +--- a/include/linux/panic.h ++++ b/include/linux/panic.h +@@ -15,12 +15,6 @@ extern void oops_enter(void); + extern void oops_exit(void); + extern bool oops_may_print(void); + +-#ifdef CONFIG_SMP +-extern unsigned int sysctl_oops_all_cpu_backtrace; +-#else +-#define sysctl_oops_all_cpu_backtrace 0 +-#endif /* CONFIG_SMP */ +- + extern int panic_timeout; + extern unsigned long panic_print; + extern int panic_on_oops; +diff --git a/kernel/panic.c b/kernel/panic.c +index cefd7d82366f..5ee281b996f9 100644 +--- a/kernel/panic.c ++++ b/kernel/panic.c +@@ -42,7 +42,9 @@ + * Should we dump all CPUs backtraces in an oops event? + * Defaults to 0, can be changed via sysctl. + */ +-unsigned int __read_mostly sysctl_oops_all_cpu_backtrace; ++static unsigned int __read_mostly sysctl_oops_all_cpu_backtrace; ++#else ++#define sysctl_oops_all_cpu_backtrace 0 + #endif /* CONFIG_SMP */ + + int panic_on_oops = CONFIG_PANIC_ON_OOPS_VALUE; +@@ -71,6 +73,28 @@ ATOMIC_NOTIFIER_HEAD(panic_notifier_list); + + EXPORT_SYMBOL(panic_notifier_list); + ++#if defined(CONFIG_SMP) && defined(CONFIG_SYSCTL) ++static struct ctl_table kern_panic_table[] = { ++ { ++ .procname = "oops_all_cpu_backtrace", ++ .data = &sysctl_oops_all_cpu_backtrace, ++ .maxlen = sizeof(int), ++ .mode = 0644, ++ .proc_handler = proc_dointvec_minmax, ++ .extra1 = SYSCTL_ZERO, ++ .extra2 = SYSCTL_ONE, ++ }, ++ { } ++}; ++ ++static __init int kernel_panic_sysctls_init(void) ++{ ++ register_sysctl_init("kernel", kern_panic_table); ++ return 0; ++} ++late_initcall(kernel_panic_sysctls_init); ++#endif ++ + static long no_blink(int state) + { + return 0; +diff --git a/kernel/sysctl.c b/kernel/sysctl.c +index 34ce5953dbb0..928798f89ca1 100644 +--- a/kernel/sysctl.c ++++ b/kernel/sysctl.c +@@ -2220,17 +2220,6 @@ static struct ctl_table kern_table[] = { + .proc_handler = proc_dointvec, + }, + #endif +-#ifdef CONFIG_SMP +- { +- .procname = "oops_all_cpu_backtrace", +- .data = &sysctl_oops_all_cpu_backtrace, +- .maxlen = sizeof(int), +- .mode = 0644, +- .proc_handler = proc_dointvec_minmax, +- .extra1 = SYSCTL_ZERO, +- .extra2 = SYSCTL_ONE, +- }, +-#endif /* CONFIG_SMP */ + { + .procname = "pid_max", + .data = &pid_max, +-- +2.39.0 + diff --git a/queue-5.15/objtool-add-a-missing-comma-to-avoid-string-concaten.patch b/queue-5.15/objtool-add-a-missing-comma-to-avoid-string-concaten.patch new file mode 100644 index 00000000000..434a1b9d681 --- /dev/null +++ b/queue-5.15/objtool-add-a-missing-comma-to-avoid-string-concaten.patch @@ -0,0 +1,47 @@ +From 05fda8dbd83ff02829e673ab6b1418f22237127d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 24 Jan 2023 10:50:57 -0800 +Subject: objtool: Add a missing comma to avoid string concatenation + +From: Eric W. Biederman + +commit 1fb466dff904e4a72282af336f2c355f011eec61 upstream. + +Recently the kbuild robot reported two new errors: + +>> lib/kunit/kunit-example-test.o: warning: objtool: .text.unlikely: unexpected end of section +>> arch/x86/kernel/dumpstack.o: warning: objtool: oops_end() falls through to next function show_opcodes() + +I don't know why they did not occur in my test setup but after digging +it I realized I had accidentally dropped a comma in +tools/objtool/check.c when I renamed rewind_stack_do_exit to +rewind_stack_and_make_dead. + +Add that comma back to fix objtool errors. + +Link: https://lkml.kernel.org/r/202112140949.Uq5sFKR1-lkp@intel.com +Fixes: 0e25498f8cd4 ("exit: Add and use make_task_dead.") +Reported-by: kernel test robot +Signed-off-by: "Eric W. Biederman" +Signed-off-by: Eric Biggers +Signed-off-by: Sasha Levin +--- + tools/objtool/check.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/objtool/check.c b/tools/objtool/check.c +index 82ade76dcef2..758c0ba8de35 100644 +--- a/tools/objtool/check.c ++++ b/tools/objtool/check.c +@@ -177,7 +177,7 @@ static bool __dead_end_function(struct objtool_file *file, struct symbol *func, + "fortify_panic", + "usercopy_abort", + "machine_real_restart", +- "rewind_stack_and_make_dead" ++ "rewind_stack_and_make_dead", + "kunit_try_catch_throw", + "xen_start_kernel", + "cpu_bringup_and_idle", +-- +2.39.0 + diff --git a/queue-5.15/panic-consolidate-open-coded-panic_on_warn-checks.patch b/queue-5.15/panic-consolidate-open-coded-panic_on_warn-checks.patch new file mode 100644 index 00000000000..0e7db5ab508 --- /dev/null +++ b/queue-5.15/panic-consolidate-open-coded-panic_on_warn-checks.patch @@ -0,0 +1,172 @@ +From 113c865cc65f241259e44642172cef4de3c340d9 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 24 Jan 2023 10:51:06 -0800 +Subject: panic: Consolidate open-coded panic_on_warn checks + +From: Kees Cook + +commit 79cc1ba7badf9e7a12af99695a557e9ce27ee967 upstream. + +Several run-time checkers (KASAN, UBSAN, KFENCE, KCSAN, sched) roll +their own warnings, and each check "panic_on_warn". Consolidate this +into a single function so that future instrumentation can be added in +a single location. + +Cc: Marco Elver +Cc: Dmitry Vyukov +Cc: Ingo Molnar +Cc: Peter Zijlstra +Cc: Juri Lelli +Cc: Vincent Guittot +Cc: Dietmar Eggemann +Cc: Steven Rostedt +Cc: Ben Segall +Cc: Mel Gorman +Cc: Daniel Bristot de Oliveira +Cc: Valentin Schneider +Cc: Andrey Ryabinin +Cc: Alexander Potapenko +Cc: Andrey Konovalov +Cc: Vincenzo Frascino +Cc: Andrew Morton +Cc: David Gow +Cc: tangmeng +Cc: Jann Horn +Cc: Shuah Khan +Cc: Petr Mladek +Cc: "Paul E. McKenney" +Cc: Sebastian Andrzej Siewior +Cc: "Guilherme G. Piccoli" +Cc: Tiezhu Yang +Cc: kasan-dev@googlegroups.com +Cc: linux-mm@kvack.org +Reviewed-by: Luis Chamberlain +Signed-off-by: Kees Cook +Reviewed-by: Marco Elver +Reviewed-by: Andrey Konovalov +Link: https://lore.kernel.org/r/20221117234328.594699-4-keescook@chromium.org +Signed-off-by: Eric Biggers +Signed-off-by: Sasha Levin +--- + include/linux/panic.h | 1 + + kernel/kcsan/report.c | 3 +-- + kernel/panic.c | 9 +++++++-- + kernel/sched/core.c | 3 +-- + lib/ubsan.c | 3 +-- + mm/kasan/report.c | 4 ++-- + mm/kfence/report.c | 3 +-- + 7 files changed, 14 insertions(+), 12 deletions(-) + +diff --git a/include/linux/panic.h b/include/linux/panic.h +index e71161da69c4..8eb5897c164f 100644 +--- a/include/linux/panic.h ++++ b/include/linux/panic.h +@@ -11,6 +11,7 @@ extern long (*panic_blink)(int state); + __printf(1, 2) + void panic(const char *fmt, ...) __noreturn __cold; + void nmi_panic(struct pt_regs *regs, const char *msg); ++void check_panic_on_warn(const char *origin); + extern void oops_enter(void); + extern void oops_exit(void); + extern bool oops_may_print(void); +diff --git a/kernel/kcsan/report.c b/kernel/kcsan/report.c +index 21137929d428..b88d5d5f29e4 100644 +--- a/kernel/kcsan/report.c ++++ b/kernel/kcsan/report.c +@@ -432,8 +432,7 @@ static void print_report(enum kcsan_value_change value_change, + dump_stack_print_info(KERN_DEFAULT); + pr_err("==================================================================\n"); + +- if (panic_on_warn) +- panic("panic_on_warn set ...\n"); ++ check_panic_on_warn("KCSAN"); + } + + static void release_report(unsigned long *flags, struct other_info *other_info) +diff --git a/kernel/panic.c b/kernel/panic.c +index 0b560312878c..bf0324941e43 100644 +--- a/kernel/panic.c ++++ b/kernel/panic.c +@@ -193,6 +193,12 @@ static void panic_print_sys_info(void) + ftrace_dump(DUMP_ALL); + } + ++void check_panic_on_warn(const char *origin) ++{ ++ if (panic_on_warn) ++ panic("%s: panic_on_warn set ...\n", origin); ++} ++ + /** + * panic - halt the system + * @fmt: The text string to print +@@ -628,8 +634,7 @@ void __warn(const char *file, int line, void *caller, unsigned taint, + if (regs) + show_regs(regs); + +- if (panic_on_warn) +- panic("panic_on_warn set ...\n"); ++ check_panic_on_warn("kernel"); + + if (!regs) + dump_stack(); +diff --git a/kernel/sched/core.c b/kernel/sched/core.c +index 2bd5e235d078..c1458fa8beb3 100644 +--- a/kernel/sched/core.c ++++ b/kernel/sched/core.c +@@ -5560,8 +5560,7 @@ static noinline void __schedule_bug(struct task_struct *prev) + pr_err("Preemption disabled at:"); + print_ip_sym(KERN_ERR, preempt_disable_ip); + } +- if (panic_on_warn) +- panic("scheduling while atomic\n"); ++ check_panic_on_warn("scheduling while atomic"); + + dump_stack(); + add_taint(TAINT_WARN, LOCKDEP_STILL_OK); +diff --git a/lib/ubsan.c b/lib/ubsan.c +index 36bd75e33426..60c7099857a0 100644 +--- a/lib/ubsan.c ++++ b/lib/ubsan.c +@@ -154,8 +154,7 @@ static void ubsan_epilogue(void) + + current->in_ubsan--; + +- if (panic_on_warn) +- panic("panic_on_warn set ...\n"); ++ check_panic_on_warn("UBSAN"); + } + + void __ubsan_handle_divrem_overflow(void *_data, void *lhs, void *rhs) +diff --git a/mm/kasan/report.c b/mm/kasan/report.c +index bf17704b302f..887af873733b 100644 +--- a/mm/kasan/report.c ++++ b/mm/kasan/report.c +@@ -117,8 +117,8 @@ static void end_report(unsigned long *flags, unsigned long addr) + pr_err("==================================================================\n"); + add_taint(TAINT_BAD_PAGE, LOCKDEP_NOW_UNRELIABLE); + spin_unlock_irqrestore(&report_lock, *flags); +- if (panic_on_warn && !test_bit(KASAN_BIT_MULTI_SHOT, &kasan_flags)) +- panic("panic_on_warn set ...\n"); ++ if (!test_bit(KASAN_BIT_MULTI_SHOT, &kasan_flags)) ++ check_panic_on_warn("KASAN"); + if (kasan_arg_fault == KASAN_ARG_FAULT_PANIC) + panic("kasan.fault=panic set ...\n"); + kasan_enable_current(); +diff --git a/mm/kfence/report.c b/mm/kfence/report.c +index 37e140e7f201..cbd9456359b9 100644 +--- a/mm/kfence/report.c ++++ b/mm/kfence/report.c +@@ -267,8 +267,7 @@ void kfence_report_error(unsigned long address, bool is_write, struct pt_regs *r + + lockdep_on(); + +- if (panic_on_warn) +- panic("panic_on_warn set ...\n"); ++ check_panic_on_warn("KFENCE"); + + /* We encountered a memory safety error, taint the kernel! */ + add_taint(TAINT_BAD_PAGE, LOCKDEP_STILL_OK); +-- +2.39.0 + diff --git a/queue-5.15/panic-expose-warn_count-to-sysfs.patch b/queue-5.15/panic-expose-warn_count-to-sysfs.patch new file mode 100644 index 00000000000..259af257f7b --- /dev/null +++ b/queue-5.15/panic-expose-warn_count-to-sysfs.patch @@ -0,0 +1,91 @@ +From f0c5ca7df8792fef2727845ca0db9dc9554a8826 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 24 Jan 2023 10:51:08 -0800 +Subject: panic: Expose "warn_count" to sysfs + +From: Kees Cook + +commit 8b05aa26336113c4cea25f1c333ee8cd4fc212a6 upstream. + +Since Warn count is now tracked and is a fairly interesting signal, add +the entry /sys/kernel/warn_count to expose it to userspace. + +Cc: Petr Mladek +Cc: Andrew Morton +Cc: tangmeng +Cc: "Guilherme G. Piccoli" +Cc: Sebastian Andrzej Siewior +Cc: Tiezhu Yang +Reviewed-by: Luis Chamberlain +Signed-off-by: Kees Cook +Link: https://lore.kernel.org/r/20221117234328.594699-6-keescook@chromium.org +Signed-off-by: Eric Biggers +Signed-off-by: Sasha Levin +--- + .../ABI/testing/sysfs-kernel-warn_count | 6 +++++ + kernel/panic.c | 22 +++++++++++++++++-- + 2 files changed, 26 insertions(+), 2 deletions(-) + create mode 100644 Documentation/ABI/testing/sysfs-kernel-warn_count + +diff --git a/Documentation/ABI/testing/sysfs-kernel-warn_count b/Documentation/ABI/testing/sysfs-kernel-warn_count +new file mode 100644 +index 000000000000..08f083d2fd51 +--- /dev/null ++++ b/Documentation/ABI/testing/sysfs-kernel-warn_count +@@ -0,0 +1,6 @@ ++What: /sys/kernel/oops_count ++Date: November 2022 ++KernelVersion: 6.2.0 ++Contact: Linux Kernel Hardening List ++Description: ++ Shows how many times the system has Warned since last boot. +diff --git a/kernel/panic.c b/kernel/panic.c +index 604d7ad77042..4aef355e9a5d 100644 +--- a/kernel/panic.c ++++ b/kernel/panic.c +@@ -32,6 +32,7 @@ + #include + #include + #include ++#include + #include + + #define PANIC_TIMER_STEP 100 +@@ -105,6 +106,25 @@ static __init int kernel_panic_sysctls_init(void) + late_initcall(kernel_panic_sysctls_init); + #endif + ++static atomic_t warn_count = ATOMIC_INIT(0); ++ ++#ifdef CONFIG_SYSFS ++static ssize_t warn_count_show(struct kobject *kobj, struct kobj_attribute *attr, ++ char *page) ++{ ++ return sysfs_emit(page, "%d\n", atomic_read(&warn_count)); ++} ++ ++static struct kobj_attribute warn_count_attr = __ATTR_RO(warn_count); ++ ++static __init int kernel_panic_sysfs_init(void) ++{ ++ sysfs_add_file_to_group(kernel_kobj, &warn_count_attr.attr, NULL); ++ return 0; ++} ++late_initcall(kernel_panic_sysfs_init); ++#endif ++ + static long no_blink(int state) + { + return 0; +@@ -203,8 +223,6 @@ static void panic_print_sys_info(void) + + void check_panic_on_warn(const char *origin) + { +- static atomic_t warn_count = ATOMIC_INIT(0); +- + if (panic_on_warn) + panic("%s: panic_on_warn set ...\n", origin); + +-- +2.39.0 + diff --git a/queue-5.15/panic-introduce-warn_limit.patch b/queue-5.15/panic-introduce-warn_limit.patch new file mode 100644 index 00000000000..43b4d218667 --- /dev/null +++ b/queue-5.15/panic-introduce-warn_limit.patch @@ -0,0 +1,99 @@ +From 89da686194d1e0287ef1ff5e3d9685e0485d9e49 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 24 Jan 2023 10:51:07 -0800 +Subject: panic: Introduce warn_limit + +From: Kees Cook + +commit 9fc9e278a5c0b708eeffaf47d6eb0c82aa74ed78 upstream. + +Like oops_limit, add warn_limit for limiting the number of warnings when +panic_on_warn is not set. + +Cc: Jonathan Corbet +Cc: Andrew Morton +Cc: Baolin Wang +Cc: "Jason A. Donenfeld" +Cc: Eric Biggers +Cc: Huang Ying +Cc: Petr Mladek +Cc: tangmeng +Cc: "Guilherme G. Piccoli" +Cc: Tiezhu Yang +Cc: Sebastian Andrzej Siewior +Cc: linux-doc@vger.kernel.org +Reviewed-by: Luis Chamberlain +Signed-off-by: Kees Cook +Link: https://lore.kernel.org/r/20221117234328.594699-5-keescook@chromium.org +Signed-off-by: Eric Biggers +Signed-off-by: Sasha Levin +--- + Documentation/admin-guide/sysctl/kernel.rst | 10 ++++++++++ + kernel/panic.c | 14 ++++++++++++++ + 2 files changed, 24 insertions(+) + +diff --git a/Documentation/admin-guide/sysctl/kernel.rst b/Documentation/admin-guide/sysctl/kernel.rst +index d6f1d3892e71..48b91c485c99 100644 +--- a/Documentation/admin-guide/sysctl/kernel.rst ++++ b/Documentation/admin-guide/sysctl/kernel.rst +@@ -1494,6 +1494,16 @@ entry will default to 2 instead of 0. + 2 Unprivileged calls to ``bpf()`` are disabled + = ============================================================= + ++ ++warn_limit ++========== ++ ++Number of kernel warnings after which the kernel should panic when ++``panic_on_warn`` is not set. Setting this to 0 disables checking ++the warning count. Setting this to 1 has the same effect as setting ++``panic_on_warn=1``. The default value is 0. ++ ++ + watchdog + ======== + +diff --git a/kernel/panic.c b/kernel/panic.c +index bf0324941e43..604d7ad77042 100644 +--- a/kernel/panic.c ++++ b/kernel/panic.c +@@ -57,6 +57,7 @@ bool crash_kexec_post_notifiers; + int panic_on_warn __read_mostly; + unsigned long panic_on_taint; + bool panic_on_taint_nousertaint = false; ++static unsigned int warn_limit __read_mostly; + + int panic_timeout = CONFIG_PANIC_TIMEOUT; + EXPORT_SYMBOL_GPL(panic_timeout); +@@ -86,6 +87,13 @@ static struct ctl_table kern_panic_table[] = { + .extra2 = SYSCTL_ONE, + }, + #endif ++ { ++ .procname = "warn_limit", ++ .data = &warn_limit, ++ .maxlen = sizeof(warn_limit), ++ .mode = 0644, ++ .proc_handler = proc_douintvec, ++ }, + { } + }; + +@@ -195,8 +203,14 @@ static void panic_print_sys_info(void) + + void check_panic_on_warn(const char *origin) + { ++ static atomic_t warn_count = ATOMIC_INIT(0); ++ + if (panic_on_warn) + panic("%s: panic_on_warn set ...\n", origin); ++ ++ if (atomic_inc_return(&warn_count) >= READ_ONCE(warn_limit) && warn_limit) ++ panic("%s: system warned too often (kernel.warn_limit is %d)", ++ origin, warn_limit); + } + + /** +-- +2.39.0 + diff --git a/queue-5.15/panic-separate-sysctl-logic-from-config_smp.patch b/queue-5.15/panic-separate-sysctl-logic-from-config_smp.patch new file mode 100644 index 00000000000..da9d44fa5f0 --- /dev/null +++ b/queue-5.15/panic-separate-sysctl-logic-from-config_smp.patch @@ -0,0 +1,53 @@ +From ed126ade287233ec50527b930d369815c2e11146 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 24 Jan 2023 10:51:02 -0800 +Subject: panic: Separate sysctl logic from CONFIG_SMP + +From: Kees Cook + +commit 9360d035a579d95d1e76c471061b9065b18a0eb1 upstream. + +In preparation for adding more sysctls directly in kernel/panic.c, split +CONFIG_SMP from the logic that adds sysctls. + +Cc: Petr Mladek +Cc: Andrew Morton +Cc: tangmeng +Cc: "Guilherme G. Piccoli" +Cc: Tiezhu Yang +Cc: Sebastian Andrzej Siewior +Reviewed-by: Luis Chamberlain +Signed-off-by: Kees Cook +Link: https://lore.kernel.org/r/20221117234328.594699-1-keescook@chromium.org +Signed-off-by: Eric Biggers +Signed-off-by: Sasha Levin +--- + kernel/panic.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/kernel/panic.c b/kernel/panic.c +index 5ed1ad06f9a3..0b560312878c 100644 +--- a/kernel/panic.c ++++ b/kernel/panic.c +@@ -73,8 +73,9 @@ ATOMIC_NOTIFIER_HEAD(panic_notifier_list); + + EXPORT_SYMBOL(panic_notifier_list); + +-#if defined(CONFIG_SMP) && defined(CONFIG_SYSCTL) ++#ifdef CONFIG_SYSCTL + static struct ctl_table kern_panic_table[] = { ++#ifdef CONFIG_SMP + { + .procname = "oops_all_cpu_backtrace", + .data = &sysctl_oops_all_cpu_backtrace, +@@ -84,6 +85,7 @@ static struct ctl_table kern_panic_table[] = { + .extra1 = SYSCTL_ZERO, + .extra2 = SYSCTL_ONE, + }, ++#endif + { } + }; + +-- +2.39.0 + diff --git a/queue-5.15/panic-unset-panic_on_warn-inside-panic.patch b/queue-5.15/panic-unset-panic_on_warn-inside-panic.patch new file mode 100644 index 00000000000..2fd2b4e9932 --- /dev/null +++ b/queue-5.15/panic-unset-panic_on_warn-inside-panic.patch @@ -0,0 +1,77 @@ +From 9dd0667ca7a9da7153da80462f4a2c205c1edd94 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 24 Jan 2023 10:50:53 -0800 +Subject: panic: unset panic_on_warn inside panic() + +From: Tiezhu Yang + +commit 1a2383e8b84c0451fd9b1eec3b9aab16f30b597c upstream. + +In the current code, the following three places need to unset +panic_on_warn before calling panic() to avoid recursive panics: + +kernel/kcsan/report.c: print_report() +kernel/sched/core.c: __schedule_bug() +mm/kfence/report.c: kfence_report_error() + +In order to avoid copy-pasting "panic_on_warn = 0" all over the places, +it is better to move it inside panic() and then remove it from the other +places. + +Link: https://lkml.kernel.org/r/1644324666-15947-4-git-send-email-yangtiezhu@loongson.cn +Signed-off-by: Tiezhu Yang +Reviewed-by: Marco Elver +Cc: Andrey Ryabinin +Cc: Baoquan He +Cc: Jonathan Corbet +Cc: Xuefeng Li +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Eric Biggers +Signed-off-by: Sasha Levin +--- + kernel/panic.c | 20 +++++++++++--------- + 1 file changed, 11 insertions(+), 9 deletions(-) + +diff --git a/kernel/panic.c b/kernel/panic.c +index 5ee281b996f9..5ed1ad06f9a3 100644 +--- a/kernel/panic.c ++++ b/kernel/panic.c +@@ -208,6 +208,16 @@ void panic(const char *fmt, ...) + int old_cpu, this_cpu; + bool _crash_kexec_post_notifiers = crash_kexec_post_notifiers; + ++ if (panic_on_warn) { ++ /* ++ * This thread may hit another WARN() in the panic path. ++ * Resetting this prevents additional WARN() from panicking the ++ * system on this thread. Other threads are blocked by the ++ * panic_mutex in panic(). ++ */ ++ panic_on_warn = 0; ++ } ++ + /* + * Disable local interrupts. This will prevent panic_smp_self_stop + * from deadlocking the first cpu that invokes the panic, since +@@ -616,16 +626,8 @@ void __warn(const char *file, int line, void *caller, unsigned taint, + if (regs) + show_regs(regs); + +- if (panic_on_warn) { +- /* +- * This thread may hit another WARN() in the panic path. +- * Resetting this prevents additional WARN() from panicking the +- * system on this thread. Other threads are blocked by the +- * panic_mutex in panic(). +- */ +- panic_on_warn = 0; ++ if (panic_on_warn) + panic("panic_on_warn set ...\n"); +- } + + if (!regs) + dump_stack(); +-- +2.39.0 + diff --git a/queue-5.15/series b/queue-5.15/series index 24aaecc6455..0ccc0e3dce3 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -121,3 +121,24 @@ drm-i915-allow-switching-away-via-vga-switcheroo-if-.patch revert-selftests-bpf-check-null-propagation-only-nei.patch drm-i915-remove-unused-variable.patch x86-acpi-cstate-optimize-c3-entry-on-amd-cpus.patch +sysctl-add-a-new-register_sysctl_init-interface.patch +kernel-panic-move-panic-sysctls-to-its-own-file.patch +panic-unset-panic_on_warn-inside-panic.patch +ubsan-no-need-to-unset-panic_on_warn-in-ubsan_epilog.patch +kasan-no-need-to-unset-panic_on_warn-in-end_report.patch +exit-add-and-use-make_task_dead.patch +objtool-add-a-missing-comma-to-avoid-string-concaten.patch +hexagon-fix-function-name-in-die.patch +h8300-fix-build-errors-from-do_exit-to-make_task_dea.patch +csky-fix-function-name-in-csky_alignment-and-die.patch +ia64-make-ia64_mca_recovery-bool-instead-of-tristate.patch +panic-separate-sysctl-logic-from-config_smp.patch +exit-put-an-upper-limit-on-how-often-we-can-oops.patch +exit-expose-oops_count-to-sysfs.patch +exit-allow-oops_limit-to-be-disabled.patch +panic-consolidate-open-coded-panic_on_warn-checks.patch +panic-introduce-warn_limit.patch +panic-expose-warn_count-to-sysfs.patch +docs-fix-path-paste-o-for-sys-kernel-warn_count.patch +exit-use-read_once-for-all-oops-warn-limit-reads.patch +bluetooth-hci_sync-cancel-cmd_timer-if-hci_open-fail.patch diff --git a/queue-5.15/sysctl-add-a-new-register_sysctl_init-interface.patch b/queue-5.15/sysctl-add-a-new-register_sysctl_init-interface.patch new file mode 100644 index 00000000000..291dfbf463a --- /dev/null +++ b/queue-5.15/sysctl-add-a-new-register_sysctl_init-interface.patch @@ -0,0 +1,182 @@ +From 95c47346022df542d3999685ccac7c7bf36048bd Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 24 Jan 2023 10:50:51 -0800 +Subject: sysctl: add a new register_sysctl_init() interface + +From: Xiaoming Ni + +commit 3ddd9a808cee7284931312f2f3e854c9617f44b2 upstream. + +Patch series "sysctl: first set of kernel/sysctl cleanups", v2. + +Finally had time to respin the series of the work we had started last +year on cleaning up the kernel/sysct.c kitchen sink. People keeps +stuffing their sysctls in that file and this creates a maintenance +burden. So this effort is aimed at placing sysctls where they actually +belong. + +I'm going to split patches up into series as there is quite a bit of +work. + +This first set adds register_sysctl_init() for uses of registerting a +sysctl on the init path, adds const where missing to a few places, +generalizes common values so to be more easy to share, and starts the +move of a few kernel/sysctl.c out where they belong. + +The majority of rework on v2 in this first patch set is 0-day fixes. +Eric Biederman's feedback is later addressed in subsequent patch sets. + +I'll only post the first two patch sets for now. We can address the +rest once the first two patch sets get completely reviewed / Acked. + +This patch (of 9): + +The kernel/sysctl.c is a kitchen sink where everyone leaves their dirty +dishes, this makes it very difficult to maintain. + +To help with this maintenance let's start by moving sysctls to places +where they actually belong. The proc sysctl maintainers do not want to +know what sysctl knobs you wish to add for your own piece of code, we +just care about the core logic. + +Today though folks heavily rely on tables on kernel/sysctl.c so they can +easily just extend this table with their needed sysctls. In order to +help users move their sysctls out we need to provide a helper which can +be used during code initialization. + +We special-case the initialization use of register_sysctl() since it +*is* safe to fail, given all that sysctls do is provide a dynamic +interface to query or modify at runtime an existing variable. So the +use case of register_sysctl() on init should *not* stop if the sysctls +don't end up getting registered. It would be counter productive to stop +boot if a simple sysctl registration failed. + +Provide a helper for init then, and document the recommended init levels +to use for callers of this routine. We will later use this in +subsequent patches to start slimming down kernel/sysctl.c tables and +moving sysctl registration to the code which actually needs these +sysctls. + +[mcgrof@kernel.org: major commit log and documentation rephrasing also moved to fs/proc/proc_sysctl.c ] + +Link: https://lkml.kernel.org/r/20211123202347.818157-1-mcgrof@kernel.org +Link: https://lkml.kernel.org/r/20211123202347.818157-2-mcgrof@kernel.org +Signed-off-by: Xiaoming Ni +Signed-off-by: Luis Chamberlain +Reviewed-by: Kees Cook +Cc: Iurii Zaikin +Cc: "Eric W. Biederman" +Cc: Peter Zijlstra +Cc: Greg Kroah-Hartman +Cc: Paul Turner +Cc: Andy Shevchenko +Cc: Sebastian Reichel +Cc: Tetsuo Handa +Cc: Petr Mladek +Cc: Sergey Senozhatsky +Cc: Qing Wang +Cc: Benjamin LaHaise +Cc: Al Viro +Cc: Jan Kara +Cc: Amir Goldstein +Cc: Stephen Kitt +Cc: Antti Palosaari +Cc: Arnd Bergmann +Cc: Benjamin Herrenschmidt +Cc: Clemens Ladisch +Cc: David Airlie +Cc: Jani Nikula +Cc: Joel Becker +Cc: Joonas Lahtinen +Cc: Joseph Qi +Cc: Julia Lawall +Cc: Lukas Middendorf +Cc: Mark Fasheh +Cc: Phillip Potter +Cc: Rodrigo Vivi +Cc: Douglas Gilbert +Cc: James E.J. Bottomley +Cc: Jani Nikula +Cc: John Ogness +Cc: Martin K. Petersen +Cc: "Rafael J. Wysocki" +Cc: Steven Rostedt (VMware) +Cc: Suren Baghdasaryan +Cc: "Theodore Ts'o" +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Eric Biggers +Signed-off-by: Sasha Levin +--- + fs/proc/proc_sysctl.c | 33 +++++++++++++++++++++++++++++++++ + include/linux/sysctl.h | 3 +++ + 2 files changed, 36 insertions(+) + +diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c +index 013fc5931bc3..0b7a00ed6c49 100644 +--- a/fs/proc/proc_sysctl.c ++++ b/fs/proc/proc_sysctl.c +@@ -16,6 +16,7 @@ + #include + #include + #include ++#include + #include "internal.h" + + static const struct dentry_operations proc_sys_dentry_operations; +@@ -1384,6 +1385,38 @@ struct ctl_table_header *register_sysctl(const char *path, struct ctl_table *tab + } + EXPORT_SYMBOL(register_sysctl); + ++/** ++ * __register_sysctl_init() - register sysctl table to path ++ * @path: path name for sysctl base ++ * @table: This is the sysctl table that needs to be registered to the path ++ * @table_name: The name of sysctl table, only used for log printing when ++ * registration fails ++ * ++ * The sysctl interface is used by userspace to query or modify at runtime ++ * a predefined value set on a variable. These variables however have default ++ * values pre-set. Code which depends on these variables will always work even ++ * if register_sysctl() fails. If register_sysctl() fails you'd just loose the ++ * ability to query or modify the sysctls dynamically at run time. Chances of ++ * register_sysctl() failing on init are extremely low, and so for both reasons ++ * this function does not return any error as it is used by initialization code. ++ * ++ * Context: Can only be called after your respective sysctl base path has been ++ * registered. So for instance, most base directories are registered early on ++ * init before init levels are processed through proc_sys_init() and ++ * sysctl_init(). ++ */ ++void __init __register_sysctl_init(const char *path, struct ctl_table *table, ++ const char *table_name) ++{ ++ struct ctl_table_header *hdr = register_sysctl(path, table); ++ ++ if (unlikely(!hdr)) { ++ pr_err("failed when register_sysctl %s to %s\n", table_name, path); ++ return; ++ } ++ kmemleak_not_leak(hdr); ++} ++ + static char *append_path(const char *path, char *pos, const char *name) + { + int namelen; +diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h +index fa372b4c2313..47cf70c8eb93 100644 +--- a/include/linux/sysctl.h ++++ b/include/linux/sysctl.h +@@ -206,6 +206,9 @@ struct ctl_table_header *register_sysctl_paths(const struct ctl_path *path, + void unregister_sysctl_table(struct ctl_table_header * table); + + extern int sysctl_init(void); ++extern void __register_sysctl_init(const char *path, struct ctl_table *table, ++ const char *table_name); ++#define register_sysctl_init(path, table) __register_sysctl_init(path, table, #table) + void do_sysctl_args(void); + + extern int pwrsw_enabled; +-- +2.39.0 + diff --git a/queue-5.15/ubsan-no-need-to-unset-panic_on_warn-in-ubsan_epilog.patch b/queue-5.15/ubsan-no-need-to-unset-panic_on_warn-in-ubsan_epilog.patch new file mode 100644 index 00000000000..b1abcffb8ff --- /dev/null +++ b/queue-5.15/ubsan-no-need-to-unset-panic_on_warn-in-ubsan_epilog.patch @@ -0,0 +1,52 @@ +From 601653c09f3df08119f5c11e69665ed8ce009b1c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 24 Jan 2023 10:50:54 -0800 +Subject: ubsan: no need to unset panic_on_warn in ubsan_epilogue() + +From: Tiezhu Yang + +commit d83ce027a54068fabb70d2c252e1ce2da86784a4 upstream. + +panic_on_warn is unset inside panic(), so no need to unset it before +calling panic() in ubsan_epilogue(). + +Link: https://lkml.kernel.org/r/1644324666-15947-5-git-send-email-yangtiezhu@loongson.cn +Signed-off-by: Tiezhu Yang +Reviewed-by: Marco Elver +Cc: Andrey Ryabinin +Cc: Baoquan He +Cc: Jonathan Corbet +Cc: Xuefeng Li +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Eric Biggers +Signed-off-by: Sasha Levin +--- + lib/ubsan.c | 10 +--------- + 1 file changed, 1 insertion(+), 9 deletions(-) + +diff --git a/lib/ubsan.c b/lib/ubsan.c +index bdc380ff5d5c..36bd75e33426 100644 +--- a/lib/ubsan.c ++++ b/lib/ubsan.c +@@ -154,16 +154,8 @@ static void ubsan_epilogue(void) + + current->in_ubsan--; + +- if (panic_on_warn) { +- /* +- * This thread may hit another WARN() in the panic path. +- * Resetting this prevents additional WARN() from panicking the +- * system on this thread. Other threads are blocked by the +- * panic_mutex in panic(). +- */ +- panic_on_warn = 0; ++ if (panic_on_warn) + panic("panic_on_warn set ...\n"); +- } + } + + void __ubsan_handle_divrem_overflow(void *_data, void *lhs, void *rhs) +-- +2.39.0 +