From: Greg Kroah-Hartman Date: Mon, 6 Jun 2022 09:42:59 +0000 (+0200) Subject: 5.10-stable patches X-Git-Tag: v5.10.121~153 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b6718470ccd625f5f5c503cd03cd90333145e432;p=thirdparty%2Fkernel%2Fstable-queue.git 5.10-stable patches added patches: perf-x86-intel-fix-event-constraints-for-icl.patch ptrace-reimplement-ptrace_kill-by-always-sending-sigkill.patch ptrace-um-replace-pt_dtrace-with-tif_singlestep.patch ptrace-xtensa-replace-pt_singlestep-with-tif_singlestep.patch x86-mce-amd-fix-memory-leak-when-threshold_create_bank-fails.patch --- diff --git a/queue-5.10/perf-x86-intel-fix-event-constraints-for-icl.patch b/queue-5.10/perf-x86-intel-fix-event-constraints-for-icl.patch new file mode 100644 index 00000000000..67540bb74bc --- /dev/null +++ b/queue-5.10/perf-x86-intel-fix-event-constraints-for-icl.patch @@ -0,0 +1,35 @@ +From 86dca369075b3e310c3c0adb0f81e513c562b5e4 Mon Sep 17 00:00:00 2001 +From: Kan Liang +Date: Wed, 25 May 2022 06:39:52 -0700 +Subject: perf/x86/intel: Fix event constraints for ICL + +From: Kan Liang + +commit 86dca369075b3e310c3c0adb0f81e513c562b5e4 upstream. + +According to the latest event list, the event encoding 0x55 +INST_DECODED.DECODERS and 0x56 UOPS_DECODED.DEC0 are only available on +the first 4 counters. Add them into the event constraints table. + +Fixes: 6017608936c1 ("perf/x86/intel: Add Icelake support") +Signed-off-by: Kan Liang +Signed-off-by: Ingo Molnar +Acked-by: Peter Zijlstra +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20220525133952.1660658-1-kan.liang@linux.intel.com +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/events/intel/core.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/x86/events/intel/core.c ++++ b/arch/x86/events/intel/core.c +@@ -254,7 +254,7 @@ static struct event_constraint intel_icl + INTEL_EVENT_CONSTRAINT_RANGE(0x03, 0x0a, 0xf), + INTEL_EVENT_CONSTRAINT_RANGE(0x1f, 0x28, 0xf), + INTEL_EVENT_CONSTRAINT(0x32, 0xf), /* SW_PREFETCH_ACCESS.* */ +- INTEL_EVENT_CONSTRAINT_RANGE(0x48, 0x54, 0xf), ++ INTEL_EVENT_CONSTRAINT_RANGE(0x48, 0x56, 0xf), + INTEL_EVENT_CONSTRAINT_RANGE(0x60, 0x8b, 0xf), + INTEL_UEVENT_CONSTRAINT(0x04a3, 0xff), /* CYCLE_ACTIVITY.STALLS_TOTAL */ + INTEL_UEVENT_CONSTRAINT(0x10a3, 0xff), /* CYCLE_ACTIVITY.CYCLES_MEM_ANY */ diff --git a/queue-5.10/ptrace-reimplement-ptrace_kill-by-always-sending-sigkill.patch b/queue-5.10/ptrace-reimplement-ptrace_kill-by-always-sending-sigkill.patch new file mode 100644 index 00000000000..202c79cc6ed --- /dev/null +++ b/queue-5.10/ptrace-reimplement-ptrace_kill-by-always-sending-sigkill.patch @@ -0,0 +1,71 @@ +From 6a2d90ba027adba528509ffa27097cffd3879257 Mon Sep 17 00:00:00 2001 +From: "Eric W. Biederman" +Date: Fri, 29 Apr 2022 09:23:55 -0500 +Subject: ptrace: Reimplement PTRACE_KILL by always sending SIGKILL + +From: Eric W. Biederman + +commit 6a2d90ba027adba528509ffa27097cffd3879257 upstream. + +The current implementation of PTRACE_KILL is buggy and has been for +many years as it assumes it's target has stopped in ptrace_stop. At a +quick skim it looks like this assumption has existed since ptrace +support was added in linux v1.0. + +While PTRACE_KILL has been deprecated we can not remove it as +a quick search with google code search reveals many existing +programs calling it. + +When the ptracee is not stopped at ptrace_stop some fields would be +set that are ignored except in ptrace_stop. Making the userspace +visible behavior of PTRACE_KILL a noop in those case. + +As the usual rules are not obeyed it is not clear what the +consequences are of calling PTRACE_KILL on a running process. +Presumably userspace does not do this as it achieves nothing. + +Replace the implementation of PTRACE_KILL with a simple +send_sig_info(SIGKILL) followed by a return 0. This changes the +observable user space behavior only in that PTRACE_KILL on a process +not stopped in ptrace_stop will also kill it. As that has always +been the intent of the code this seems like a reasonable change. + +Cc: stable@vger.kernel.org +Reported-by: Al Viro +Suggested-by: Al Viro +Tested-by: Kees Cook +Reviewed-by: Oleg Nesterov +Link: https://lkml.kernel.org/r/20220505182645.497868-7-ebiederm@xmission.com +Signed-off-by: "Eric W. Biederman" +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kernel/step.c | 3 +-- + kernel/ptrace.c | 5 ++--- + 2 files changed, 3 insertions(+), 5 deletions(-) + +--- a/arch/x86/kernel/step.c ++++ b/arch/x86/kernel/step.c +@@ -175,8 +175,7 @@ void set_task_blockstep(struct task_stru + * + * NOTE: this means that set/clear TIF_BLOCKSTEP is only safe if + * task is current or it can't be running, otherwise we can race +- * with __switch_to_xtra(). We rely on ptrace_freeze_traced() but +- * PTRACE_KILL is not safe. ++ * with __switch_to_xtra(). We rely on ptrace_freeze_traced(). + */ + local_irq_disable(); + debugctl = get_debugctlmsr(); +--- a/kernel/ptrace.c ++++ b/kernel/ptrace.c +@@ -1219,9 +1219,8 @@ int ptrace_request(struct task_struct *c + return ptrace_resume(child, request, data); + + case PTRACE_KILL: +- if (child->exit_state) /* already dead */ +- return 0; +- return ptrace_resume(child, request, SIGKILL); ++ send_sig_info(SIGKILL, SEND_SIG_NOINFO, child); ++ return 0; + + #ifdef CONFIG_HAVE_ARCH_TRACEHOOK + case PTRACE_GETREGSET: diff --git a/queue-5.10/ptrace-um-replace-pt_dtrace-with-tif_singlestep.patch b/queue-5.10/ptrace-um-replace-pt_dtrace-with-tif_singlestep.patch new file mode 100644 index 00000000000..581cae7eb40 --- /dev/null +++ b/queue-5.10/ptrace-um-replace-pt_dtrace-with-tif_singlestep.patch @@ -0,0 +1,140 @@ +From c200e4bb44e80b343c09841e7caaaca0aac5e5fa Mon Sep 17 00:00:00 2001 +From: "Eric W. Biederman" +Date: Tue, 26 Apr 2022 16:30:17 -0500 +Subject: ptrace/um: Replace PT_DTRACE with TIF_SINGLESTEP + +From: Eric W. Biederman + +commit c200e4bb44e80b343c09841e7caaaca0aac5e5fa upstream. + +User mode linux is the last user of the PT_DTRACE flag. Using the flag to indicate +single stepping is a little confusing and worse changing tsk->ptrace without locking +could potentionally cause problems. + +So use a thread info flag with a better name instead of flag in tsk->ptrace. + +Remove the definition PT_DTRACE as uml is the last user. + +Cc: stable@vger.kernel.org +Acked-by: Johannes Berg +Tested-by: Kees Cook +Reviewed-by: Oleg Nesterov +Link: https://lkml.kernel.org/r/20220505182645.497868-3-ebiederm@xmission.com +Signed-off-by: "Eric W. Biederman" +Signed-off-by: Greg Kroah-Hartman +--- + arch/um/include/asm/thread_info.h | 2 ++ + arch/um/kernel/exec.c | 2 +- + arch/um/kernel/process.c | 2 +- + arch/um/kernel/ptrace.c | 8 ++++---- + arch/um/kernel/signal.c | 4 ++-- + include/linux/ptrace.h | 1 - + 6 files changed, 10 insertions(+), 9 deletions(-) + +--- a/arch/um/include/asm/thread_info.h ++++ b/arch/um/include/asm/thread_info.h +@@ -63,6 +63,7 @@ static inline struct thread_info *curren + #define TIF_RESTORE_SIGMASK 7 + #define TIF_NOTIFY_RESUME 8 + #define TIF_SECCOMP 9 /* secure computing */ ++#define TIF_SINGLESTEP 10 /* single stepping userspace */ + + #define _TIF_SYSCALL_TRACE (1 << TIF_SYSCALL_TRACE) + #define _TIF_SIGPENDING (1 << TIF_SIGPENDING) +@@ -70,5 +71,6 @@ static inline struct thread_info *curren + #define _TIF_MEMDIE (1 << TIF_MEMDIE) + #define _TIF_SYSCALL_AUDIT (1 << TIF_SYSCALL_AUDIT) + #define _TIF_SECCOMP (1 << TIF_SECCOMP) ++#define _TIF_SINGLESTEP (1 << TIF_SINGLESTEP) + + #endif +--- a/arch/um/kernel/exec.c ++++ b/arch/um/kernel/exec.c +@@ -44,7 +44,7 @@ void start_thread(struct pt_regs *regs, + { + PT_REGS_IP(regs) = eip; + PT_REGS_SP(regs) = esp; +- current->ptrace &= ~PT_DTRACE; ++ clear_thread_flag(TIF_SINGLESTEP); + #ifdef SUBARCH_EXECVE1 + SUBARCH_EXECVE1(regs->regs); + #endif +--- a/arch/um/kernel/process.c ++++ b/arch/um/kernel/process.c +@@ -341,7 +341,7 @@ int singlestepping(void * t) + { + struct task_struct *task = t ? t : current; + +- if (!(task->ptrace & PT_DTRACE)) ++ if (!test_thread_flag(TIF_SINGLESTEP)) + return 0; + + if (task->thread.singlestep_syscall) +--- a/arch/um/kernel/ptrace.c ++++ b/arch/um/kernel/ptrace.c +@@ -12,7 +12,7 @@ + + void user_enable_single_step(struct task_struct *child) + { +- child->ptrace |= PT_DTRACE; ++ set_tsk_thread_flag(child, TIF_SINGLESTEP); + child->thread.singlestep_syscall = 0; + + #ifdef SUBARCH_SET_SINGLESTEPPING +@@ -22,7 +22,7 @@ void user_enable_single_step(struct task + + void user_disable_single_step(struct task_struct *child) + { +- child->ptrace &= ~PT_DTRACE; ++ clear_tsk_thread_flag(child, TIF_SINGLESTEP); + child->thread.singlestep_syscall = 0; + + #ifdef SUBARCH_SET_SINGLESTEPPING +@@ -121,7 +121,7 @@ static void send_sigtrap(struct uml_pt_r + } + + /* +- * XXX Check PT_DTRACE vs TIF_SINGLESTEP for singlestepping check and ++ * XXX Check TIF_SINGLESTEP for singlestepping check and + * PT_PTRACED vs TIF_SYSCALL_TRACE for syscall tracing check + */ + int syscall_trace_enter(struct pt_regs *regs) +@@ -145,7 +145,7 @@ void syscall_trace_leave(struct pt_regs + audit_syscall_exit(regs); + + /* Fake a debug trap */ +- if (ptraced & PT_DTRACE) ++ if (test_thread_flag(TIF_SINGLESTEP)) + send_sigtrap(®s->regs, 0); + + if (!test_thread_flag(TIF_SYSCALL_TRACE)) +--- a/arch/um/kernel/signal.c ++++ b/arch/um/kernel/signal.c +@@ -53,7 +53,7 @@ static void handle_signal(struct ksignal + unsigned long sp; + int err; + +- if ((current->ptrace & PT_DTRACE) && (current->ptrace & PT_PTRACED)) ++ if (test_thread_flag(TIF_SINGLESTEP) && (current->ptrace & PT_PTRACED)) + singlestep = 1; + + /* Did we come from a system call? */ +@@ -128,7 +128,7 @@ void do_signal(struct pt_regs *regs) + * on the host. The tracing thread will check this flag and + * PTRACE_SYSCALL if necessary. + */ +- if (current->ptrace & PT_DTRACE) ++ if (test_thread_flag(TIF_SINGLESTEP)) + current->thread.singlestep_syscall = + is_syscall(PT_REGS_IP(¤t->thread.regs)); + +--- a/include/linux/ptrace.h ++++ b/include/linux/ptrace.h +@@ -30,7 +30,6 @@ extern int ptrace_access_vm(struct task_ + + #define PT_SEIZED 0x00010000 /* SEIZE used, enable new behavior */ + #define PT_PTRACED 0x00000001 +-#define PT_DTRACE 0x00000002 /* delayed trace (used on m68k, i386) */ + + #define PT_OPT_FLAG_SHIFT 3 + /* PT_TRACE_* event enable flags */ diff --git a/queue-5.10/ptrace-xtensa-replace-pt_singlestep-with-tif_singlestep.patch b/queue-5.10/ptrace-xtensa-replace-pt_singlestep-with-tif_singlestep.patch new file mode 100644 index 00000000000..d8b6de9cb45 --- /dev/null +++ b/queue-5.10/ptrace-xtensa-replace-pt_singlestep-with-tif_singlestep.patch @@ -0,0 +1,83 @@ +From 4a3d2717d140401df7501a95e454180831a0c5af Mon Sep 17 00:00:00 2001 +From: "Eric W. Biederman" +Date: Tue, 26 Apr 2022 16:45:37 -0500 +Subject: ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP + +From: Eric W. Biederman + +commit 4a3d2717d140401df7501a95e454180831a0c5af upstream. + +xtensa is the last user of the PT_SINGLESTEP flag. Changing tsk->ptrace in +user_enable_single_step and user_disable_single_step without locking could +potentiallly cause problems. + +So use a thread info flag instead of a flag in tsk->ptrace. Use TIF_SINGLESTEP +that xtensa already had defined but unused. + +Remove the definitions of PT_SINGLESTEP and PT_BLOCKSTEP as they have no more users. + +Cc: stable@vger.kernel.org +Acked-by: Max Filippov +Tested-by: Kees Cook +Reviewed-by: Oleg Nesterov +Link: https://lkml.kernel.org/r/20220505182645.497868-4-ebiederm@xmission.com +Signed-off-by: "Eric W. Biederman" +Signed-off-by: Greg Kroah-Hartman +--- + arch/xtensa/kernel/ptrace.c | 4 ++-- + arch/xtensa/kernel/signal.c | 4 ++-- + include/linux/ptrace.h | 6 ------ + 3 files changed, 4 insertions(+), 10 deletions(-) + +--- a/arch/xtensa/kernel/ptrace.c ++++ b/arch/xtensa/kernel/ptrace.c +@@ -226,12 +226,12 @@ const struct user_regset_view *task_user + + void user_enable_single_step(struct task_struct *child) + { +- child->ptrace |= PT_SINGLESTEP; ++ set_tsk_thread_flag(child, TIF_SINGLESTEP); + } + + void user_disable_single_step(struct task_struct *child) + { +- child->ptrace &= ~PT_SINGLESTEP; ++ clear_tsk_thread_flag(child, TIF_SINGLESTEP); + } + + /* +--- a/arch/xtensa/kernel/signal.c ++++ b/arch/xtensa/kernel/signal.c +@@ -465,7 +465,7 @@ static void do_signal(struct pt_regs *re + /* Set up the stack frame */ + ret = setup_frame(&ksig, sigmask_to_save(), regs); + signal_setup_done(ret, &ksig, 0); +- if (current->ptrace & PT_SINGLESTEP) ++ if (test_thread_flag(TIF_SINGLESTEP)) + task_pt_regs(current)->icountlevel = 1; + + return; +@@ -491,7 +491,7 @@ static void do_signal(struct pt_regs *re + /* If there's no signal to deliver, we just restore the saved mask. */ + restore_saved_sigmask(); + +- if (current->ptrace & PT_SINGLESTEP) ++ if (test_thread_flag(TIF_SINGLESTEP)) + task_pt_regs(current)->icountlevel = 1; + return; + } +--- a/include/linux/ptrace.h ++++ b/include/linux/ptrace.h +@@ -46,12 +46,6 @@ extern int ptrace_access_vm(struct task_ + #define PT_EXITKILL (PTRACE_O_EXITKILL << PT_OPT_FLAG_SHIFT) + #define PT_SUSPEND_SECCOMP (PTRACE_O_SUSPEND_SECCOMP << PT_OPT_FLAG_SHIFT) + +-/* single stepping state bits (used on ARM and PA-RISC) */ +-#define PT_SINGLESTEP_BIT 31 +-#define PT_SINGLESTEP (1< +Date: Tue, 29 Mar 2022 17:47:05 +0700 +Subject: x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails + +From: Ammar Faizi + +commit e5f28623ceb103e13fc3d7bd45edf9818b227fd0 upstream. + +In mce_threshold_create_device(), if threshold_create_bank() fails, the +previously allocated threshold banks array @bp will be leaked because +the call to mce_threshold_remove_device() will not free it. + +This happens because mce_threshold_remove_device() fetches the pointer +through the threshold_banks per-CPU variable but bp is written there +only after the bank creation is successful, and not before, when +threshold_create_bank() fails. + +Add a helper which unwinds all the bank creation work previously done +and pass into it the previously allocated threshold banks array for +freeing. + + [ bp: Massage. ] + +Fixes: 6458de97fc15 ("x86/mce/amd: Straighten CPU hotplug path") +Co-developed-by: Alviro Iskandar Setiawan +Signed-off-by: Alviro Iskandar Setiawan +Co-developed-by: Yazen Ghannam +Signed-off-by: Yazen Ghannam +Signed-off-by: Ammar Faizi +Signed-off-by: Borislav Petkov +Cc: +Link: https://lore.kernel.org/r/20220329104705.65256-3-ammarfaizi2@gnuweeb.org +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kernel/cpu/mce/amd.c | 32 +++++++++++++++++++------------- + 1 file changed, 19 insertions(+), 13 deletions(-) + +--- a/arch/x86/kernel/cpu/mce/amd.c ++++ b/arch/x86/kernel/cpu/mce/amd.c +@@ -1457,10 +1457,23 @@ out_free: + kfree(bank); + } + ++static void __threshold_remove_device(struct threshold_bank **bp) ++{ ++ unsigned int bank, numbanks = this_cpu_read(mce_num_banks); ++ ++ for (bank = 0; bank < numbanks; bank++) { ++ if (!bp[bank]) ++ continue; ++ ++ threshold_remove_bank(bp[bank]); ++ bp[bank] = NULL; ++ } ++ kfree(bp); ++} ++ + int mce_threshold_remove_device(unsigned int cpu) + { + struct threshold_bank **bp = this_cpu_read(threshold_banks); +- unsigned int bank, numbanks = this_cpu_read(mce_num_banks); + + if (!bp) + return 0; +@@ -1471,13 +1484,7 @@ int mce_threshold_remove_device(unsigned + */ + this_cpu_write(threshold_banks, NULL); + +- for (bank = 0; bank < numbanks; bank++) { +- if (bp[bank]) { +- threshold_remove_bank(bp[bank]); +- bp[bank] = NULL; +- } +- } +- kfree(bp); ++ __threshold_remove_device(bp); + return 0; + } + +@@ -1514,15 +1521,14 @@ int mce_threshold_create_device(unsigned + if (!(this_cpu_read(bank_map) & (1 << bank))) + continue; + err = threshold_create_bank(bp, cpu, bank); +- if (err) +- goto out_err; ++ if (err) { ++ __threshold_remove_device(bp); ++ return err; ++ } + } + this_cpu_write(threshold_banks, bp); + + if (thresholding_irq_en) + mce_threshold_vector = amd_threshold_interrupt; + return 0; +-out_err: +- mce_threshold_remove_device(cpu); +- return err; + }