From a8b76f4d4be0cd148641445f8ad54f2784029c9f Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Tue, 17 Jun 2025 16:12:40 +0200 Subject: [PATCH] 6.6-stable patches added patches: kbuild-disable-wdefault-const-init-unsafe.patch posix-cpu-timers-fix-race-between-handle_posix_cpu_timers-and-posix_cpu_timer_del.patch --- ...d-disable-wdefault-const-init-unsafe.patch | 109 ++++++++++++++++++ ...x_cpu_timers-and-posix_cpu_timer_del.patch | 55 +++++++++ queue-6.6/series | 2 + 3 files changed, 166 insertions(+) create mode 100644 queue-6.6/kbuild-disable-wdefault-const-init-unsafe.patch create mode 100644 queue-6.6/posix-cpu-timers-fix-race-between-handle_posix_cpu_timers-and-posix_cpu_timer_del.patch diff --git a/queue-6.6/kbuild-disable-wdefault-const-init-unsafe.patch b/queue-6.6/kbuild-disable-wdefault-const-init-unsafe.patch new file mode 100644 index 0000000000..c76f9ff277 --- /dev/null +++ b/queue-6.6/kbuild-disable-wdefault-const-init-unsafe.patch @@ -0,0 +1,109 @@ +From d0afcfeb9e3810ec89d1ffde1a0e36621bb75dca Mon Sep 17 00:00:00 2001 +From: Nathan Chancellor +Date: Tue, 6 May 2025 14:02:01 -0700 +Subject: kbuild: Disable -Wdefault-const-init-unsafe + +From: Nathan Chancellor + +commit d0afcfeb9e3810ec89d1ffde1a0e36621bb75dca upstream. + +A new on by default warning in clang [1] aims to flags instances where +const variables without static or thread local storage or const members +in aggregate types are not initialized because it can lead to an +indeterminate value. This is quite noisy for the kernel due to +instances originating from header files such as: + + drivers/gpu/drm/i915/gt/intel_ring.h:62:2: error: default initialization of an object of type 'typeof (ring->size)' (aka 'const unsigned int') leaves the object uninitialized [-Werror,-Wdefault-const-init-var-unsafe] + 62 | typecheck(typeof(ring->size), next); + | ^ + include/linux/typecheck.h:10:9: note: expanded from macro 'typecheck' + 10 | ({ type __dummy; \ + | ^ + + include/net/ip.h:478:14: error: default initialization of an object of type 'typeof (rt->dst.expires)' (aka 'const unsigned long') leaves the object uninitialized [-Werror,-Wdefault-const-init-var-unsafe] + 478 | if (mtu && time_before(jiffies, rt->dst.expires)) + | ^ + include/linux/jiffies.h:138:26: note: expanded from macro 'time_before' + 138 | #define time_before(a,b) time_after(b,a) + | ^ + include/linux/jiffies.h:128:3: note: expanded from macro 'time_after' + 128 | (typecheck(unsigned long, a) && \ + | ^ + include/linux/typecheck.h:11:12: note: expanded from macro 'typecheck' + 11 | typeof(x) __dummy2; \ + | ^ + + include/linux/list.h:409:27: warning: default initialization of an object of type 'union (unnamed union at include/linux/list.h:409:27)' with const member leaves the object uninitialized [-Wdefault-const-init-field-unsafe] + 409 | struct list_head *next = smp_load_acquire(&head->next); + | ^ + include/asm-generic/barrier.h:176:29: note: expanded from macro 'smp_load_acquire' + 176 | #define smp_load_acquire(p) __smp_load_acquire(p) + | ^ + arch/arm64/include/asm/barrier.h:164:59: note: expanded from macro '__smp_load_acquire' + 164 | union { __unqual_scalar_typeof(*p) __val; char __c[1]; } __u; \ + | ^ + include/linux/list.h:409:27: note: member '__val' declared 'const' here + + crypto/scatterwalk.c:66:22: error: default initialization of an object of type 'struct scatter_walk' with const member leaves the object uninitialized [-Werror,-Wdefault-const-init-field-unsafe] + 66 | struct scatter_walk walk; + | ^ + include/crypto/algapi.h:112:15: note: member 'addr' declared 'const' here + 112 | void *const addr; + | ^ + + fs/hugetlbfs/inode.c:733:24: error: default initialization of an object of type 'struct vm_area_struct' with const member leaves the object uninitialized [-Werror,-Wdefault-const-init-field-unsafe] + 733 | struct vm_area_struct pseudo_vma; + | ^ + include/linux/mm_types.h:803:20: note: member 'vm_flags' declared 'const' here + 803 | const vm_flags_t vm_flags; + | ^ + +Silencing the instances from typecheck.h is difficult because '= {}' is +not available in older but supported compilers and '= {0}' would cause +warnings about a literal 0 being treated as NULL. While it might be +possible to come up with a local hack to silence the warning for +clang-21+, it may not be worth it since -Wuninitialized will still +trigger if an uninitialized const variable is actually used. + +In all audited cases of the "field" variant of the warning, the members +are either not used in the particular call path, modified through other +means such as memset() / memcpy() because the containing object is not +const, or are within a union with other non-const members. + +Since this warning does not appear to have a high signal to noise ratio, +just disable it. + +Cc: stable@vger.kernel.org +Link: https://github.com/llvm/llvm-project/commit/576161cb6069e2c7656a8ef530727a0f4aefff30 [1] +Reported-by: Linux Kernel Functional Testing +Closes: https://lore.kernel.org/CA+G9fYuNjKcxFKS_MKPRuga32XbndkLGcY-PVuoSwzv6VWbY=w@mail.gmail.com/ +Reported-by: Marcus Seyfarth +Closes: https://github.com/ClangBuiltLinux/linux/issues/2088 +Signed-off-by: Nathan Chancellor +Signed-off-by: Masahiro Yamada +Signed-off-by: Greg Kroah-Hartman +--- + scripts/Makefile.extrawarn | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +--- a/scripts/Makefile.extrawarn ++++ b/scripts/Makefile.extrawarn +@@ -29,6 +29,18 @@ KBUILD_CFLAGS-$(CONFIG_CC_NO_ARRAY_BOUND + ifdef CONFIG_CC_IS_CLANG + # The kernel builds with '-std=gnu11' so use of GNU extensions is acceptable. + KBUILD_CFLAGS += -Wno-gnu ++ ++# Clang may emit a warning when a const variable, such as the dummy variables ++# in typecheck(), or const member of an aggregate type are not initialized, ++# which can result in unexpected behavior. However, in many audited cases of ++# the "field" variant of the warning, this is intentional because the field is ++# never used within a particular call path, the field is within a union with ++# other non-const members, or the containing object is not const so the field ++# can be modified via memcpy() / memset(). While the variable warning also gets ++# disabled with this same switch, there should not be too much coverage lost ++# because -Wuninitialized will still flag when an uninitialized const variable ++# is used. ++KBUILD_CFLAGS += $(call cc-disable-warning, default-const-init-unsafe) + else + + # gcc inanely warns about local variables called 'main' diff --git a/queue-6.6/posix-cpu-timers-fix-race-between-handle_posix_cpu_timers-and-posix_cpu_timer_del.patch b/queue-6.6/posix-cpu-timers-fix-race-between-handle_posix_cpu_timers-and-posix_cpu_timer_del.patch new file mode 100644 index 0000000000..ed63e50375 --- /dev/null +++ b/queue-6.6/posix-cpu-timers-fix-race-between-handle_posix_cpu_timers-and-posix_cpu_timer_del.patch @@ -0,0 +1,55 @@ +From f90fff1e152dedf52b932240ebbd670d83330eca Mon Sep 17 00:00:00 2001 +From: Oleg Nesterov +Date: Fri, 13 Jun 2025 19:26:50 +0200 +Subject: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Oleg Nesterov + +commit f90fff1e152dedf52b932240ebbd670d83330eca upstream. + +If an exiting non-autoreaping task has already passed exit_notify() and +calls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent +or debugger right after unlock_task_sighand(). + +If a concurrent posix_cpu_timer_del() runs at that moment, it won't be +able to detect timer->it.cpu.firing != 0: cpu_timer_task_rcu() and/or +lock_task_sighand() will fail. + +Add the tsk->exit_state check into run_posix_cpu_timers() to fix this. + +This fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because +exit_task_work() is called before exit_notify(). But the check still +makes sense, task_work_add(&tsk->posix_cputimers_work.work) will fail +anyway in this case. + +Cc: stable@vger.kernel.org +Reported-by: Benoît Sevens +Fixes: 0bdd2ed4138e ("sched: run_posix_cpu_timers: Don't check ->exit_state, use lock_task_sighand()") +Signed-off-by: Oleg Nesterov +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman +--- + kernel/time/posix-cpu-timers.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +--- a/kernel/time/posix-cpu-timers.c ++++ b/kernel/time/posix-cpu-timers.c +@@ -1438,6 +1438,15 @@ void run_posix_cpu_timers(void) + lockdep_assert_irqs_disabled(); + + /* ++ * Ensure that release_task(tsk) can't happen while ++ * handle_posix_cpu_timers() is running. Otherwise, a concurrent ++ * posix_cpu_timer_del() may fail to lock_task_sighand(tsk) and ++ * miss timer->it.cpu.firing != 0. ++ */ ++ if (tsk->exit_state) ++ return; ++ ++ /* + * If the actual expiry is deferred to task work context and the + * work is already scheduled there is no point to do anything here. + */ diff --git a/queue-6.6/series b/queue-6.6/series index 95f3931297..ff92254949 100644 --- a/queue-6.6/series +++ b/queue-6.6/series @@ -341,3 +341,5 @@ io_uring-add-io_file_can_poll-helper.patch io_uring-rw-allow-pollable-non-blocking-attempts-for-fmode_nowait.patch io_uring-rw-fix-wrong-nowait-check-in-io_rw_init_file.patch revert-io_uring-ensure-deferred-completions-are-posted-for-multishot.patch +posix-cpu-timers-fix-race-between-handle_posix_cpu_timers-and-posix_cpu_timer_del.patch +kbuild-disable-wdefault-const-init-unsafe.patch -- 2.47.2