From 63f411a9e7dcb520d181f03c7090bae9da1d37a8 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 22 Jan 2024 09:51:22 -0800 Subject: [PATCH] 5.15-stable patches added patches: bpf-add-skip_encoding_btf_inconsistent_proto-btf_gen_optimized-to-pahole-flags-for-v1.25.patch kprobes-fix-to-handle-forcibly-unoptimized-kprobes-on-freeing_list.patch --- ..._optimized-to-pahole-flags-for-v1.25.patch | 46 +++++++++ ...-unoptimized-kprobes-on-freeing_list.patch | 95 +++++++++++++++++++ queue-5.15/series | 2 + 3 files changed, 143 insertions(+) create mode 100644 queue-5.15/bpf-add-skip_encoding_btf_inconsistent_proto-btf_gen_optimized-to-pahole-flags-for-v1.25.patch create mode 100644 queue-5.15/kprobes-fix-to-handle-forcibly-unoptimized-kprobes-on-freeing_list.patch diff --git a/queue-5.15/bpf-add-skip_encoding_btf_inconsistent_proto-btf_gen_optimized-to-pahole-flags-for-v1.25.patch b/queue-5.15/bpf-add-skip_encoding_btf_inconsistent_proto-btf_gen_optimized-to-pahole-flags-for-v1.25.patch new file mode 100644 index 00000000000..055473cd6fe --- /dev/null +++ b/queue-5.15/bpf-add-skip_encoding_btf_inconsistent_proto-btf_gen_optimized-to-pahole-flags-for-v1.25.patch @@ -0,0 +1,46 @@ +From 7b99f75942da332e3f4f865e55a10fec95a30d4f Mon Sep 17 00:00:00 2001 +From: Alan Maguire +Date: Wed, 10 May 2023 14:02:41 +0100 +Subject: bpf: Add --skip_encoding_btf_inconsistent_proto, --btf_gen_optimized to pahole flags for v1.25 + +From: Alan Maguire + +commit 7b99f75942da332e3f4f865e55a10fec95a30d4f upstream. + +v1.25 of pahole supports filtering out functions with multiple inconsistent +function prototypes or optimized-out parameters from the BTF representation. +These present problems because there is no additional info in BTF saying which +inconsistent prototype matches which function instance to help guide attachment, +and functions with optimized-out parameters can lead to incorrect assumptions +about register contents. + +So for now, filter out such functions while adding BTF representations for +functions that have "."-suffixes (foo.isra.0) but not optimized-out parameters. +This patch assumes that below linked changes land in pahole for v1.25. + +Issues with pahole filtering being too aggressive in removing functions +appear to be resolved now, but CI and further testing will confirm. + +Signed-off-by: Alan Maguire +Acked-by: Jiri Olsa +Link: https://lore.kernel.org/r/20230510130241.1696561-1-alan.maguire@oracle.com +Signed-off-by: Alexei Starovoitov +[ small context conflict because of not backported --lang_exclude=rust +option, which is not needed in 5.15 ] +Signed-off-by: Jiri Olsa +Signed-off-by: Greg Kroah-Hartman +--- + scripts/pahole-flags.sh | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/scripts/pahole-flags.sh ++++ b/scripts/pahole-flags.sh +@@ -20,5 +20,8 @@ fi + if [ "${pahole_ver}" -ge "124" ]; then + extra_paholeopt="${extra_paholeopt} --skip_encoding_btf_enum64" + fi ++if [ "${pahole_ver}" -ge "125" ]; then ++ extra_paholeopt="${extra_paholeopt} --skip_encoding_btf_inconsistent_proto --btf_gen_optimized" ++fi + + echo ${extra_paholeopt} diff --git a/queue-5.15/kprobes-fix-to-handle-forcibly-unoptimized-kprobes-on-freeing_list.patch b/queue-5.15/kprobes-fix-to-handle-forcibly-unoptimized-kprobes-on-freeing_list.patch new file mode 100644 index 00000000000..1c28e318b7c --- /dev/null +++ b/queue-5.15/kprobes-fix-to-handle-forcibly-unoptimized-kprobes-on-freeing_list.patch @@ -0,0 +1,95 @@ +From 4fbd2f83fda0ca44a2ec6421ca3508b355b31858 Mon Sep 17 00:00:00 2001 +From: "Masami Hiramatsu (Google)" +Date: Tue, 21 Feb 2023 08:49:16 +0900 +Subject: kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list + +From: Masami Hiramatsu (Google) + +commit 4fbd2f83fda0ca44a2ec6421ca3508b355b31858 upstream. + +Since forcibly unoptimized kprobes will be put on the freeing_list directly +in the unoptimize_kprobe(), do_unoptimize_kprobes() must continue to check +the freeing_list even if unoptimizing_list is empty. + +This bug can happen if a kprobe is put in an instruction which is in the +middle of the jump-replaced instruction sequence of an optprobe, *and* the +optprobe is recently unregistered and queued on unoptimizing_list. +In this case, the optprobe will be unoptimized forcibly (means immediately) +and put it into the freeing_list, expecting the optprobe will be handled in +do_unoptimize_kprobe(). +But if there is no other optprobes on the unoptimizing_list, current code +returns from the do_unoptimize_kprobe() soon and does not handle the +optprobe which is on the freeing_list. Then the optprobe will hit the +WARN_ON_ONCE() in the do_free_cleaned_kprobes(), because it is not handled +in the latter loop of the do_unoptimize_kprobe(). + +To solve this issue, do not return from do_unoptimize_kprobes() immediately +even if unoptimizing_list is empty. + +Moreover, this change affects another case. kill_optimized_kprobes() expects +kprobe_optimizer() will just free the optprobe on freeing_list. +So I changed it to just do list_move() to freeing_list if optprobes are on +unoptimizing list. And the do_unoptimize_kprobe() will skip +arch_disarm_kprobe() if the probe on freeing_list has gone flag. + +Link: https://lore.kernel.org/all/Y8URdIfVr3pq2X8w@xpf.sh.intel.com/ +Link: https://lore.kernel.org/all/167448024501.3253718.13037333683110512967.stgit@devnote3/ + +Fixes: e4add247789e ("kprobes: Fix optimize_kprobe()/unoptimize_kprobe() cancellation logic") +Reported-by: Pengfei Xu +Signed-off-by: Masami Hiramatsu (Google) +Cc: stable@vger.kernel.org +Acked-by: Steven Rostedt (Google) +[fp: adjust comment conflict regarding commit 223a76b268c9 ("kprobes: Fix + coding style issues")] +Signed-off-by: Fedor Pchelkin +Signed-off-by: Greg Kroah-Hartman +--- + kernel/kprobes.c | 23 ++++++++++------------- + 1 file changed, 10 insertions(+), 13 deletions(-) + +--- a/kernel/kprobes.c ++++ b/kernel/kprobes.c +@@ -549,17 +549,15 @@ static void do_unoptimize_kprobes(void) + /* See comment in do_optimize_kprobes() */ + lockdep_assert_cpus_held(); + +- /* Unoptimization must be done anytime */ +- if (list_empty(&unoptimizing_list)) +- return; ++ if (!list_empty(&unoptimizing_list)) ++ arch_unoptimize_kprobes(&unoptimizing_list, &freeing_list); + +- arch_unoptimize_kprobes(&unoptimizing_list, &freeing_list); +- /* Loop free_list for disarming */ ++ /* Loop on 'freeing_list' for disarming and removing from kprobe hash list */ + list_for_each_entry_safe(op, tmp, &freeing_list, list) { + /* Switching from detour code to origin */ + op->kp.flags &= ~KPROBE_FLAG_OPTIMIZED; +- /* Disarm probes if marked disabled */ +- if (kprobe_disabled(&op->kp)) ++ /* Disarm probes if marked disabled and not gone */ ++ if (kprobe_disabled(&op->kp) && !kprobe_gone(&op->kp)) + arch_disarm_kprobe(&op->kp); + if (kprobe_unused(&op->kp)) { + /* +@@ -788,14 +786,13 @@ static void kill_optimized_kprobe(struct + op->kp.flags &= ~KPROBE_FLAG_OPTIMIZED; + + if (kprobe_unused(p)) { +- /* Enqueue if it is unused */ +- list_add(&op->list, &freeing_list); + /* +- * Remove unused probes from the hash list. After waiting +- * for synchronization, this probe is reclaimed. +- * (reclaiming is done by do_free_cleaned_kprobes().) ++ * Unused kprobe is on unoptimizing or freeing list. We move it ++ * to freeing_list and let the kprobe_optimizer() remove it from ++ * the kprobe hash list and free it. + */ +- hlist_del_rcu(&op->kp.hlist); ++ if (optprobe_queued_unopt(op)) ++ list_move(&op->list, &freeing_list); + } + + /* Don't touch the code, because it is already freed. */ diff --git a/queue-5.15/series b/queue-5.15/series index 7dd629ba271..b8a19a80a96 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -49,6 +49,8 @@ arm-sun9i-smp-fix-return-code-check-of-of_property_m.patch drm-crtc-fix-uninitialized-variable-use.patch acpi-resource-add-another-dmi-match-for-the-tongfang-gmxxgxx.patch revert-asoc-atmel-remove-system-clock-tree-configuration-for-at91sam9g20ek.patch +bpf-add-skip_encoding_btf_inconsistent_proto-btf_gen_optimized-to-pahole-flags-for-v1.25.patch +kprobes-fix-to-handle-forcibly-unoptimized-kprobes-on-freeing_list.patch revert-md-raid5-wait-for-md_sb_change_pending-in-raid5d.patch binder-use-epollerr-from-eventpoll.h.patch binder-fix-use-after-free-in-shinker-s-callback.patch -- 2.47.3