Another week, another -rc.
As usual, rc3 is a bit larger than rc2, as people have started finding
more issues.
Unusually, we have a large chunk of changes in filesystems. Part of it
is the vfs-level revert of some of the timestamp handling that needs
to soak a bit more, and part of it is some xfs fixes. With a few other
filesystem fixes too.
But drivers and architecture updates are also up there, so it's not
like the fs stuff dominates. It's just more noticeable than it usually
is.
Anyway, please do go test. None of this looks scary,
Linus
---
Ahmad Khalifa (1):
hwmon: (nct6775) Fix non-existent ALARM warning
Alexey Dobriyan (3):
uapi: stddef.h: Fix header guard location
uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++
selftests/proc: fixup proc-empty-vm test after KSM changes
Alison Schofield (2):
cxl/region: Match auto-discovered region decoders by HPA range
cxl/region: Refactor granularity select in cxl_port_setup_targets()
Andreas Gruenbacher (1):
gfs2: Fix another freeze/thaw hang
Andrew Morton (1):
revert "scripts/gdb/symbols: add specific ko module load command"
Andrii Nakryiko (1):
selftests/bpf: ensure all CI arches set CONFIG_BPF_KPROBE_OVERRIDE=y
Andy Shevchenko (2):
net: core: Use the bitmap API to allocate bitmaps
LoongArch: Use _UL() and _ULL()
Anna Schumaker (1):
Revert "SUNRPC: clean up integer overflow check"
Anup Patel (4):
RISC-V: KVM: Fix KVM_GET_REG_LIST API for ISA_EXT registers
RISC-V: KVM: Fix riscv_vcpu_get_isa_ext_single() for missing extensions
KVM: riscv: selftests: Fix ISA_EXT register handling in get-reg-list
KVM: riscv: selftests: Selectively filter-out AIA registers
Ard Biesheuvel (1):
acpi: Provide ia64 dummy implementation of acpi_proc_quirk_mwait_check()
Arnd Bergmann (2):
net: ti: icssg-prueth: add PTP dependency
drm: fix up fbdev Kconfig defaults
Artem Chernyshev (1):
net: rds: Fix possible NULL-pointer dereference
Artem Savkov (1):
selftests/bpf: fix unpriv_disabled check in test_verifier
August Wikerfors (1):
ASoC: amd: yc: Fix non-functional mic on Lenovo 82QF and 82UG
Bard Liao (1):
ASoC: SOF: ipc4-topology: fix wrong sizeof argument
Bartosz Golaszewski (1):
gpio: sim: fix an invalid __free() usage
Ben Skeggs (1):
MAINTAINERS: remove myself as nouveau maintainer
Ben Wolsieffer (2):
proc: nommu: /proc/<pid>/maps: release mmap read lock
proc: nommu: fix empty /proc/<pid>/maps
Benjamin Gray (4):
powerpc/watchpoints: Disable preemption in thread_change_pc()
powerpc/watchpoint: Disable pagefaults when getting user instruction
powerpc/watchpoints: Annotate atomic context in more places
powerpc/dexcr: Move HASHCHK trap handler
Benjamin Poirier (1):
vxlan: Add missing entries to vxlan_get_size()
Bernd Schubert (1):
btrfs: file_remove_privs needs an exclusive lock in direct io write
Bibo Mao (1):
LoongArch: Fix some build warnings with W=1
Bob Peterson (2):
gfs2: fix glock shrinker ref issues
gfs2: Fix quota=quiet oversight
Cai Huoqing (1):
net: hinic: Fix warning-hinic_set_vlan_fliter() warn: variable
dereferenced before check 'hwdev'
Chancel Liu (1):
ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link
Charles Keepax (3):
ASoC: soc-pcm: Shrink stack frame for __soc_pcm_hw_params
ASoC: cs42l43: Add shared IRQ flag for shutters
mfd: cs42l43: Use correct macro for new-style PM runtime ops
Chen Ni (1):
ASoC: hdaudio.c: Add missing check for devm_kstrdup
Christian Brauner (5):
Revert "tmpfs: add support for multigrain timestamps"
Revert "xfs: switch to multigrain timestamps"
Revert "ext4: switch to multigrain timestamps"
Revert "btrfs: convert to multigrain timestamps"
Revert "fs: add infrastructure for multigrain timestamps"
Christoph Hellwig (1):
iomap: handle error conditions more gracefully in iomap_to_bh
Christophe JAILLET (5):
bpf: Fix a erroneous check after snprintf()
media: i2c: max9286: Remove an incorrect fwnode_handle_put() call
media: i2c: rdacm21: Remove an incorrect fwnode_handle_put() call
media: imx-mipi-csis: Remove an incorrect fwnode_handle_put() call
gpio: tb10x: Fix an error handling path in tb10x_gpio_probe()
Christophe Leroy (1):
powerpc/82xx: Select FSL_SOC
Cong Liu (1):
drm/amdgpu: fix a memory leak in amdgpu_ras_feature_enable
Dan Carpenter (3):
ASoC: codecs: aw88395: Fix some error codes
nouveau/u_memcpya: fix NULL vs error pointer bug
drm/i915/gt: Prevent error pointer dereference
Dan Williams (1):
cxl/port: Fix cxl_test register enumeration regression
Daniel Scally (1):
i2c: xiic: Correct return value check for xiic_reinit()
Danilo Krummrich (2):
drm/nouveau: fence: fix type cast warning in nouveau_fence_emit()
drm/nouveau: sched: fix leaking memory of timedout job
Darrick J. Wong (16):
xfs: fix per-cpu CIL structure aggregation racing with dying cpus
xfs: fix an agbno overflow in __xfs_getfsmap_datadev
xfs: use per-mount cpumask to track nonempty percpu inodegc lists
xfs: remove the all-mounts list
xfs: remove CPU hotplug infrastructure
xfs: use i_prev_unlinked to distinguish inodes that are not on
the unlinked list
xfs: allow inode inactivation during a ro mount log recovery
xfs: reload entire unlinked bucket lists
xfs: fix log recovery when unknown rocompat bits are set
xfs: reserve less log space when recovering log intent items
xfs: load uncached unlinked inodes into memory on demand
xfs: make inode unlinked bucket recovery work with quotacheck
xfs: require a relatively recent V5 filesystem for LARP mode
xfs: only call xchk_stats_merge after validating scrub inputs
iomap: don't skip reading in !uptodate folios when unsharing a range
iomap: convert iomap_unshare_iter to use large folios
Dave Airlie (1):
nouveau/u_memcpya: use vmemdup_user
Dave Wysochanski (1):
netfs: Only call folio_start_fscache() one time for each folio
David Christensen (1):
ionic: fix 16bit math issue when PAGE_SIZE >= 64KB
Dennis Bonke (1):
platform/x86: thinkpad_acpi: Take mutex in hotkey_resume
Ding Xiang (1):
selftests: ALSA: remove unused variables
Eduard Zingerman (2):
bpf: Avoid dummy bpf_offload_netdev in __bpf_prog_dev_bound_init
selftests/bpf: Offloaded prog after non-offloaded should not cause BUG
Edward Cree (1):
sfc: handle error pointers returned by rhashtable_lookup_get_insert_fast()
Eric Dumazet (3):
scsi: iscsi_tcp: restrict to TCP sockets
dccp: fix dccp_v4_err()/dccp_v6_err() again
net: bridge: use DEV_STATS_INC()
Filipe Manana (3):
btrfs: set last dir index to the current last index when opening dir
btrfs: refresh dir last index during a rewinddir(3) call
btrfs: fix race between reading a directory and adding entries to it
Florian Westphal (3):
netfilter: conntrack: fix extension size table
netfilter: nf_tables: disable toggling dormant table state more than once
netfilter: nf_tables: fix memleak when more than 255 elements expired
Geert Uytterhoeven (1):
sh: mm: re-add lost __ref to ioremap_prot() to fix modpost warning
Gerhard Engleder (3):
tsnep: Fix NAPI scheduling
tsnep: Fix ethtool channels
tsnep: Fix NAPI polling with budget 0
Guenter Roeck (1):
ASoC: wm8960: Fix error handling in probe
Hamza Mahfooz (1):
drm/amd/display: fix the ability to use lower resolution modes on eDP
Han Xu (1):
spi: nxp-fspi: reset the FLSHxCR1 registers
Hans Verkuil (2):
media: bt8xx: bttv_risc_packed(): remove field checks
media: vb2: frame_vector.c: replace WARN_ONCE with a comment
Hans de Goede (6):
ASoC: rt5640: Revert "Fix sleep in atomic context"
ASoC: rt5640: Fix sleep in atomic context
ASoC: rt5640: Do not disable/enable IRQ twice on suspend/resume
ASoC: rt5640: Enable the IRQ on resume after configuring jack-detect
ASoC: rt5640: Fix IRQ not being free-ed for HDA jack detect mode
ASoC: rt5640: Only cancel jack-detect work on suspend if active
Heiko Carstens (1):
s390: update defconfigs
Heiner Kallweit (1):
i2c: i801: unregister tco_pdev in i801_probe() error path
Helge Deller (1):
LoongArch: Fix lockdep static memory detection
Hou Tao (5):
bpf: Adjust size_index according to the value of KMALLOC_MIN_SIZE
bpf: Don't prefill for unused bpf_mem_cache
bpf: Ensure unit_size is matched with slab cache object size
selftests/bpf: Test all valid alloc sizes for bpf mem allocator
bpf: Skip unit_size checking for global per-cpu allocator
Huacai Chen (3):
LoongArch: Set all reserved memblocks on Node#0 at initialization
kasan: Cleanup the __HAVE_ARCH_SHADOW_MAP usage
LoongArch: Don't inline kasan_mem_to_shadow()/kasan_shadow_to_mem()
Ilpo Järvinen (2):
MAINTAINERS: Add myself into x86 platform driver maintainers
MAINTAINERS: Add x86 platform drivers patchwork
Ilya Leoshkevich (1):
netfilter, bpf: Adjust timeouts of non-confirmed CTs in
bpf_ct_insert_entry()
Ira Weiny (1):
cxl/mbox: Fix CEL logic for poison and security commands
Ivan Vecera (1):
i40e: Fix VF VLAN offloading when port VLAN is configured
Jani Nikula (1):
drm/meson: fix memory leak on ->hpd_notify callback
Janusz Krzysztofik (1):
drm/tests: Fix incorrect argument in drm_test_mm_insert_range
Jean-Philippe Brucker (1):
KVM: arm64: nvhe: Ignore SVE hint in SMCCC function ID
Jens Axboe (1):
task_work: add kerneldoc annotation for 'data' argument
Jerome Brunet (1):
ASoC: meson: spdifin: start hw on dai probe
Jian Shen (1):
net: hns3: only enable unicast promisc when mac table full
Jie Wang (3):
net: hns3: add cmdq check for vf periodic service task
net: hns3: fix GRE checksum offload issue
net: hns3: add 5ms delay before clear firmware reset irq source
Jijie Shao (1):
net: hns3: fix fail to delete tc flower rules during reset issue
Jinjie Ruan (6):
net: microchip: sparx5: Fix memory leak for
vcap_api_rule_add_keyvalue_test()
net: microchip: sparx5: Fix memory leak for
vcap_api_rule_add_actionvalue_test()
net: microchip: sparx5: Fix possible memory leak in
vcap_api_encode_rule_test()
net: microchip: sparx5: Fix possible memory leaks in
test_vcap_xn_rule_creator()
net: microchip: sparx5: Fix possible memory leaks in vcap_api_kunit
net/handshake: Fix memory leak in __sock_create() and sock_alloc_file()
Jiri Olsa (5):
bpf: Add override check to kprobe multi link attach
selftests/bpf: Add kprobe_multi override test
selftests/bpf: Fix kprobe_multi_test/attach_override test
bpf: Fix uprobe_multi get_pid_task error path
bpf: Fix BTF_ID symbol generation collision
Jisheng Zhang (1):
net: stmmac: fix incorrect rxq|txq_stats reference
Johan Hovold (1):
spi: zynqmp-gqspi: fix clock imbalance on probe failure
Johannes Weiner (2):
mm: page_alloc: fix CMA and HIGHATOMIC landing on the wrong buddy list
mm: memcontrol: fix GFP_NOFS recursion in memory.high enforcement
Johnathan Mantey (1):
ncsi: Propagate carrier gain/loss events to the NCSI controller
Josef Bacik (1):
btrfs: don't clear uptodate on write errors
Josh Poimboeuf (5):
x86/srso: Fix srso_show_state() side effect
x86/srso: Set CPUID feature bits independently of bug or mitigation status
x86/srso: Don't probe microcode in a guest
x86/srso: Fix SBPB enablement for spec_rstack_overflow=off
x86/alternatives: Remove faulty optimization
José Pekkarinen (1):
drm/virtio: clean out_fence on complete_submit
Jozsef Kadlecsik (1):
netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP
Juergen Gross (4):
xen: simplify evtchn_do_upcall() call maze
arm/xen: remove lazy mode related definitions
x86/xen: move paravirt lazy code
x86/xen: allow nesting of same lazy mode
Julia Lawall (1):
ASoC: rsnd: add missing of_node_put
Justin Stitt (1):
xen/efi: refactor deprecated strncpy
Kailang Yang (3):
ALSA: hda/realtek - Fixed two speaker platform
ALSA: hda: Disable power save for solving pop issue on Lenovo
ThinkCentre M70q
ALSA: hda/realtek - ALC287 Realtek I2S speaker platform support
Kajol Jain (1):
powerpc/perf/hv-24x7: Update domain value check
Karol Wachowski (1):
accel/ivpu/40xx: Fix buttress interrupt handling
Kees Cook (1):
cxl/acpi: Annotate struct cxl_cxims_data with __counted_by
Kirill A. Shutemov (1):
efi/unaccepted: Make sure unaccepted table is mapped
Knyazev Arseniy (1):
ALSA: hda/realtek: Splitting the UX3402 into two separate models
Kristina Martsenko (1):
arm64: cpufeature: Fix CLRBHB and BC detection
Kyle Zeng (1):
ipv4: fix null-deref in ipv4_link_failure
Laurent Pinchart (3):
media: i2c: imx219: Fix a typo referring to a wrong variable
media: i2c: imx219: Fix crop rectangle setting when changing format
media: i2c: imx219: Perform a full mode set unconditionally
Liam R. Howlett (1):
kernel/sched: Modify initial boot task idle setup
Liang He (1):
i2c: mux: gpio: Add missing fwnode_handle_put()
Lijo Lazar (1):
Revert "drm/amdgpu: Report vbios version instead of PN"
Linus Torvalds (1):
Linux 6.6-rc3
Lukas Bulwahn (1):
xfs: fix select in config XFS_ONLINE_SCRUB_STATS
Lukasz Majewski (1):
net: hsr: Properly parse HSRv1 supervisor frames.
Marc Zyngier (1):
KVM: arm64: Properly return allocated EL2 VA from
hyp_alloc_private_va_range()
Mark Brown (3):
arm64/sme: Include ID_AA64PFR1_EL1.SME in cpu-feature-registers.rst
arm64/hbc: Document HWCAP2_HBC
arm64: Document missing userspace visible fields in ID_AA64ISAR2_EL1
Mark Rutland (1):
locking/atomic: scripts: fix fallback ifdeffery
Matthew Wilcox (Oracle) (1):
btrfs: convert btrfs_read_merkle_tree_page() to use a folio
Michael Walle (1):
MAINTAINERS: gpio-regmap: make myself a maintainer of it
Michal Wilczynski (1):
ACPI: processor: Fix uninitialized access of buf in acpi_set_pdc_bits()
Mika Westerberg (2):
spi: intel-pci: Add support for Granite Rapids SPI serial flash
net: thunderbolt: Fix TCPv6 GSO checksum calculation
Mike Rapoport (IBM) (2):
memblock tests: fix warning: "__ALIGN_KERNEL" redefined
memblock tests: fix warning ‘struct seq_file’ declared inside
parameter list
Muhammad Ahmed (1):
drm/amd/display: Fix MST recognizes connected displays as one
Muhammad Husaini Zulkifli (1):
igc: Expose tx-usecs coalesce setting to user
Naveen N Rao (1):
powerpc: Fix build issue with LD_DEAD_CODE_DATA_ELIMINATION and
FTRACE_MCOUNT_USE_PATCHABLE_FUNCTION_ENTRY
Nick Desaulniers (1):
bpf: Fix BTF_ID symbol generation collision in tools/
Olga Kornievskaia (2):
NFSv4.1: fix pnfs MDS=DS session trunking
NFSv4.1: fix zero value filehandle in post open getattr
Oliver Upton (1):
MAINTAINERS: Use wildcard pattern for ARM PMU headers
Pablo Neira Ayuso (6):
netfilter: nf_tables: disallow rule removal from chain binding
netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention
netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GC
netfilter: nft_set_pipapo: stop GC iteration if GC transaction
allocation fails
netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration
netfilter: nf_tables: disallow element removal on anonymous sets
Paolo Abeni (5):
mptcp: fix bogus receive window shrinkage with multiple subflows
mptcp: move __mptcp_error_report in protocol.c
mptcp: process pending subflow error on close
mptcp: rename timer related helper to less confusing names
mptcp: fix dangling connection hang-up
Paolo Bonzini (2):
KVM: x86/mmu: Do not filter address spaces in
for_each_tdp_mmu_root_yield_safe()
KVM: SVM: INTERCEPT_RDTSCP is never intercepted anyway
Paulo Alcantara (1):
smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED
Peter Lafreniere (3):
Documentation: netdev: fix dead link in ax25.rst
MAINTAINERS: Update link for linux-ax25.org
ax25: Kconfig: Update link for linux-ax25.org
Peter Oberparleiter (1):
s390/cert_store: fix string length handling
Peter Ujfalusi (6):
ALSA: core: Use dev_name of card_dev as debugfs directory name
ALSA: hda: intel-sdw-acpi: Use u8 type for link index
ALSA: usb-audio: mixer: Remove temporary string use in
parse_clock_source_unit
ASoC: SOF: sof-audio: Fix DSP core put imbalance on widget setup failure
ASoC: SOF: core: Only call sof_ops_free() on remove if the probe
was successful
ALSA: usb-audio: scarlett_gen2: Fix another -Wformat-truncation warning
Peter Zijlstra (1):
x86,static_call: Fix static-call vs return-thunk
Petr Oros (2):
iavf: add iavf_schedule_aq_request() helper
iavf: schedule a request immediately after add/delete vlan
Phil Sutter (2):
netfilter: nf_tables: Fix entries val in rule reset audit log
selftests: netfilter: Test nf_tables audit logging
Radoslaw Tyl (1):
iavf: do not process adminq tasks when __IAVF_IN_REMOVE_TASK is set
Rafael J. Wysocki (1):
thermal: sysfs: Fix trip_point_hyst_store()
Randy Dunlap (4):
bpf, cgroup: fix multiple kernel-doc warnings
scatterlist: add missing function params to kernel-doc
argv_split: fix kernel-doc warnings
pidfd: prevent a kernel-doc warning
Ranjani Sridharan (1):
ASoC: SOF: Intel: MTL: Reduce the DSP init timeout
Ricardo Ribalda (1):
media: uvcvideo: Fix OOB read
Richard Fitzgerald (12):
ASoC: cs35l56: Call pm_runtime_dont_use_autosuspend()
ALSA: hda: cs35l56: Call pm_runtime_dont_use_autosuspend()
ASoC: cs35l56: Disable low-power hibernation mode
ALSA: hda: cs35l56: Disable low-power hibernation mode
ASoC: cs42l42: Ensure a reset pulse meets minimum pulse width.
ASoC: cs42l42: Don't rely on GPIOD_OUT_LOW to set RESET initially low
ASoC: cs42l42: Avoid stale SoundWire ATTACH after hard reset
firmware: cirrus: cs_dsp: Only log list of algorithms in debug build
ASoC: wm_adsp: Fix missing locking in wm_adsp_[read|write]_ctl()
ALSA: hda: cs35l56: Don't 'return ret' if ret is always zero
ALSA: hda: cs35l56: Fix missing RESET GPIO if _SUB is missing
ALSA: hda: cs35l56: Use the new RUNTIME_PM_OPS() macro
Rick Edgecombe (3):
x86/shstk: Handle vfork clone failure correctly
x86/shstk: Remove useless clone error handling
x86/shstk: Add warning for shadow stack double unmap
Rik van Riel (1):
x86/mm, kexec, ima: Use memblock_free_late() from ima_free_kexec_buffer()
Rong Tao (1):
memblock tests: Fix compilation errors.
Ryan Roberts (1):
selftests: link libasan statically for tests with -fsanitize=address
Sabrina Dubroca (1):
selftests: tls: swap the TX and RX sockets in some tests
Sakari Ailus (4):
media: pci: ivsc: Select build dependencies
media: v4l: Use correct dependency for camera sensor drivers
media: via: Use correct dependency for camera sensor drivers
media: ivsc: Depend on VIDEO_DEV
Sameer Pujar (2):
ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol
ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates
Sasha Neftin (1):
net/core: Fix ETH_P_1588 flow dissector
Sean Christopherson (3):
KVM: selftests: Assert that vasprintf() is successful
KVM: x86/mmu: Open code leaf invalidation from mmu_notifier
KVM: x86/mmu: Stop zapping invalidated TDP MMU roots asynchronously
Sebastian Andrzej Siewior (8):
net: hsr: Add __packed to struct hsr_sup_tlv.
selftests: hsr: Use `let' properly.
selftests: hsr: Reorder the testsuite.
selftests: hsr: Extend the testsuite to also cover HSRv1.
locking/seqlock: Do the lockdep annotation before locking in
do_write_seqcount_begin_nested()
net: ena: Flush XDP packets on error.
bnxt_en: Flush XDP for bnxt_poll_nitroa0()'s NAPI
octeontx2-pf: Do xdp_do_flush() after redirects.
Shengjiu Wang (2):
ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag
ASoC: imx-audmix: Fix return error with devm_clk_get()
Shinas Rasheed (1):
octeon_ep: fix tx dma unmap len values in SG
Smita Koralahalli (3):
cxl/pci: Fix appropriate checking for _OSC while handling CXL
RAS registers
PCI/AER: Export pcie_aer_is_native()
cxl/pci: Replace host_bridge->native_aer with pcie_aer_is_native()
Stanislav Fomichev (2):
bpf: Clarify error expectations from bpf_clone_redirect
selftests/bpf: Update bpf_clone_redirect expected return code
Stefan Moring (1):
spi: imx: Take in account bits per word instead of assuming 8-bits
Stephen Boyd (4):
platform/x86: intel_scu_ipc: Check status after timeout in busy_loop()
platform/x86: intel_scu_ipc: Check status upon timeout in
ipc_wait_for_interrupt()
platform/x86: intel_scu_ipc: Don't override scu in
intel_scu_ipc_dev_simple_command()
platform/x86: intel_scu_ipc: Fail IPC send if still busy
Steve French (4):
smb3: Add dynamic trace points for RDMA (smbdirect) reconnect
smb3: do not start laundromat thread when dir leases disabled
smb3: remove duplicate error mapping
smb3: fix confusing debug message
Steven Rostedt (Google) (1):
eventfs: Remember what dentries were created on dir open
Takashi Iwai (19):
ALSA: docs: Fix a typo of midi2_ump_probe option for snd-usb-audio
ALSA: seq: Avoid delivery of events for disabled UMP groups
ALSA: seq: ump: Fix -Wformat-truncation warning
ALSA: seq: midi: Fix -Wformat-truncation warning
ALSA: usb-audio: scarlett_gen2: Fix -Wformat-truncation warning
ALSA: caiaq: Fix -Wformat-truncation warning
ALSA: sscape: Fix -Wformat-truncation warning
ALSA: cs4236: Fix -Wformat-truncation warning
ALSA: es1688: Fix -Wformat-truncation warning
ALSA: opti9x: Fix -Wformat-truncation warning
ALSA: xen: Fix -Wformat-truncation warning
ALSA: firewire: Fix -Wformat-truncation warning for longname string
ALSA: firewire: Fix -Wformat-truncation warning for MIDI stream names
ALSA: cmipci: Fix -Wformat-truncation warning
ALSA: hda: generic: Check potential mixer name string truncation
ALSA: ad1848: Fix -Wformat-truncation warning for longname string
ALSA: cs4231: Fix -Wformat-truncation warning for longname string
ALSA: riptide: Fix -Wformat-truncation warning for longname string
ALSA: rawmidi: Fix NULL dereference at proc read
Thomas Zimmermann (1):
fbdev/sh7760fb: Depend on FB=y
Tianjia Zhang (1):
crypto: sm2 - Fix crash caused by uninitialized context
Tiezhu Yang (3):
LoongArch: Remove dead code in relocate_new_kernel
docs/LoongArch: Update the links of ABI
docs/zh_CN/LoongArch: Update the links of ABI
Toke Høiland-Jørgensen (1):
bpf: Avoid deadlock when using queue and stack maps from NMI
Tom Lendacky (2):
KVM: SVM: Fix TSC_AUX virtualization setup
KVM: SVM: Do not use user return MSR support for virtualized TSC_AUX
Trond Myklebust (9):
NFS: Fix error handling for O_DIRECT write scheduling
NFS: Fix O_DIRECT locking issues
NFS: More O_DIRECT accounting fixes for error paths
NFS: Use the correct commit info in nfs_join_page_group()
NFS: More fixes for nfs_direct_write_reschedule_io()
NFS/pNFS: Report EINVAL errors from connect() to the server
SUNRPC: Mark the cred for revalidation if the server rejects it
Revert "SUNRPC: Fail faster on bad verifier"
SUNRPC: Silence compiler complaints about tautological comparisons
Umesh Nerlige Ramappa (1):
i915/pmu: Move execlist stats initialization to execlist specific setup
Valentin Caron (1):
spi: stm32: add a delay before SPI disable
Vincent Whitchurch (2):
regulator: Fix voltage range selection
x86/asm: Fix build of UML with KASAN
Vinicius Costa Gomes (1):
igc: Fix infinite initialization loop with early XDP redirect
Walt Holman (1):
Add DMI ID for MSI Bravo 15 B7ED
Wang Jianchao (1):
xfs: use roundup_pow_of_two instead of ffs during xlog_find_tail
Xiaoke Wang (1):
i2c: mux: demux-pinctrl: check the return value of devm_kstrdup()
Yann Sionneau (1):
i2c: designware: fix __i2c_dw_disable() in case master is holding SCL low
Yin Fengwei (1):
filemap: add filemap_map_order0_folio() to handle order0 folio
YuBiao Wang (1):
drm/amdkfd: Use gpu_offset for user queue's wptr
Zhang Xiaoxu (1):
cifs: Fix UAF in cifs_demultiplex_thread()
Zheng Yejian (1):
ring-buffer: Fix bytes info in per_cpu buffer stats
Ziyang Xuan (1):
team: fix null-ptr-deref when team device type is changed
Below is the list of build error/warning regressions/improvements in
v6.6-rc3[1] compared to v6.5[2].
Summarized:
- build errors: +4/-5
- build warnings: +36/-6
JFYI, when comparing v6.6-rc3[1] to v6.6-rc2[3], the summaries are:
- build errors: +11/-4
- build warnings: +1479/-1
Note that there may be false regressions, as some logs are incomplete.
Still, they're build errors/warnings.
Happy fixing! ;-)
Thanks to the linux-next team for providing the build service.
[1] http://kisskb.ellerman.id.au/kisskb/branch/linus/head/6465e260f48790807eef06b583b38ca9789b6072/ (all 239 configs)
[2] http://kisskb.ellerman.id.au/kisskb/branch/linus/head/2dde18cd1d8fac735875f2e4987f11817cc0bc2c/ (234 out of 239 configs)
[3] http://kisskb.ellerman.id.au/kisskb/branch/linus/head/ce9ecca0238b140b88f43859b211c9fdfd8e5b70/ (237 out of 239 configs)
*** ERRORS ***
4 error regressions:
+ error: modpost: ".L872" [drivers/mtd/nand/raw/nand.ko] undefined!: => N/A
+ {standard input}: Error: expected comma after name `xpcs_co' in .size directive: => 1100
+ {standard input}: Error: expected symbol name: => 1095
+ {standard input}: Error: pcrel too far: => 932, 939, 940
5 error improvements:
- error: modpost: ".L856" [drivers/mtd/nand/raw/nand.ko] undefined!: N/A =>
- {standard input}: Error: Missing symbol name in directive: 1096 =>
- {standard input}: Error: unknown opcode: 1091 =>
- {standard input}: Error: unknown pseudo-op: `.glo': 1097 =>
- {standard input}: Error: unrecognized symbol type "": 1096 =>
*** WARNINGS ***
36 warning regressions:
+ /kisskb/src/fs/btrfs/volumes.c: warning: 'dev_offset' may be used uninitialized [-Wmaybe-uninitialized]: => 5245:48
+ /kisskb/src/fs/btrfs/volumes.c: warning: 'dev_offset' may be used uninitialized in this function [-Wmaybe-uninitialized]: => 5245:34
+ /kisskb/src/fs/btrfs/volumes.c: warning: 'max_avail' may be used uninitialized in this function [-Wmaybe-uninitialized]: => 5246:33
+ modpost: WARNING: modpost: "__ashldi3" [fs/ext2/ext2.ko] has no CRC!: => N/A
+ modpost: WARNING: modpost: "__lshrdi3" [drivers/block/ublk_drv.ko] has no CRC!: => N/A
+ modpost: WARNING: modpost: "__ndelay" [drivers/mtd/nand/raw/qcom_nandc.ko] has no CRC!: => N/A
+ modpost: WARNING: modpost: "__udelay" [drivers/char/hw_random/geode-rng.ko] has no CRC!: => N/A
+ modpost: WARNING: modpost: "__udelay" [drivers/char/hw_random/ingenic-rng.ko] has no CRC!: => N/A
+ modpost: WARNING: modpost: "__udelay" [drivers/char/hw_random/intel-rng.ko] has no CRC!: => N/A
+ modpost: WARNING: modpost: "__udelay" [drivers/char/hw_random/mxc-rnga.ko] has no CRC!: => N/A
+ modpost: WARNING: modpost: "__udelay" [drivers/char/hw_random/xgene-rng.ko] has no CRC!: => N/A
+ modpost: WARNING: modpost: "__udelay" [drivers/comedi/drivers/adl_pci9118.ko] has no CRC!: => N/A
+ modpost: WARNING: modpost: "__udelay" [drivers/comedi/drivers/amplc_pci230.ko] has no CRC!: => N/A
+ modpost: WARNING: modpost: "__udelay" [drivers/comedi/drivers/cb_das16_cs.ko] has no CRC!: => N/A
+ modpost: WARNING: modpost: "__udelay" [drivers/comedi/drivers/cb_pcidas.ko] has no CRC!: => N/A
+ modpost: WARNING: modpost: "__udelay" [drivers/comedi/drivers/das800.ko] has no CRC!: => N/A
+ modpost: WARNING: modpost: "__udelay" [drivers/comedi/drivers/mpc624.ko] has no CRC!: => N/A
+ modpost: WARNING: modpost: "__udelay" [drivers/comedi/drivers/ni_atmio.ko] has no CRC!: => N/A
+ modpost: WARNING: modpost: "__udelay" [drivers/comedi/drivers/ni_labpc_common.ko] has no CRC!: => N/A
+ modpost: WARNING: modpost: "__udelay" [drivers/comedi/drivers/pcl812.ko] has no CRC!: => N/A
+ modpost: WARNING: modpost: "__udelay" [drivers/comedi/drivers/pcl816.ko] has no CRC!: => N/A
+ modpost: WARNING: modpost: "__udelay" [drivers/comedi/drivers/pcl818.ko] has no CRC!: => N/A
+ modpost: WARNING: modpost: "__udelay" [drivers/comedi/drivers/rti800.ko] has no CRC!: => N/A
+ modpost: WARNING: modpost: "__udelay" [drivers/hwmon/hs3001.ko] has no CRC!: => N/A
+ modpost: WARNING: modpost: "__udelay" [drivers/mtd/nand/raw/qcom_nandc.ko] has no CRC!: => N/A
+ modpost: WARNING: modpost: "__udelay" [drivers/net/ethernet/broadcom/asp2/bcm-asp.ko] has no CRC!: => N/A
+ modpost: WARNING: modpost: "__udelay" [drivers/net/wireless/mediatek/mt76/mt792x-lib.ko] has no CRC!: => N/A
+ modpost: WARNING: modpost: "__udelay" [drivers/phy/qualcomm/phy-qcom-m31.ko] has no CRC!: => N/A
+ modpost: WARNING: modpost: "__udelay" [drivers/phy/realtek/phy-rtk-usb2.ko] has no CRC!: => N/A
+ modpost: WARNING: modpost: "__udelay" [drivers/phy/realtek/phy-rtk-usb3.ko] has no CRC!: => N/A
+ modpost: WARNING: modpost: "__udelay" [drivers/phy/rockchip/phy-rockchip-inno-usb2.ko] has no CRC!: => N/A
+ modpost: WARNING: modpost: "__udelay" [drivers/pmdomain/amlogic/meson-ee-pwrc.ko] has no CRC!: => N/A
+ modpost: WARNING: modpost: "__udelay" [drivers/pmdomain/amlogic/meson-gx-pwrc-vpu.ko] has no CRC!: => N/A
+ modpost: WARNING: modpost: "__udelay" [drivers/watchdog/gxp-wdt.ko] has no CRC!: => N/A
+ modpost: WARNING: modpost: "__udelay" [drivers/watchdog/smsc37b787_wdt.ko] has no CRC!: => N/A
+ {standard input}: Warning: end of file not at end of a line; newline inserted: => 1094
6 warning improvements:
- modpost: WARNING: modpost: "__udelay" [drivers/hwmon/smm665.ko] has no CRC!: N/A =>
- modpost: WARNING: modpost: "__udelay" [drivers/net/wireless/mediatek/mt76/mt7921/mt7921-common.ko] has no CRC!: N/A =>
- modpost: WARNING: modpost: "__udelay" [drivers/net/wireless/mediatek/mt76/mt7996/mt7996e.ko] has no CRC!: N/A =>
- modpost: WARNING: modpost: "__udelay" [drivers/soc/amlogic/meson-ee-pwrc.ko] has no CRC!: N/A =>
- modpost: WARNING: modpost: "__udelay" [drivers/soc/amlogic/meson-gx-pwrc-vpu.ko] has no CRC!: N/A =>
- modpost: WARNING: modpost: "__udelay" [sound/soc/codecs/snd-soc-l3.ko] has no CRC!: N/A =>
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- [email protected]
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
On Sun, Sep 24, 2023 at 02:36:21PM -0700, Linus Torvalds wrote:
> Another week, another -rc.
>
> As usual, rc3 is a bit larger than rc2, as people have started finding
> more issues.
>
> Unusually, we have a large chunk of changes in filesystems. Part of it
> is the vfs-level revert of some of the timestamp handling that needs
> to soak a bit more, and part of it is some xfs fixes. With a few other
> filesystem fixes too.
>
> But drivers and architecture updates are also up there, so it's not
> like the fs stuff dominates. It's just more noticeable than it usually
> is.
>
> Anyway, please do go test. None of this looks scary,
>
> Linus
>
> ---
[...]
> Peter Zijlstra (1):
> x86,static_call: Fix static-call vs return-thunk
Hello, the commit above caused a crash on x86 kernel with
CONFIG_DEBUG_VIRTUAL=y.
The compiler version is gcc (GCC) 13.2.1 20230728 (Red Hat 13.2.1-1),
and below are dmesg (raw), dmesg (decoded), git bisect log,
and the configuration used.
I'm not sure if it would lead to an unwelcome surprise, because
vmalloc_to_page(any valid kernel address) should work anyway.
But it seems that by some reason, while updating kernel code,
the kernel confuses kernel text area with vmalloc/module area.
Should be an x86-specific issue.
==== dmesg (raw) ====
On top of commit aee9d30b9744, the log is below.
[ 0.242439] ------------[ cut here ]------------
[ 0.242840] kernel BUG at mm/vmalloc.c:673!
[ 0.243255] invalid opcode: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC NOPTI
[ 0.243837] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.6.0-rc2+ #60
[ 0.243837] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-1.fc38 04/01/2014
[ 0.243837] RIP: 0010:vmalloc_to_page+0x28b/0x390
[ 0.243837] Code: 31 d0 48 23 05 5e d0 5e 01 48 c1 e8 0c 48 c1 e0 06 48 03 05 1f a5 5d 01 e9 cf fd ff ff e8 4d dd 8
[ 0.243837] RSP: 0018:ffffc90000013c68 EFLAGS: 00010246
[ 0.243837] RAX: ffffe8ffffffff00 RBX: ffffffff83ce1124 RCX: 0000000000000027
[ 0.243837] RDX: ffffc90000000000 RSI: ffffffff83ce1124 RDI: ffffffff83ce1124
[ 0.243837] RBP: ffffffff83020ff8 R08: 000000000000000f R09: ffffffff83cff7e5
[ 0.243837] R10: ffffffff83cff7e4 R11: ffffc90000013d6a R12: ffffc90000013d70
[ 0.243837] R13: 0000000000000125 R14: 0000000000000000 R15: ffffffff8321fef0
[ 0.243837] FS: 0000000000000000(0000) GS:ffff88813b400000(0000) knlGS:0000000000000000
[ 0.243837] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 0.243837] CR2: ffff88813f9ff000 CR3: 0000000003020000 CR4: 0000000000750ef0
[ 0.243837] PKRU: 55555554
[ 0.243837] Call Trace:
[ 0.243837] <TASK>
[ 0.243837] ? die+0x36/0x90
[ 0.243837] ? do_trap+0xda/0x100
[ 0.243837] ? vmalloc_to_page+0x28b/0x390
[ 0.243837] ? do_error_trap+0x6a/0x90
[ 0.243837] ? vmalloc_to_page+0x28b/0x390
[ 0.243837] ? exc_invalid_op+0x50/0x70
[ 0.243837] ? vmalloc_to_page+0x28b/0x390
[ 0.243837] ? asm_exc_invalid_op+0x1a/0x20
[ 0.243837] ? vmalloc_to_page+0x28b/0x390
[ 0.243837] ? vmalloc_to_page+0x283/0x390
[ 0.243837] __text_poke+0x2d8/0x510
[ 0.243837] ? __pfx_text_poke_memcpy+0x10/0x10
[ 0.243837] ? srso_alias_return_thunk+0x5/0x7f
[ 0.243837] ? text_poke_loc_init+0x78/0x1e0
[ 0.243837] text_poke_bp_batch+0x91/0x300
[ 0.243837] text_poke_bp+0x4f/0x70
[ 0.243837] __static_call_transform+0xc0/0x200
[ 0.243837] arch_static_call_transform+0x83/0xa0
[ 0.243837] __static_call_init+0x20e/0x280
[ 0.243837] ? __pfx_static_call_init+0x10/0x10
[ 0.243837] static_call_init+0x39/0xa0
[ 0.243837] ? __pfx_static_call_init+0x10/0x10
[ 0.243837] do_one_initcall+0x5d/0x320
[ 0.243837] kernel_init_freeable+0x231/0x470
[ 0.243837] ? __pfx_kernel_init+0x10/0x10
[ 0.243837] kernel_init+0x1a/0x1c0
[ 0.243837] ret_from_fork+0x34/0x50
[ 0.243837] ? __pfx_kernel_init+0x10/0x10
[ 0.243837] ret_from_fork_asm+0x1b/0x30
[ 0.243837] </TASK>
[ 0.243837] Modules linked in:
[ 0.243841] ---[ end trace 0000000000000000 ]---
[ 0.244395] RIP: 0010:vmalloc_to_page+0x28b/0x390
[ 0.244840] Code: 31 d0 48 23 05 5e d0 5e 01 48 c1 e8 0c 48 c1 e0 06 48 03 05 1f a5 5d 01 e9 cf fd ff ff e8 4d dd 8
[ 0.245840] RSP: 0018:ffffc90000013c68 EFLAGS: 00010246
[ 0.246349] RAX: ffffe8ffffffff00 RBX: ffffffff83ce1124 RCX: 0000000000000027
[ 0.246839] RDX: ffffc90000000000 RSI: ffffffff83ce1124 RDI: ffffffff83ce1124
[ 0.247516] RBP: ffffffff83020ff8 R08: 000000000000000f R09: ffffffff83cff7e5
[ 0.247839] R10: ffffffff83cff7e4 R11: ffffc90000013d6a R12: ffffc90000013d70
[ 0.248522] R13: 0000000000000125 R14: 0000000000000000 R15: ffffffff8321fef0
[ 0.248840] FS: 0000000000000000(0000) GS:ffff88813b400000(0000) knlGS:0000000000000000
[ 0.249611] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 0.249839] CR2: ffff88813f9ff000 CR3: 0000000003020000 CR4: 0000000000750ef0
[ 0.250522] PKRU: 55555554
[ 0.250792] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
[ 0.250837] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b ]---
==== dmesg (decoded) ====
[ 0.242439] ------------[ cut here ]------------
[ 0.242840] kernel BUG at mm/vmalloc.c:673!
[ 0.243255] invalid opcode: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC NOPTI
[ 0.243837] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-1.fc38 04/01/2014
[ 0.243837] RIP: 0010:vmalloc_to_page (mm/vmalloc.c:673 (discriminator 1))
[ 0.243837] Code: 31 d0 48 23 05 5e d0 5e 01 48 c1 e8 0c 48 c1 e0 06 48 03 05 1f a5 5d 01 e9 cf fd ff ff e8 4d dd ff ff 84 c0 0f 85 b2 fd ff ff <0f> 0b 48 81 e1 00 00 00 c0 e9 ea fe ff ff 0f 0b e9 ab fd ff ff 48
All code
========
0: 31 d0 xor %edx,%eax
2: 48 23 05 5e d0 5e 01 and 0x15ed05e(%rip),%rax # 0x15ed067
9: 48 c1 e8 0c shr $0xc,%rax
d: 48 c1 e0 06 shl $0x6,%rax
11: 48 03 05 1f a5 5d 01 add 0x15da51f(%rip),%rax # 0x15da537
18: e9 cf fd ff ff jmp 0xfffffffffffffdec
1d: e8 4d dd ff ff call 0xffffffffffffdd6f
22: 84 c0 test %al,%al
24: 0f 85 b2 fd ff ff jne 0xfffffffffffffddc
2a:* 0f 0b ud2 <-- trapping instruction
2c: 48 81 e1 00 00 00 c0 and $0xffffffffc0000000,%rcx
33: e9 ea fe ff ff jmp 0xffffffffffffff22
38: 0f 0b ud2
3a: e9 ab fd ff ff jmp 0xfffffffffffffdea
3f: 48 rex.W
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: 48 81 e1 00 00 00 c0 and $0xffffffffc0000000,%rcx
9: e9 ea fe ff ff jmp 0xfffffffffffffef8
e: 0f 0b ud2
10: e9 ab fd ff ff jmp 0xfffffffffffffdc0
15: 48 rex.W
[ 0.243837] RSP: 0018:ffffc90000013c68 EFLAGS: 00010246
[ 0.243837] RAX: ffffe8ffffffff00 RBX: ffffffff83ce1124 RCX: 0000000000000027
[ 0.243837] RDX: ffffc90000000000 RSI: ffffffff83ce1124 RDI: ffffffff83ce1124
[ 0.243837] RBP: ffffffff83020ff8 R08: 000000000000000f R09: ffffffff83cff7e5
[ 0.243837] R10: ffffffff83cff7e4 R11: ffffc90000013d6a R12: ffffc90000013d70
[ 0.243837] R13: 0000000000000125 R14: 0000000000000000 R15: ffffffff8321fef0
[ 0.243837] FS: 0000000000000000(0000) GS:ffff88813b400000(0000) knlGS:0000000000000000
[ 0.243837] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 0.243837] CR2: ffff88813f9ff000 CR3: 0000000003020000 CR4: 0000000000750ef0
[ 0.243837] PKRU: 55555554
[ 0.243837] Call Trace:
[ 0.243837] <TASK>
[ 0.243837] ? die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434 arch/x86/kernel/dumpstack.c:447)
[ 0.243837] ? do_trap (arch/x86/kernel/traps.c:112 arch/x86/kernel/traps.c:153)
[ 0.243837] ? vmalloc_to_page (mm/vmalloc.c:673 (discriminator 1))
[ 0.243837] ? do_error_trap (./arch/x86/include/asm/traps.h:59 arch/x86/kernel/traps.c:174)
[ 0.243837] ? vmalloc_to_page (mm/vmalloc.c:673 (discriminator 1))
[ 0.243837] ? exc_invalid_op (arch/x86/kernel/traps.c:265)
[ 0.243837] ? vmalloc_to_page (mm/vmalloc.c:673 (discriminator 1))
[ 0.243837] ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:568)
[ 0.243837] ? vmalloc_to_page (mm/vmalloc.c:673 (discriminator 1))
[ 0.243837] ? vmalloc_to_page (mm/vmalloc.c:673 (discriminator 2))
[ 0.243837] __text_poke (arch/x86/kernel/alternative.c:1783)
[ 0.243837] ? __pfx_text_poke_memcpy (arch/x86/kernel/alternative.c:1753)
[ 0.243837] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:186)
[ 0.243837] ? text_poke_loc_init (arch/x86/kernel/alternative.c:2308 (discriminator 1))
[ 0.243837] text_poke_bp_batch (arch/x86/kernel/alternative.c:2198 (discriminator 1))
[ 0.243837] text_poke_bp (arch/x86/kernel/alternative.c:2431)
[ 0.243837] __static_call_transform (arch/x86/kernel/static_call.c:112)
[ 0.243837] arch_static_call_transform (arch/x86/kernel/static_call.c:172)
[ 0.243837] __static_call_init (kernel/static_call_inline.c:233 (discriminator 1))
[ 0.243837] ? __pfx_static_call_init (kernel/static_call_inline.c:486)
[ 0.243837] static_call_init (kernel/static_call_inline.c:41 kernel/static_call_inline.c:497)
[ 0.243837] ? __pfx_static_call_init (kernel/static_call_inline.c:486)
[ 0.243837] do_one_initcall (init/main.c:1232)
[ 0.243837] kernel_init_freeable (init/main.c:1337 (discriminator 1) init/main.c:1537 (discriminator 1))
[ 0.243837] ? __pfx_kernel_init (init/main.c:1429)
[ 0.243837] kernel_init (init/main.c:1439)
[ 0.243837] ret_from_fork (arch/x86/kernel/process.c:153)
[ 0.243837] ? __pfx_kernel_init (init/main.c:1429)
[ 0.243837] ret_from_fork_asm (arch/x86/entry/entry_64.S:312)
[ 0.243837] </TASK>
[ 0.243837] Modules linked in:
[ 0.243841] ---[ end trace 0000000000000000 ]---
[ 0.244395] RIP: 0010:vmalloc_to_page (mm/vmalloc.c:673 (discriminator 1))
[ 0.244840] Code: 31 d0 48 23 05 5e d0 5e 01 48 c1 e8 0c 48 c1 e0 06 48 03 05 1f a5 5d 01 e9 cf fd ff ff e8 4d dd ff ff 84 c0 0f 85 b2 fd ff ff <0f> 0b 48 81 e1 00 00 00 c0 e9 ea fe ff ff 0f 0b e9 ab fd ff ff 48
All code
========
0: 31 d0 xor %edx,%eax
2: 48 23 05 5e d0 5e 01 and 0x15ed05e(%rip),%rax # 0x15ed067
9: 48 c1 e8 0c shr $0xc,%rax
d: 48 c1 e0 06 shl $0x6,%rax
11: 48 03 05 1f a5 5d 01 add 0x15da51f(%rip),%rax # 0x15da537
18: e9 cf fd ff ff jmp 0xfffffffffffffdec
1d: e8 4d dd ff ff call 0xffffffffffffdd6f
22: 84 c0 test %al,%al
24: 0f 85 b2 fd ff ff jne 0xfffffffffffffddc
2a:* 0f 0b ud2 <-- trapping instruction
2c: 48 81 e1 00 00 00 c0 and $0xffffffffc0000000,%rcx
33: e9 ea fe ff ff jmp 0xffffffffffffff22
38: 0f 0b ud2
3a: e9 ab fd ff ff jmp 0xfffffffffffffdea
3f: 48 rex.W
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: 48 81 e1 00 00 00 c0 and $0xffffffffc0000000,%rcx
9: e9 ea fe ff ff jmp 0xfffffffffffffef8
e: 0f 0b ud2
10: e9 ab fd ff ff jmp 0xfffffffffffffdc0
15: 48 rex.W
[ 0.245840] RSP: 0018:ffffc90000013c68 EFLAGS: 00010246
[ 0.246349] RAX: ffffe8ffffffff00 RBX: ffffffff83ce1124 RCX: 0000000000000027
[ 0.246839] RDX: ffffc90000000000 RSI: ffffffff83ce1124 RDI: ffffffff83ce1124
[ 0.247516] RBP: ffffffff83020ff8 R08: 000000000000000f R09: ffffffff83cff7e5
[ 0.247839] R10: ffffffff83cff7e4 R11: ffffc90000013d6a R12: ffffc90000013d70
[ 0.248522] R13: 0000000000000125 R14: 0000000000000000 R15: ffffffff8321fef0
[ 0.248840] FS: 0000000000000000(0000) GS:ffff88813b400000(0000) knlGS:0000000000000000
[ 0.249611] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 0.249839] CR2: ffff88813f9ff000 CR3: 0000000003020000 CR4: 0000000000750ef0
[ 0.250522] PKRU: 55555554
[ 0.250792] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
[ 0.250837] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b ]---
==== git bisect log ====
$ git bisect log
git bisect start
# status: waiting for both good and bad commits
# bad: [df964ce9ef9fea10cf131bf6bad8658fde7956f6] Add linux-next specific files for 20230929
git bisect bad df964ce9ef9fea10cf131bf6bad8658fde7956f6
# status: waiting for good commit(s), bad commit known
# bad: [9ed22ae6be817d7a3f5c15ca22cbc9d3963b481d] Merge tag 'spi-fix-v6.6-rc3' of git://git.kernel.org/pub/scm/linux/ki
git bisect bad 9ed22ae6be817d7a3f5c15ca22cbc9d3963b481d
# status: waiting for good commit(s), bad commit known
# bad: [6465e260f48790807eef06b583b38ca9789b6072] Linux 6.6-rc3
git bisect bad 6465e260f48790807eef06b583b38ca9789b6072
# status: waiting for good commit(s), bad commit known
# good: [0bb80ecc33a8fb5a682236443c1e740d5c917d1d] Linux 6.6-rc1
git bisect good 0bb80ecc33a8fb5a682236443c1e740d5c917d1d
# good: [ce9ecca0238b140b88f43859b211c9fdfd8e5b70] Linux 6.6-rc2
git bisect good ce9ecca0238b140b88f43859b211c9fdfd8e5b70
# good: [27bbf45eae9ca98877a2d52a92a188147cd61b07] Merge tag 'net-6.6-rc3' of git://git.kernel.org/pub/scm/linux/kernet
git bisect good 27bbf45eae9ca98877a2d52a92a188147cd61b07
# bad: [3abc79dce60e91f2aeec8abf1d09b250722fbeb5] Merge tag 'xfs-6.6-fixes-1' of git://git.kernel.org/pub/scm/fs/xfs/xx
git bisect bad 3abc79dce60e91f2aeec8abf1d09b250722fbeb5
# good: [e583bffeb8bc3a7b64455b14376afd5fad71d62f] Merge tag 'x86-urgent-2023-09-22' of git://git.kernel.org/pub/scm/lp
git bisect good e583bffeb8bc3a7b64455b14376afd5fad71d62f
# good: [6ebb6500e54631b7013f4efe7d78ff562e437c5e] Merge tag 'fix-larp-requirements-6.6_2023-09-12' of https://git.kerA
git bisect good 6ebb6500e54631b7013f4efe7d78ff562e437c5e
# bad: [36fcf38152d8f163850831d52199adea4d6d9518] Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernelx
git bisect bad 36fcf38152d8f163850831d52199adea4d6d9518
# good: [5ad361f42fe43e5f13f9b88341e75eaf2d1bd183] arm64/hbc: Document HWCAP2_HBC
git bisect good 5ad361f42fe43e5f13f9b88341e75eaf2d1bd183
# bad: [aee9d30b9744d677509ef790f30f3a24c7841c3d] x86,static_call: Fix static-call vs return-thunk
git bisect bad aee9d30b9744d677509ef790f30f3a24c7841c3d
# good: [4ba89dd6ddeca2a733bdaed7c9a5cbe4e19d9124] x86/alternatives: Remove faulty optimization
git bisect good 4ba89dd6ddeca2a733bdaed7c9a5cbe4e19d9124
# first bad commit: [aee9d30b9744d677509ef790f30f3a24c7841c3d] x86,static_call: Fix static-call vs return-thunk
[TLDR: I'm adding this report to the list of tracked Linux kernel
regressions; the text you find below is based on a few templates
paragraphs you might have encountered already in similar form.
See link in footer if these mails annoy you.]
On 30.09.23 18:26, Hyeonggon Yoo wrote:
>
> [...]
>
>> Peter Zijlstra (1):
>> x86,static_call: Fix static-call vs return-thunk
>
> Hello, the commit above caused a crash on x86 kernel with
> CONFIG_DEBUG_VIRTUAL=y.
>
> The compiler version is gcc (GCC) 13.2.1 20230728 (Red Hat 13.2.1-1),
> and below are dmesg (raw), dmesg (decoded), git bisect log,
> and the configuration used.
>
> I'm not sure if it would lead to an unwelcome surprise, because
> vmalloc_to_page(any valid kernel address) should work anyway.
> But it seems that by some reason, while updating kernel code,
> the kernel confuses kernel text area with vmalloc/module area.
>
> Should be an x86-specific issue.
Thanks for the report. To be sure the issue doesn't fall through the
cracks unnoticed, I'm adding it to regzbot, the Linux kernel regression
tracking bot:
#regzbot ^introduced aee9d30b9744d6775
#regzbot title x86,static_call: crash on x86 kernel with
CONFIG_DEBUG_VIRTUAL=y.
#regzbot ignore-activity
This isn't a regression? This issue or a fix for it are already
discussed somewhere else? It was fixed already? You want to clarify when
the regression started to happen? Or point out I got the title or
something else totally wrong? Then just reply and tell me -- ideally
while also telling regzbot about it, as explained by the page listed in
the footer of this mail.
Developers: When fixing the issue, remember to add 'Link:' tags pointing
to the report (the parent of this mail). See page linked in footer for
details.
Ciao, Thorsten (wearing his 'the Linux kernel's regression tracker' hat)
--
Everything you wanna know about Linux kernel regression tracking:
https://linux-regtracking.leemhuis.info/about/#tldr
That page also explains what to do if mails like this annoy you.
On Sun, Oct 1, 2023 at 1:26 AM Hyeonggon Yoo <[email protected]> wrote:
>
> On Sun, Sep 24, 2023 at 02:36:21PM -0700, Linus Torvalds wrote:
> > Another week, another -rc.
> >
> > As usual, rc3 is a bit larger than rc2, as people have started finding
> > more issues.
> >
> > Unusually, we have a large chunk of changes in filesystems. Part of it
> > is the vfs-level revert of some of the timestamp handling that needs
> > to soak a bit more, and part of it is some xfs fixes. With a few other
> > filesystem fixes too.
> >
> > But drivers and architecture updates are also up there, so it's not
> > like the fs stuff dominates. It's just more noticeable than it usually
> > is.
> >
> > Anyway, please do go test. None of this looks scary,
> >
> > Linus
> >
> > ---
>
> [...]
>
> > Peter Zijlstra (1):
> > x86,static_call: Fix static-call vs return-thunk
>
> Hello, the commit above caused a crash on x86 kernel with
> CONFIG_DEBUG_VIRTUAL=y.
>
> The compiler version is gcc (GCC) 13.2.1 20230728 (Red Hat 13.2.1-1),
> and below are dmesg (raw), dmesg (decoded), git bisect log,
> and the configuration used.
>
> I'm not sure if it would lead to an unwelcome surprise, because
> vmalloc_to_page(any valid kernel address) should work anyway.
> But it seems that by some reason, while updating kernel code,
> the kernel confuses kernel text area with vmalloc/module area.
OK, I looked into this a little bit, and it turns out that the problematic
address here is from cleanup_trusted() in
security/keys/trusted-keys/trusted_core.c.
(and it's builtin due to CONFIG_TRUSTED_KEYS=y)
The function is marked as __exit, so it does not fall within the
'core kernel text address range,' which is between _stext and _etext
(or between _sinittext and _einittext). and thus __text_poke() thinks that
it's vmalloc/module area.
I think __text_poke() should be taught that functions marked as __exit
also belong to kernel code just like __init.
I did a quick hack below and the crash now disappeared.
Any thoughts?
In case someone wants to pick this up,
Signed-off-by: Hyeonggon Yoo <[email protected]>
diff --git a/arch/Kconfig b/arch/Kconfig
index 12d51495caec..85b2fcfa0b36 100644
--- a/arch/Kconfig
+++ b/arch/Kconfig
@@ -1479,6 +1479,12 @@ config ARCH_HAS_NONLEAF_PMD_YOUNG
address translations. Page table walkers that clear the accessed bit
may use this capability to reduce their search space.
+config ARCH_RUNTIME_DISCARD_EXIT
+ bool
+ help
+ Architectures that do not discard .exit.text and .text.exit sections
+ at link time, but discard at runtime should select this option.
+
source "kernel/gcov/Kconfig"
source "scripts/gcc-plugins/Kconfig"
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index b10515c0200b..ef3e7d24c0a5 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -107,6 +107,7 @@ config ARM64
select ARCH_WANTS_NO_INSTR
select ARCH_WANTS_THP_SWAP if ARM64_4K_PAGES
select ARCH_HAS_UBSAN_SANITIZE_ALL
+ select ARCH_RUNTIME_DISCARD_EXIT
select ARM_AMBA
select ARM_ARCH_TIMER
select ARM_GIC
diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
index 3cd7e76cc562..59bc3d70136d 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -58,7 +58,6 @@
#endif
#define RO_EXCEPTION_TABLE_ALIGN 4
-#define RUNTIME_DISCARD_EXIT
#include <asm-generic/vmlinux.lds.h>
#include <asm/cache.h>
diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig
index bc8421859006..7e80aaf60ece 100644
--- a/arch/mips/Kconfig
+++ b/arch/mips/Kconfig
@@ -26,6 +26,7 @@ config MIPS
select ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT if MMU
select ARCH_WANT_IPC_PARSE_VERSION
select ARCH_WANT_LD_ORPHAN_WARN
+ select ARCH_RUNTIME_DISCARD_EXIT
select BUILDTIME_TABLE_SORT
select CLONE_BACKWARDS
select CPU_NO_EFFICIENT_FFS if (TARGET_ISA_REV < 1)
diff --git a/arch/mips/kernel/vmlinux.lds.S b/arch/mips/kernel/vmlinux.lds.S
index 9ff55cb80a64..52cbde60edf5 100644
--- a/arch/mips/kernel/vmlinux.lds.S
+++ b/arch/mips/kernel/vmlinux.lds.S
@@ -15,8 +15,6 @@
#define EMITS_PT_NOTE
#endif
-#define RUNTIME_DISCARD_EXIT
-
#include <asm-generic/vmlinux.lds.h>
#undef mips
diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
index 54b9387c3691..1449c008fc49 100644
--- a/arch/powerpc/Kconfig
+++ b/arch/powerpc/Kconfig
@@ -162,6 +162,7 @@ config PPC
select ARCH_MIGHT_HAVE_PC_SERIO
select ARCH_OPTIONAL_KERNEL_RWX if ARCH_HAS_STRICT_KERNEL_RWX
select ARCH_OPTIONAL_KERNEL_RWX_DEFAULT
+ select ARCH_RUNTIME_DISCARD_EXIT
select ARCH_SPLIT_ARG64 if PPC32
select ARCH_STACKWALK
select ARCH_SUPPORTS_ATOMIC_RMW
diff --git a/arch/powerpc/kernel/vmlinux.lds.S
b/arch/powerpc/kernel/vmlinux.lds.S
index 1c5970df3233..cd584d93b567 100644
--- a/arch/powerpc/kernel/vmlinux.lds.S
+++ b/arch/powerpc/kernel/vmlinux.lds.S
@@ -8,7 +8,6 @@
#define BSS_FIRST_SECTIONS *(.bss.prominit)
#define EMITS_PT_NOTE
#define RO_EXCEPTION_TABLE_ALIGN 0
-#define RUNTIME_DISCARD_EXIT
#define SOFT_MASK_TABLE(align) \
. = ALIGN(align); \
diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig
index d607ab0f7c6d..28a0f3191f55 100644
--- a/arch/riscv/Kconfig
+++ b/arch/riscv/Kconfig
@@ -41,6 +41,7 @@ config RISCV
select ARCH_HAS_VDSO_DATA
select ARCH_OPTIONAL_KERNEL_RWX if ARCH_HAS_STRICT_KERNEL_RWX
select ARCH_OPTIONAL_KERNEL_RWX_DEFAULT
+ select ARCH_RUNTIME_DISCARD_EXIT
select ARCH_STACKWALK
select ARCH_SUPPORTS_ATOMIC_RMW
select ARCH_SUPPORTS_CFI_CLANG
diff --git a/arch/riscv/kernel/vmlinux.lds.S b/arch/riscv/kernel/vmlinux.lds.S
index 492dd4b8f3d6..bfea7d216995 100644
--- a/arch/riscv/kernel/vmlinux.lds.S
+++ b/arch/riscv/kernel/vmlinux.lds.S
@@ -5,7 +5,6 @@
*/
#define RO_EXCEPTION_TABLE_ALIGN 4
-#define RUNTIME_DISCARD_EXIT
#ifdef CONFIG_XIP_KERNEL
#include "vmlinux-xip.lds.S"
diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig
index ae29e4392664..5bc250613b45 100644
--- a/arch/s390/Kconfig
+++ b/arch/s390/Kconfig
@@ -113,6 +113,7 @@ config S390
select ARCH_INLINE_WRITE_UNLOCK_BH
select ARCH_INLINE_WRITE_UNLOCK_IRQ
select ARCH_INLINE_WRITE_UNLOCK_IRQRESTORE
+ select ARCH_RUNTIME_DISCARD_EXIT
select ARCH_STACKWALK
select ARCH_SUPPORTS_ATOMIC_RMW
select ARCH_SUPPORTS_DEBUG_PAGEALLOC
diff --git a/arch/s390/kernel/vmlinux.lds.S b/arch/s390/kernel/vmlinux.lds.S
index 2ae201ebf90b..897dd3fcfaf2 100644
--- a/arch/s390/kernel/vmlinux.lds.S
+++ b/arch/s390/kernel/vmlinux.lds.S
@@ -19,8 +19,6 @@
/* Handle ro_after_init data on our own. */
#define RO_AFTER_INIT_DATA
-#define RUNTIME_DISCARD_EXIT
-
#define EMITS_PT_NOTE
#include <asm-generic/vmlinux.lds.h>
diff --git a/arch/sh/Kconfig b/arch/sh/Kconfig
index 33530b044953..6574b3d69668 100644
--- a/arch/sh/Kconfig
+++ b/arch/sh/Kconfig
@@ -14,6 +14,7 @@ config SUPERH
select ARCH_HAS_TICK_BROADCAST if GENERIC_CLOCKEVENTS_BROADCAST
select ARCH_HIBERNATION_POSSIBLE if MMU
select ARCH_MIGHT_HAVE_PC_PARPORT
+ select ARCH_RUNTIME_DISCARD_EXIT
select ARCH_WANT_IPC_PARSE_VERSION
select CPU_NO_EFFICIENT_FFS
select DMA_DECLARE_COHERENT
diff --git a/arch/sh/kernel/vmlinux.lds.S b/arch/sh/kernel/vmlinux.lds.S
index 9644fe187a3f..947e2e213ff9 100644
--- a/arch/sh/kernel/vmlinux.lds.S
+++ b/arch/sh/kernel/vmlinux.lds.S
@@ -4,7 +4,6 @@
* Written by Niibe Yutaka and Paul Mundt
*/
OUTPUT_ARCH(sh)
-#define RUNTIME_DISCARD_EXIT
#include <asm/thread_info.h>
#include <asm/cache.h>
#include <asm/vmlinux.lds.h>
diff --git a/arch/um/Kconfig b/arch/um/Kconfig
index b5e179360534..0dd76a2ca44a 100644
--- a/arch/um/Kconfig
+++ b/arch/um/Kconfig
@@ -11,6 +11,7 @@ config UML
select ARCH_HAS_KCOV
select ARCH_HAS_STRNCPY_FROM_USER
select ARCH_HAS_STRNLEN_USER
+ select ARCH_RUNTIME_DISCARD_EXIT
select ARCH_NO_PREEMPT
select HAVE_ARCH_AUDITSYSCALL
select HAVE_ARCH_KASAN if X86_64
diff --git a/arch/um/kernel/vmlinux.lds.S b/arch/um/kernel/vmlinux.lds.S
index 53d719c04ba9..38fb9d1c67b7 100644
--- a/arch/um/kernel/vmlinux.lds.S
+++ b/arch/um/kernel/vmlinux.lds.S
@@ -1,4 +1,3 @@
-#define RUNTIME_DISCARD_EXIT
KERNEL_STACK_SIZE = 4096 * (1 << CONFIG_KERNEL_STACK_ORDER);
#ifdef CONFIG_LD_SCRIPT_STATIC
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 66bfabae8814..1c704bcc950d 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -106,6 +106,7 @@ config X86
select ARCH_MIGHT_HAVE_ACPI_PDC if ACPI
select ARCH_MIGHT_HAVE_PC_PARPORT
select ARCH_MIGHT_HAVE_PC_SERIO
+ select ARCH_RUNTIME_DISCARD_EXIT
select ARCH_STACKWALK
select ARCH_SUPPORTS_ACPI
select ARCH_SUPPORTS_ATOMIC_RMW
diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index f15fb71f280e..3ac30568b818 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -21,7 +21,6 @@
#define LOAD_OFFSET __START_KERNEL_map
#endif
-#define RUNTIME_DISCARD_EXIT
#define EMITS_PT_NOTE
#define RO_EXCEPTION_TABLE_ALIGN 16
diff --git a/include/asm-generic/sections.h b/include/asm-generic/sections.h
index db13bb620f52..72243f849f95 100644
--- a/include/asm-generic/sections.h
+++ b/include/asm-generic/sections.h
@@ -20,6 +20,7 @@
* [__init_begin, __init_end]: contains .init.* sections, but .init.text.*
* may be out of this range on some architectures.
* [_sinittext, _einittext]: contains .init.text.* sections
+ * [_sexittext, _eexittext]: contains .exit.text or .text.exit sections
* [__bss_start, __bss_stop]: contains BSS sections
*
* Following global variables are optional and may be unavailable on some
@@ -37,6 +38,9 @@ extern char _data[], _sdata[], _edata[];
extern char __bss_start[], __bss_stop[];
extern char __init_begin[], __init_end[];
extern char _sinittext[], _einittext[];
+#ifdef CONFIG_ARCH_RUNTIME_DISCARD_EXIT
+extern char _sexittext[], _eexittext[];
+#endif
extern char __start_ro_after_init[], __end_ro_after_init[];
extern char _end[];
extern char __per_cpu_load[], __per_cpu_start[], __per_cpu_end[];
@@ -194,6 +198,25 @@ static inline bool is_kernel_inittext(unsigned long addr)
addr < (unsigned long)_einittext;
}
+/**
+ * is_kernel_exittext - checks if the pointer address is located in the
+ * .text.exit or .exit.text section
+ *
+ * @addr: address to check
+ *
+ * Returns: true if the address is located in .text.exit or .exit.text,
+ * false otherwise.
+ */
+static inline bool is_kernel_exittext(unsigned long addr)
+{
+#ifdef CONFIG_ARCH_RUNTIME_DISCARD_EXIT
+ return addr >= (unsigned long)_sexittext &&
+ addr < (unsigned long)_eexittext;
+#else
+ return false;
+#endif
+}
+
/**
* __is_kernel_text - checks if the pointer address is located in the
* .text section
diff --git a/include/asm-generic/vmlinux.lds.h
b/include/asm-generic/vmlinux.lds.h
index 9c59409104f6..f9dc2bf3781e 100644
--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
@@ -724,10 +724,19 @@
MEM_DISCARD(exit.data*) \
MEM_DISCARD(exit.rodata*)
+#ifdef CONFIG_ARCH_RUNTIME_DISCARD_EXIT
#define EXIT_TEXT \
+ _sexittext = .; \
*(.exit.text) \
*(.text.exit) \
+ _eexittext = .; \
MEM_DISCARD(exit.text)
+#else
+#define EXIT_TEXT \
+ *(.exit.text) \
+ *(.text.exit) \
+ MEM_DISCARD(exit.text)
+#endif
#define EXIT_CALL \
*(.exitcall.exit)
@@ -977,7 +986,7 @@
* section definitions so that such archs put those in earlier section
* definitions.
*/
-#ifdef RUNTIME_DISCARD_EXIT
+#ifdef CONFIG_ARCH_RUNTIME_DISCARD_EXIT
#define EXIT_DISCARDS
#else
#define EXIT_DISCARDS \
diff --git a/kernel/extable.c b/kernel/extable.c
index 71f482581cab..3362a9c2f3d8 100644
--- a/kernel/extable.c
+++ b/kernel/extable.c
@@ -71,6 +71,11 @@ int notrace core_kernel_text(unsigned long addr)
if (system_state < SYSTEM_FREEING_INITMEM &&
is_kernel_inittext(addr))
return 1;
+
+ if (system_state < SYSTEM_FREEING_INITMEM &&
+ is_kernel_exittext(addr))
+ return 1;
+
return 0;
}
--
2.41.0
On Sun, 1 Oct 2023 at 07:17, Hyeonggon Yoo <[email protected]> wrote:
> >
> > > Peter Zijlstra (1):
> > > x86,static_call: Fix static-call vs return-thunk
> >
> > Hello, the commit above caused a crash on x86 kernel with
> > CONFIG_DEBUG_VIRTUAL=y.
>
> OK, I looked into this a little bit, and it turns out that the problematic
> address here is from cleanup_trusted() in
> security/keys/trusted-keys/trusted_core.c.
> (and it's builtin due to CONFIG_TRUSTED_KEYS=y)
>
> The function is marked as __exit, so it does not fall within the
> 'core kernel text address range,' which is between _stext and _etext
> (or between _sinittext and _einittext). and thus __text_poke() thinks that
> it's vmalloc/module area.
>
> I think __text_poke() should be taught that functions marked as __exit
> also belong to kernel code just like __init.
I think your patch is fine (well, whitespace-damaged, but conceptually good).
But I also wonder about that
static_call_cond(trusted_key_exit)();
in cleanup_trusted(). It seems all kinds of pointless to use static
calls for something that is done *once*. That's not an optimization,
that's honestly just _stupid_. It costs more to do the rewriting that
it does to just do the one dynamic indirect call.
Side note: the same is true of the init-time call, which does
static_call_update(trusted_key_init,
trusted_key_sources[i].ops->init);
...
ret = static_call(trusted_key_init)();
which again is a *lot* more expensive than just doing the indirect
function call.
So while I don't think your patch is wrong, I do think that the cause
here is plain silly code, and that trusted key code simply should not
do the crazy thing it does (and that causes silly problems).
Linus
On Sun, Oct 01, 2023 at 11:17:21PM +0900, Hyeonggon Yoo wrote:
> OK, I looked into this a little bit, and it turns out that the problematic
> address here is from cleanup_trusted() in
> security/keys/trusted-keys/trusted_core.c.
> (and it's builtin due to CONFIG_TRUSTED_KEYS=y)
That code is insane.. wth would you want to use an explicit
static_call() in either __init or __exit ?!?
I think the reason we support init was because it was just really hard
to avoid throughout the abstraction layers etc.. But this seems to be
the only __exit user, and it is really quite daft.
> The function is marked as __exit, so it does not fall within the
> 'core kernel text address range,' which is between _stext and _etext
> (or between _sinittext and _einittext). and thus __text_poke() thinks that
> it's vmalloc/module area.
>
> I think __text_poke() should be taught that functions marked as __exit
> also belong to kernel code just like __init.
Should we not do something like:
#ifdef MODULE
#define __exit __section(".exit.text") __exitused __cold notrace
#else
#define __exit __section(".discard.exit.text")
#endif
It's not like that code should ever be ran or referenced when built-in.
Hi Linus,
On 10/2/23 02:18, Linus Torvalds wrote:
> On Sun, 1 Oct 2023 at 07:17, Hyeonggon Yoo <[email protected]> wrote:
>>>> Peter Zijlstra (1):
>>>> x86,static_call: Fix static-call vs return-thunk
>>> Hello, the commit above caused a crash on x86 kernel with
>>> CONFIG_DEBUG_VIRTUAL=y.
>> OK, I looked into this a little bit, and it turns out that the problematic
>> address here is from cleanup_trusted() in
>> security/keys/trusted-keys/trusted_core.c.
>> (and it's builtin due to CONFIG_TRUSTED_KEYS=y)
>>
>> The function is marked as __exit, so it does not fall within the
>> 'core kernel text address range,' which is between _stext and _etext
>> (or between _sinittext and _einittext). and thus __text_poke() thinks that
>> it's vmalloc/module area.
>>
>> I think __text_poke() should be taught that functions marked as __exit
>> also belong to kernel code just like __init.
> I think your patch is fine (well, whitespace-damaged, but conceptually good).
>
> But I also wonder about that
>
> static_call_cond(trusted_key_exit)();
>
> in cleanup_trusted(). It seems all kinds of pointless to use static
> calls for something that is done *once*. That's not an optimization,
> that's honestly just _stupid_. It costs more to do the rewriting that
> it does to just do the one dynamic indirect call.
That's true, there isn't any real performance benefit here. It is
something which I mentioned when I was asked to incorporate it here [1].
However, on the flip side I think there are security benefits here. We
wouldn't like any indirect branch speculation attack to leak the trusted
key material contents here.
[1]
https://patchwork.kernel.org/project/keyrings/patch/[email protected]/#23683269
-Sumit
>
> Side note: the same is true of the init-time call, which does
>
> static_call_update(trusted_key_init,
> trusted_key_sources[i].ops->init);
> ...
> ret = static_call(trusted_key_init)();
>
> which again is a *lot* more expensive than just doing the indirect
> function call.
>
> So while I don't think your patch is wrong, I do think that the cause
> here is plain silly code, and that trusted key code simply should not
> do the crazy thing it does (and that causes silly problems).
>
> Linus
>
On Tue, Oct 03, 2023 at 05:36:27PM +0530, Sumit Garg wrote:
> Hi Linus,
>
> On 10/2/23 02:18, Linus Torvalds wrote:
> > On Sun, 1 Oct 2023 at 07:17, Hyeonggon Yoo <[email protected]> wrote:
> > > > > Peter Zijlstra (1):
> > > > > x86,static_call: Fix static-call vs return-thunk
> > > > Hello, the commit above caused a crash on x86 kernel with
> > > > CONFIG_DEBUG_VIRTUAL=y.
> > > OK, I looked into this a little bit, and it turns out that the problematic
> > > address here is from cleanup_trusted() in
> > > security/keys/trusted-keys/trusted_core.c.
> > > (and it's builtin due to CONFIG_TRUSTED_KEYS=y)
> > >
> > > The function is marked as __exit, so it does not fall within the
> > > 'core kernel text address range,' which is between _stext and _etext
> > > (or between _sinittext and _einittext). and thus __text_poke() thinks that
> > > it's vmalloc/module area.
> > >
> > > I think __text_poke() should be taught that functions marked as __exit
> > > also belong to kernel code just like __init.
> > I think your patch is fine (well, whitespace-damaged, but conceptually good).
> >
> > But I also wonder about that
> >
> > static_call_cond(trusted_key_exit)();
> >
> > in cleanup_trusted(). It seems all kinds of pointless to use static
> > calls for something that is done *once*. That's not an optimization,
> > that's honestly just _stupid_. It costs more to do the rewriting that
> > it does to just do the one dynamic indirect call.
>
> That's true, there isn't any real performance benefit here. It is something
> which I mentioned when I was asked to incorporate it here [1]. However, on
> the flip side I think there are security benefits here. We wouldn't like any
> indirect branch speculation attack to leak the trusted key material contents
> here.
1) retpolines;
2) if you can unload modules, you've got bigger problems.
On Tue, 3 Oct 2023 at 05:06, Sumit Garg <[email protected]> wrote:
>
> However, on the flip side I think there are security benefits here. We
> wouldn't like any indirect branch speculation attack to leak the trusted
> key material contents here.
No. Turning *one* indirect call static isn't a security benefit. That
argument is just bogus.
This code needs to be fixed. No static call rewriting for call-sites
that are just used once.
Linus
On Thu, 5 Oct 2023 at 06:16, Linus Torvalds
<[email protected]> wrote:
>
> On Tue, 3 Oct 2023 at 05:06, Sumit Garg <[email protected]> wrote:
> >
> > However, on the flip side I think there are security benefits here. We
> > wouldn't like any indirect branch speculation attack to leak the trusted
> > key material contents here.
>
> No. Turning *one* indirect call static isn't a security benefit. That
> argument is just bogus.
Okay I guess there is some confusion here. I was referring to
following calls in my prior reply:
static_call(trusted_key_get_random)
static_call(trusted_key_seal)
static_call(trusted_key_unseal)
but it looks like you are only concerned about:
static_call(trusted_key_init)
static_call_cond(trusted_key_exit)
So I agree with you as I can't envision an attack which can be carried
out by trusted_key_init() and trusted_key_exit() indirect calls.
@Jarkko, if you agree then I can convert these two callbacks to use
indirect calls instead.
>
> This code needs to be fixed. No static call rewriting for call-sites
> that are just used once.
@Peter, can we have a policy enforced for module __init and __exit
functions somehow at compile time? If not then can we have it
documented somewhere to mention static call invocations aren't
supported from these functions?
-Sumit
>
> Linus
On Mon, Oct 2, 2023 at 7:41 PM Peter Zijlstra <[email protected]> wrote:
>
> On Sun, Oct 01, 2023 at 11:17:21PM +0900, Hyeonggon Yoo wrote:
>
> > OK, I looked into this a little bit, and it turns out that the problematic
> > address here is from cleanup_trusted() in
> > security/keys/trusted-keys/trusted_core.c.
> > (and it's builtin due to CONFIG_TRUSTED_KEYS=y)
>
> That code is insane.. wth would you want to use an explicit
> static_call() in either __init or __exit ?!?
>
> I think the reason we support init was because it was just really hard
> to avoid throughout the abstraction layers etc.. But this seems to be
> the only __exit user, and it is really quite daft.
Actually that's a good point (that static call in __exit is a bit insane).
One thing I still wonder is, will the alternative instructions functionality be
affected in the same way as static calls? Because it's just another way to patch
kernel code at runtime.
> > The function is marked as __exit, so it does not fall within the
> > 'core kernel text address range,' which is between _stext and _etext
> > (or between _sinittext and _einittext). and thus __text_poke() thinks that
> > it's vmalloc/module area.
> >
> > I think __text_poke() should be taught that functions marked as __exit
> > also belong to kernel code just like __init.
>
> Should we not do something like:
>
> #ifdef MODULE
> #define __exit __section(".exit.text") __exitused __cold notrace
> #else
> #define __exit __section(".discard.exit.text")
> #endif
>
> It's not like that code should ever be ran or referenced when built-in.
It looked fine to me, but with a quick testing my linker seems to be unhappy
(removed duplicate lines):
$ make -j12 bzImage
DESCEND objtool
DESCEND bpf/resolve_btfids
make[4]: 'install_headers' is up to date.
CALL scripts/checksyscalls.sh
UPD include/generated/utsversion.h
CC init/version-timestamp.o
LD .tmp_vmlinux.btf
`.discard.exit.text' referenced in section `__mcount_loc' of
vmlinux.o: defined in discarded section `.discard.exit.text' of
vmlinux.o
`.discard.exit.text' referenced in section `.smp_locks' of vmlinux.o:
defined in discarded section `.discard.exit.text' of vmlinux.o
`.discard.exit.text' referenced in section `__bug_table' of vmlinux.o:
defined in discarded section `.discard.exit.text' of vmlinux.o
`.discard.exit.text' referenced in section `__jump_table' of
vmlinux.o: defined in discarded section `.discard.exit.text' of
vmlinux.o
`.discard.exit.text' referenced in section `.static_call_sites' of
vmlinux.o: defined in discarded section `.discard.exit.text' of
vmlinux.o
`.discard.exit.text' referenced in section `.retpoline_sites' of
vmlinux.o: defined in discarded section `.discard.exit.text' of
vmlinux.o
`.discard.exit.text' referenced in section `.return_sites' of
vmlinux.o: defined in discarded section `.discard.exit.text' of
vmlinux.o
`.discard.exit.text' referenced in section `.call_sites' of vmlinux.o:
defined in discarded section `.discard.exit.text' of vmlinux.o
`.discard.exit.text' referenced in section `.ibt_endbr_seal' of
vmlinux.o: defined in discarded section `.discard.exit.text' of
vmlinux.o
BTF .btf.vmlinux.bin.o
pahole: .tmp_vmlinux.btf: Invalid argument
LD .tmp_vmlinux.kallsyms1
.btf.vmlinux.bin.o: file not recognized: file format not recognized
make[2]: *** [scripts/Makefile.vmlinux:36: vmlinux] Error 1
make[1]: *** [/home/hyeyoo/Desktop/linux/Makefile:1165: vmlinux] Error 2
make: *** [Makefile:234: __sub-make] Error 2
--
Hyeonggon
On 01.10.23 14:24, Linux regression tracking #adding (Thorsten Leemhuis)
wrote:
>
> On 30.09.23 18:26, Hyeonggon Yoo wrote:
>>
>> [...]
>>
>>> Peter Zijlstra (1):
>>> x86,static_call: Fix static-call vs return-thunk
>>
>> Hello, the commit above caused a crash on x86 kernel with
>> CONFIG_DEBUG_VIRTUAL=y.
>
> #regzbot ^introduced aee9d30b9744d6775
> #regzbot title x86,static_call: crash on x86 kernel with
> CONFIG_DEBUG_VIRTUAL=y.
> #regzbot ignore-activity
#regzbot monitor:
https://lore.kernel.org/lkml/[email protected]/
#regzbot fix: KEYS: trusted: Remove redundant static calls usage
#regzbot ignore-activity
Ciao, Thorsten (wearing his 'the Linux kernel's regression tracker' hat)
--
Everything you wanna know about Linux kernel regression tracking:
https://linux-regtracking.leemhuis.info/about/#tldr
That page also explains what to do if mails like this annoy you.