From patchwork Tue Jan 24 19:29:45 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13114689 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 95584C54E94 for ; Tue, 24 Jan 2023 19:35:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233205AbjAXTfT (ORCPT ); Tue, 24 Jan 2023 14:35:19 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39020 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231247AbjAXTfS (ORCPT ); Tue, 24 Jan 2023 14:35:18 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9FD0118B; Tue, 24 Jan 2023 11:35:16 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 3A3CB61331; Tue, 24 Jan 2023 19:35:16 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3885BC4339C; Tue, 24 Jan 2023 19:35:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1674588915; bh=KDnlIs3gvpsl7YRCSJtHgQ4KCugAm+BBVZLMqMEAyaA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=YzTP6Cc+sqh1In84DowwK1dAZP/ecEyLBzkl03VjryTF9CfpJ6nUbBHuYnL/eHK3w RU78pxqu3mkPMMd3EvAEvnrX85F4V5b6iO3tgiPCmkhmuvnva1m5e90bnbk6TAVtA1 Za/e1NCqyOLdpSZqIyhe9nnUOAjZc9z6048wXutVZ79QALMYl4Qtd52GbCBCG8qP5w WXk/aZqrIerFtZwhDEulq/t41u5hLsF1wLiDi19jAJNzJfW6q5b2mLy/0rj7wcaC3e t+SoKYUampe9FUef+FCwGn98f5RYZpRy1ExXgnJBwE525Tw1pL2C7fDXB+E0RD0vyy xBrbwmMAfcS4Q== From: Eric Biggers To: stable@vger.kernel.org, Greg Kroah-Hartman Cc: Kees Cook , SeongJae Park , Seth Jenkins , Jann Horn , "Eric W . Biederman" , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, Iurii Zaikin , Peter Zijlstra , Paul Turner , Andy Shevchenko , Sebastian Reichel , Tetsuo Handa , Petr Mladek , Sergey Senozhatsky , Qing Wang , Benjamin LaHaise , Al Viro , Jan Kara , Amir Goldstein , Stephen Kitt , Antti Palosaari , Arnd Bergmann , Benjamin Herrenschmidt , Clemens Ladisch , David Airlie , Jani Nikula , Joel Becker , Joonas Lahtinen , Joseph Qi , Julia Lawall , Lukas Middendorf , Mark Fasheh , Phillip Potter , Rodrigo Vivi , Douglas Gilbert , "James E . J . Bottomley" , Jani Nikula , John Ogness , "Martin K . Petersen" , "Rafael J. Wysocki" , Steven Rostedt , Suren Baghdasaryan , "Theodore Ts'o" , Xiaoming Ni , Luis Chamberlain , Andrew Morton , Linus Torvalds Subject: [PATCH 5.10 01/20] sysctl: add a new register_sysctl_init() interface Date: Tue, 24 Jan 2023 11:29:45 -0800 Message-Id: <20230124193004.206841-2-ebiggers@kernel.org> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230124193004.206841-1-ebiggers@kernel.org> References: <20230124193004.206841-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org From: Xiaoming Ni commit 3ddd9a808cee7284931312f2f3e854c9617f44b2 upstream. Patch series "sysctl: first set of kernel/sysctl cleanups", v2. Finally had time to respin the series of the work we had started last year on cleaning up the kernel/sysct.c kitchen sink. People keeps stuffing their sysctls in that file and this creates a maintenance burden. So this effort is aimed at placing sysctls where they actually belong. I'm going to split patches up into series as there is quite a bit of work. This first set adds register_sysctl_init() for uses of registerting a sysctl on the init path, adds const where missing to a few places, generalizes common values so to be more easy to share, and starts the move of a few kernel/sysctl.c out where they belong. The majority of rework on v2 in this first patch set is 0-day fixes. Eric Biederman's feedback is later addressed in subsequent patch sets. I'll only post the first two patch sets for now. We can address the rest once the first two patch sets get completely reviewed / Acked. This patch (of 9): The kernel/sysctl.c is a kitchen sink where everyone leaves their dirty dishes, this makes it very difficult to maintain. To help with this maintenance let's start by moving sysctls to places where they actually belong. The proc sysctl maintainers do not want to know what sysctl knobs you wish to add for your own piece of code, we just care about the core logic. Today though folks heavily rely on tables on kernel/sysctl.c so they can easily just extend this table with their needed sysctls. In order to help users move their sysctls out we need to provide a helper which can be used during code initialization. We special-case the initialization use of register_sysctl() since it *is* safe to fail, given all that sysctls do is provide a dynamic interface to query or modify at runtime an existing variable. So the use case of register_sysctl() on init should *not* stop if the sysctls don't end up getting registered. It would be counter productive to stop boot if a simple sysctl registration failed. Provide a helper for init then, and document the recommended init levels to use for callers of this routine. We will later use this in subsequent patches to start slimming down kernel/sysctl.c tables and moving sysctl registration to the code which actually needs these sysctls. [mcgrof@kernel.org: major commit log and documentation rephrasing also moved to fs/proc/proc_sysctl.c ] Link: https://lkml.kernel.org/r/20211123202347.818157-1-mcgrof@kernel.org Link: https://lkml.kernel.org/r/20211123202347.818157-2-mcgrof@kernel.org Signed-off-by: Xiaoming Ni Signed-off-by: Luis Chamberlain Reviewed-by: Kees Cook Cc: Iurii Zaikin Cc: "Eric W. Biederman" Cc: Peter Zijlstra Cc: Greg Kroah-Hartman Cc: Paul Turner Cc: Andy Shevchenko Cc: Sebastian Reichel Cc: Tetsuo Handa Cc: Petr Mladek Cc: Sergey Senozhatsky Cc: Qing Wang Cc: Benjamin LaHaise Cc: Al Viro Cc: Jan Kara Cc: Amir Goldstein Cc: Stephen Kitt Cc: Antti Palosaari Cc: Arnd Bergmann Cc: Benjamin Herrenschmidt Cc: Clemens Ladisch Cc: David Airlie Cc: Jani Nikula Cc: Joel Becker Cc: Joonas Lahtinen Cc: Joseph Qi Cc: Julia Lawall Cc: Lukas Middendorf Cc: Mark Fasheh Cc: Phillip Potter Cc: Rodrigo Vivi Cc: Douglas Gilbert Cc: James E.J. Bottomley Cc: Jani Nikula Cc: John Ogness Cc: Martin K. Petersen Cc: "Rafael J. Wysocki" Cc: Steven Rostedt (VMware) Cc: Suren Baghdasaryan Cc: "Theodore Ts'o" Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Eric Biggers --- fs/proc/proc_sysctl.c | 33 +++++++++++++++++++++++++++++++++ include/linux/sysctl.h | 3 +++ 2 files changed, 36 insertions(+) diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c index 070d2df8ab9cf..cd7c6c4af83ad 100644 --- a/fs/proc/proc_sysctl.c +++ b/fs/proc/proc_sysctl.c @@ -16,6 +16,7 @@ #include #include #include +#include #include "internal.h" static const struct dentry_operations proc_sys_dentry_operations; @@ -1380,6 +1381,38 @@ struct ctl_table_header *register_sysctl(const char *path, struct ctl_table *tab } EXPORT_SYMBOL(register_sysctl); +/** + * __register_sysctl_init() - register sysctl table to path + * @path: path name for sysctl base + * @table: This is the sysctl table that needs to be registered to the path + * @table_name: The name of sysctl table, only used for log printing when + * registration fails + * + * The sysctl interface is used by userspace to query or modify at runtime + * a predefined value set on a variable. These variables however have default + * values pre-set. Code which depends on these variables will always work even + * if register_sysctl() fails. If register_sysctl() fails you'd just loose the + * ability to query or modify the sysctls dynamically at run time. Chances of + * register_sysctl() failing on init are extremely low, and so for both reasons + * this function does not return any error as it is used by initialization code. + * + * Context: Can only be called after your respective sysctl base path has been + * registered. So for instance, most base directories are registered early on + * init before init levels are processed through proc_sys_init() and + * sysctl_init(). + */ +void __init __register_sysctl_init(const char *path, struct ctl_table *table, + const char *table_name) +{ + struct ctl_table_header *hdr = register_sysctl(path, table); + + if (unlikely(!hdr)) { + pr_err("failed when register_sysctl %s to %s\n", table_name, path); + return; + } + kmemleak_not_leak(hdr); +} + static char *append_path(const char *path, char *pos, const char *name) { int namelen; diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h index 51298a4f46235..161eba9fd9122 100644 --- a/include/linux/sysctl.h +++ b/include/linux/sysctl.h @@ -195,6 +195,9 @@ struct ctl_table_header *register_sysctl_paths(const struct ctl_path *path, void unregister_sysctl_table(struct ctl_table_header * table); extern int sysctl_init(void); +extern void __register_sysctl_init(const char *path, struct ctl_table *table, + const char *table_name); +#define register_sysctl_init(path, table) __register_sysctl_init(path, table, #table) void do_sysctl_args(void); extern int pwrsw_enabled; From patchwork Tue Jan 24 19:29:46 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13114690 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B16ECC54E94 for ; Tue, 24 Jan 2023 19:35:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233877AbjAXTfW (ORCPT ); Tue, 24 Jan 2023 14:35:22 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39066 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229933AbjAXTfU (ORCPT ); Tue, 24 Jan 2023 14:35:20 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BAB224211; Tue, 24 Jan 2023 11:35:18 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 6D446B816BF; Tue, 24 Jan 2023 19:35:17 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C6D0CC433D2; Tue, 24 Jan 2023 19:35:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1674588916; bh=BM2SL/hK4n/mG2G/JWV0pug+lwME5e+5UISAuadPDQk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=pMMMa7/FWueJaPbT6WueVzTxC/XZ8ZmRy6NVYSRHJH2o9jCWKCnDuTqLkI9Uq2oMs 26tX5Wne6sRQ49BrsLDXDyBSDnU7kpfdnmMGjAhbQFHFUzjbzZwdAXdf+oY3Uy91FA y9MlbNxl0UAgaVq5hGo8jrPsJWS1dSAObfTRlXgMXHaQQHhE+t+hTuwYMcxP9523KN Y8ew8fd4AqVdZexwqE0zwwOPm9PQVoyu/1oxSdXosdsxZZOwlX8ohDuwlYN4pnoSii tlftKSUr4KuqWENMwRfI57tcR+fBcp0Pn+K+mb5FcQ3cCzx/he/b7oQpXqSWMQpXhw HvvFg2GsoGtLg== From: Eric Biggers To: stable@vger.kernel.org, Greg Kroah-Hartman Cc: Kees Cook , SeongJae Park , Seth Jenkins , Jann Horn , "Eric W . Biederman" , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, tangmeng , Luis Chamberlain Subject: [PATCH 5.10 02/20] kernel/panic: move panic sysctls to its own file Date: Tue, 24 Jan 2023 11:29:46 -0800 Message-Id: <20230124193004.206841-3-ebiggers@kernel.org> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230124193004.206841-1-ebiggers@kernel.org> References: <20230124193004.206841-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org From: tangmeng commit 9df918698408fd914493aba0b7858fef50eba63a upstream. kernel/sysctl.c is a kitchen sink where everyone leaves their dirty dishes, this makes it very difficult to maintain. To help with this maintenance let's start by moving sysctls to places where they actually belong. The proc sysctl maintainers do not want to know what sysctl knobs you wish to add for your own piece of code, we just care about the core logic. All filesystem syctls now get reviewed by fs folks. This commit follows the commit of fs, move the oops_all_cpu_backtrace sysctl to its own file, kernel/panic.c. Signed-off-by: tangmeng Signed-off-by: Luis Chamberlain Signed-off-by: Eric Biggers --- include/linux/kernel.h | 6 ------ kernel/panic.c | 26 +++++++++++++++++++++++++- kernel/sysctl.c | 11 ----------- 3 files changed, 25 insertions(+), 18 deletions(-) diff --git a/include/linux/kernel.h b/include/linux/kernel.h index f5392d96d6886..084d97070ed99 100644 --- a/include/linux/kernel.h +++ b/include/linux/kernel.h @@ -520,12 +520,6 @@ static inline u32 int_sqrt64(u64 x) } #endif -#ifdef CONFIG_SMP -extern unsigned int sysctl_oops_all_cpu_backtrace; -#else -#define sysctl_oops_all_cpu_backtrace 0 -#endif /* CONFIG_SMP */ - extern void bust_spinlocks(int yes); extern int panic_timeout; extern unsigned long panic_print; diff --git a/kernel/panic.c b/kernel/panic.c index 332736a72a58e..f567195d45d9d 100644 --- a/kernel/panic.c +++ b/kernel/panic.c @@ -41,7 +41,9 @@ * Should we dump all CPUs backtraces in an oops event? * Defaults to 0, can be changed via sysctl. */ -unsigned int __read_mostly sysctl_oops_all_cpu_backtrace; +static unsigned int __read_mostly sysctl_oops_all_cpu_backtrace; +#else +#define sysctl_oops_all_cpu_backtrace 0 #endif /* CONFIG_SMP */ int panic_on_oops = CONFIG_PANIC_ON_OOPS_VALUE; @@ -70,6 +72,28 @@ ATOMIC_NOTIFIER_HEAD(panic_notifier_list); EXPORT_SYMBOL(panic_notifier_list); +#if defined(CONFIG_SMP) && defined(CONFIG_SYSCTL) +static struct ctl_table kern_panic_table[] = { + { + .procname = "oops_all_cpu_backtrace", + .data = &sysctl_oops_all_cpu_backtrace, + .maxlen = sizeof(int), + .mode = 0644, + .proc_handler = proc_dointvec_minmax, + .extra1 = SYSCTL_ZERO, + .extra2 = SYSCTL_ONE, + }, + { } +}; + +static __init int kernel_panic_sysctls_init(void) +{ + register_sysctl_init("kernel", kern_panic_table); + return 0; +} +late_initcall(kernel_panic_sysctls_init); +#endif + static long no_blink(int state) { return 0; diff --git a/kernel/sysctl.c b/kernel/sysctl.c index 3eb527f8a269c..d8b7b28463135 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -2199,17 +2199,6 @@ static struct ctl_table kern_table[] = { .proc_handler = proc_dointvec, }, #endif -#ifdef CONFIG_SMP - { - .procname = "oops_all_cpu_backtrace", - .data = &sysctl_oops_all_cpu_backtrace, - .maxlen = sizeof(int), - .mode = 0644, - .proc_handler = proc_dointvec_minmax, - .extra1 = SYSCTL_ZERO, - .extra2 = SYSCTL_ONE, - }, -#endif /* CONFIG_SMP */ { .procname = "pid_max", .data = &pid_max, From patchwork Tue Jan 24 19:29:47 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13114693 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 71C01C61DA0 for ; Tue, 24 Jan 2023 19:35:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234329AbjAXTfY (ORCPT ); Tue, 24 Jan 2023 14:35:24 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39092 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233558AbjAXTfU (ORCPT ); Tue, 24 Jan 2023 14:35:20 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 69AB74EF7; Tue, 24 Jan 2023 11:35:19 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 114DBB816D5; Tue, 24 Jan 2023 19:35:18 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4A311C433A4; Tue, 24 Jan 2023 19:35:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1674588916; bh=jnlzHwyIKm111Hgt2bT1SNx3+PzVjlKrJId4SKTZuz8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=lsC6dQs0j3a3o0JmgEA8ug7xy8LjBCRKobbwU/VK1NYCtc+g5dyX1owPEkNVnu7s3 lQSzjhlYn+zseYArnq+Cu6bUU6uiCPbMiLM6P/I+hZchrQPwKK7SinALNOLgcE3LrF ZEJE2XQLsk6j1rwjYiG3Veng4DWMyHCbgp1R65Qm/iZa9fcIgHBNSdLujdhBanCtJN mOwkK8SyGLfiCi2FhkbiK7Q7ucjDA4Guhr3fOM4qIw5i/z5aOML8WmAFL0e/EJicU7 RcvKI9Z6uDPpJF2TW2UNcR/n++4MNIDthEEEIbgzFntJwtBP4E5H6/42K7lPJY4X3C Z//fxzzx+S1fg== From: Eric Biggers To: stable@vger.kernel.org, Greg Kroah-Hartman Cc: Kees Cook , SeongJae Park , Seth Jenkins , Jann Horn , "Eric W . Biederman" , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, Andrey Ryabinin , Baoquan He , Jonathan Corbet , Xuefeng Li , Tiezhu Yang , Marco Elver , Andrew Morton , Linus Torvalds Subject: [PATCH 5.10 03/20] panic: unset panic_on_warn inside panic() Date: Tue, 24 Jan 2023 11:29:47 -0800 Message-Id: <20230124193004.206841-4-ebiggers@kernel.org> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230124193004.206841-1-ebiggers@kernel.org> References: <20230124193004.206841-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org From: Tiezhu Yang commit 1a2383e8b84c0451fd9b1eec3b9aab16f30b597c upstream. In the current code, the following three places need to unset panic_on_warn before calling panic() to avoid recursive panics: kernel/kcsan/report.c: print_report() kernel/sched/core.c: __schedule_bug() mm/kfence/report.c: kfence_report_error() In order to avoid copy-pasting "panic_on_warn = 0" all over the places, it is better to move it inside panic() and then remove it from the other places. Link: https://lkml.kernel.org/r/1644324666-15947-4-git-send-email-yangtiezhu@loongson.cn Signed-off-by: Tiezhu Yang Reviewed-by: Marco Elver Cc: Andrey Ryabinin Cc: Baoquan He Cc: Jonathan Corbet Cc: Xuefeng Li Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Eric Biggers --- kernel/panic.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/kernel/panic.c b/kernel/panic.c index f567195d45d9d..960c2be2759cb 100644 --- a/kernel/panic.c +++ b/kernel/panic.c @@ -207,6 +207,16 @@ void panic(const char *fmt, ...) int old_cpu, this_cpu; bool _crash_kexec_post_notifiers = crash_kexec_post_notifiers; + if (panic_on_warn) { + /* + * This thread may hit another WARN() in the panic path. + * Resetting this prevents additional WARN() from panicking the + * system on this thread. Other threads are blocked by the + * panic_mutex in panic(). + */ + panic_on_warn = 0; + } + /* * Disable local interrupts. This will prevent panic_smp_self_stop * from deadlocking the first cpu that invokes the panic, since @@ -618,16 +628,8 @@ void __warn(const char *file, int line, void *caller, unsigned taint, if (regs) show_regs(regs); - if (panic_on_warn) { - /* - * This thread may hit another WARN() in the panic path. - * Resetting this prevents additional WARN() from panicking the - * system on this thread. Other threads are blocked by the - * panic_mutex in panic(). - */ - panic_on_warn = 0; + if (panic_on_warn) panic("panic_on_warn set ...\n"); - } if (!regs) dump_stack(); From patchwork Tue Jan 24 19:29:48 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13114691 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1F2ECC61DA2 for ; Tue, 24 Jan 2023 19:35:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234228AbjAXTfY (ORCPT ); Tue, 24 Jan 2023 14:35:24 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39094 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233658AbjAXTfU (ORCPT ); Tue, 24 Jan 2023 14:35:20 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 14A2461BE; Tue, 24 Jan 2023 11:35:20 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id B8119B811C1; Tue, 24 Jan 2023 19:35:18 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id EAF27C433A0; Tue, 24 Jan 2023 19:35:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1674588917; bh=+7oL5czw8PyoM/EYPXeCaVwzsrxyOKl99cYF1jHLePM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=mXxyy+bvsYXnh/NwLuQHTGGeExdv/mPqr4lJAO6/bNF1qCK1ib9uPk0zsoNoQ/JQ3 SGgjuF6iFTFrMdsVIkGhOh9B6DuDfivxWE7R9zKB4/FL7HAogoHvEC0SOi+UMns2zy kqRxXRhCbmzsFUCaBTyayElLAK2XhdkscSRi0BK8jwobojKkb/oIsgu8MWaVpRbRGN 4NeADRW2Qg+aO4A2LT7miYfaH49m9ZtRiNKjXPEkWyThYAy2sFUa6o28d/VD6Wc8Lv ZuCjjFf+yKL63zK/ElXrncMoF1o/4pHKTRSiU7c+9WlUkCX7ZfuMt6NsPhxaxHFPW2 3aNWDEZ/nYfdw== From: Eric Biggers To: stable@vger.kernel.org, Greg Kroah-Hartman Cc: Kees Cook , SeongJae Park , Seth Jenkins , Jann Horn , "Eric W . Biederman" , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, Andrey Ryabinin , Baoquan He , Jonathan Corbet , Xuefeng Li , Tiezhu Yang , Marco Elver , Andrew Morton , Linus Torvalds Subject: [PATCH 5.10 04/20] ubsan: no need to unset panic_on_warn in ubsan_epilogue() Date: Tue, 24 Jan 2023 11:29:48 -0800 Message-Id: <20230124193004.206841-5-ebiggers@kernel.org> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230124193004.206841-1-ebiggers@kernel.org> References: <20230124193004.206841-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org From: Tiezhu Yang commit d83ce027a54068fabb70d2c252e1ce2da86784a4 upstream. panic_on_warn is unset inside panic(), so no need to unset it before calling panic() in ubsan_epilogue(). Link: https://lkml.kernel.org/r/1644324666-15947-5-git-send-email-yangtiezhu@loongson.cn Signed-off-by: Tiezhu Yang Reviewed-by: Marco Elver Cc: Andrey Ryabinin Cc: Baoquan He Cc: Jonathan Corbet Cc: Xuefeng Li Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Eric Biggers --- lib/ubsan.c | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/lib/ubsan.c b/lib/ubsan.c index adf8dcf3c84e6..d81d107f64f41 100644 --- a/lib/ubsan.c +++ b/lib/ubsan.c @@ -151,16 +151,8 @@ static void ubsan_epilogue(void) current->in_ubsan--; - if (panic_on_warn) { - /* - * This thread may hit another WARN() in the panic path. - * Resetting this prevents additional WARN() from panicking the - * system on this thread. Other threads are blocked by the - * panic_mutex in panic(). - */ - panic_on_warn = 0; + if (panic_on_warn) panic("panic_on_warn set ...\n"); - } } static void handle_overflow(struct overflow_data *data, void *lhs, From patchwork Tue Jan 24 19:29:49 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13114692 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1B610C25B4E for ; Tue, 24 Jan 2023 19:35:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233988AbjAXTfX (ORCPT ); Tue, 24 Jan 2023 14:35:23 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39068 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232748AbjAXTfU (ORCPT ); Tue, 24 Jan 2023 14:35:20 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 211FE30CE; Tue, 24 Jan 2023 11:35:19 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id AC9E461331; Tue, 24 Jan 2023 19:35:18 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 95731C4339B; Tue, 24 Jan 2023 19:35:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1674588918; bh=reCuICm+K+YhUwzsmXaRq5UNboz+RmnhzpLO8l+L/qQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Tac5SMnc8nE4DSaErhZbUvMLGNg2wf++b/YDkLgCBRVkKZDemrF7tWvEC6bJBIkCD VBcM3f9hZt6UII4gvvOGARJdbZIHgsF96xGSZ0xa+KQpLEwNhr7XPSaYs5xQIOzJ5g GG02FroKVtJYaCYskTF/jcfqmKkjQUWtoE3QZjsDV+8022V7rg6VQGEE4F/nFj3dH6 +dBNi+ccjwoKl6YBPDLwPLDHkZKsz6Uw0pDXXwuGo0PUH8AqIbtcoyMklTs/JzRIq1 UsEfzE0T9I2x2nvncsksmzfNQnfYv3GtoMt3flol3DbTLHO+1dYx1I0ExxL1GLlcSY A3+ZBaBN37txw== From: Eric Biggers To: stable@vger.kernel.org, Greg Kroah-Hartman Cc: Kees Cook , SeongJae Park , Seth Jenkins , Jann Horn , "Eric W . Biederman" , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, Andrey Ryabinin , Baoquan He , Jonathan Corbet , Xuefeng Li , Tiezhu Yang , Marco Elver , Andrew Morton , Linus Torvalds Subject: [PATCH 5.10 05/20] kasan: no need to unset panic_on_warn in end_report() Date: Tue, 24 Jan 2023 11:29:49 -0800 Message-Id: <20230124193004.206841-6-ebiggers@kernel.org> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230124193004.206841-1-ebiggers@kernel.org> References: <20230124193004.206841-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org From: Tiezhu Yang commit e7ce7500375a63348e1d3a703c8d5003cbe3fea6 upstream. panic_on_warn is unset inside panic(), so no need to unset it before calling panic() in end_report(). Link: https://lkml.kernel.org/r/1644324666-15947-6-git-send-email-yangtiezhu@loongson.cn Signed-off-by: Tiezhu Yang Reviewed-by: Marco Elver Cc: Andrey Ryabinin Cc: Baoquan He Cc: Jonathan Corbet Cc: Xuefeng Li Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Eric Biggers --- mm/kasan/report.c | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/mm/kasan/report.c b/mm/kasan/report.c index 00a53f1355aec..91714acea0d61 100644 --- a/mm/kasan/report.c +++ b/mm/kasan/report.c @@ -95,16 +95,8 @@ static void end_report(unsigned long *flags) pr_err("==================================================================\n"); add_taint(TAINT_BAD_PAGE, LOCKDEP_NOW_UNRELIABLE); spin_unlock_irqrestore(&report_lock, *flags); - if (panic_on_warn && !test_bit(KASAN_BIT_MULTI_SHOT, &kasan_flags)) { - /* - * This thread may hit another WARN() in the panic path. - * Resetting this prevents additional WARN() from panicking the - * system on this thread. Other threads are blocked by the - * panic_mutex in panic(). - */ - panic_on_warn = 0; + if (panic_on_warn && !test_bit(KASAN_BIT_MULTI_SHOT, &kasan_flags)) panic("panic_on_warn set ...\n"); - } kasan_enable_current(); } From patchwork Tue Jan 24 19:29:50 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13114697 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id AC5C5C25B4E for ; Tue, 24 Jan 2023 19:35:29 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234551AbjAXTf1 (ORCPT ); Tue, 24 Jan 2023 14:35:27 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39176 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233962AbjAXTfX (ORCPT ); Tue, 24 Jan 2023 14:35:23 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5267E6A5E; Tue, 24 Jan 2023 11:35:20 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id D77AFB816D7; Tue, 24 Jan 2023 19:35:18 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 40DA9C433EF; Tue, 24 Jan 2023 19:35:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1674588918; bh=2WIiHmTsA8T8fP1tYeq7VvRd+oVoIlQ0qt8LDJqEZds=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=O9k23uBmfhuigqaCOuVabjwJxZ+OZA8D2+A1uc6fT4rbSOIlFPvVtiORZFFO9KzaJ IGW7jREb2sqN9jE42+/C7/OnWkcNKPvUXtUr0bQxxVI9A5ZB8JHXUPWJnjC1dOXz3a DXQGs+dOryqbJ7iDmyTbr0dkpwcqi3hiR6Gg78p4bqu4M7N5MgsKpTFdSPMAtFpFP8 DZxD1aMTWgrI2fN8bDByuEjjsmLULgM0wLqRHilY/Hb/jQnoFYd8UXRSECyMzR8yVj ld4L02pNcguqrhYhaJiWOneac1naM5VnlXzncW9zxs1HbCmAiOW/rZP7XY6VjJeGLv bztuH7Zq0jOOA== From: Eric Biggers To: stable@vger.kernel.org, Greg Kroah-Hartman Cc: Kees Cook , SeongJae Park , Seth Jenkins , Jann Horn , "Eric W . Biederman" , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 5.10 06/20] exit: Add and use make_task_dead. Date: Tue, 24 Jan 2023 11:29:50 -0800 Message-Id: <20230124193004.206841-7-ebiggers@kernel.org> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230124193004.206841-1-ebiggers@kernel.org> References: <20230124193004.206841-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org From: "Eric W. Biederman" commit 0e25498f8cd43c1b5aa327f373dd094e9a006da7 upstream. There are two big uses of do_exit. The first is it's design use to be the guts of the exit(2) system call. The second use is to terminate a task after something catastrophic has happened like a NULL pointer in kernel code. Add a function make_task_dead that is initialy exactly the same as do_exit to cover the cases where do_exit is called to handle catastrophic failure. In time this can probably be reduced to just a light wrapper around do_task_dead. For now keep it exactly the same so that there will be no behavioral differences introducing this new concept. Replace all of the uses of do_exit that use it for catastraphic task cleanup with make_task_dead to make it clear what the code is doing. As part of this rename rewind_stack_do_exit rewind_stack_and_make_dead. Signed-off-by: "Eric W. Biederman" Signed-off-by: Eric Biggers --- arch/alpha/kernel/traps.c | 6 +++--- arch/alpha/mm/fault.c | 2 +- arch/arm/kernel/traps.c | 2 +- arch/arm/mm/fault.c | 2 +- arch/arm64/kernel/traps.c | 2 +- arch/arm64/mm/fault.c | 2 +- arch/csky/abiv1/alignment.c | 2 +- arch/csky/kernel/traps.c | 2 +- arch/h8300/kernel/traps.c | 2 +- arch/h8300/mm/fault.c | 2 +- arch/hexagon/kernel/traps.c | 2 +- arch/ia64/kernel/mca_drv.c | 2 +- arch/ia64/kernel/traps.c | 2 +- arch/ia64/mm/fault.c | 2 +- arch/m68k/kernel/traps.c | 2 +- arch/m68k/mm/fault.c | 2 +- arch/microblaze/kernel/exceptions.c | 4 ++-- arch/mips/kernel/traps.c | 2 +- arch/nds32/kernel/fpu.c | 2 +- arch/nds32/kernel/traps.c | 8 ++++---- arch/nios2/kernel/traps.c | 4 ++-- arch/openrisc/kernel/traps.c | 2 +- arch/parisc/kernel/traps.c | 2 +- arch/powerpc/kernel/traps.c | 2 +- arch/riscv/kernel/traps.c | 2 +- arch/riscv/mm/fault.c | 2 +- arch/s390/kernel/dumpstack.c | 2 +- arch/s390/kernel/nmi.c | 2 +- arch/sh/kernel/traps.c | 2 +- arch/sparc/kernel/traps_32.c | 4 +--- arch/sparc/kernel/traps_64.c | 4 +--- arch/x86/entry/entry_32.S | 6 +++--- arch/x86/entry/entry_64.S | 6 +++--- arch/x86/kernel/dumpstack.c | 4 ++-- arch/xtensa/kernel/traps.c | 2 +- include/linux/sched/task.h | 1 + kernel/exit.c | 9 +++++++++ tools/objtool/check.c | 3 ++- 38 files changed, 59 insertions(+), 52 deletions(-) diff --git a/arch/alpha/kernel/traps.c b/arch/alpha/kernel/traps.c index 921d4b6e4d956..8b0f81a58b948 100644 --- a/arch/alpha/kernel/traps.c +++ b/arch/alpha/kernel/traps.c @@ -192,7 +192,7 @@ die_if_kernel(char * str, struct pt_regs *regs, long err, unsigned long *r9_15) local_irq_enable(); while (1); } - do_exit(SIGSEGV); + make_task_dead(SIGSEGV); } #ifndef CONFIG_MATHEMU @@ -577,7 +577,7 @@ do_entUna(void * va, unsigned long opcode, unsigned long reg, printk("Bad unaligned kernel access at %016lx: %p %lx %lu\n", pc, va, opcode, reg); - do_exit(SIGSEGV); + make_task_dead(SIGSEGV); got_exception: /* Ok, we caught the exception, but we don't want it. Is there @@ -632,7 +632,7 @@ do_entUna(void * va, unsigned long opcode, unsigned long reg, local_irq_enable(); while (1); } - do_exit(SIGSEGV); + make_task_dead(SIGSEGV); } /* diff --git a/arch/alpha/mm/fault.c b/arch/alpha/mm/fault.c index 09172f017efc0..5d42f94887daf 100644 --- a/arch/alpha/mm/fault.c +++ b/arch/alpha/mm/fault.c @@ -204,7 +204,7 @@ do_page_fault(unsigned long address, unsigned long mmcsr, printk(KERN_ALERT "Unable to handle kernel paging request at " "virtual address %016lx\n", address); die_if_kernel("Oops", regs, cause, (unsigned long*)regs - 16); - do_exit(SIGKILL); + make_task_dead(SIGKILL); /* We ran out of memory, or some other thing happened to us that made us unable to handle the page fault gracefully. */ diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c index a531afad87fdb..7878c33e188d7 100644 --- a/arch/arm/kernel/traps.c +++ b/arch/arm/kernel/traps.c @@ -348,7 +348,7 @@ static void oops_end(unsigned long flags, struct pt_regs *regs, int signr) if (panic_on_oops) panic("Fatal exception"); if (signr) - do_exit(signr); + make_task_dead(signr); } /* diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c index efa4020250315..af5177801fb10 100644 --- a/arch/arm/mm/fault.c +++ b/arch/arm/mm/fault.c @@ -125,7 +125,7 @@ __do_kernel_fault(struct mm_struct *mm, unsigned long addr, unsigned int fsr, show_pte(KERN_ALERT, mm, addr); die("Oops", regs, fsr); bust_spinlocks(0); - do_exit(SIGKILL); + make_task_dead(SIGKILL); } /* diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c index 2059d8f43f55f..2cdd53425509d 100644 --- a/arch/arm64/kernel/traps.c +++ b/arch/arm64/kernel/traps.c @@ -144,7 +144,7 @@ void die(const char *str, struct pt_regs *regs, int err) raw_spin_unlock_irqrestore(&die_lock, flags); if (ret != NOTIFY_STOP) - do_exit(SIGSEGV); + make_task_dead(SIGSEGV); } static void arm64_show_signal(int signo, const char *str) diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c index 795d224f184ff..2be856731e817 100644 --- a/arch/arm64/mm/fault.c +++ b/arch/arm64/mm/fault.c @@ -293,7 +293,7 @@ static void die_kernel_fault(const char *msg, unsigned long addr, show_pte(addr); die("Oops", regs, esr); bust_spinlocks(0); - do_exit(SIGKILL); + make_task_dead(SIGKILL); } static void __do_kernel_fault(unsigned long addr, unsigned int esr, diff --git a/arch/csky/abiv1/alignment.c b/arch/csky/abiv1/alignment.c index cb2a0d94a144d..5e2fb45d605cf 100644 --- a/arch/csky/abiv1/alignment.c +++ b/arch/csky/abiv1/alignment.c @@ -294,7 +294,7 @@ void csky_alignment(struct pt_regs *regs) __func__, opcode, rz, rx, imm, addr); show_regs(regs); bust_spinlocks(0); - do_exit(SIGKILL); + make_dead_task(SIGKILL); } force_sig_fault(SIGBUS, BUS_ADRALN, (void __user *)addr); diff --git a/arch/csky/kernel/traps.c b/arch/csky/kernel/traps.c index 22721468a04b2..3c648305f2c30 100644 --- a/arch/csky/kernel/traps.c +++ b/arch/csky/kernel/traps.c @@ -111,7 +111,7 @@ void die(struct pt_regs *regs, const char *str) if (panic_on_oops) panic("Fatal exception"); if (ret != NOTIFY_STOP) - do_exit(SIGSEGV); + make_dead_task(SIGSEGV); } void do_trap(struct pt_regs *regs, int signo, int code, unsigned long addr) diff --git a/arch/h8300/kernel/traps.c b/arch/h8300/kernel/traps.c index 5d8b969cd8f34..2b1366c958e3f 100644 --- a/arch/h8300/kernel/traps.c +++ b/arch/h8300/kernel/traps.c @@ -110,7 +110,7 @@ void die(const char *str, struct pt_regs *fp, unsigned long err) dump(fp); spin_unlock_irq(&die_lock); - do_exit(SIGSEGV); + make_dead_task(SIGSEGV); } static int kstack_depth_to_print = 24; diff --git a/arch/h8300/mm/fault.c b/arch/h8300/mm/fault.c index d4bc9c16f2df9..0223528565dd3 100644 --- a/arch/h8300/mm/fault.c +++ b/arch/h8300/mm/fault.c @@ -51,7 +51,7 @@ asmlinkage int do_page_fault(struct pt_regs *regs, unsigned long address, printk(" at virtual address %08lx\n", address); if (!user_mode(regs)) die("Oops", regs, error_code); - do_exit(SIGKILL); + make_dead_task(SIGKILL); return 1; } diff --git a/arch/hexagon/kernel/traps.c b/arch/hexagon/kernel/traps.c index 904134b37232f..25e8bdbfd6853 100644 --- a/arch/hexagon/kernel/traps.c +++ b/arch/hexagon/kernel/traps.c @@ -218,7 +218,7 @@ int die(const char *str, struct pt_regs *regs, long err) panic("Fatal exception"); oops_exit(); - do_exit(err); + make_dead_task(err); return 0; } diff --git a/arch/ia64/kernel/mca_drv.c b/arch/ia64/kernel/mca_drv.c index 2a40268c3d494..d9ee3b186249d 100644 --- a/arch/ia64/kernel/mca_drv.c +++ b/arch/ia64/kernel/mca_drv.c @@ -176,7 +176,7 @@ mca_handler_bh(unsigned long paddr, void *iip, unsigned long ipsr) spin_unlock(&mca_bh_lock); /* This process is about to be killed itself */ - do_exit(SIGKILL); + make_task_dead(SIGKILL); } /** diff --git a/arch/ia64/kernel/traps.c b/arch/ia64/kernel/traps.c index e13cb905930fb..753642366e12e 100644 --- a/arch/ia64/kernel/traps.c +++ b/arch/ia64/kernel/traps.c @@ -85,7 +85,7 @@ die (const char *str, struct pt_regs *regs, long err) if (panic_on_oops) panic("Fatal exception"); - do_exit(SIGSEGV); + make_task_dead(SIGSEGV); return 0; } diff --git a/arch/ia64/mm/fault.c b/arch/ia64/mm/fault.c index cd9766d2b6e0e..829198180ca6f 100644 --- a/arch/ia64/mm/fault.c +++ b/arch/ia64/mm/fault.c @@ -274,7 +274,7 @@ ia64_do_page_fault (unsigned long address, unsigned long isr, struct pt_regs *re regs = NULL; bust_spinlocks(0); if (regs) - do_exit(SIGKILL); + make_task_dead(SIGKILL); return; out_of_memory: diff --git a/arch/m68k/kernel/traps.c b/arch/m68k/kernel/traps.c index 9e1261462bcc5..b2a31afb998c2 100644 --- a/arch/m68k/kernel/traps.c +++ b/arch/m68k/kernel/traps.c @@ -1136,7 +1136,7 @@ void die_if_kernel (char *str, struct pt_regs *fp, int nr) pr_crit("%s: %08x\n", str, nr); show_registers(fp); add_taint(TAINT_DIE, LOCKDEP_NOW_UNRELIABLE); - do_exit(SIGSEGV); + make_task_dead(SIGSEGV); } asmlinkage void set_esp0(unsigned long ssp) diff --git a/arch/m68k/mm/fault.c b/arch/m68k/mm/fault.c index ef46e77e97a5b..fcb3a0d8421c5 100644 --- a/arch/m68k/mm/fault.c +++ b/arch/m68k/mm/fault.c @@ -48,7 +48,7 @@ int send_fault_sig(struct pt_regs *regs) pr_alert("Unable to handle kernel access"); pr_cont(" at virtual address %p\n", addr); die_if_kernel("Oops", regs, 0 /*error_code*/); - do_exit(SIGKILL); + make_task_dead(SIGKILL); } return 1; diff --git a/arch/microblaze/kernel/exceptions.c b/arch/microblaze/kernel/exceptions.c index cf99c411503e3..6d3a6a6442205 100644 --- a/arch/microblaze/kernel/exceptions.c +++ b/arch/microblaze/kernel/exceptions.c @@ -44,10 +44,10 @@ void die(const char *str, struct pt_regs *fp, long err) pr_warn("Oops: %s, sig: %ld\n", str, err); show_regs(fp); spin_unlock_irq(&die_lock); - /* do_exit() should take care of panic'ing from an interrupt + /* make_task_dead() should take care of panic'ing from an interrupt * context so we don't handle it here */ - do_exit(err); + make_task_dead(err); } /* for user application debugging */ diff --git a/arch/mips/kernel/traps.c b/arch/mips/kernel/traps.c index b1fe4518bd221..ebd0101f0958d 100644 --- a/arch/mips/kernel/traps.c +++ b/arch/mips/kernel/traps.c @@ -413,7 +413,7 @@ void __noreturn die(const char *str, struct pt_regs *regs) if (regs && kexec_should_crash(current)) crash_kexec(regs); - do_exit(sig); + make_task_dead(sig); } extern struct exception_table_entry __start___dbe_table[]; diff --git a/arch/nds32/kernel/fpu.c b/arch/nds32/kernel/fpu.c index 9edd7ed7d7bf8..701c09a668de4 100644 --- a/arch/nds32/kernel/fpu.c +++ b/arch/nds32/kernel/fpu.c @@ -223,7 +223,7 @@ inline void handle_fpu_exception(struct pt_regs *regs) } } else if (fpcsr & FPCSR_mskRIT) { if (!user_mode(regs)) - do_exit(SIGILL); + make_task_dead(SIGILL); si_signo = SIGILL; } diff --git a/arch/nds32/kernel/traps.c b/arch/nds32/kernel/traps.c index 6a9772ba73927..12cdd6549360c 100644 --- a/arch/nds32/kernel/traps.c +++ b/arch/nds32/kernel/traps.c @@ -185,7 +185,7 @@ void die(const char *str, struct pt_regs *regs, int err) bust_spinlocks(0); spin_unlock_irq(&die_lock); - do_exit(SIGSEGV); + make_task_dead(SIGSEGV); } EXPORT_SYMBOL(die); @@ -289,7 +289,7 @@ void unhandled_interruption(struct pt_regs *regs) pr_emerg("unhandled_interruption\n"); show_regs(regs); if (!user_mode(regs)) - do_exit(SIGKILL); + make_task_dead(SIGKILL); force_sig(SIGKILL); } @@ -300,7 +300,7 @@ void unhandled_exceptions(unsigned long entry, unsigned long addr, addr, type); show_regs(regs); if (!user_mode(regs)) - do_exit(SIGKILL); + make_task_dead(SIGKILL); force_sig(SIGKILL); } @@ -327,7 +327,7 @@ void do_revinsn(struct pt_regs *regs) pr_emerg("Reserved Instruction\n"); show_regs(regs); if (!user_mode(regs)) - do_exit(SIGILL); + make_task_dead(SIGILL); force_sig(SIGILL); } diff --git a/arch/nios2/kernel/traps.c b/arch/nios2/kernel/traps.c index b172da4eb1a95..86208178024f6 100644 --- a/arch/nios2/kernel/traps.c +++ b/arch/nios2/kernel/traps.c @@ -37,10 +37,10 @@ void die(const char *str, struct pt_regs *regs, long err) show_regs(regs); spin_unlock_irq(&die_lock); /* - * do_exit() should take care of panic'ing from an interrupt + * make_task_dead() should take care of panic'ing from an interrupt * context so we don't handle it here */ - do_exit(err); + make_task_dead(err); } void _exception(int signo, struct pt_regs *regs, int code, unsigned long addr) diff --git a/arch/openrisc/kernel/traps.c b/arch/openrisc/kernel/traps.c index 206e5325e61bc..fca5317f3ce17 100644 --- a/arch/openrisc/kernel/traps.c +++ b/arch/openrisc/kernel/traps.c @@ -212,7 +212,7 @@ void die(const char *str, struct pt_regs *regs, long err) __asm__ __volatile__("l.nop 1"); do {} while (1); #endif - do_exit(SIGSEGV); + make_task_dead(SIGSEGV); } /* This is normally the 'Oops' routine */ diff --git a/arch/parisc/kernel/traps.c b/arch/parisc/kernel/traps.c index bce47e0fb692c..2fad7867af100 100644 --- a/arch/parisc/kernel/traps.c +++ b/arch/parisc/kernel/traps.c @@ -268,7 +268,7 @@ void die_if_kernel(char *str, struct pt_regs *regs, long err) panic("Fatal exception"); oops_exit(); - do_exit(SIGSEGV); + make_task_dead(SIGSEGV); } /* gdb uses break 4,8 */ diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c index 069d451240fa4..5e5a2448ae79a 100644 --- a/arch/powerpc/kernel/traps.c +++ b/arch/powerpc/kernel/traps.c @@ -245,7 +245,7 @@ static void oops_end(unsigned long flags, struct pt_regs *regs, if (panic_on_oops) panic("Fatal exception"); - do_exit(signr); + make_task_dead(signr); } NOKPROBE_SYMBOL(oops_end); diff --git a/arch/riscv/kernel/traps.c b/arch/riscv/kernel/traps.c index c1a13011fb8e5..23fe03ca7ec7b 100644 --- a/arch/riscv/kernel/traps.c +++ b/arch/riscv/kernel/traps.c @@ -57,7 +57,7 @@ void die(struct pt_regs *regs, const char *str) if (panic_on_oops) panic("Fatal exception"); if (ret != NOTIFY_STOP) - do_exit(SIGSEGV); + make_task_dead(SIGSEGV); } void do_trap(struct pt_regs *regs, int signo, int code, unsigned long addr) diff --git a/arch/riscv/mm/fault.c b/arch/riscv/mm/fault.c index 8f84bbe0ac33e..54b12943cc7b0 100644 --- a/arch/riscv/mm/fault.c +++ b/arch/riscv/mm/fault.c @@ -34,7 +34,7 @@ static inline void no_context(struct pt_regs *regs, unsigned long addr) (addr < PAGE_SIZE) ? "NULL pointer dereference" : "paging request", addr); die(regs, "Oops"); - do_exit(SIGKILL); + make_task_dead(SIGKILL); } static inline void mm_fault_error(struct pt_regs *regs, unsigned long addr, vm_fault_t fault) diff --git a/arch/s390/kernel/dumpstack.c b/arch/s390/kernel/dumpstack.c index 0dc4b258b98d5..763e726025b3d 100644 --- a/arch/s390/kernel/dumpstack.c +++ b/arch/s390/kernel/dumpstack.c @@ -214,5 +214,5 @@ void die(struct pt_regs *regs, const char *str) if (panic_on_oops) panic("Fatal exception: panic_on_oops"); oops_exit(); - do_exit(SIGSEGV); + make_task_dead(SIGSEGV); } diff --git a/arch/s390/kernel/nmi.c b/arch/s390/kernel/nmi.c index 86c8d5370e7f4..0102376eca3db 100644 --- a/arch/s390/kernel/nmi.c +++ b/arch/s390/kernel/nmi.c @@ -178,7 +178,7 @@ void s390_handle_mcck(void) "malfunction (code 0x%016lx).\n", mcck.mcck_code); printk(KERN_EMERG "mcck: task: %s, pid: %d.\n", current->comm, current->pid); - do_exit(SIGSEGV); + make_task_dead(SIGSEGV); } } EXPORT_SYMBOL_GPL(s390_handle_mcck); diff --git a/arch/sh/kernel/traps.c b/arch/sh/kernel/traps.c index 9c3d32b80038a..4efffc18c8512 100644 --- a/arch/sh/kernel/traps.c +++ b/arch/sh/kernel/traps.c @@ -57,7 +57,7 @@ void die(const char *str, struct pt_regs *regs, long err) if (panic_on_oops) panic("Fatal exception"); - do_exit(SIGSEGV); + make_task_dead(SIGSEGV); } void die_if_kernel(const char *str, struct pt_regs *regs, long err) diff --git a/arch/sparc/kernel/traps_32.c b/arch/sparc/kernel/traps_32.c index 247a0d9683b2b..5d47f4a342261 100644 --- a/arch/sparc/kernel/traps_32.c +++ b/arch/sparc/kernel/traps_32.c @@ -86,9 +86,7 @@ void __noreturn die_if_kernel(char *str, struct pt_regs *regs) } printk("Instruction DUMP:"); instruction_dump ((unsigned long *) regs->pc); - if(regs->psr & PSR_PS) - do_exit(SIGKILL); - do_exit(SIGSEGV); + make_task_dead((regs->psr & PSR_PS) ? SIGKILL : SIGSEGV); } void do_hw_interrupt(struct pt_regs *regs, unsigned long type) diff --git a/arch/sparc/kernel/traps_64.c b/arch/sparc/kernel/traps_64.c index a850dccd78ea1..814277d0e3e8f 100644 --- a/arch/sparc/kernel/traps_64.c +++ b/arch/sparc/kernel/traps_64.c @@ -2564,9 +2564,7 @@ void __noreturn die_if_kernel(char *str, struct pt_regs *regs) } if (panic_on_oops) panic("Fatal exception"); - if (regs->tstate & TSTATE_PRIV) - do_exit(SIGKILL); - do_exit(SIGSEGV); + make_task_dead((regs->tstate & TSTATE_PRIV)? SIGKILL : SIGSEGV); } EXPORT_SYMBOL(die_if_kernel); diff --git a/arch/x86/entry/entry_32.S b/arch/x86/entry/entry_32.S index 8fcd6a42b3a18..70bd81b6c612e 100644 --- a/arch/x86/entry/entry_32.S +++ b/arch/x86/entry/entry_32.S @@ -1333,14 +1333,14 @@ SYM_CODE_START(asm_exc_nmi) SYM_CODE_END(asm_exc_nmi) .pushsection .text, "ax" -SYM_CODE_START(rewind_stack_do_exit) +SYM_CODE_START(rewind_stack_and_make_dead) /* Prevent any naive code from trying to unwind to our caller. */ xorl %ebp, %ebp movl PER_CPU_VAR(cpu_current_top_of_stack), %esi leal -TOP_OF_KERNEL_STACK_PADDING-PTREGS_SIZE(%esi), %esp - call do_exit + call make_task_dead 1: jmp 1b -SYM_CODE_END(rewind_stack_do_exit) +SYM_CODE_END(rewind_stack_and_make_dead) .popsection diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S index 559c82b834757..23212c53cef7f 100644 --- a/arch/x86/entry/entry_64.S +++ b/arch/x86/entry/entry_64.S @@ -1509,7 +1509,7 @@ SYM_CODE_END(ignore_sysret) #endif .pushsection .text, "ax" -SYM_CODE_START(rewind_stack_do_exit) +SYM_CODE_START(rewind_stack_and_make_dead) UNWIND_HINT_FUNC /* Prevent any naive code from trying to unwind to our caller. */ xorl %ebp, %ebp @@ -1518,6 +1518,6 @@ SYM_CODE_START(rewind_stack_do_exit) leaq -PTREGS_SIZE(%rax), %rsp UNWIND_HINT_REGS - call do_exit -SYM_CODE_END(rewind_stack_do_exit) + call make_task_dead +SYM_CODE_END(rewind_stack_and_make_dead) .popsection diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c index 97aa900386cbb..b4964300153a1 100644 --- a/arch/x86/kernel/dumpstack.c +++ b/arch/x86/kernel/dumpstack.c @@ -351,7 +351,7 @@ unsigned long oops_begin(void) } NOKPROBE_SYMBOL(oops_begin); -void __noreturn rewind_stack_do_exit(int signr); +void __noreturn rewind_stack_and_make_dead(int signr); void oops_end(unsigned long flags, struct pt_regs *regs, int signr) { @@ -386,7 +386,7 @@ void oops_end(unsigned long flags, struct pt_regs *regs, int signr) * reuse the task stack and that existing poisons are invalid. */ kasan_unpoison_task_stack(current); - rewind_stack_do_exit(signr); + rewind_stack_and_make_dead(signr); } NOKPROBE_SYMBOL(oops_end); diff --git a/arch/xtensa/kernel/traps.c b/arch/xtensa/kernel/traps.c index efc3a29cde803..129f23c0ab553 100644 --- a/arch/xtensa/kernel/traps.c +++ b/arch/xtensa/kernel/traps.c @@ -545,5 +545,5 @@ void die(const char * str, struct pt_regs * regs, long err) if (panic_on_oops) panic("Fatal exception"); - do_exit(err); + make_task_dead(err); } diff --git a/include/linux/sched/task.h b/include/linux/sched/task.h index 4ce511437a8aa..2832cc6be062b 100644 --- a/include/linux/sched/task.h +++ b/include/linux/sched/task.h @@ -61,6 +61,7 @@ extern void sched_post_fork(struct task_struct *p, extern void sched_dead(struct task_struct *p); void __noreturn do_task_dead(void); +void __noreturn make_task_dead(int signr); extern void proc_caches_init(void); diff --git a/kernel/exit.c b/kernel/exit.c index 8989e1d1f79b7..8d7577940077a 100644 --- a/kernel/exit.c +++ b/kernel/exit.c @@ -863,6 +863,15 @@ void __noreturn do_exit(long code) } EXPORT_SYMBOL_GPL(do_exit); +void __noreturn make_task_dead(int signr) +{ + /* + * Take the task off the cpu after something catastrophic has + * happened. + */ + do_exit(signr); +} + void complete_and_exit(struct completion *comp, long code) { if (comp) diff --git a/tools/objtool/check.c b/tools/objtool/check.c index 700984e7f5ba1..3c2baeb86c578 100644 --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -168,6 +168,7 @@ static bool __dead_end_function(struct objtool_file *file, struct symbol *func, "panic", "do_exit", "do_task_dead", + "make_task_dead", "__module_put_and_exit", "complete_and_exit", "__reiserfs_panic", @@ -175,7 +176,7 @@ static bool __dead_end_function(struct objtool_file *file, struct symbol *func, "fortify_panic", "usercopy_abort", "machine_real_restart", - "rewind_stack_do_exit", + "rewind_stack_and_make_dead" "kunit_try_catch_throw", "xen_start_kernel", "cpu_bringup_and_idle", From patchwork Tue Jan 24 19:29:51 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13114694 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2AEC1C54EB4 for ; Tue, 24 Jan 2023 19:35:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234434AbjAXTfZ (ORCPT ); Tue, 24 Jan 2023 14:35:25 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39108 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233813AbjAXTfV (ORCPT ); Tue, 24 Jan 2023 14:35:21 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 99D756A6C; Tue, 24 Jan 2023 11:35:20 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 5390DB816D8; Tue, 24 Jan 2023 19:35:19 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B07CFC433D2; Tue, 24 Jan 2023 19:35:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1674588919; bh=a4BsyzggSYFLYmAD9g4fj3o8Vt6Azs6mBye6UuGoSWE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=gSkFOwZBkGu39SEnS1HLu1pS5/MlTqwMAzrEkkkvIZha7jBLKpbj7hrjSoFbbMCeJ 5bgOw2kAUxy5ogZUhYrwd8FeqhkFw2JN74fSjH9RtB0mtmk1XaezOmCB6fAsk+kGjM jSCZvBq84f3RMXT0Tq7GwfFo1+Y0kr5twzQrWuzHlrOLeUaPG9brz/K1NfYQNKg8x0 Wa18430Knk+v84mvTPMHCeLWYmZgt3snPCccSM9SJbAaCcplKFq8YlQVcxQMORClOn z+DVnXSVi0HRZh6js+W305W5/hpDCAI77wA3yLdZbwbEJAGlEn8fQ1GRVCtzjfHr2U 8LUYhlImfd1cg== From: Eric Biggers To: stable@vger.kernel.org, Greg Kroah-Hartman Cc: Kees Cook , SeongJae Park , Seth Jenkins , Jann Horn , "Eric W . Biederman" , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, kernel test robot Subject: [PATCH 5.10 07/20] objtool: Add a missing comma to avoid string concatenation Date: Tue, 24 Jan 2023 11:29:51 -0800 Message-Id: <20230124193004.206841-8-ebiggers@kernel.org> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230124193004.206841-1-ebiggers@kernel.org> References: <20230124193004.206841-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org From: "Eric W. Biederman" commit 1fb466dff904e4a72282af336f2c355f011eec61 upstream. Recently the kbuild robot reported two new errors: >> lib/kunit/kunit-example-test.o: warning: objtool: .text.unlikely: unexpected end of section >> arch/x86/kernel/dumpstack.o: warning: objtool: oops_end() falls through to next function show_opcodes() I don't know why they did not occur in my test setup but after digging it I realized I had accidentally dropped a comma in tools/objtool/check.c when I renamed rewind_stack_do_exit to rewind_stack_and_make_dead. Add that comma back to fix objtool errors. Link: https://lkml.kernel.org/r/202112140949.Uq5sFKR1-lkp@intel.com Fixes: 0e25498f8cd4 ("exit: Add and use make_task_dead.") Reported-by: kernel test robot Signed-off-by: "Eric W. Biederman" Signed-off-by: Eric Biggers --- tools/objtool/check.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/objtool/check.c b/tools/objtool/check.c index 3c2baeb86c578..985bcc5cea8a4 100644 --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -176,7 +176,7 @@ static bool __dead_end_function(struct objtool_file *file, struct symbol *func, "fortify_panic", "usercopy_abort", "machine_real_restart", - "rewind_stack_and_make_dead" + "rewind_stack_and_make_dead", "kunit_try_catch_throw", "xen_start_kernel", "cpu_bringup_and_idle", From patchwork Tue Jan 24 19:29:52 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13114695 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id BD67FC61DA7 for ; Tue, 24 Jan 2023 19:35:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234499AbjAXTfZ (ORCPT ); Tue, 24 Jan 2023 14:35:25 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39154 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233939AbjAXTfW (ORCPT ); Tue, 24 Jan 2023 14:35:22 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7FE2CBBBA; Tue, 24 Jan 2023 11:35:21 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id C31C1B815DA; Tue, 24 Jan 2023 19:35:19 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2B470C433A1; Tue, 24 Jan 2023 19:35:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1674588919; bh=DqP04JuwOBj5YYO9MbNahR0CLXBTSbTK5fZvcwGho9w=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=bKQjyYgy205o5cF89No1Y9GwfjoonuMp5GrjHPZiLGjLdDwVqTO0MEv6r4eMZX6M3 0qGtho+RP6RDnglWxc6tDeh5eSnxorXNWzOTU195tBwbRNrpYKG0jyQM1R2H1xvb0z iH9jVp/0mfQzlCporfzdk9SvPfRd6ksF+ZvO4YREXZXcEzsNPbnqkeRVIMKSDQPVhl Sx3Q1qFbjwhFCf9ILYvobh1gJGQfZl/8FJ2xZ0xvkZFtkF/0bLDm7/KANw29cmYtiz pZtDirl222o3sFzxvP+uOaGFleJt0tphq0PtMVftKXrH4gj3xvHO9LADmDK/Fx+eC4 NtUkthzRWvkIg== From: Eric Biggers To: stable@vger.kernel.org, Greg Kroah-Hartman Cc: Kees Cook , SeongJae Park , Seth Jenkins , Jann Horn , "Eric W . Biederman" , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, Nathan Chancellor Subject: [PATCH 5.10 08/20] hexagon: Fix function name in die() Date: Tue, 24 Jan 2023 11:29:52 -0800 Message-Id: <20230124193004.206841-9-ebiggers@kernel.org> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230124193004.206841-1-ebiggers@kernel.org> References: <20230124193004.206841-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org From: Nathan Chancellor commit 4f0712ccec09c071e221242a2db9a6779a55a949 upstream. When building ARCH=hexagon defconfig: arch/hexagon/kernel/traps.c:217:2: error: implicit declaration of function 'make_dead_task' [-Werror,-Wimplicit-function-declaration] make_dead_task(err); ^ The function's name is make_task_dead(), change it so there is no more build error. Fixes: 0e25498f8cd4 ("exit: Add and use make_task_dead.") Signed-off-by: Nathan Chancellor Link: https://lkml.kernel.org/r/20211227184851.2297759-2-nathan@kernel.org Signed-off-by: Eric W. Biederman Signed-off-by: Eric Biggers --- arch/hexagon/kernel/traps.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/hexagon/kernel/traps.c b/arch/hexagon/kernel/traps.c index 25e8bdbfd6853..b334e80717099 100644 --- a/arch/hexagon/kernel/traps.c +++ b/arch/hexagon/kernel/traps.c @@ -218,7 +218,7 @@ int die(const char *str, struct pt_regs *regs, long err) panic("Fatal exception"); oops_exit(); - make_dead_task(err); + make_task_dead(err); return 0; } From patchwork Tue Jan 24 19:29:53 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13114696 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 40485C636BD for ; Tue, 24 Jan 2023 19:35:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234518AbjAXTf0 (ORCPT ); Tue, 24 Jan 2023 14:35:26 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39178 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233964AbjAXTfX (ORCPT ); Tue, 24 Jan 2023 14:35:23 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 82E56C16F; Tue, 24 Jan 2023 11:35:21 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 3E5F6B816E3; Tue, 24 Jan 2023 19:35:20 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9BB29C433D2; Tue, 24 Jan 2023 19:35:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1674588919; bh=cR90F9EBBygHfJEbndg2gMa75Cq2Jp21fKF8PAurIWk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=qgBDmE5g7TvuU1p7m6wQhFig0SBRzFl+n7PJVEWhTLaEBIIXtI6MKvw3BZX5DWcXO 9GDz34rhZbTR1uFQCXDbYYUyMuEraLM7NA/Jt2KW93jZAB08l6kO2V2qCE6YNxeL+Q mlUBilWU3Q9s6w3IfldEy2s29iC9SCsILrBfutxuKuODO3WfwSdLN/BH7x2F6KWhl9 VNkXzTbbHOCgin4m9LThWJS7/yuHoT1TPfsY0tKdMuaMjtRxR8wJjQ12i/OtdCH6BT Nt7A6mIG0avdX0QiBR8GYRF6oZ25UFz9Mj6PELE1rsJ1NIbeoRbp+ppLN75oi7pIWX rDZg3f02m6+8Q== From: Eric Biggers To: stable@vger.kernel.org, Greg Kroah-Hartman Cc: Kees Cook , SeongJae Park , Seth Jenkins , Jann Horn , "Eric W . Biederman" , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, Nathan Chancellor Subject: [PATCH 5.10 09/20] h8300: Fix build errors from do_exit() to make_task_dead() transition Date: Tue, 24 Jan 2023 11:29:53 -0800 Message-Id: <20230124193004.206841-10-ebiggers@kernel.org> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230124193004.206841-1-ebiggers@kernel.org> References: <20230124193004.206841-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org From: Nathan Chancellor commit ab4ababdf77ccc56c7301c751dff49c79709c51c upstream. When building ARCH=h8300 defconfig: arch/h8300/kernel/traps.c: In function 'die': arch/h8300/kernel/traps.c:109:2: error: implicit declaration of function 'make_dead_task' [-Werror=implicit-function-declaration] 109 | make_dead_task(SIGSEGV); | ^~~~~~~~~~~~~~ arch/h8300/mm/fault.c: In function 'do_page_fault': arch/h8300/mm/fault.c:54:2: error: implicit declaration of function 'make_dead_task' [-Werror=implicit-function-declaration] 54 | make_dead_task(SIGKILL); | ^~~~~~~~~~~~~~ The function's name is make_task_dead(), change it so there is no more build error. Additionally, include linux/sched/task.h in arch/h8300/kernel/traps.c to avoid the same error because do_exit()'s declaration is in kernel.h but make_task_dead()'s is in task.h, which is not included in traps.c. Fixes: 0e25498f8cd4 ("exit: Add and use make_task_dead.") Signed-off-by: Nathan Chancellor Link: https://lkml.kernel.org/r/20211227184851.2297759-3-nathan@kernel.org Signed-off-by: Eric W. Biederman Signed-off-by: Eric Biggers --- arch/h8300/kernel/traps.c | 3 ++- arch/h8300/mm/fault.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/arch/h8300/kernel/traps.c b/arch/h8300/kernel/traps.c index 2b1366c958e3f..cf23ccb50c17e 100644 --- a/arch/h8300/kernel/traps.c +++ b/arch/h8300/kernel/traps.c @@ -17,6 +17,7 @@ #include #include #include +#include #include #include #include @@ -110,7 +111,7 @@ void die(const char *str, struct pt_regs *fp, unsigned long err) dump(fp); spin_unlock_irq(&die_lock); - make_dead_task(SIGSEGV); + make_task_dead(SIGSEGV); } static int kstack_depth_to_print = 24; diff --git a/arch/h8300/mm/fault.c b/arch/h8300/mm/fault.c index 0223528565dd3..b465441f490df 100644 --- a/arch/h8300/mm/fault.c +++ b/arch/h8300/mm/fault.c @@ -51,7 +51,7 @@ asmlinkage int do_page_fault(struct pt_regs *regs, unsigned long address, printk(" at virtual address %08lx\n", address); if (!user_mode(regs)) die("Oops", regs, error_code); - make_dead_task(SIGKILL); + make_task_dead(SIGKILL); return 1; } From patchwork Tue Jan 24 19:29:54 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13114699 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 95A4DC54EB4 for ; Tue, 24 Jan 2023 19:35:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233658AbjAXTfe (ORCPT ); Tue, 24 Jan 2023 14:35:34 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39108 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234311AbjAXTfY (ORCPT ); Tue, 24 Jan 2023 14:35:24 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 09B215FE8; Tue, 24 Jan 2023 11:35:23 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id AB8FFB81658; Tue, 24 Jan 2023 19:35:21 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 17B40C433A1; Tue, 24 Jan 2023 19:35:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1674588920; bh=5Q9RH5AbJWZtGgmftwQz/FQpiCLe1j10EZBiFooZn74=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=pW8N4Ut3SLaSVFvlgBulTYOnf6gq6TZRxGXzEtE6LbR5ISq8QkH/pMExFG/gGA+X5 94TFhVctfikTcAwdbWC+Oj9iesIp19vCgT+bnLcaBXcXcZyoUvU9aUJ6o5TTaxBeO1 qKGAX2LNYj5g+vdSkaMOFC4n0MUXD6bdCPnbE/nNPzbdM7KTNnByUovK1SekjADuii d3pmN6xKGO9Dcstwdms/WkC5LhOCZWYNja+0hFWz2Tvl5gQaygi5gxiAR+whiPfObe lwp5AkZjFPnG9YxvaKO2Zq5oYqg5czKwdhTvHNdxTS9t3VKEnBbBptwoGbQWyjYSkN MJ1xZlpFRXhXQ== From: Eric Biggers To: stable@vger.kernel.org, Greg Kroah-Hartman Cc: Kees Cook , SeongJae Park , Seth Jenkins , Jann Horn , "Eric W . Biederman" , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, Nathan Chancellor , Guo Ren Subject: [PATCH 5.10 10/20] csky: Fix function name in csky_alignment() and die() Date: Tue, 24 Jan 2023 11:29:54 -0800 Message-Id: <20230124193004.206841-11-ebiggers@kernel.org> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230124193004.206841-1-ebiggers@kernel.org> References: <20230124193004.206841-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org From: Nathan Chancellor commit 751971af2e3615dc5bd12674080bc795505fefeb upstream. When building ARCH=csky defconfig: arch/csky/kernel/traps.c: In function 'die': arch/csky/kernel/traps.c:112:17: error: implicit declaration of function 'make_dead_task' [-Werror=implicit-function-declaration] 112 | make_dead_task(SIGSEGV); | ^~~~~~~~~~~~~~ The function's name is make_task_dead(), change it so there is no more build error. Fixes: 0e25498f8cd4 ("exit: Add and use make_task_dead.") Signed-off-by: Nathan Chancellor Reviewed-by: Guo Ren Link: https://lkml.kernel.org/r/20211227184851.2297759-4-nathan@kernel.org Signed-off-by: Eric W. Biederman Signed-off-by: Eric Biggers --- arch/csky/abiv1/alignment.c | 2 +- arch/csky/kernel/traps.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/csky/abiv1/alignment.c b/arch/csky/abiv1/alignment.c index 5e2fb45d605cf..2df115d0e2105 100644 --- a/arch/csky/abiv1/alignment.c +++ b/arch/csky/abiv1/alignment.c @@ -294,7 +294,7 @@ void csky_alignment(struct pt_regs *regs) __func__, opcode, rz, rx, imm, addr); show_regs(regs); bust_spinlocks(0); - make_dead_task(SIGKILL); + make_task_dead(SIGKILL); } force_sig_fault(SIGBUS, BUS_ADRALN, (void __user *)addr); diff --git a/arch/csky/kernel/traps.c b/arch/csky/kernel/traps.c index 3c648305f2c30..15711efa14a4e 100644 --- a/arch/csky/kernel/traps.c +++ b/arch/csky/kernel/traps.c @@ -111,7 +111,7 @@ void die(struct pt_regs *regs, const char *str) if (panic_on_oops) panic("Fatal exception"); if (ret != NOTIFY_STOP) - make_dead_task(SIGSEGV); + make_task_dead(SIGSEGV); } void do_trap(struct pt_regs *regs, int signo, int code, unsigned long addr) From patchwork Tue Jan 24 19:29:55 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13114698 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A08D3C25B4E for ; Tue, 24 Jan 2023 19:35:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234672AbjAXTfd (ORCPT ); Tue, 24 Jan 2023 14:35:33 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39208 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234221AbjAXTfY (ORCPT ); Tue, 24 Jan 2023 14:35:24 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C582B7282; Tue, 24 Jan 2023 11:35:22 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 4E9A3B816CE; Tue, 24 Jan 2023 19:35:22 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8FAECC433A0; Tue, 24 Jan 2023 19:35:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1674588921; bh=Tay53nfj7nF5eAwHs4g9Vnh0qKBAyGSVMz1O5p5Pn/M=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Hk7GTkt0zk+xvAM5PO872mQYOzLuEe+4vL3G1xo2cda4i0OZiGPSkmumCGkGqMaMC uS99/trEiJ+372mczQitF7AquEmX6sh9PGaljVRR+yH7zZxfPJf6Ujjcf8MclwJ3Ut j7jILTLWa9gDwG/7HrWU3yIJCBvX5jlacNxaZWL47XfACEgzUyHdlFK687v9oCVyJm CHrb61wm5YeG15PmpAZPEthX1DpZDuv0od/ZJO73jpnd2XHeH9CUQlr2pCgI7ZTwCJ /KSZ/LfezVk+GDepZrdyJw/mLvMK3fm2A5vvmZ3vthpUcBq1EtWuLFzvXvjI6yFvVq 5KokAZYjsqKIg== From: Eric Biggers To: stable@vger.kernel.org, Greg Kroah-Hartman Cc: Kees Cook , SeongJae Park , Seth Jenkins , Jann Horn , "Eric W . Biederman" , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, Tony Luck , Randy Dunlap , Christoph Hellwig , Christoph Hellwig , Andrew Morton , Linus Torvalds Subject: [PATCH 5.10 11/20] ia64: make IA64_MCA_RECOVERY bool instead of tristate Date: Tue, 24 Jan 2023 11:29:55 -0800 Message-Id: <20230124193004.206841-12-ebiggers@kernel.org> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230124193004.206841-1-ebiggers@kernel.org> References: <20230124193004.206841-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org From: Randy Dunlap commit dbecf9b8b8ce580f4e11afed9d61e8aa294cddd2 upstream. In linux-next, IA64_MCA_RECOVERY uses the (new) function make_task_dead(), which is not exported for use by modules. Instead of exporting it for one user, convert IA64_MCA_RECOVERY to be a bool Kconfig symbol. In a config file from "kernel test robot " for a different problem, this linker error was exposed when CONFIG_IA64_MCA_RECOVERY=m. Fixes this build error: ERROR: modpost: "make_task_dead" [arch/ia64/kernel/mca_recovery.ko] undefined! Link: https://lkml.kernel.org/r/20220124213129.29306-1-rdunlap@infradead.org Fixes: 0e25498f8cd4 ("exit: Add and use make_task_dead.") Signed-off-by: Randy Dunlap Suggested-by: Christoph Hellwig Reviewed-by: Christoph Hellwig Reviewed-by: "Eric W. Biederman" Cc: Tony Luck Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Eric Biggers --- arch/ia64/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/ia64/Kconfig b/arch/ia64/Kconfig index 39b25a5a591b3..1d0579bc9d655 100644 --- a/arch/ia64/Kconfig +++ b/arch/ia64/Kconfig @@ -361,7 +361,7 @@ config ARCH_PROC_KCORE_TEXT depends on PROC_KCORE config IA64_MCA_RECOVERY - tristate "MCA recovery from errors other than TLB." + bool "MCA recovery from errors other than TLB." config IA64_PALINFO tristate "/proc/pal support" From patchwork Tue Jan 24 19:29:56 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13114700 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D73BAC25B4E for ; Tue, 24 Jan 2023 19:35:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234696AbjAXTfg (ORCPT ); Tue, 24 Jan 2023 14:35:36 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39114 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233798AbjAXTfY (ORCPT ); Tue, 24 Jan 2023 14:35:24 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A71DECA18; Tue, 24 Jan 2023 11:35:22 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 406736134B; Tue, 24 Jan 2023 19:35:22 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2D744C4339B; Tue, 24 Jan 2023 19:35:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1674588921; bh=dM/d0ubHLSl2Cs4adfZyHmQBOJqZC9Il4OfnR6+zIyY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=c1YfeeBGeTJDr4GlHYVDNWDIW8dokgKt0iy6zlPWj0sXR5pkwqam6OgvXA2VnlLN1 5CHXf5orzZy4Xdp2PTN3A2YLpnSHUpZtcHSnRag5SCLiuiQ+QkDhPov/OXp2DpR2JD 6yL0p9+iBHpcIr8S0P6wO3nWqRO9ENFmUvjyeWlsCPLmbbFl7fOy8UPmVKvnSX2BIn pfcyAHvoV713cVcfumCFdTR9sAdM+PBcrnw+tny+U9TWeC9V85Tmo412JhglurJLpd F3QAdJjlLcepAynMGKuJvKPAnaoz5DnHDdtiuYyDLOSA3dr93LYsMmPN+XzKyD0PEL lwP2KATxZs+Xw== From: Eric Biggers To: stable@vger.kernel.org, Greg Kroah-Hartman Cc: Kees Cook , SeongJae Park , Seth Jenkins , Jann Horn , "Eric W . Biederman" , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, Petr Mladek , Andrew Morton , tangmeng , "Guilherme G. Piccoli" , Tiezhu Yang , Sebastian Andrzej Siewior , Luis Chamberlain Subject: [PATCH 5.10 12/20] panic: Separate sysctl logic from CONFIG_SMP Date: Tue, 24 Jan 2023 11:29:56 -0800 Message-Id: <20230124193004.206841-13-ebiggers@kernel.org> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230124193004.206841-1-ebiggers@kernel.org> References: <20230124193004.206841-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org From: Kees Cook commit 9360d035a579d95d1e76c471061b9065b18a0eb1 upstream. In preparation for adding more sysctls directly in kernel/panic.c, split CONFIG_SMP from the logic that adds sysctls. Cc: Petr Mladek Cc: Andrew Morton Cc: tangmeng Cc: "Guilherme G. Piccoli" Cc: Tiezhu Yang Cc: Sebastian Andrzej Siewior Reviewed-by: Luis Chamberlain Signed-off-by: Kees Cook Link: https://lore.kernel.org/r/20221117234328.594699-1-keescook@chromium.org Signed-off-by: Eric Biggers --- kernel/panic.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/kernel/panic.c b/kernel/panic.c index 960c2be2759cb..09f0802212c38 100644 --- a/kernel/panic.c +++ b/kernel/panic.c @@ -72,8 +72,9 @@ ATOMIC_NOTIFIER_HEAD(panic_notifier_list); EXPORT_SYMBOL(panic_notifier_list); -#if defined(CONFIG_SMP) && defined(CONFIG_SYSCTL) +#ifdef CONFIG_SYSCTL static struct ctl_table kern_panic_table[] = { +#ifdef CONFIG_SMP { .procname = "oops_all_cpu_backtrace", .data = &sysctl_oops_all_cpu_backtrace, @@ -83,6 +84,7 @@ static struct ctl_table kern_panic_table[] = { .extra1 = SYSCTL_ZERO, .extra2 = SYSCTL_ONE, }, +#endif { } }; From patchwork Tue Jan 24 19:29:57 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13114703 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id F1546C54EB4 for ; Tue, 24 Jan 2023 19:35:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234731AbjAXTfj (ORCPT ); Tue, 24 Jan 2023 14:35:39 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39160 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233865AbjAXTfZ (ORCPT ); Tue, 24 Jan 2023 14:35:25 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C661C1BD2; Tue, 24 Jan 2023 11:35:23 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 67E79B815DA; Tue, 24 Jan 2023 19:35:23 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C6648C4331D; Tue, 24 Jan 2023 19:35:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1674588922; bh=QasvTeCRSzFnJGnrQilFONgeGSp9qOmY1AFWiLhELMk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=MOgIkxwfuGILAWnx3F3yuerjiTHEbIknnhHz1pFwFQrD9IN0pEgJ7PQHIVIcbycgU 9Vc3X3aoDJZ6ZJVnfypW9sEwVAcvfjNWL44WhtIk1/3cwmU1cjwKgzL8yPfdrOID7c 1QNKrh2pypInLUrgO/IMEDpM4dRn61utz7GOfmKcM8P80k9qI48ZXzliVT+nEoe1qp Qb160M0IFpFxYy8/sMP/XRH3ePQZ/w+R96WC++1DNTcQuEGLRj2YihFz43/U2NweRa XHVlAaGEHlxrYVsm9x1XZ6fqRW3ebKJAfzbU7RZwPnKFHpnp7gW+BrWi5g1j8japSO 3hCaif+DUWcRg== From: Eric Biggers To: stable@vger.kernel.org, Greg Kroah-Hartman Cc: Kees Cook , SeongJae Park , Seth Jenkins , Jann Horn , "Eric W . Biederman" , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, Luis Chamberlain Subject: [PATCH 5.10 13/20] exit: Put an upper limit on how often we can oops Date: Tue, 24 Jan 2023 11:29:57 -0800 Message-Id: <20230124193004.206841-14-ebiggers@kernel.org> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230124193004.206841-1-ebiggers@kernel.org> References: <20230124193004.206841-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org From: Jann Horn commit d4ccd54d28d3c8598e2354acc13e28c060961dbb upstream. Many Linux systems are configured to not panic on oops; but allowing an attacker to oops the system **really** often can make even bugs that look completely unexploitable exploitable (like NULL dereferences and such) if each crash elevates a refcount by one or a lock is taken in read mode, and this causes a counter to eventually overflow. The most interesting counters for this are 32 bits wide (like open-coded refcounts that don't use refcount_t). (The ldsem reader count on 32-bit platforms is just 16 bits, but probably nobody cares about 32-bit platforms that much nowadays.) So let's panic the system if the kernel is constantly oopsing. The speed of oopsing 2^32 times probably depends on several factors, like how long the stack trace is and which unwinder you're using; an empirically important one is whether your console is showing a graphical environment or a text console that oopses will be printed to. In a quick single-threaded benchmark, it looks like oopsing in a vfork() child with a very short stack trace only takes ~510 microseconds per run when a graphical console is active; but switching to a text console that oopses are printed to slows it down around 87x, to ~45 milliseconds per run. (Adding more threads makes this faster, but the actual oops printing happens under &die_lock on x86, so you can maybe speed this up by a factor of around 2 and then any further improvement gets eaten up by lock contention.) It looks like it would take around 8-12 days to overflow a 32-bit counter with repeated oopsing on a multi-core X86 system running a graphical environment; both me (in an X86 VM) and Seth (with a distro kernel on normal hardware in a standard configuration) got numbers in that ballpark. 12 days aren't *that* short on a desktop system, and you'd likely need much longer on a typical server system (assuming that people don't run graphical desktop environments on their servers), and this is a *very* noisy and violent approach to exploiting the kernel; and it also seems to take orders of magnitude longer on some machines, probably because stuff like EFI pstore will slow it down a ton if that's active. Signed-off-by: Jann Horn Link: https://lore.kernel.org/r/20221107201317.324457-1-jannh@google.com Reviewed-by: Luis Chamberlain Signed-off-by: Kees Cook Link: https://lore.kernel.org/r/20221117234328.594699-2-keescook@chromium.org Signed-off-by: Eric Biggers --- Documentation/admin-guide/sysctl/kernel.rst | 8 ++++ kernel/exit.c | 43 +++++++++++++++++++++ 2 files changed, 51 insertions(+) diff --git a/Documentation/admin-guide/sysctl/kernel.rst b/Documentation/admin-guide/sysctl/kernel.rst index a4b1ebc2e70b0..cd9247b48fc73 100644 --- a/Documentation/admin-guide/sysctl/kernel.rst +++ b/Documentation/admin-guide/sysctl/kernel.rst @@ -663,6 +663,14 @@ This is the default behavior. an oops event is detected. +oops_limit +========== + +Number of kernel oopses after which the kernel should panic when +``panic_on_oops`` is not set. Setting this to 0 or 1 has the same effect +as setting ``panic_on_oops=1``. + + osrelease, ostype & version =========================== diff --git a/kernel/exit.c b/kernel/exit.c index 8d7577940077a..db832cff6b7b2 100644 --- a/kernel/exit.c +++ b/kernel/exit.c @@ -69,6 +69,33 @@ #include #include +/* + * The default value should be high enough to not crash a system that randomly + * crashes its kernel from time to time, but low enough to at least not permit + * overflowing 32-bit refcounts or the ldsem writer count. + */ +static unsigned int oops_limit = 10000; + +#ifdef CONFIG_SYSCTL +static struct ctl_table kern_exit_table[] = { + { + .procname = "oops_limit", + .data = &oops_limit, + .maxlen = sizeof(oops_limit), + .mode = 0644, + .proc_handler = proc_douintvec, + }, + { } +}; + +static __init int kernel_exit_sysctls_init(void) +{ + register_sysctl_init("kernel", kern_exit_table); + return 0; +} +late_initcall(kernel_exit_sysctls_init); +#endif + static void __unhash_process(struct task_struct *p, bool group_dead) { nr_threads--; @@ -865,10 +892,26 @@ EXPORT_SYMBOL_GPL(do_exit); void __noreturn make_task_dead(int signr) { + static atomic_t oops_count = ATOMIC_INIT(0); + /* * Take the task off the cpu after something catastrophic has * happened. */ + + /* + * Every time the system oopses, if the oops happens while a reference + * to an object was held, the reference leaks. + * If the oops doesn't also leak memory, repeated oopsing can cause + * reference counters to wrap around (if they're not using refcount_t). + * This means that repeated oopsing can make unexploitable-looking bugs + * exploitable through repeated oopsing. + * To make sure this can't happen, place an upper bound on how often the + * kernel may oops without panic(). + */ + if (atomic_inc_return(&oops_count) >= READ_ONCE(oops_limit)) + panic("Oopsed too often (kernel.oops_limit is %d)", oops_limit); + do_exit(signr); } From patchwork Tue Jan 24 19:29:58 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13114701 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id AD45AC54E94 for ; Tue, 24 Jan 2023 19:35:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233558AbjAXTfh (ORCPT ); Tue, 24 Jan 2023 14:35:37 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39154 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234367AbjAXTfY (ORCPT ); Tue, 24 Jan 2023 14:35:24 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A54DADBF2; Tue, 24 Jan 2023 11:35:23 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 2C87F61347; Tue, 24 Jan 2023 19:35:23 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 42649C433D2; Tue, 24 Jan 2023 19:35:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1674588922; bh=6t6f3jXEKls3E1tdtYCAnI7LHjKYAYFJlGQw+/uTZXY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=lQGWnkLNPH5MqlpPsn+XsyN1wraqWuxJVY1GFDRsEhznR/cIM4UUCbmLcMbP13cQr f1q6VQswLFOWq5CVsZ3m915ibihp8/ygmS6SrxPliPs0BUD6xAb38wGSUWNUkn5dUS NEMgt8IuRNVOCCqr4AzXbEVh1T//9tZ0YxCRiffo/RvdJzP9zcs6OQpuvCVEN9YirM HjlyMvj9pbk16fo0Xqa3CnJrZVnO/LA2hPa4U+uN8CBZzi1cxGQMYRJ5/GBXm5rQU5 peX8QDaw6mQxFjSLis4touFVGPp6wIgBwwvMfTKiSgoe47MZAijoqtE/31RnQWKSB1 KXdPlyVDgFlEg== From: Eric Biggers To: stable@vger.kernel.org, Greg Kroah-Hartman Cc: Kees Cook , SeongJae Park , Seth Jenkins , Jann Horn , "Eric W . Biederman" , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, Arnd Bergmann , Luis Chamberlain Subject: [PATCH 5.10 14/20] exit: Expose "oops_count" to sysfs Date: Tue, 24 Jan 2023 11:29:58 -0800 Message-Id: <20230124193004.206841-15-ebiggers@kernel.org> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230124193004.206841-1-ebiggers@kernel.org> References: <20230124193004.206841-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org From: Kees Cook commit 9db89b41117024f80b38b15954017fb293133364 upstream. Since Oops count is now tracked and is a fairly interesting signal, add the entry /sys/kernel/oops_count to expose it to userspace. Cc: "Eric W. Biederman" Cc: Jann Horn Cc: Arnd Bergmann Reviewed-by: Luis Chamberlain Signed-off-by: Kees Cook Link: https://lore.kernel.org/r/20221117234328.594699-3-keescook@chromium.org Signed-off-by: Eric Biggers --- .../ABI/testing/sysfs-kernel-oops_count | 6 +++++ kernel/exit.c | 22 +++++++++++++++++-- 2 files changed, 26 insertions(+), 2 deletions(-) create mode 100644 Documentation/ABI/testing/sysfs-kernel-oops_count diff --git a/Documentation/ABI/testing/sysfs-kernel-oops_count b/Documentation/ABI/testing/sysfs-kernel-oops_count new file mode 100644 index 0000000000000..156cca9dbc960 --- /dev/null +++ b/Documentation/ABI/testing/sysfs-kernel-oops_count @@ -0,0 +1,6 @@ +What: /sys/kernel/oops_count +Date: November 2022 +KernelVersion: 6.2.0 +Contact: Linux Kernel Hardening List +Description: + Shows how many times the system has Oopsed since last boot. diff --git a/kernel/exit.c b/kernel/exit.c index db832cff6b7b2..b519abee2c541 100644 --- a/kernel/exit.c +++ b/kernel/exit.c @@ -64,6 +64,7 @@ #include #include #include +#include #include #include @@ -96,6 +97,25 @@ static __init int kernel_exit_sysctls_init(void) late_initcall(kernel_exit_sysctls_init); #endif +static atomic_t oops_count = ATOMIC_INIT(0); + +#ifdef CONFIG_SYSFS +static ssize_t oops_count_show(struct kobject *kobj, struct kobj_attribute *attr, + char *page) +{ + return sysfs_emit(page, "%d\n", atomic_read(&oops_count)); +} + +static struct kobj_attribute oops_count_attr = __ATTR_RO(oops_count); + +static __init int kernel_exit_sysfs_init(void) +{ + sysfs_add_file_to_group(kernel_kobj, &oops_count_attr.attr, NULL); + return 0; +} +late_initcall(kernel_exit_sysfs_init); +#endif + static void __unhash_process(struct task_struct *p, bool group_dead) { nr_threads--; @@ -892,8 +912,6 @@ EXPORT_SYMBOL_GPL(do_exit); void __noreturn make_task_dead(int signr) { - static atomic_t oops_count = ATOMIC_INIT(0); - /* * Take the task off the cpu after something catastrophic has * happened. From patchwork Tue Jan 24 19:29:59 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13114702 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3EA36C25B50 for ; Tue, 24 Jan 2023 19:35:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234722AbjAXTfi (ORCPT ); Tue, 24 Jan 2023 14:35:38 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39130 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234381AbjAXTfY (ORCPT ); Tue, 24 Jan 2023 14:35:24 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CEBC92D72; Tue, 24 Jan 2023 11:35:23 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 6B20061348; Tue, 24 Jan 2023 19:35:23 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B94D8C433A0; Tue, 24 Jan 2023 19:35:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1674588923; bh=/HryASB3ALWUABFie0JbJpEEo1dVwkZUTuiyweA1EY4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=JtAPx1PjCmZNXoQOY1fmWc83RPmkD1ecKLEjJtMGhYwZW0kKtd5vh8sbATyiZC2FQ 4YVgl/9Xg3s/ydEDodxCKKhyZql//Vm0ll+JnktmKoFAMKThQlJeHSHJ+hwLdYYPSy 9tZpwm6YwFDXvOG9T0nm8z9OtSQL1xEUW4XYTP/aSNPzrUqm+HbCwDq068hVkxmb4Q G5KUT+yb5+oCb+ZjMcsKvTnhoYBgWQeaLEHmuHRygIpgkpv2Ly7Gmc14cPGI0X0Mzf pArvQitFfwaRQdJrOmZtEY/muzLJTS76GonSCsG9E6sssU08lakemYfQmULRolRoFb 3hruf5+3vVPHA== From: Eric Biggers To: stable@vger.kernel.org, Greg Kroah-Hartman Cc: Kees Cook , SeongJae Park , Seth Jenkins , Jann Horn , "Eric W . Biederman" , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, Jonathan Corbet , Andrew Morton , Baolin Wang , "Jason A. Donenfeld" , Eric Biggers , Huang Ying , Arnd Bergmann , linux-doc@vger.kernel.org Subject: [PATCH 5.10 15/20] exit: Allow oops_limit to be disabled Date: Tue, 24 Jan 2023 11:29:59 -0800 Message-Id: <20230124193004.206841-16-ebiggers@kernel.org> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230124193004.206841-1-ebiggers@kernel.org> References: <20230124193004.206841-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org From: Kees Cook commit de92f65719cd672f4b48397540b9f9eff67eca40 upstream. In preparation for keeping oops_limit logic in sync with warn_limit, have oops_limit == 0 disable checking the Oops counter. Cc: Jann Horn Cc: Jonathan Corbet Cc: Andrew Morton Cc: Baolin Wang Cc: "Jason A. Donenfeld" Cc: Eric Biggers Cc: Huang Ying Cc: "Eric W. Biederman" Cc: Arnd Bergmann Cc: linux-doc@vger.kernel.org Signed-off-by: Kees Cook Signed-off-by: Eric Biggers --- Documentation/admin-guide/sysctl/kernel.rst | 5 +++-- kernel/exit.c | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/Documentation/admin-guide/sysctl/kernel.rst b/Documentation/admin-guide/sysctl/kernel.rst index cd9247b48fc73..470262c088589 100644 --- a/Documentation/admin-guide/sysctl/kernel.rst +++ b/Documentation/admin-guide/sysctl/kernel.rst @@ -667,8 +667,9 @@ oops_limit ========== Number of kernel oopses after which the kernel should panic when -``panic_on_oops`` is not set. Setting this to 0 or 1 has the same effect -as setting ``panic_on_oops=1``. +``panic_on_oops`` is not set. Setting this to 0 disables checking +the count. Setting this to 1 has the same effect as setting +``panic_on_oops=1``. The default value is 10000. osrelease, ostype & version diff --git a/kernel/exit.c b/kernel/exit.c index b519abee2c541..8c820aa7b9c5d 100644 --- a/kernel/exit.c +++ b/kernel/exit.c @@ -927,7 +927,7 @@ void __noreturn make_task_dead(int signr) * To make sure this can't happen, place an upper bound on how often the * kernel may oops without panic(). */ - if (atomic_inc_return(&oops_count) >= READ_ONCE(oops_limit)) + if (atomic_inc_return(&oops_count) >= READ_ONCE(oops_limit) && oops_limit) panic("Oopsed too often (kernel.oops_limit is %d)", oops_limit); do_exit(signr); From patchwork Tue Jan 24 19:30:00 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13114704 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8D4FAC25B50 for ; Tue, 24 Jan 2023 19:35:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234578AbjAXTfs (ORCPT ); Tue, 24 Jan 2023 14:35:48 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39382 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234593AbjAXTf1 (ORCPT ); Tue, 24 Jan 2023 14:35:27 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 82F9193E1; Tue, 24 Jan 2023 11:35:25 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 10C8461342; Tue, 24 Jan 2023 19:35:25 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 65E30C4339B; Tue, 24 Jan 2023 19:35:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1674588924; bh=JC2+EMbos5TBR494RoDJ5sZ3d1gFp/k7/wYCmMfhrS4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=YyDF0M7VJk1oRWOfjicjagvFY7kExFslKvZldSGNATHhwUM8hb1DkczpSPS0Ylrb/ 6K1ph6/NGgxfeKpSOzZS5JCUA+icIS46/I/ba3JIm4MWsyIXqx9MPySu/4M1/etzcw PDKFqVZyA55IQ+VQl+LYpUsfJilU3jHXzsAsO6tnnOdyW8tLgE7cCstCHIn52/9lbk +pvqJeT66G5MvY97jVapnjqsBmgRUqFsWKPHYJnwfRfQjOwJyfAE3whbEyJLt1pYAD WiEkLgCI7P6cQGlOapGP6nvOmRAM4gpCLMFM/rVSbu1+DGMS0xKl0l4WTBjLYx/Oky Vsomx3qhnRD7g== From: Eric Biggers To: stable@vger.kernel.org, Greg Kroah-Hartman Cc: Kees Cook , SeongJae Park , Seth Jenkins , Jann Horn , "Eric W . Biederman" , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, Marco Elver , Dmitry Vyukov , Ingo Molnar , Peter Zijlstra , Juri Lelli , Vincent Guittot , Dietmar Eggemann , Steven Rostedt , Ben Segall , Mel Gorman , Daniel Bristot de Oliveira , Valentin Schneider , Andrey Ryabinin , Alexander Potapenko , Andrey Konovalov , Vincenzo Frascino , Andrew Morton , David Gow , tangmeng , Shuah Khan , Petr Mladek , "Paul E. McKenney" , Sebastian Andrzej Siewior , "Guilherme G. Piccoli" , Tiezhu Yang , kasan-dev@googlegroups.com, linux-mm@kvack.org, Luis Chamberlain Subject: [PATCH 5.10 16/20] panic: Consolidate open-coded panic_on_warn checks Date: Tue, 24 Jan 2023 11:30:00 -0800 Message-Id: <20230124193004.206841-17-ebiggers@kernel.org> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230124193004.206841-1-ebiggers@kernel.org> References: <20230124193004.206841-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org From: Kees Cook commit 79cc1ba7badf9e7a12af99695a557e9ce27ee967 upstream. Several run-time checkers (KASAN, UBSAN, KFENCE, KCSAN, sched) roll their own warnings, and each check "panic_on_warn". Consolidate this into a single function so that future instrumentation can be added in a single location. Cc: Marco Elver Cc: Dmitry Vyukov Cc: Ingo Molnar Cc: Peter Zijlstra Cc: Juri Lelli Cc: Vincent Guittot Cc: Dietmar Eggemann Cc: Steven Rostedt Cc: Ben Segall Cc: Mel Gorman Cc: Daniel Bristot de Oliveira Cc: Valentin Schneider Cc: Andrey Ryabinin Cc: Alexander Potapenko Cc: Andrey Konovalov Cc: Vincenzo Frascino Cc: Andrew Morton Cc: David Gow Cc: tangmeng Cc: Jann Horn Cc: Shuah Khan Cc: Petr Mladek Cc: "Paul E. McKenney" Cc: Sebastian Andrzej Siewior Cc: "Guilherme G. Piccoli" Cc: Tiezhu Yang Cc: kasan-dev@googlegroups.com Cc: linux-mm@kvack.org Reviewed-by: Luis Chamberlain Signed-off-by: Kees Cook Reviewed-by: Marco Elver Reviewed-by: Andrey Konovalov Link: https://lore.kernel.org/r/20221117234328.594699-4-keescook@chromium.org Signed-off-by: Eric Biggers --- include/linux/kernel.h | 1 + kernel/kcsan/report.c | 4 ++-- kernel/panic.c | 9 +++++++-- kernel/sched/core.c | 3 +-- lib/ubsan.c | 3 +-- mm/kasan/report.c | 4 ++-- 6 files changed, 14 insertions(+), 10 deletions(-) diff --git a/include/linux/kernel.h b/include/linux/kernel.h index 084d97070ed99..394f10fc29aad 100644 --- a/include/linux/kernel.h +++ b/include/linux/kernel.h @@ -320,6 +320,7 @@ extern long (*panic_blink)(int state); __printf(1, 2) void panic(const char *fmt, ...) __noreturn __cold; void nmi_panic(struct pt_regs *regs, const char *msg); +void check_panic_on_warn(const char *origin); extern void oops_enter(void); extern void oops_exit(void); extern bool oops_may_print(void); diff --git a/kernel/kcsan/report.c b/kernel/kcsan/report.c index d3bf87e6007ca..069830f5a5d24 100644 --- a/kernel/kcsan/report.c +++ b/kernel/kcsan/report.c @@ -630,8 +630,8 @@ void kcsan_report(const volatile void *ptr, size_t size, int access_type, bool reported = value_change != KCSAN_VALUE_CHANGE_FALSE && print_report(value_change, type, &ai, other_info); - if (reported && panic_on_warn) - panic("panic_on_warn set ...\n"); + if (reported) + check_panic_on_warn("KCSAN"); release_report(&flags, other_info); } diff --git a/kernel/panic.c b/kernel/panic.c index 09f0802212c38..0da47888f72e8 100644 --- a/kernel/panic.c +++ b/kernel/panic.c @@ -192,6 +192,12 @@ static void panic_print_sys_info(void) ftrace_dump(DUMP_ALL); } +void check_panic_on_warn(const char *origin) +{ + if (panic_on_warn) + panic("%s: panic_on_warn set ...\n", origin); +} + /** * panic - halt the system * @fmt: The text string to print @@ -630,8 +636,7 @@ void __warn(const char *file, int line, void *caller, unsigned taint, if (regs) show_regs(regs); - if (panic_on_warn) - panic("panic_on_warn set ...\n"); + check_panic_on_warn("kernel"); if (!regs) dump_stack(); diff --git a/kernel/sched/core.c b/kernel/sched/core.c index a875bc59804eb..1303a2607f1f8 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -4280,8 +4280,7 @@ static noinline void __schedule_bug(struct task_struct *prev) pr_err("Preemption disabled at:"); print_ip_sym(KERN_ERR, preempt_disable_ip); } - if (panic_on_warn) - panic("scheduling while atomic\n"); + check_panic_on_warn("scheduling while atomic"); dump_stack(); add_taint(TAINT_WARN, LOCKDEP_STILL_OK); diff --git a/lib/ubsan.c b/lib/ubsan.c index d81d107f64f41..ee14c46cac897 100644 --- a/lib/ubsan.c +++ b/lib/ubsan.c @@ -151,8 +151,7 @@ static void ubsan_epilogue(void) current->in_ubsan--; - if (panic_on_warn) - panic("panic_on_warn set ...\n"); + check_panic_on_warn("UBSAN"); } static void handle_overflow(struct overflow_data *data, void *lhs, diff --git a/mm/kasan/report.c b/mm/kasan/report.c index 91714acea0d61..2f5e96ac4d008 100644 --- a/mm/kasan/report.c +++ b/mm/kasan/report.c @@ -95,8 +95,8 @@ static void end_report(unsigned long *flags) pr_err("==================================================================\n"); add_taint(TAINT_BAD_PAGE, LOCKDEP_NOW_UNRELIABLE); spin_unlock_irqrestore(&report_lock, *flags); - if (panic_on_warn && !test_bit(KASAN_BIT_MULTI_SHOT, &kasan_flags)) - panic("panic_on_warn set ...\n"); + if (!test_bit(KASAN_BIT_MULTI_SHOT, &kasan_flags)) + check_panic_on_warn("KASAN"); kasan_enable_current(); } From patchwork Tue Jan 24 19:30:01 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13114705 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C57B4C54E94 for ; Tue, 24 Jan 2023 19:35:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234785AbjAXTft (ORCPT ); Tue, 24 Jan 2023 14:35:49 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39416 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234599AbjAXTf2 (ORCPT ); Tue, 24 Jan 2023 14:35:28 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4C20A25297; Tue, 24 Jan 2023 11:35:26 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id D952661341; Tue, 24 Jan 2023 19:35:25 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 99FFDC433A7; Tue, 24 Jan 2023 19:35:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1674588925; bh=/jGsR3QCie3WCGiOCpscKDlQm9Ms2Wrfx9M/SLY3XLM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=hNBQlPZ5hKFlcJjgtJjXvGz2q8sK50kIZOjJV5f5bhmLhUc5VbfhcMuWPvmK/LgQq at3/qU4Qe0SQ/+JUu2OEmtsLZUHWYPhXdUR72zrwgWLbTjCWWtVdkWkfxLmQA+cmr0 R+vGPXpYBwpOVonGeJQpi7OcE2lxtVJE8OawdJxIGDUgxTNz/w0zIVfDHmhMpFuVK0 OuXKtd8my5zkAWqVQ+aG970O0/9TYJh7/KKXoaHXvo5UkQD/4FX/y8xzXwkHxv+QXb /ygF11/8+4l4lw4sBVv3xwVIph6UviXWXsGmBMvggs0mA5T6/9TRBYjTbeAGueg40M cysvXxKHiPD2w== From: Eric Biggers To: stable@vger.kernel.org, Greg Kroah-Hartman Cc: Kees Cook , SeongJae Park , Seth Jenkins , Jann Horn , "Eric W . Biederman" , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, Jonathan Corbet , Andrew Morton , Baolin Wang , "Jason A. Donenfeld" , Eric Biggers , Huang Ying , Petr Mladek , tangmeng , "Guilherme G. Piccoli" , Tiezhu Yang , Sebastian Andrzej Siewior , linux-doc@vger.kernel.org, Luis Chamberlain Subject: [PATCH 5.10 17/20] panic: Introduce warn_limit Date: Tue, 24 Jan 2023 11:30:01 -0800 Message-Id: <20230124193004.206841-18-ebiggers@kernel.org> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230124193004.206841-1-ebiggers@kernel.org> References: <20230124193004.206841-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org From: Kees Cook commit 9fc9e278a5c0b708eeffaf47d6eb0c82aa74ed78 upstream. Like oops_limit, add warn_limit for limiting the number of warnings when panic_on_warn is not set. Cc: Jonathan Corbet Cc: Andrew Morton Cc: Baolin Wang Cc: "Jason A. Donenfeld" Cc: Eric Biggers Cc: Huang Ying Cc: Petr Mladek Cc: tangmeng Cc: "Guilherme G. Piccoli" Cc: Tiezhu Yang Cc: Sebastian Andrzej Siewior Cc: linux-doc@vger.kernel.org Reviewed-by: Luis Chamberlain Signed-off-by: Kees Cook Link: https://lore.kernel.org/r/20221117234328.594699-5-keescook@chromium.org Signed-off-by: Eric Biggers --- Documentation/admin-guide/sysctl/kernel.rst | 10 ++++++++++ kernel/panic.c | 14 ++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/Documentation/admin-guide/sysctl/kernel.rst b/Documentation/admin-guide/sysctl/kernel.rst index 470262c088589..6b0c7b650deaa 100644 --- a/Documentation/admin-guide/sysctl/kernel.rst +++ b/Documentation/admin-guide/sysctl/kernel.rst @@ -1478,6 +1478,16 @@ entry will default to 2 instead of 0. 2 Unprivileged calls to ``bpf()`` are disabled = ============================================================= + +warn_limit +========== + +Number of kernel warnings after which the kernel should panic when +``panic_on_warn`` is not set. Setting this to 0 disables checking +the warning count. Setting this to 1 has the same effect as setting +``panic_on_warn=1``. The default value is 0. + + watchdog ======== diff --git a/kernel/panic.c b/kernel/panic.c index 0da47888f72e8..e341366bd3e8b 100644 --- a/kernel/panic.c +++ b/kernel/panic.c @@ -56,6 +56,7 @@ bool crash_kexec_post_notifiers; int panic_on_warn __read_mostly; unsigned long panic_on_taint; bool panic_on_taint_nousertaint = false; +static unsigned int warn_limit __read_mostly; int panic_timeout = CONFIG_PANIC_TIMEOUT; EXPORT_SYMBOL_GPL(panic_timeout); @@ -85,6 +86,13 @@ static struct ctl_table kern_panic_table[] = { .extra2 = SYSCTL_ONE, }, #endif + { + .procname = "warn_limit", + .data = &warn_limit, + .maxlen = sizeof(warn_limit), + .mode = 0644, + .proc_handler = proc_douintvec, + }, { } }; @@ -194,8 +202,14 @@ static void panic_print_sys_info(void) void check_panic_on_warn(const char *origin) { + static atomic_t warn_count = ATOMIC_INIT(0); + if (panic_on_warn) panic("%s: panic_on_warn set ...\n", origin); + + if (atomic_inc_return(&warn_count) >= READ_ONCE(warn_limit) && warn_limit) + panic("%s: system warned too often (kernel.warn_limit is %d)", + origin, warn_limit); } /** From patchwork Tue Jan 24 19:30:02 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13114707 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B5A7FC54EB4 for ; Tue, 24 Jan 2023 19:36:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234739AbjAXTgG (ORCPT ); Tue, 24 Jan 2023 14:36:06 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40088 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234745AbjAXTfk (ORCPT ); Tue, 24 Jan 2023 14:35:40 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1FDE822A22; Tue, 24 Jan 2023 11:35:28 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 3FE1EB815DA; Tue, 24 Jan 2023 19:35:27 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 72053C433A0; Tue, 24 Jan 2023 19:35:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1674588925; bh=upf6vrbB2iqM5yS6hjS4TpP3gQP9b55tufNSyIjyms8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=OxZbmFtJLMBBpiC+ASagxMkdl7d/Sn+bHDMCGmWU6SYPDjzU9YcgnEUgRbdEbo/94 d5V5y9OOhRNNjyf92gJFlci8SeMe8A8XXrwaqfwWYE4MN1aykFiP1z0oD+PJUpjhaz kcsjag7+ICAATbL/YXugT075tqeWgZPJg8yopI5S5z9nGrnEQW3HIIJptpdzewUKOs /9Lt5LLROnhDP8bB6hOU2LBuUVN3kfoJB+QrXmro65Ti5uVTLM0bXyn49Dpu+5wqOM 0KvDCKlL4PY+1oEjyNaUfHMiPVzyiB+wD2tCJGq7TIxFwnlN7uxXKfBH+5uvud5u+/ EpO8zug7WTK7g== From: Eric Biggers To: stable@vger.kernel.org, Greg Kroah-Hartman Cc: Kees Cook , SeongJae Park , Seth Jenkins , Jann Horn , "Eric W . Biederman" , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, Petr Mladek , Andrew Morton , tangmeng , "Guilherme G. Piccoli" , Sebastian Andrzej Siewior , Tiezhu Yang , Luis Chamberlain Subject: [PATCH 5.10 18/20] panic: Expose "warn_count" to sysfs Date: Tue, 24 Jan 2023 11:30:02 -0800 Message-Id: <20230124193004.206841-19-ebiggers@kernel.org> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230124193004.206841-1-ebiggers@kernel.org> References: <20230124193004.206841-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org From: Kees Cook commit 8b05aa26336113c4cea25f1c333ee8cd4fc212a6 upstream. Since Warn count is now tracked and is a fairly interesting signal, add the entry /sys/kernel/warn_count to expose it to userspace. Cc: Petr Mladek Cc: Andrew Morton Cc: tangmeng Cc: "Guilherme G. Piccoli" Cc: Sebastian Andrzej Siewior Cc: Tiezhu Yang Reviewed-by: Luis Chamberlain Signed-off-by: Kees Cook Link: https://lore.kernel.org/r/20221117234328.594699-6-keescook@chromium.org Signed-off-by: Eric Biggers --- .../ABI/testing/sysfs-kernel-warn_count | 6 +++++ kernel/panic.c | 22 +++++++++++++++++-- 2 files changed, 26 insertions(+), 2 deletions(-) create mode 100644 Documentation/ABI/testing/sysfs-kernel-warn_count diff --git a/Documentation/ABI/testing/sysfs-kernel-warn_count b/Documentation/ABI/testing/sysfs-kernel-warn_count new file mode 100644 index 0000000000000..08f083d2fd51b --- /dev/null +++ b/Documentation/ABI/testing/sysfs-kernel-warn_count @@ -0,0 +1,6 @@ +What: /sys/kernel/oops_count +Date: November 2022 +KernelVersion: 6.2.0 +Contact: Linux Kernel Hardening List +Description: + Shows how many times the system has Warned since last boot. diff --git a/kernel/panic.c b/kernel/panic.c index e341366bd3e8b..6e30455eb2e7c 100644 --- a/kernel/panic.c +++ b/kernel/panic.c @@ -31,6 +31,7 @@ #include #include #include +#include #include #define PANIC_TIMER_STEP 100 @@ -104,6 +105,25 @@ static __init int kernel_panic_sysctls_init(void) late_initcall(kernel_panic_sysctls_init); #endif +static atomic_t warn_count = ATOMIC_INIT(0); + +#ifdef CONFIG_SYSFS +static ssize_t warn_count_show(struct kobject *kobj, struct kobj_attribute *attr, + char *page) +{ + return sysfs_emit(page, "%d\n", atomic_read(&warn_count)); +} + +static struct kobj_attribute warn_count_attr = __ATTR_RO(warn_count); + +static __init int kernel_panic_sysfs_init(void) +{ + sysfs_add_file_to_group(kernel_kobj, &warn_count_attr.attr, NULL); + return 0; +} +late_initcall(kernel_panic_sysfs_init); +#endif + static long no_blink(int state) { return 0; @@ -202,8 +222,6 @@ static void panic_print_sys_info(void) void check_panic_on_warn(const char *origin) { - static atomic_t warn_count = ATOMIC_INIT(0); - if (panic_on_warn) panic("%s: panic_on_warn set ...\n", origin); From patchwork Tue Jan 24 19:30:03 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13114706 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5754EC25B4E for ; Tue, 24 Jan 2023 19:35:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234814AbjAXTfx (ORCPT ); Tue, 24 Jan 2023 14:35:53 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39620 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234638AbjAXTfb (ORCPT ); Tue, 24 Jan 2023 14:35:31 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 62DCC7D8D; Tue, 24 Jan 2023 11:35:27 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id EF24261343; Tue, 24 Jan 2023 19:35:26 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1745FC433D2; Tue, 24 Jan 2023 19:35:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1674588926; bh=jO10o07RAKyXXgWsy3XBxX0WTtST48LzT0RY2uOU2ZU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=mGlo48Fx3ML+funDHhl65ZQY9YsF8EJcjy2EnGZYycxunAG/Q4LfcfCEtfILh9eLL 8YQMvImcLM/gdAa8VmOaitmObhGngWEmTCJJFmo/wz/m916odX3w/S8ZU2WB8aaHNf frutuGr75XFjZycToqINNyVc1zdNxrhxyfgyiCSPb7MZi8y94FEGS+ERaLR4znIv41 t+XkcL+SUkoIqJIWHDpTPporDLubI94C+2UbQ2xwD1U0/FIG8vboz0yB+87ItHDY9s ltU5aDh34d2h9Wnac8nNNtM/mOetSmq+ecQQr4/maJMCDC18kn3+sL9VOy5YPnnf+j /o41p1v1Qhuiw== From: Eric Biggers To: stable@vger.kernel.org, Greg Kroah-Hartman Cc: Kees Cook , SeongJae Park , Seth Jenkins , Jann Horn , "Eric W . Biederman" , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, kernel test robot Subject: [PATCH 5.10 19/20] docs: Fix path paste-o for /sys/kernel/warn_count Date: Tue, 24 Jan 2023 11:30:03 -0800 Message-Id: <20230124193004.206841-20-ebiggers@kernel.org> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230124193004.206841-1-ebiggers@kernel.org> References: <20230124193004.206841-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org From: Kees Cook commit 00dd027f721e0458418f7750d8a5a664ed3e5994 upstream. Running "make htmldocs" shows that "/sys/kernel/oops_count" was duplicated. This should have been "warn_count": Warning: /sys/kernel/oops_count is defined 2 times: ./Documentation/ABI/testing/sysfs-kernel-warn_count:0 ./Documentation/ABI/testing/sysfs-kernel-oops_count:0 Fix the typo. Reported-by: kernel test robot Link: https://lore.kernel.org/linux-doc/202212110529.A3Qav8aR-lkp@intel.com Fixes: 8b05aa263361 ("panic: Expose "warn_count" to sysfs") Cc: linux-hardening@vger.kernel.org Signed-off-by: Kees Cook Signed-off-by: Eric Biggers --- Documentation/ABI/testing/sysfs-kernel-warn_count | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Documentation/ABI/testing/sysfs-kernel-warn_count b/Documentation/ABI/testing/sysfs-kernel-warn_count index 08f083d2fd51b..90a029813717d 100644 --- a/Documentation/ABI/testing/sysfs-kernel-warn_count +++ b/Documentation/ABI/testing/sysfs-kernel-warn_count @@ -1,4 +1,4 @@ -What: /sys/kernel/oops_count +What: /sys/kernel/warn_count Date: November 2022 KernelVersion: 6.2.0 Contact: Linux Kernel Hardening List From patchwork Tue Jan 24 19:30:04 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13114708 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9F27AC25B4E for ; Tue, 24 Jan 2023 19:36:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234802AbjAXTgm (ORCPT ); Tue, 24 Jan 2023 14:36:42 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39200 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234799AbjAXTfw (ORCPT ); Tue, 24 Jan 2023 14:35:52 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3D8A611EAB; Tue, 24 Jan 2023 11:35:30 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 5E8BDB816CE; Tue, 24 Jan 2023 19:35:28 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 88C05C433A7; Tue, 24 Jan 2023 19:35:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1674588927; bh=Zy1RraKZmq/HXrRYDNwCyTD3uNkSwVS4rzLVDGA9LyA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=NptYpFp+r0IIRw5L3bTrzx4thCHBIZEUr94IzxUKdbR6V5p1dY2lYGeI9EvUBV5iZ sstD9CduqEFNz5RTWt4n/lZM89BEn5898/4uVxud+7SVC9+oL4smuC5NRHgSqo8jNj K4NhxEkky7zq7Bjt72wgZ9wTATPaDb8g8Hw/JAhntMcMqgqc3lNqpVKmJYzITia3k1 hORE0CaSJ4SR+0DvvuJ+UPszMsnYwCm9buzjnuDiY6uRIWvL0jnnFntMzvxNNIRb0c ZXtYlXiRNtr1bQ7ayX6pUjJimfRzAEwYjYzqX+XvJQ4iRGceP+76oB+HuVFZnQb8Kp ZLWh4Rslhe41g== From: Eric Biggers To: stable@vger.kernel.org, Greg Kroah-Hartman Cc: Kees Cook , SeongJae Park , Seth Jenkins , Jann Horn , "Eric W . Biederman" , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, Arnd Bergmann , Petr Mladek , Andrew Morton , Luis Chamberlain , Marco Elver , tangmeng , Sebastian Andrzej Siewior , Tiezhu Yang , Peter Zijlstra Subject: [PATCH 5.10 20/20] exit: Use READ_ONCE() for all oops/warn limit reads Date: Tue, 24 Jan 2023 11:30:04 -0800 Message-Id: <20230124193004.206841-21-ebiggers@kernel.org> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230124193004.206841-1-ebiggers@kernel.org> References: <20230124193004.206841-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org From: Kees Cook commit 7535b832c6399b5ebfc5b53af5c51dd915ee2538 upstream. Use a temporary variable to take full advantage of READ_ONCE() behavior. Without this, the report (and even the test) might be out of sync with the initial test. Reported-by: Peter Zijlstra Link: https://lore.kernel.org/lkml/Y5x7GXeluFmZ8E0E@hirez.programming.kicks-ass.net Fixes: 9fc9e278a5c0 ("panic: Introduce warn_limit") Fixes: d4ccd54d28d3 ("exit: Put an upper limit on how often we can oops") Cc: "Eric W. Biederman" Cc: Jann Horn Cc: Arnd Bergmann Cc: Petr Mladek Cc: Andrew Morton Cc: Luis Chamberlain Cc: Marco Elver Cc: tangmeng Cc: Sebastian Andrzej Siewior Cc: Tiezhu Yang Signed-off-by: Kees Cook Signed-off-by: Eric Biggers --- kernel/exit.c | 6 ++++-- kernel/panic.c | 7 +++++-- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/kernel/exit.c b/kernel/exit.c index 8c820aa7b9c5d..bacdaf980933b 100644 --- a/kernel/exit.c +++ b/kernel/exit.c @@ -916,6 +916,7 @@ void __noreturn make_task_dead(int signr) * Take the task off the cpu after something catastrophic has * happened. */ + unsigned int limit; /* * Every time the system oopses, if the oops happens while a reference @@ -927,8 +928,9 @@ void __noreturn make_task_dead(int signr) * To make sure this can't happen, place an upper bound on how often the * kernel may oops without panic(). */ - if (atomic_inc_return(&oops_count) >= READ_ONCE(oops_limit) && oops_limit) - panic("Oopsed too often (kernel.oops_limit is %d)", oops_limit); + limit = READ_ONCE(oops_limit); + if (atomic_inc_return(&oops_count) >= limit && limit) + panic("Oopsed too often (kernel.oops_limit is %d)", limit); do_exit(signr); } diff --git a/kernel/panic.c b/kernel/panic.c index 6e30455eb2e7c..bc39e2b27d315 100644 --- a/kernel/panic.c +++ b/kernel/panic.c @@ -222,12 +222,15 @@ static void panic_print_sys_info(void) void check_panic_on_warn(const char *origin) { + unsigned int limit; + if (panic_on_warn) panic("%s: panic_on_warn set ...\n", origin); - if (atomic_inc_return(&warn_count) >= READ_ONCE(warn_limit) && warn_limit) + limit = READ_ONCE(warn_limit); + if (atomic_inc_return(&warn_count) >= limit && limit) panic("%s: system warned too often (kernel.warn_limit is %d)", - origin, warn_limit); + origin, limit); } /**