[ Sasha's backport helper bot ]
Hi,
Summary of potential issues: ℹ️ Patch is missing in 6.13.y (ignore if backport was sent) ⚠️ Commit missing in all newer stable branches
The upstream commit SHA1 provided is correct: b583ef82b671c9a752fbe3e95bd4c1c51eab764d
WARNING: Author mismatch between patch and upstream commit: Backport author: Christian Simonsimon@swine.de Commit author: Jiri Olsajolsa@kernel.org
Status in newer kernel trees: 6.13.y | Present (exact SHA1) 6.12.y | Not found 6.6.y | Not found
Note: The patch differs from the upstream commit: --- 1: b583ef82b671c ! 1: 9f50b10df7c63 uprobes: Fix race in uprobe_free_utask @@ ## Metadata ## -Author: Jiri Olsa jolsa@kernel.org +Author: Christian Simon simon@swine.de
## Commit message ## uprobes: Fix race in uprobe_free_utask
+ commit b583ef82b671c9a752fbe3e95bd4c1c51eab764d upstream. + + Christian Simon verified the regression exists in v6.1.129 as per method + below and backported the mainline fix to the older version of + uprobe_free_utask. After that change I can no longer reproduce + the race with this method within 12 hours, while before it would + show the panic in under a minute. + Max Makarov reported kernel panic [1] in perf user callchain code.
The reason for that is the race between uprobe_free_utask and bpf @@ Commit message
Fixes: cfa7f3d2c526 ("perf,x86: avoid missing caller address in stack traces captured in uprobe") Reported-by: Max Makarov maxpain@linux.com + (cherry picked from commit b583ef82b671c9a752fbe3e95bd4c1c51eab764d) Signed-off-by: Jiri Olsa jolsa@kernel.org Signed-off-by: Peter Zijlstra (Intel) peterz@infradead.org Acked-by: Oleg Nesterov oleg@redhat.com Acked-by: Andrii Nakryiko andrii@kernel.org Link: https://lore.kernel.org/r/20250109141440.2692173-1-jolsa@kernel.org + [Christian Simon: Rebased for 6.1.y, due to mainline change https://lore.kernel.org/all/20240929144239.GA9475@redhat.com/] + Signed-off-by: Christian Simon simon@swine.de
## kernel/events/uprobes.c ## @@ kernel/events/uprobes.c: void uprobe_free_utask(struct task_struct *t) @@ kernel/events/uprobes.c: void uprobe_free_utask(struct task_struct *t) return;
+ t->utask = NULL; - WARN_ON_ONCE(utask->active_uprobe || utask->xol_vaddr); + if (utask->active_uprobe) + put_uprobe(utask->active_uprobe);
- timer_delete_sync(&utask->ri_timer); @@ kernel/events/uprobes.c: void uprobe_free_utask(struct task_struct *t) - ri = free_ret_instance(ri, true /* cleanup_hprobe */);
+ xol_free_insn_slot(t); kfree(utask); - t->utask = NULL; }
- #define RI_TIMER_PERIOD (HZ / 10) /* 100 ms */ + /* ---
Results of testing on various branches:
| Branch | Patch Apply | Build Test | |---------------------------|-------------|------------| | stable/linux-6.1.y | Success | Success |