On Mon, 3 Oct 2022 at 12:43, Greg Kroah-Hartman gregkh@linuxfoundation.org wrote:
This is the start of the stable review cycle for the 5.19.13 release. There are 101 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Wed, 05 Oct 2022 07:07:06 +0000. Anything received after that time might be too late.
The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.19.13-rc1... or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.19.y and the diffstat can be found below.
thanks,
greg k-h
Results from Linaro's test farm. No regressions on arm64, arm, x86_64, and i386.
Tested-by: Linux Kernel Functional Testing lkft@linaro.org
NOTE: 1) Build warning 2) Boot warning on qemu-arm64 with KASAN and Kunit test Suspecting one of the recently commits causing this warning and need to bisect to confirm the commit id. mm/slab_common: fix possible double free of kmem_cache [ Upstream commit d71608a877362becdc94191f190902fac1e64d35 ]
1) Following build warning found on few arm configs which do not set Kconfig # CONFIG_ELF_CORE is not set
- powerpc: tqm8xx_defconfig - arm: keystone_defconfig and omap1_defconfig - mips: ar7_defconfig fs/coredump.c:835:12: warning: 'dump_emit_page' defined but not used [-Wunused-function] 835 | static int dump_emit_page(struct coredump_params *cprm, struct page *page) | ^~~~~~~~~~~~~~
2) Following kernel boot warning noticed on qemu-arm64 with KASAN and KUNIT enabled [1]
[ 177.651182] ------------[ cut here ]------------ [ 177.652217] kmem_cache_destroy test: Slab cache still has objects when called from test_exit+0x28/0x40 [ 177.654849] WARNING: CPU: 0 PID: 1 at mm/slab_common.c:520 kmem_cache_destroy+0x1e8/0x20c [ 177.666237] Modules linked in: [ 177.667325] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G B 5.19.13-rc1 #1 [ 177.668666] Hardware name: linux,dummy-virt (DT) [ 177.669783] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 177.671120] pc : kmem_cache_destroy+0x1e8/0x20c [ 177.672217] lr : kmem_cache_destroy+0x1e8/0x20c [ 177.673302] sp : ffff8000080876f0 [ 177.674013] x29: ffff8000080876f0 x28: ffffb5ed1da56f38 x27: ffffb5ed1a87b480 [ 177.676478] x26: ffff800008087aa0 x25: ffff800008087ac8 x24: ffff00000c73b480 [ 177.678215] x23: 000000004c800000 x22: ffffb5ed1eca3000 x21: ffffb5ed1da381f0 [ 177.679873] x20: fdecb5ed18ea3a78 x19: ffff00000759be00 x18: 00000000ffffffff [ 177.681540] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 [ 177.683139] x14: 0000000000000000 x13: 206d6f7266206465 x12: ffff700001010e63 [ 177.684776] x11: 1ffff00001010e62 x10: ffff700001010e62 x9 : ffffb5ed18b89514 [ 177.686554] x8 : ffff800008087317 x7 : 0000000000000001 x6 : 0000000000000001 [ 177.688238] x5 : ffffb5ed1d893000 x4 : dfff800000000000 x3 : ffffb5ed18b89520 [ 177.689912] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff000007150000 [ 177.691598] Call trace: [ 177.692165] kmem_cache_destroy+0x1e8/0x20c [ 177.693196] test_exit+0x28/0x40 [ 177.694158] kunit_catch_run_case+0x5c/0x120 [ 177.695177] kunit_try_catch_run+0x144/0x26c [ 177.696211] kunit_run_case_catch_errors+0x158/0x1e0 [ 177.697353] kunit_run_tests+0x374/0x750 [ 177.698333] __kunit_test_suites_init+0x74/0xa0 [ 177.699386] kunit_run_all_tests+0x160/0x380 [ 177.700428] kernel_init_freeable+0x32c/0x388 [ 177.701497] kernel_init+0x2c/0x150 [ 177.702347] ret_from_fork+0x10/0x20 [ 177.703308] ---[ end trace 0000000000000000 ]---
[1] https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2FcCyacq1Su...
--- mm/slab_common: fix possible double free of kmem_cache [ Upstream commit d71608a877362becdc94191f190902fac1e64d35 ]
When doing slub_debug test, kfence's 'test_memcache_typesafe_by_rcu' kunit test case cause a use-after-free error:
BUG: KASAN: use-after-free in kobject_del+0x14/0x30 Read of size 8 at addr ffff888007679090 by task kunit_try_catch/261
CPU: 1 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.0.0-rc5-next-20220916 #17 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x34/0x48 print_address_description.constprop.0+0x87/0x2a5 print_report+0x103/0x1ed kasan_report+0xb7/0x140 kobject_del+0x14/0x30 kmem_cache_destroy+0x130/0x170 test_exit+0x1a/0x30 kunit_try_run_case+0xad/0xc0 kunit_generic_run_threadfn_adapter+0x26/0x50 kthread+0x17b/0x1b0 </TASK>
The cause is inside kmem_cache_destroy():
kmem_cache_destroy acquire lock/mutex shutdown_cache schedule_work(kmem_cache_release) (if RCU flag set) release lock/mutex kmem_cache_release (if RCU flag not set)
In some certain timing, the scheduled work could be run before the next RCU flag checking, which can then get a wrong value and lead to double kmem_cache_release().
Fix it by caching the RCU flag inside protected area, just like 'refcnt'
Fixes: 0495e337b703 ("mm/slab_common: Deleting kobject in kmem_cache_destroy() without holding slab_mutex/cpu_hotplug_lock") Signed-off-by: Feng Tang feng.tang@intel.com Reviewed-by: Hyeonggon Yoo 42.hyeyoo@gmail.com Reviewed-by: Waiman Long longman@redhat.com Signed-off-by: Vlastimil Babka vbabka@suse.cz Signed-off-by: Sasha Levin sashal@kernel.org
## Build * kernel: 5.19.13-rc1 * git: https://gitlab.com/Linaro/lkft/mirrors/stable/linux-stable-rc * git branch: linux-5.19.y * git commit: 0d49bf6408c47f815c7e056a006617d5431b1bed * git describe: v5.19.12-102-g0d49bf6408c4 * test details: https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-5.19.y/build/v5.19....
## No Test Regressions (compared to v5.19.12)
## No Metric Regressions (compared to v5.19.12)
## No Test Fixes (compared to v5.19.12)
## No Metric Fixes (compared to v5.19.12)
## Test result summary total: 119604, pass: 105318, fail: 1117, skip: 12815, xfail: 354
## Build Summary * arc: 10 total, 10 passed, 0 failed * arm: 339 total, 336 passed, 3 failed * arm64: 73 total, 70 passed, 3 failed * i386: 62 total, 55 passed, 7 failed * mips: 62 total, 59 passed, 3 failed * parisc: 14 total, 14 passed, 0 failed * powerpc: 75 total, 66 passed, 9 failed * riscv: 32 total, 27 passed, 5 failed * s390: 26 total, 24 passed, 2 failed * sh: 26 total, 24 passed, 2 failed * sparc: 14 total, 14 passed, 0 failed * x86_64: 66 total, 63 passed, 3 failed
## Test suites summary * fwts * igt-gpu-tools * kselftest-android * kselftest-arm64 * kselftest-arm64/arm64.btitest.bti_c_func * kselftest-arm64/arm64.btitest.bti_j_func * kselftest-arm64/arm64.btitest.bti_jc_func * kselftest-arm64/arm64.btitest.bti_none_func * kselftest-arm64/arm64.btitest.nohint_func * kselftest-arm64/arm64.btitest.paciasp_func * kselftest-arm64/arm64.nobtitest.bti_c_func * kselftest-arm64/arm64.nobtitest.bti_j_func * kselftest-arm64/arm64.nobtitest.bti_jc_func * kselftest-arm64/arm64.nobtitest.bti_none_func * kselftest-arm64/arm64.nobtitest.nohint_func * kselftest-arm64/arm64.nobtitest.paciasp_func * kselftest-breakpoints * kselftest-capabilities * kselftest-cgroup * kselftest-clone3 * kselftest-core * kselftest-cpu-hotplug * kselftest-cpufreq * kselftest-drivers-dma-buf * kselftest-efivarfs * kselftest-filesystems * kselftest-filesystems-binderfs * kselftest-firmware * kselftest-fpu * kselftest-futex * kselftest-gpio * kselftest-intel_pstate * kselftest-ipc * kselftest-ir * kselftest-kcmp * kselftest-kexec * kselftest-kvm * kselftest-lib * kselftest-livepatch * kselftest-membarrier * kselftest-memfd * kselftest-memory-hotplug * kselftest-mincore * kselftest-mount * kselftest-mqueue * kselftest-net * kselftest-net-forwarding * kselftest-netfilter * kselftest-nsfs * kselftest-openat2 * kselftest-pid_namespace * kselftest-pidfd * kselftest-proc * kselftest-pstore * kselftest-ptrace * kselftest-rseq * kselftest-rtc * kselftest-seccomp * kselftest-sigaltstack * kselftest-size * kselftest-splice * kselftest-static_keys * kselftest-sync * kselftest-sysctl * kselftest-tc-testing * kselftest-timens * kselftest-timers * kselftest-tmpfs * kselftest-tpm2 * kselftest-user * kselftest-vm * kselftest-x86 * kselftest-zram * kunit * kvm-unit-tests * libgpiod * libhugetlbfs * log-parser-boot * log-parser-test * ltp-cap_bounds * ltp-commands * ltp-containers * ltp-controllers * ltp-cpuhotplug * ltp-crypto * ltp-cve * ltp-dio * ltp-fcntl-locktests * ltp-filecaps * ltp-fs * ltp-fs_bind * ltp-fs_perms_simple * ltp-fsx * ltp-hugetlb * ltp-io * ltp-ipc * ltp-math * ltp-mm * ltp-nptl * ltp-open-posix-tests * ltp-pty * ltp-sched * ltp-securebits * ltp-smoke * ltp-syscalls * ltp-tracing * network-basic-tests * packetdrill * perf * perf/Zstd-perf.data-compression * rcutorture * v4l2-compliance * vdso
-- Linaro LKFT https://lkft.linaro.org