This is the start of the stable review cycle for the 5.15.184 release. There are 59 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Thu, 22 May 2025 12:57:37 +0000. Anything received after that time might be too late.
The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.184-rc... or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below.
thanks,
greg k-h
------------- Pseudo-Shortlog of commits:
Greg Kroah-Hartman gregkh@linuxfoundation.org Linux 5.15.184-rc1
Alexander Lobakin alexandr.lobakin@intel.com ice: arfs: fix use-after-free when freeing @rx_cpu_rmap
Florian Westphal fw@strlen.de netfilter: nf_tables: do not defer rule destruction via call_rcu
Pablo Neira Ayuso pablo@netfilter.org netfilter: nf_tables: wait for rcu grace period on net_device removal
Florian Westphal fw@strlen.de netfilter: nf_tables: pass nft_chain to destroy function, not nft_ctx
Josef Bacik josef@toxicpanda.com btrfs: do not clean up repair bio if submit fails
Filipe Manana fdmanana@suse.com btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info()
Eric Dumazet edumazet@google.com sctp: add mutual exclusion in proc_sctp_do_udp_port()
Feng Tang feng.tang@linux.alibaba.com selftests/mm: compaction_test: support platform with huge mount of memory
GONG Ruiqi gongruiqi1@huawei.com usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control()
Dan Carpenter dan.carpenter@linaro.org usb: typec: fix potential array underflow in ucsi_ccg_sync_control()
RD Babiera rdbabiera@google.com usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group
Andrei Kuchynski akuchynski@chromium.org usb: typec: ucsi: displayport: Fix deadlock
Sebastian Andrzej Siewior bigeasy@linutronix.de clocksource/i8253: Use raw_spinlock_irqsave() in clockevent_i8253_disable()
Fengnan Chang changfengnan@bytedance.com block: fix direct io NOWAIT flag not work
Shuai Xue xueshuai@linux.alibaba.com dmaengine: idxd: fix memory leak in error handling path of idxd_setup_groups
Shuai Xue xueshuai@linux.alibaba.com dmaengine: idxd: fix memory leak in error handling path of idxd_setup_engines
Yemike Abhilash Chandra y-abhilashchandra@ti.com dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure instead of a local copy
Ronald Wahl ronald.wahl@legrand.com dmaengine: ti: k3-udma: Add missing locking
Fedor Pchelkin pchelkin@ispras.ru wifi: mt76: disable napi on driver removal
Claudiu Beznea claudiu.beznea.uj@bp.renesas.com phy: renesas: rcar-gen3-usb2: Set timing registers only once
Ma Ke make24@iscas.ac.cn phy: Fix error handling in tegra_xusb_port_init
Steven Rostedt rostedt@goodmis.org tracing: samples: Initialize trace_array_printk() with the correct function
pengdonglin pengdonglin@xiaomi.com ftrace: Fix preemption accounting for stacktrace filter command
pengdonglin pengdonglin@xiaomi.com ftrace: Fix preemption accounting for stacktrace trigger command
Nicolas Chauvet kwizart@gmail.com ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera
Christian Heusel christian@heusel.eu ALSA: usb-audio: Add sample rate quirk for Audioengine D1
Wentao Liang vulab@iscas.ac.cn ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2()
Jeremy Linton jeremy.linton@arm.com ACPI: PPTT: Fix processor subtable walk
Filipe Manana fdmanana@suse.com btrfs: fix discard worker infinite loop after disabling discard
Nathan Lynch nathan.lynch@amd.com dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when interrupted"
Peter Zijlstra peterz@infradead.org x86/its: FineIBT-paranoid vs ITS
Eric Biggers ebiggers@google.com x86/its: Fix build errors when CONFIG_MODULES=n
Peter Zijlstra peterz@infradead.org x86/its: Use dynamic thunks for indirect branches
Pawan Gupta pawan.kumar.gupta@linux.intel.com x86/its: Align RETs in BHB clear sequence to avoid thunking
Pawan Gupta pawan.kumar.gupta@linux.intel.com x86/its: Add "vmexit" option to skip mitigation on some CPUs
Pawan Gupta pawan.kumar.gupta@linux.intel.com x86/its: Enable Indirect Target Selection mitigation
Pawan Gupta pawan.kumar.gupta@linux.intel.com x86/its: Add support for ITS-safe return thunk
Josh Poimboeuf jpoimboe@kernel.org x86/alternatives: Remove faulty optimization
Borislav Petkov (AMD) bp@alien8.de x86/alternative: Optimize returns patching
Pawan Gupta pawan.kumar.gupta@linux.intel.com x86/its: Add support for ITS-safe indirect thunk
Pawan Gupta pawan.kumar.gupta@linux.intel.com x86/its: Enumerate Indirect Target Selection (ITS) bug
Pawan Gupta pawan.kumar.gupta@linux.intel.com Documentation: x86/bugs/its: Add ITS documentation
Pawan Gupta pawan.kumar.gupta@linux.intel.com x86/speculation: Remove the extra #ifdef around CALL_NOSPEC
Pawan Gupta pawan.kumar.gupta@linux.intel.com x86/speculation: Add a conditional CS prefix to CALL_NOSPEC
Pawan Gupta pawan.kumar.gupta@linux.intel.com x86/speculation: Simplify and make CALL_NOSPEC consistent
Peter Zijlstra peterz@infradead.org x86,nospec: Simplify {JMP,CALL}_NOSPEC
Trond Myklebust trond.myklebust@hammerspace.com NFSv4/pnfs: Reset the layout state after a layoutreturn
Abdun Nihaal abdun.nihaal@gmail.com qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd()
Geert Uytterhoeven geert+renesas@glider.be ALSA: sh: SND_AICA should depend on SH_DMA_API
Vladimir Oltean vladimir.oltean@nxp.com net: dsa: sja1105: discard incoming frames in BR_STATE_LISTENING
Mathieu Othacehe othacehe@gnu.org net: cadence: macb: Fix a possible deadlock in macb_halt_tx.
Cong Wang xiyou.wangcong@gmail.com net_sched: Flush gso_skb list too during ->change()
Geert Uytterhoeven geert+renesas@glider.be spi: loopback-test: Do not split 1024-byte hexdumps
Li Lingfeng lilingfeng3@huawei.com nfs: handle failure of nfs_get_lock_context in unlock path
Zhu Yanjun yanjun.zhu@linux.dev RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug
David Lechner dlechner@baylibre.com iio: chemical: sps30: use aligned_s64 for timestamp
Jonathan Cameron Jonathan.Cameron@huawei.com iio: adc: ad7768-1: Fix insufficient alignment of timestamp.
Masami Hiramatsu (Google) mhiramat@kernel.org tracing: probes: Fix a possible race in trace_probe_log APIs
Hans de Goede hdegoede@redhat.com platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection
-------------
Diffstat:
Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/admin-guide/hw-vuln/index.rst | 1 + .../hw-vuln/indirect-target-selection.rst | 156 +++++++++++++ Documentation/admin-guide/kernel-parameters.txt | 15 ++ Makefile | 4 +- arch/x86/Kconfig | 11 + arch/x86/entry/entry_64.S | 20 +- arch/x86/include/asm/alternative.h | 32 +++ arch/x86/include/asm/cpufeatures.h | 3 + arch/x86/include/asm/msr-index.h | 8 + arch/x86/include/asm/nospec-branch.h | 57 +++-- arch/x86/kernel/alternative.c | 243 ++++++++++++++++++++- arch/x86/kernel/cpu/bugs.c | 139 +++++++++++- arch/x86/kernel/cpu/common.c | 63 +++++- arch/x86/kernel/ftrace.c | 2 +- arch/x86/kernel/module.c | 7 + arch/x86/kernel/static_call.c | 2 +- arch/x86/kernel/vmlinux.lds.S | 10 + arch/x86/kvm/x86.c | 4 +- arch/x86/lib/retpoline.S | 39 ++++ arch/x86/net/bpf_jit_comp.c | 8 +- block/fops.c | 5 +- drivers/acpi/pptt.c | 11 +- drivers/base/cpu.c | 8 + drivers/clocksource/i8253.c | 6 +- drivers/dma/dmatest.c | 6 +- drivers/dma/idxd/init.c | 8 + drivers/dma/ti/k3-udma.c | 10 +- drivers/iio/adc/ad7768-1.c | 2 +- drivers/iio/chemical/sps30.c | 2 +- drivers/infiniband/sw/rxe/rxe_cq.c | 5 +- drivers/net/dsa/sja1105/sja1105_main.c | 6 +- drivers/net/ethernet/cadence/macb_main.c | 19 +- drivers/net/ethernet/intel/ice/ice_arfs.c | 9 +- drivers/net/ethernet/intel/ice/ice_lib.c | 5 +- drivers/net/ethernet/intel/ice/ice_main.c | 20 +- .../ethernet/qlogic/qlcnic/qlcnic_sriov_common.c | 7 +- drivers/net/wireless/mediatek/mt76/dma.c | 1 + drivers/phy/renesas/phy-rcar-gen3-usb2.c | 7 +- drivers/phy/tegra/xusb.c | 8 +- drivers/platform/x86/asus-wmi.c | 3 +- drivers/spi/spi-loopback-test.c | 2 +- drivers/usb/typec/altmodes/displayport.c | 18 +- drivers/usb/typec/ucsi/displayport.c | 19 +- drivers/usb/typec/ucsi/ucsi.c | 34 +++ drivers/usb/typec/ucsi/ucsi.h | 3 + drivers/usb/typec/ucsi/ucsi_ccg.c | 5 + fs/btrfs/discard.c | 17 +- fs/btrfs/extent-tree.c | 25 ++- fs/btrfs/extent_io.c | 15 +- fs/nfs/nfs4proc.c | 9 +- fs/nfs/pnfs.c | 9 + include/linux/cpu.h | 2 + include/linux/module.h | 5 + include/net/netfilter/nf_tables.h | 2 +- include/net/sch_generic.h | 15 ++ kernel/trace/trace_dynevent.c | 16 +- kernel/trace/trace_dynevent.h | 1 + kernel/trace/trace_events_trigger.c | 2 +- kernel/trace/trace_functions.c | 6 +- kernel/trace/trace_kprobe.c | 2 +- kernel/trace/trace_probe.c | 9 + kernel/trace/trace_uprobe.c | 2 +- net/netfilter/nf_tables_api.c | 54 +++-- net/netfilter/nft_immediate.c | 2 +- net/sched/sch_codel.c | 2 +- net/sched/sch_fq.c | 2 +- net/sched/sch_fq_codel.c | 2 +- net/sched/sch_fq_pie.c | 2 +- net/sched/sch_hhf.c | 2 +- net/sched/sch_pie.c | 2 +- net/sctp/sysctl.c | 4 + samples/ftrace/sample-trace-array.c | 2 +- sound/pci/es1968.c | 6 +- sound/sh/Kconfig | 2 +- sound/usb/quirks.c | 4 + tools/testing/selftests/vm/compaction_test.c | 19 +- 77 files changed, 1112 insertions(+), 184 deletions(-)
On 5/20/25 06:49, Greg Kroah-Hartman wrote:
This is the start of the stable review cycle for the 5.15.184 release. There are 59 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Thu, 22 May 2025 12:57:37 +0000. Anything received after that time might be too late.
The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.184-rc... or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below.
thanks,
greg k-h
On ARCH_BRCMSTB using 32-bit and 64-bit ARM kernels, build tested on BMIPS_GENERIC:
Tested-by: Florian Fainelli florian.fainelli@broadcom.com
On 5/20/25 07:49, Greg Kroah-Hartman wrote:
This is the start of the stable review cycle for the 5.15.184 release. There are 59 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Thu, 22 May 2025 12:57:37 +0000. Anything received after that time might be too late.
The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.184-rc... or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below.
thanks,
greg k-h
Compiled and booted on my test system. No dmesg regressions.
Tested-by: Shuah Khan skhan@linuxfoundation.org
thanks, -- Shuah
On 5/20/25 06:49, Greg Kroah-Hartman wrote:
This is the start of the stable review cycle for the 5.15.184 release. There are 59 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Thu, 22 May 2025 12:57:37 +0000. Anything received after that time might be too late.
The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.184-rc... or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below.
thanks,
greg k-h
Built and booted successfully on RISC-V RV64 (HiFive Unmatched).
Tested-by: Ron Economos re@w6rz.net
On 20/05/25 7:19 pm, Greg Kroah-Hartman wrote:
This is the start of the stable review cycle for the 5.15.184 release. There are 59 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
No issues were seen on x86_64 and aarch64 platforms with our testing.
Tested-by: Vijayendra Suman vijayendra.suman@oracle.com
Responses should be made by Thu, 22 May 2025 12:57:37 +0000. Anything received after that time might be too late.
The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/ patch-5.15.184-rc1.gz or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below.
thanks,
greg k-h
Thanks, Vijay
On Tue, 20 May 2025 15:49:51 +0200, Greg Kroah-Hartman wrote:
This is the start of the stable review cycle for the 5.15.184 release. There are 59 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Thu, 22 May 2025 12:57:37 +0000. Anything received after that time might be too late.
The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.184-rc... or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below.
thanks,
greg k-h
All tests passing for Tegra ...
Test results for stable-v5.15: 10 builds: 10 pass, 0 fail 28 boots: 28 pass, 0 fail 101 tests: 101 pass, 0 fail
Linux version: 5.15.184-rc1-gba6ee53cdfad Boards tested: tegra124-jetson-tk1, tegra186-p2771-0000, tegra186-p3509-0000+p3636-0001, tegra194-p2972-0000, tegra194-p3509-0000+p3668-0000, tegra20-ventana, tegra210-p2371-2180, tegra210-p3450-0000, tegra30-cardhu-a04
Tested-by: Jon Hunter jonathanh@nvidia.com
Jon
On Tue, 20 May 2025 at 19:23, Greg Kroah-Hartman gregkh@linuxfoundation.org wrote:
This is the start of the stable review cycle for the 5.15.184 release. There are 59 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Thu, 22 May 2025 12:57:37 +0000. Anything received after that time might be too late.
The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.184-rc... or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below.
thanks,
greg k-h
Results from Linaro’s test farm. No regressions on arm64, arm, x86_64, and i386.
Tested-by: Linux Kernel Functional Testing lkft@linaro.org
## Build * kernel: 5.15.184-rc1 * git: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git * git commit: ba6ee53cdfadb92bab1c005dfb67a4397a8a7219 * git describe: v5.15.183-60-gba6ee53cdfad * test details: https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-5.15.y/build/v5.15....
## Test Regressions (compared to v5.15.182-55-g5aa355897d1b)
## Metric Regressions (compared to v5.15.182-55-g5aa355897d1b)
## Test Fixes (compared to v5.15.182-55-g5aa355897d1b)
## Metric Fixes (compared to v5.15.182-55-g5aa355897d1b)
## Test result summary total: 60301, pass: 46648, fail: 2204, skip: 11039, xfail: 410
## Build Summary * arc: 5 total, 5 passed, 0 failed * arm: 101 total, 101 passed, 0 failed * arm64: 28 total, 28 passed, 0 failed * i386: 18 total, 18 passed, 0 failed * mips: 22 total, 22 passed, 0 failed * parisc: 3 total, 3 passed, 0 failed * powerpc: 22 total, 22 passed, 0 failed * riscv: 8 total, 8 passed, 0 failed * s390: 9 total, 9 passed, 0 failed * sh: 10 total, 10 passed, 0 failed * sparc: 6 total, 6 passed, 0 failed * x86_64: 24 total, 24 passed, 0 failed
## Test suites summary * boot * kselftest-arm64 * kselftest-breakpoints * kselftest-capabilities * kselftest-clone3 * kselftest-core * kselftest-cpu-hotplug * kselftest-exec * kselftest-fpu * kselftest-futex * kselftest-intel_pstate * kselftest-kcmp * kselftest-livepatch * kselftest-membarrier * kselftest-mincore * kselftest-mm * kselftest-mqueue * kselftest-net * kselftest-net-mptcp * kselftest-openat2 * kselftest-ptrace * kselftest-rseq * kselftest-rtc * kselftest-seccomp * kselftest-sigaltstack * kselftest-size * kselftest-tc-testing * kselftest-timers * kselftest-tmpfs * kselftest-tpm2 * kselftest-user_events * kselftest-vDSO * kselftest-x86 * kunit * kvm-unit-tests * lava * libgpiod * libhugetlbfs * log-parser-boot * log-parser-build-clang * log-parser-build-gcc * log-parser-test * ltp-capability * ltp-commands * ltp-containers * ltp-controllers * ltp-cpuhotplug * ltp-crypto * ltp-cve * ltp-dio * ltp-fcntl-locktests * ltp-fs * ltp-fs_bind * ltp-fs_perms_simple * ltp-hugetlb * ltp-ipc * ltp-math * ltp-mm * ltp-nptl * ltp-pty * ltp-sched * ltp-smoke * ltp-syscalls * ltp-tracing * perf * rcutorture
-- Linaro LKFT https://lkft.linaro.org
On Tue, May 20, 2025 at 03:49:51PM +0200, Greg Kroah-Hartman wrote:
This is the start of the stable review cycle for the 5.15.184 release. There are 59 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Tested-by: Mark Brown broonie@kernel.org
On 5/20/25 15:49, Greg Kroah-Hartman wrote:
This is the start of the stable review cycle for the 5.15.184 release. There are 59 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Thu, 22 May 2025 12:57:37 +0000. Anything received after that time might be too late.
The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.184-rc... or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below.
thanks,
greg k-h
It's crashing at boot for me when the ITS mitigation is used (tested on Icelake):
[ OK ] Started udev Coldplug all Devices. Starting udev Wait for Complete Device Initialization... [ 3.567527] BUG: unable to handle page fault for address: ff4fa48f82b9a000 [ 3.575207] #PF: supervisor write access in kernel mode [ 3.581040] #PF: error_code(0x0003) - permissions violation [ 3.587262] PGD 1007f401067 P4D 1007f402067 PUD 3024b3063 PMD 302b99063 PTE 8000000302b9a161 [ 3.596685] Oops: 0003 [#1] SMP NOPTI [ 3.600775] CPU: 73 PID: 1672 Comm: systemd-udevd Not tainted 5.15.184-rc1.its.1.el8.dev.x86_64 #1 [ 3.610779] Hardware name: Oracle Corporation ORACLE SERVER X9-2c/TLA,MB TRAY,X9-2c, BIOS 66110100 07/17/2024 [ 3.621848] RIP: 0010:clear_page_erms+0x7/0x10 [ 3.626813] Code: 48 89 47 18 48 89 47 20 48 89 47 28 48 89 47 30 48 89 47 38 48 8d 7f 40 75 d9 90 e9 13 7f a5 00 0f 1f 00 b9 00 10 00 00 31 c0 <f3> aa e9 02 7f a5 00 cc cc 48 85 ff 0f 84 e5 00 00 00 0f b6 0f 4c [ 3.647774] RSP: 0000:ff63a55d1b8f3cb8 EFLAGS: 00010246 [ 3.653608] RAX: 0000000000000000 RBX: ff63a55d1b8f3d38 RCX: 0000000000001000 [ 3.661565] RDX: ffc82ea4cc0ae680 RSI: ff4fa48d971b1fc0 RDI: ff4fa48f82b9a000 [ 3.669529] RBP: ff4fa50cfffd5d80 R08: ffc82ea4cc0ae6c0 R09: 0000000000000000 [ 3.677496] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001 [ 3.685460] R13: 0000000000000901 R14: 0000000000000000 R15: 000000000002414b [ 3.693425] FS: 00007f525eb73280(0000) GS:ff4fa50affc40000(0000) knlGS:0000000000000000 [ 3.702451] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3.708864] CR2: ff4fa48f82b9a000 CR3: 0000000401476006 CR4: 0000000000771ee0 [ 3.716830] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 3.724796] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 3.732753] PKRU: 55555554 [ 3.735773] Call Trace: [ 3.738504] <TASK> [ 3.740847] kernel_init_free_pages.part.0+0x46/0x70 [ 3.746394] get_page_from_freelist+0x3df/0x510 [ 3.751453] ? do_set_pte+0xa5/0x100 [ 3.755446] __alloc_pages+0x19a/0x350 [ 3.759631] pte_alloc_one+0x14/0x50 [ 3.763623] do_read_fault+0x12d/0x160 [ 3.767802] do_fault+0x9a/0x2e0 [ 3.771403] __handle_mm_fault+0x3e8/0x6c0 [ 3.775978] handle_mm_fault+0xcf/0x2c0 [ 3.780261] do_user_addr_fault+0x1d2/0x680 [ 3.784932] exc_page_fault+0x68/0x140 [ 3.789119] asm_exc_page_fault+0x22/0x30 [ 3.793598] RIP: 0033:0x557a550175bd [ 3.797591] Code: Unable to access opcode bytes at RIP 0x557a55017593. [ 3.804878] RSP: 002b:00007ffd57006600 EFLAGS: 00010206 [ 3.810710] RAX: 0000000000000000 RBX: 0000557a6a620e40 RCX: 00007f525da098b8 [ 3.818676] RDX: 0000000000000003 RSI: 00007f525da09908 RDI: 0000000000000003 [ 3.826642] RBP: 00007ffd570067d0 R08: 0000000000000000 R09: 000000000000000a [ 3.834607] R10: 00007f525eb73280 R11: 0000000000000206 R12: 0000557a6a620f00 [ 3.842573] R13: 0000557a6a6b76d0 R14: 0000000000000000 R15: 0000557a6a6b87d0 [ 3.850533] </TASK> [ 3.852972] Modules linked in: psample pci_hyperv_intf wmi dm_multipath sunrpc dm_mirror dm_region_hash dm_log dm_mod be2iscsi bnx2i cnic uio cxgb4i cxgb4 tls cxgb3i cxgb3 mdio libcxgbi libcxgb qla4xxx iscsi_boot_sysfs iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi [ 3.879765] CR2: ff4fa48f82b9a000 [ 3.883463] ---[ end trace 5c8bb91d889112a9 ]--- [ 4.498240] RIP: 0010:clear_page_erms+0x7/0x10 [ 4.503205] Code: 48 89 47 18 48 89 47 20 48 89 47 28 48 89 47 30 48 89 47 38 48 8d 7f 40 75 d9 90 e9 13 7f a5 00 0f 1f 00 b9 00 10 00 00 31 c0 <f3> aa e9 02 7f a5 00 cc cc 48 85 ff 0f 84 e5 00 00 00 0f b6 0f 4c [ 4.524155] RSP: 0000:ff63a55d1b8f3cb8 EFLAGS: 00010246 [ 4.529978] RAX: 0000000000000000 RBX: ff63a55d1b8f3d38 RCX: 0000000000001000 [ 4.537945] RDX: ffc82ea4cc0ae680 RSI: ff4fa48d971b1fc0 RDI: ff4fa48f82b9a000 [ 4.545910] RBP: ff4fa50cfffd5d80 R08: ffc82ea4cc0ae6c0 R09: 0000000000000000 [ 4.553874] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001 [ 4.561840] R13: 0000000000000901 R14: 0000000000000000 R15: 000000000002414b [ 4.569798] FS: 00007f525eb73280(0000) GS:ff4fa50affc40000(0000) knlGS:0000000000000000 [ 4.578831] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 4.585235] CR2: 0000557a55017593 CR3: 0000000401476006 CR4: 0000000000771ee0 [ 4.593202] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 4.601158] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 4.609122] PKRU: 55555554 [ 4.612143] Kernel panic - not syncing: Fatal exception [ 4.618980] Kernel Offset: 0x39e00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 4.686287] ---[ end Kernel panic - not syncing: Fatal exception ]---
There's no problem when disabling the ITS mitigation.
It looks the problem comes from pages allocated for dynamic thunks for modules, and this patch appears to fix the problem:
diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c index 43ec73da66d8b..9ca6973e56547 100644 --- a/arch/x86/kernel/alternative.c +++ b/arch/x86/kernel/alternative.c @@ -460,6 +460,8 @@ void its_free_mod(struct module *mod)
for (i = 0; i < mod->its_num_pages; i++) { void *page = mod->its_page_array[i]; + set_memory_nx((unsigned long)page, 1); + set_memory_rw((unsigned long)page, 1); module_memfree(page); } kfree(mod->its_page_array);
I don't know the exact underlying issue but I suspect that the kernel doesn't correctly handle pages freed without the write permission, and restoring page permissions to rw (instead of rox) before freeing prevent the problem.
alex.
On Wed, May 21, 2025 at 09:10:58PM +0200, Alexandre Chartre wrote:
It looks the problem comes from pages allocated for dynamic thunks for modules, and this patch appears to fix the problem:
diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c index 43ec73da66d8b..9ca6973e56547 100644 --- a/arch/x86/kernel/alternative.c +++ b/arch/x86/kernel/alternative.c @@ -460,6 +460,8 @@ void its_free_mod(struct module *mod) for (i = 0; i < mod->its_num_pages; i++) { void *page = mod->its_page_array[i];
set_memory_nx((unsigned long)page, 1);set_memory_rw((unsigned long)page, 1); module_memfree(page); } kfree(mod->its_page_array);I don't know the exact underlying issue but I suspect that the kernel doesn't correctly handle pages freed without the write permission, and restoring page permissions to rw (instead of rox) before freeing prevent the problem.
Your analysis aligns with the proposed fix to backport below patch as well:
x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc() https://lore.kernel.org/stable/20250521171635.848656-1-pchelkin@ispras.ru/
-
Alexandre Chartre -
Florian Fainelli -
Greg Kroah-Hartman -
Jon Hunter -
Mark Brown -
Naresh Kamboju -
Pawan Gupta -
Ron Economos -
Shuah Khan -
Vijayendra Suman