tmakin/ack-tegra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
testing-6.12
ack-tegra/kernel/exit.c
Greg Kroah-Hartman 8cb2595f93 Merge 6.12.35 into android16-6.12-lts 
GKI (arm64) relevant 87 out of 414 changes, affecting 112 files +738/-352
  bdb71ee651 configfs: Do not override creating attribute file failure in populate_attrs() [1 file, +1/-1]
  ba789be63d io_uring: account drain memory to cgroup [1 file, +1/-1]
  c58b577cf7 io_uring/kbuf: account ring io_buffer_list memory [1 file, +1/-1]
  f78b38af35 jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() [1 file, +3/-2]
  2429bb9fad media: v4l2-dev: fix error handling in __video_register_device() [1 file, +7/-7]
  5d8b057ed7 media: videobuf2: use sgtable-based scatterlist wrappers [1 file, +2/-2]
  b52dc88361 media: uvcvideo: Return the number of processed controls [1 file, +10/-1]
  6d2b12e7c5 media: uvcvideo: Send control events for partial succeeds [1 file, +9/-3]
  aac91ae06c media: uvcvideo: Fix deferred probing error [1 file, +19/-8]
  86d9837e46 arm64/mm: Close theoretical race where stale TLB entry remains valid [1 file, +5/-4]
  5538af3843 block: use plug request list tail for one-shot backmerge attempt [1 file, +13/-13]
  943801c380 block: Clear BIO_EMULATES_ZONE_APPEND flag on BIO completion [1 file, +1/-0]
  1c71f3cf5f cgroup,freezer: fix incomplete freezing when attaching tasks [1 file, +1/-2]
  a0890b7805 bus: firewall: Fix missing static inline annotations for stubs [1 file, +9/-6]
  5766da2237 ext4: inline: fix len overflow in ext4_prepare_inline_data [1 file, +1/-1]
  796632e6f8 ext4: fix calculation of credits for extent tree modification [1 file, +6/-5]
  4b36399711 ext4: ensure i_size is smaller than maxbytes [1 file, +2/-1]
  be5f3061a6 ext4: only dirty folios when data journaling regular files [1 file, +6/-1]
  a0b1c91ada Input: gpio-keys - fix possible concurrent access in gpio_keys_irq_timer() [1 file, +2/-0]
  fed611bd8c f2fs: fix to do sanity check on ino and xnid [1 file, +6/-0]
  aaa644e7ff f2fs: prevent kernel warning due to negative i_nlink from corrupted image [1 file, +9/-0]
  ee1b421c46 f2fs: fix to do sanity check on sit_bitmap_size [1 file, +8/-0]
  f16a797dce watchdog: fix watchdog may detect false positive of softlockup [1 file, +27/-14]
  02137179ff mm: fix ratelimit_pages update error in dirty_ratio_handler() [1 file, +1/-1]
  462eee6d42 firmware: arm_scmi: Ensure that the message-id supports fastchannel [2 files, +45/-33]
  e3cf1ef571 dm-verity: fix a memory leak if some arguments are specified multiple times [3 files, +24/-5]
  f2986bccf2 dm: lock limits when reading them [1 file, +7/-1]
  ec5f0b4412 ovl: Fix nested backing file paths [1 file, +2/-2]
  92776ca0cc remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() [1 file, +2/-3]
  f4ef928ca5 remoteproc: core: Release rproc->clean_table after rproc_attach() fails [1 file, +1/-0]
  68e58f5791 PCI: dwc: ep: Correct PBA offset in .set_msix() callback [1 file, +3/-2]
  b20701d594 PCI: Add ACS quirk for Loongson PCIe [1 file, +23/-0]
  be0cf75cbd PCI: Fix lock symmetry in pci_slot_unlock() [1 file, +2/-1]
  7b45d2401d clocksource: Fix the CPUs' choice in the watchdog per CPU verification [1 file, +1/-1]
  c05aba32a9 ACPICA: Avoid sequence overread in call to strncmp() [1 file, +1/-1]
  66613b13cd ACPI: Add missing prototype for non CONFIG_SUSPEND/CONFIG_X86 case [1 file, +8/-1]
  33cd650d38 pmdomain: core: Reset genpd->states to avoid freeing invalid data [1 file, +3/-1]
  f34e0c1556 platform-msi: Add msi_remove_device_irq_domain() in platform_device_msi_free_irqs_all() [1 file, +1/-0]
  c519f81e9c gpiolib: of: Add polarity quirk for s5m8767 [1 file, +9/-0]
  1f152ae557 PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn() [1 file, +1/-1]
  6c1151d53c tipc: use kfree_sensitive() for aead cleanup [1 file, +1/-1]
  b0e647442c f2fs: use vmalloc instead of kvmalloc in .init_{,de}compress_ctx [2 files, +15/-13]
  2d834477bb bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() [1 file, +2/-1]
  77ff6aec7c cpufreq: scmi: Skip SCMI devices that aren't used by the CPUs [1 file, +35/-1]
  0a8446058c tcp: always seek for minimal rtt in tcp_rcv_rtt_update() [1 file, +8/-14]
  f97085d365 tcp: remove zero TCP TS samples for autotuning [1 file, +5/-5]
  89b20c406e tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows [1 file, +3/-3]
  84c156a351 tcp: add receive queue awareness in tcp_rcv_space_adjust() [2 files, +5/-3]
  3a9e74d158 ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT [1 file, +4/-0]
  5eb9c50e0c net: page_pool: Don't recycle into cache on PREEMPT_RT [1 file, +4/-0]
  8b0741b167 xfrm: validate assignment of maximal possible SEQ number [1 file, +42/-10]
  8fdf2f79eb bpf: Pass the same orig_call value to trampoline functions [1 file, +1/-1]
  f0023d7a2a f2fs: fix to bail out in get_new_segment() [2 files, +6/-1]
  448dc45eea bpf: Use proper type to calculate bpf_raw_tp_null_args.mask index [1 file, +2/-2]
  78f768e36c net: bridge: mcast: re-implement br_multicast_{enable, disable}_port functions [1 file, +69/-8]
  4b3383110b software node: Correct a OOB check in software_node_get_reference_args() [1 file, +1/-1]
  b7129ef57d sock: Correct error checking condition for (assign|release)_proto_idx() [1 file, +2/-2]
  a58f0a0e99 f2fs: fix to set atomic write status more clear [3 files, +12/-2]
  b8b4b8bb34 bpf, sockmap: Fix data lost during EAGAIN retries [1 file, +2/-1]
  7c41f73b64 fs/xattr.c: fix simple_xattr_list() [1 file, +1/-0]
  2e10dc9c2a io_uring/kbuf: don't truncate end buffer for multiple buffer peeks [1 file, +4/-1]
  1a4254ab06 io_uring: fix task leak issue in io_wq_create() [1 file, +3/-1]
  4220cc0b98 nvme: always punt polled uring_cmd end_io work to task_work [1 file, +7/-14]
  f9b97d466e net_sched: sch_sfq: reject invalid perturb period [1 file, +8/-2]
  2a3ad42a57 net: clear the dst when changing skb protocol [1 file, +13/-6]
  510a29d776 mm: close theoretical race where stale TLB entries could linger [1 file, +2/-0]
  57ec081869 sched_ext, sched/core: Don't call scx_group_set_weight() prematurely from sched_create_group() [3 files, +9/-2]
  3d828519bd atm: Revert atm_account_tx() if copy_from_iter_full() fails. [3 files, +8/-1]
  47f34289d1 arm64: Restrict pagetable teardown to avoid false warning [1 file, +2/-1]
  9cf5b2a3b7 mm/hugetlb: unshare page tables during VMA split, not before [5 files, +57/-16]
  dc5f0aef9e net: Fix checksum update for ILA adj-transport [4 files, +7/-7]
  2516299184 bpf: Fix L4 csum update on IPv6 in CHECKSUM_COMPLETE [3 files, +7/-2]
  50189d9c5e erofs: remove unused trace event erofs_destroy_inode [1 file, +0/-18]
  348e541fef ipv6: remove leftover ip6 cookie initializer [1 file, +0/-2]
  3c44ebad5a ipv6: replace ipcm6_init calls with ipcm6_init_sk [4 files, +3/-29]
  6b358b3adf io_uring/sqpoll: don't put task_struct on tctx setup failure [1 file, +1/-4]
  8873080b88 workqueue: Initialize wq_isolated_cpumask in workqueue_init_early() [1 file, +2/-1]
  ac462a75fd net: netmem: fix skb_ensure_writable with unreadable skbs [1 file, +0/-3]
  61b39e189d ptp: allow reading of currently dialed frequency to succeed on free-running clocks [1 file, +2/-1]
  397c1faf8f tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen() behavior [1 file, +25/-12]
  0d3d91c350 tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer [1 file, +2/-2]
  31d50dfe9c tcp: fix passive TFO socket having invalid NAPI ID [1 file, +3/-0]
  0f8df5d6f2 ublk: santizize the arguments from userspace when adding a device [1 file, +3/-0]
  456019adaa perf: Fix sample vs do_exit() [2 files, +16/-8]
  7335c33d62 perf: Fix cgroup state vs ERROR [1 file, +30/-21]
  fd199366bf perf/core: Fix WARN in perf_cgroup_switch() [1 file, +20/-2]
  22f935bc86 arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth() [1 file, +1/-1]

Changes in 6.12.35
	configfs: Do not override creating attribute file failure in populate_attrs()
	crypto: marvell/cesa - Do not chain submitted requests
	gfs2: move msleep to sleepable context
	crypto: qat - add shutdown handler to qat_c3xxx
	crypto: qat - add shutdown handler to qat_420xx
	crypto: qat - add shutdown handler to qat_4xxx
	crypto: qat - add shutdown handler to qat_c62x
	crypto: qat - add shutdown handler to qat_dh895xcc
	ASoC: qcom: sdm845: Add error handling in sdm845_slim_snd_hw_params()
	ASoC: meson: meson-card-utils: use of_property_present() for DT parsing
	ASoC: amd: sof_amd_sdw: Fix unlikely uninitialized variable use in create_sdw_dailinks()
	io_uring: account drain memory to cgroup
	io_uring/kbuf: account ring io_buffer_list memory
	powerpc/pseries/msi: Avoid reading PCI device registers in reduced power states
	s390/pci: Remove redundant bus removal and disable from zpci_release_device()
	s390/pci: Prevent self deletion in disable_slot()
	s390/pci: Allow re-add of a reserved but not yet removed device
	s390/pci: Serialize device addition and removal
	regulator: max20086: Fix MAX200086 chip id
	regulator: max20086: Change enable gpio to optional
	net/mlx5_core: Add error handling inmlx5_query_nic_vport_qkey_viol_cntr()
	net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid()
	wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback()
	wifi: mt76: mt7925: fix host interrupt register initialization
	wifi: ath11k: fix rx completion meta data corruption
	wifi: rtw88: usb: Upload the firmware in bigger chunks
	wifi: ath11k: fix ring-buffer corruption
	NFSD: unregister filesystem in case genl_register_family() fails
	NFSD: fix race between nfsd registration and exports_proc
	NFSD: Implement FATTR4_CLONE_BLKSIZE attribute
	nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request
	nfsd: Initialize ssc before laundromat_work to prevent NULL dereference
	SUNRPC: Prevent hang on NFS mount with xprtsec=[m]tls
	NFSv4: Don't check for OPEN feature support in v4.1
	fs/nfs/read: fix double-unlock bug in nfs_return_empty_folio()
	wifi: ath12k: fix ring-buffer corruption
	jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata()
	svcrdma: Unregister the device if svc_rdma_accept() fails
	wifi: rtw88: usb: Reduce control message timeout to 500 ms
	wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723
	media: ov8856: suppress probe deferral errors
	media: ov5675: suppress probe deferral errors
	media: imx335: Use correct register width for HNUM
	media: nxp: imx8-isi: better handle the m2m usage_count
	media: i2c: ds90ub913: Fix returned fmt from .set_fmt()
	media: ccs-pll: Start VT pre-PLL multiplier search from correct value
	media: ov2740: Move pm-runtime cleanup on probe-errors to proper place
	media: ccs-pll: Start OP pre-PLL multiplier search from correct value
	media: ccs-pll: Correct the upper limit of maximum op_pre_pll_clk_div
	media: ccs-pll: Check for too high VT PLL multiplier in dual PLL case
	media: cxusb: no longer judge rbuf when the write fails
	media: davinci: vpif: Fix memory leak in probe error path
	media: gspca: Add error handling for stv06xx_read_sensor()
	media: i2c: imx335: Fix frame size enumeration
	media: imagination: fix a potential memory leak in e5010_probe()
	media: intel/ipu6: Fix dma mask for non-secure mode
	media: ipu6: Remove workaround for Meteor Lake ES2
	media: mediatek: vcodec: Correct vsi_core framebuffer size
	media: omap3isp: use sgtable-based scatterlist wrappers
	media: v4l2-dev: fix error handling in __video_register_device()
	media: venus: Fix probe error handling
	media: videobuf2: use sgtable-based scatterlist wrappers
	media: vidtv: Terminating the subsequent process of initialization failure
	media: vivid: Change the siize of the composing
	media: imx-jpeg: Drop the first error frames
	media: imx-jpeg: Move mxc_jpeg_free_slot_data() ahead
	media: imx-jpeg: Reset slot data pointers when freed
	media: imx-jpeg: Cleanup after an allocation error
	media: uvcvideo: Return the number of processed controls
	media: uvcvideo: Send control events for partial succeeds
	media: uvcvideo: Fix deferred probing error
	arm64/mm: Close theoretical race where stale TLB entry remains valid
	ARM: 9447/1: arm/memremap: fix arch_memremap_can_ram_remap()
	ARM: omap: pmic-cpcap: do not mess around without CPCAP or OMAP4
	ASoC: codecs: wcd9375: Fix double free of regulator supplies
	ASoC: codecs: wcd937x: Drop unused buck_supply
	block: use plug request list tail for one-shot backmerge attempt
	block: Clear BIO_EMULATES_ZONE_APPEND flag on BIO completion
	bus: mhi: ep: Update read pointer only after buffer is written
	bus: mhi: host: Fix conflict between power_up and SYSERR
	can: kvaser_pciefd: refine error prone echo_skb_max handling logic
	can: tcan4x5x: fix power regulator retrieval during probe
	ceph: avoid kernel BUG for encrypted inode with unaligned file size
	ceph: set superblock s_magic for IMA fsmagic matching
	cgroup,freezer: fix incomplete freezing when attaching tasks
	bus: firewall: Fix missing static inline annotations for stubs
	ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330
	ata: ahci: Disallow LPM for ASUSPRO-D840SA motherboard
	ata: ahci: Disallow LPM for Asus B550-F motherboard
	bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device
	bus: fsl-mc: fix GET/SET_TAILDROP command ids
	ext4: inline: fix len overflow in ext4_prepare_inline_data
	ext4: fix calculation of credits for extent tree modification
	ext4: factor out ext4_get_maxbytes()
	ext4: ensure i_size is smaller than maxbytes
	ext4: only dirty folios when data journaling regular files
	Input: ims-pcu - check record size in ims_pcu_flash_firmware()
	Input: gpio-keys - fix possible concurrent access in gpio_keys_irq_timer()
	f2fs: fix to do sanity check on ino and xnid
	f2fs: prevent kernel warning due to negative i_nlink from corrupted image
	f2fs: fix to do sanity check on sit_bitmap_size
	hwmon: (ftsteutates) Fix TOCTOU race in fts_read()
	NFC: nci: uart: Set tty->disc_data only in success path
	net/sched: fix use-after-free in taprio_dev_notifier
	net: ftgmac100: select FIXED_PHY
	iommu/vt-d: Restore context entry setup order for aliased devices
	fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var
	EDAC/altera: Use correct write width with the INTTEST register
	fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var
	parisc/unaligned: Fix hex output to show 8 hex chars
	vgacon: Add check for vc_origin address range in vgacon_scroll()
	parisc: fix building with gcc-15
	clk: meson-g12a: add missing fclk_div2 to spicc
	ipc: fix to protect IPCS lookups using RCU
	watchdog: fix watchdog may detect false positive of softlockup
	RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction
	mm: fix ratelimit_pages update error in dirty_ratio_handler()
	soc: qcom: pmic_glink_altmode: fix spurious DP hotplug events
	configfs-tsm-report: Fix NULL dereference of tsm_ops
	firmware: arm_scmi: Ensure that the message-id supports fastchannel
	mtd: rawnand: sunxi: Add randomizer configuration in sunxi_nfc_hw_ecc_write_chunk
	mtd: nand: sunxi: Add randomizer configuration before randomizer enable
	KVM: SVM: Clear current_vmcb during vCPU free for all *possible* CPUs
	KVM: VMX: Flush shadow VMCS on emergency reboot
	dm-mirror: fix a tiny race condition
	dm-verity: fix a memory leak if some arguments are specified multiple times
	mtd: rawnand: qcom: Fix read len for onfi param page
	ftrace: Fix UAF when lookup kallsym after ftrace disabled
	dm: lock limits when reading them
	phy: fsl-imx8mq-usb: fix phy_tx_vboost_level_from_property()
	net: ch9200: fix uninitialised access during mii_nway_restart
	KVM: s390: rename PROT_NONE to PROT_TYPE_DUMMY
	sysfb: Fix screen_info type check for VGA
	video: screen_info: Relocate framebuffers behind PCI bridges
	pwm: axi-pwmgen: fix missing separate external clock
	staging: iio: ad5933: Correct settling cycles encoding per datasheet
	mips: Add -std= flag specified in KBUILD_CFLAGS to vdso CFLAGS
	ovl: Fix nested backing file paths
	regulator: max14577: Add error check for max14577_read_reg()
	remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach()
	remoteproc: core: Release rproc->clean_table after rproc_attach() fails
	remoteproc: k3-m4: Don't assert reset in detach routine
	cifs: reset connections for all channels when reconnect requested
	cifs: update dstaddr whenever channel iface is updated
	cifs: dns resolution is needed only for primary channel
	smb: client: add NULL check in automount_fullpath
	Drivers: hv: Allocate interrupt and monitor pages aligned to system page boundary
	uio_hv_generic: Use correct size for interrupt and monitor pages
	uio_hv_generic: Align ring size to system page
	PCI: cadence-ep: Correct PBA offset in .set_msix() callback
	PCI: dwc: ep: Correct PBA offset in .set_msix() callback
	PCI: Add ACS quirk for Loongson PCIe
	PCI: Fix lock symmetry in pci_slot_unlock()
	PCI: dw-rockchip: Remove PCIE_L0S_ENTRY check from rockchip_pcie_link_up()
	PCI: dw-rockchip: Fix PHY function call sequence in rockchip_pcie_phy_deinit()
	iio: accel: fxls8962af: Fix temperature scan element sign
	accel/ivpu: Improve buffer object logging
	accel/ivpu: Use firmware names from upstream repo
	accel/ivpu: Use dma_resv_lock() instead of a custom mutex
	accel/ivpu: Fix warning in ivpu_gem_bo_free()
	dummycon: Trigger redraw when switching consoles with deferred takeover
	mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race
	iio: imu: inv_icm42600: Fix temperature calculation
	iio: adc: ad7944: mask high bits on direct read
	iio: adc: ti-ads1298: Kconfig: add kfifo dependency to fix module build
	iio: adc: ad7606_spi: fix reg write value mask
	ACPICA: fix acpi operand cache leak in dswstate.c
	ASoC: amd: yc: Add quirk for Lenovo Yoga Pro 7 14ASP9
	clocksource: Fix the CPUs' choice in the watchdog per CPU verification
	power: supply: collie: Fix wakeup source leaks on device unbind
	mmc: Add quirk to disable DDR50 tuning
	ACPICA: Avoid sequence overread in call to strncmp()
	ASoC: tas2770: Power cycle amp on ISENSE/VSENSE change
	ASoC: intel/sdw_utils: Assign initial value in asoc_sdw_rt_amp_spk_rtd_init()
	ACPI: bus: Bail out if acpi_kobj registration fails
	ACPI: Add missing prototype for non CONFIG_SUSPEND/CONFIG_X86 case
	ACPICA: fix acpi parse and parseext cache leaks
	ACPICA: Apply pack(1) to union aml_resource
	ALSA: hda: cs35l41: Fix swapped l/r audio channels for Acer Helios laptops
	power: supply: bq27xxx: Retrieve again when busy
	pmdomain: core: Reset genpd->states to avoid freeing invalid data
	ACPICA: utilities: Fix overflow check in vsnprintf()
	platform-msi: Add msi_remove_device_irq_domain() in platform_device_msi_free_irqs_all()
	ASoC: tegra210_ahub: Add check to of_device_get_match_data()
	Make 'cc-option' work correctly for the -Wno-xyzzy pattern
	gpiolib: of: Add polarity quirk for s5m8767
	PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn()
	power: supply: max17040: adjust thermal channel scaling
	ACPI: battery: negate current when discharging
	net: macb: Check return value of dma_set_mask_and_coherent()
	net: lan743x: Modify the EEPROM and OTP size for PCI1xxxx devices
	tipc: use kfree_sensitive() for aead cleanup
	f2fs: use vmalloc instead of kvmalloc in .init_{,de}compress_ctx
	bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem()
	Bluetooth: btusb: Add new VID/PID 13d3/3584 for MT7922
	i2c: designware: Invoke runtime suspend on quick slave re-registration
	wifi: mt76: mt7996: drop fragments with multicast or broadcast RA
	emulex/benet: correct command version selection in be_cmd_get_stats()
	Bluetooth: btusb: Add new VID/PID 13d3/3630 for MT7925
	wifi: mt76: mt76x2: Add support for LiteOn WN4516R,WN4519R
	wifi: mt76: mt7921: add 160 MHz AP for mt7922 device
	wifi: mt76: mt7925: introduce thermal protection
	wifi: mac80211: validate SCAN_FLAG_AP in scan request during MLO
	sctp: Do not wake readers in __sctp_write_space()
	libbpf/btf: Fix string handling to support multi-split BTF
	cpufreq: scmi: Skip SCMI devices that aren't used by the CPUs
	i2c: tegra: check msg length in SMBUS block read
	i2c: npcm: Add clock toggle recovery
	clk: qcom: gcc-x1e80100: Set FORCE MEM CORE for UFS clocks
	net: dlink: add synchronization for stats update
	wifi: ath12k: fix macro definition HAL_RX_MSDU_PKT_LENGTH_GET
	wifi: ath12k: fix a possible dead lock caused by ab->base_lock
	wifi: ath11k: Fix QMI memory reuse logic
	iommu/amd: Allow matching ACPI HID devices without matching UIDs
	wifi: rtw89: leave idle mode when setting WEP encryption for AP mode
	tcp: always seek for minimal rtt in tcp_rcv_rtt_update()
	tcp: remove zero TCP TS samples for autotuning
	tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows
	tcp: add receive queue awareness in tcp_rcv_space_adjust()
	x86/sgx: Prevent attempts to reclaim poisoned pages
	ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT
	net: page_pool: Don't recycle into cache on PREEMPT_RT
	xfrm: validate assignment of maximal possible SEQ number
	net: atlantic: generate software timestamp just before the doorbell
	pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name()
	pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get_direction()
	bpf: Pass the same orig_call value to trampoline functions
	net: stmmac: generate software timestamp just before the doorbell
	pinctrl: armada-37xx: propagate error from armada_37xx_pmx_gpio_set_direction()
	libbpf: Check bpf_map_skeleton link for NULL
	pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get()
	net: mlx4: add SOF_TIMESTAMPING_TX_SOFTWARE flag when getting ts info
	net: vertexcom: mse102x: Return code for mse102x_rx_pkt_spi
	wireless: purelifi: plfxlc: fix memory leak in plfxlc_usb_wreq_asyn()
	wifi: mac80211: do not offer a mesh path if forwarding is disabled
	clk: rockchip: rk3036: mark ddrphy as critical
	hid-asus: check ROG Ally MCU version and warn
	wifi: iwlwifi: mvm: fix beacon CCK flag
	f2fs: fix to bail out in get_new_segment()
	netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX
	libbpf: Add identical pointer detection to btf_dedup_is_equiv()
	scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64 commands
	scsi: smartpqi: Add new PCI IDs
	iommu/amd: Ensure GA log notifier callbacks finish running before module unload
	wifi: iwlwifi: pcie: make sure to lock rxq->read
	wifi: rtw89: 8922a: fix TX fail with wrong VCO setting
	wifi: mac80211_hwsim: Prevent tsf from setting if beacon is disabled
	netdevsim: Mark NAPI ID on skb in nsim_rcv
	net/mlx5: HWS, Fix IP version decision
	bpf: Use proper type to calculate bpf_raw_tp_null_args.mask index
	wifi: mac80211: VLAN traffic in multicast path
	Revert "mac80211: Dynamically set CoDel parameters per station"
	wifi: iwlwifi: Add missing MODULE_FIRMWARE for Qu-c0-jf-b0
	net: bridge: mcast: update multicast contex when vlan state is changed
	net: bridge: mcast: re-implement br_multicast_{enable, disable}_port functions
	vxlan: Do not treat dst cache initialization errors as fatal
	bnxt_en: Remove unused field "ref_count" in struct bnxt_ulp
	wifi: ath12k: using msdu end descriptor to check for rx multicast packets
	net: ethernet: ti: am65-cpsw: handle -EPROBE_DEFER
	software node: Correct a OOB check in software_node_get_reference_args()
	isofs: fix Y2038 and Y2156 issues in Rock Ridge TF entry
	pinctrl: mcp23s08: Reset all pins to input at probe
	wifi: ath12k: fix failed to set mhi state error during reboot with hardware grouping
	scsi: lpfc: Use memcpy() for BIOS version
	sock: Correct error checking condition for (assign|release)_proto_idx()
	i40e: fix MMIO write access to an invalid page in i40e_clear_hw
	ixgbe: Fix unreachable retry logic in combined and byte I2C write functions
	RDMA/hns: initialize db in update_srq_db()
	ice: fix check for existing switch rule
	usbnet: asix AX88772: leave the carrier control to phylink
	f2fs: fix to set atomic write status more clear
	bpf, sockmap: Fix data lost during EAGAIN retries
	net: ethernet: cortina: Use TOE/TSO on all TCP
	octeontx2-pf: Add error log forcn10k_map_unmap_rq_policer()
	wifi: ath11k: determine PM policy based on machine model
	wifi: ath12k: fix link valid field initialization in the monitor Rx
	wifi: ath12k: fix incorrect CE addresses
	wifi: ath12k: Pass correct values of center freq1 and center freq2 for 160 MHz
	net/mlx5: HWS, Harden IP version definer checks
	fbcon: Make sure modelist not set on unregistered console
	watchdog: da9052_wdt: respect TWDMIN
	bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value
	ARM: OMAP2+: Fix l4ls clk domain handling in STANDBY
	tee: Prevent size calculation wraparound on 32-bit kernels
	Revert "bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices first"
	fs/xattr.c: fix simple_xattr_list()
	platform/x86/amd: pmc: Clear metrics table at start of cycle
	platform/x86/amd: pmf: Prevent amd_pmf_tee_deinit() from running twice
	platform/x86: dell_rbu: Fix list usage
	platform/x86: dell_rbu: Stop overwriting data buffer
	powerpc/vdso: Fix build of VDSO32 with pcrel
	powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH recovery
	io_uring/kbuf: don't truncate end buffer for multiple buffer peeks
	io_uring: fix task leak issue in io_wq_create()
	drivers/rapidio/rio_cm.c: prevent possible heap overwrite
	platform/loongarch: laptop: Get brightness setting from EC on probe
	platform/loongarch: laptop: Unregister generic_sub_drivers on exit
	platform/loongarch: laptop: Add backlight power control support
	LoongArch: vDSO: Correctly use asm parameters in syscall wrappers
	LoongArch: Avoid using $r0/$r1 as "mask" for csrxchg
	LoongArch: Fix panic caused by NULL-PMD in huge_pte_offset()
	jffs2: check that raw node were preallocated before writing summary
	jffs2: check jffs2_prealloc_raw_node_refs() result in few other places
	cifs: deal with the channel loading lag while picking channels
	cifs: serialize other channels when query server interfaces is pending
	cifs: do not disable interface polling on failure
	smb: improve directory cache reuse for readdir operations
	scsi: storvsc: Increase the timeouts to storvsc_timeout
	scsi: s390: zfcp: Ensure synchronous unit_add
	nvme: always punt polled uring_cmd end_io work to task_work
	net_sched: sch_sfq: reject invalid perturb period
	net: clear the dst when changing skb protocol
	mm: close theoretical race where stale TLB entries could linger
	udmabuf: use sgtable-based scatterlist wrappers
	x86/virt/tdx: Avoid indirect calls to TDX assembly functions
	selftests/x86: Add a test to detect infinite SIGTRAP handler loop
	ksmbd: fix null pointer dereference in destroy_previous_session
	platform/x86: ideapad-laptop: use usleep_range() for EC polling
	selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len
	platform/x86/intel-uncore-freq: Fail module load when plat_info is NULL
	sched_ext, sched/core: Don't call scx_group_set_weight() prematurely from sched_create_group()
	atm: Revert atm_account_tx() if copy_from_iter_full() fails.
	wifi: rtw89: phy: add dummy C2H event handler for report of TAS power
	cpufreq/amd-pstate: Add missing NULL ptr check in amd_pstate_update
	Input: sparcspkr - avoid unannotated fall-through
	wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path
	wifi: cfg80211: init wiphy_work before allocating rfkill fails
	arm64: Restrict pagetable teardown to avoid false warning
	ALSA: usb-audio: Rename ALSA kcontrol PCM and PCM1 for the KTMicro sound card
	ALSA: hda/intel: Add Thinkpad E15 to PM deny list
	ALSA: hda/realtek - Add mute LED support for HP Victus 16-s1xxx and HP Victus 15-fa1xxx
	ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged
	ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X513EA
	ALSA: hda/realtek: Add quirk for Asus GU605C
	iio: accel: fxls8962af: Fix temperature calculation
	mm/hugetlb: unshare page tables during VMA split, not before
	drm/amdgpu: read back register after written for VCN v4.0.5
	kbuild: rust: add rustc-min-version support function
	rust: compile libcore with edition 2024 for 1.87+
	net: Fix checksum update for ILA adj-transport
	bpf: Fix L4 csum update on IPv6 in CHECKSUM_COMPLETE
	erofs: remove unused trace event erofs_destroy_inode
	nfsd: use threads array as-is in netlink interface
	sunrpc: handle SVC_GARBAGE during svc auth processing as auth error
	drm/v3d: Avoid NULL pointer dereference in `v3d_job_update_stats()`
	Kunit to check the longest symbol length
	x86/tools: Drop duplicate unlikely() definition in insn_decoder_test.c
	ipv6: remove leftover ip6 cookie initializer
	ipv6: replace ipcm6_init calls with ipcm6_init_sk
	smb: fix secondary channel creation issue with kerberos by populating hostname when adding channels
	drm/msm/disp: Correct porch timing for SDM845
	drm/msm/dsi/dsi_phy_10nm: Fix missing initial VCO rate
	drm/msm: Fix CP_RESET_CONTEXT_STATE bitfield names
	drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE
	drm/ssd130x: fix ssd132x_clear_screen() columns
	ionic: Prevent driver/fw getting out of sync on devcmd(s)
	drm/nouveau/bl: increase buffer size to avoid truncate warning
	drm/i915/pmu: Fix build error with GCOV and AutoFDO enabled
	hwmon: (occ) Rework attribute registration for stack usage
	hwmon: (occ) fix unaligned accesses
	hwmon: (ltc4282) avoid repeated register write
	pldmfw: Select CRC32 when PLDMFW is selected
	aoe: clean device rq_list in aoedev_downdev()
	io_uring/sqpoll: don't put task_struct on tctx setup failure
	net: ice: Perform accurate aRFS flow match
	ice: fix eswitch code memory leak in reset scenario
	e1000e: set fixed clock frequency indication for Nahum 11 and Nahum 13
	workqueue: Initialize wq_isolated_cpumask in workqueue_init_early()
	ksmbd: add free_transport ops in ksmbd connection
	net: netmem: fix skb_ensure_writable with unreadable skbs
	bnxt_en: Fix double invocation of bnxt_ulp_stop()/bnxt_ulp_start()
	eth: bnxt: fix out-of-range access of vnic_info array
	bnxt_en: Add a helper function to configure MRU and RSS
	bnxt_en: Update MRU and RSS table of RSS contexts on queue reset
	ptp: fix breakage after ptp_vclock_in_use() rework
	ptp: allow reading of currently dialed frequency to succeed on free-running clocks
	wifi: carl9170: do not ping device which has failed to load firmware
	mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu().
	atm: atmtcp: Free invalid length skb in atmtcp_c_send().
	tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen() behavior
	tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer
	tcp: fix passive TFO socket having invalid NAPI ID
	eth: fbnic: avoid double free when failing to DMA-map FW msg
	net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get()
	ublk: santizize the arguments from userspace when adding a device
	drm/xe: Wire up device shutdown handler
	drm/xe/gt: Update handling of xe_force_wake_get return
	drm/xe/bmg: Update Wa_16023588340
	calipso: Fix null-ptr-deref in calipso_req_{set,del}attr().
	mlxbf_gige: return EPROBE_DEFER if PHY IRQ is not available
	net: atm: add lec_mutex
	net: atm: fix /proc/net/atm/lec handling
	EDAC/amd64: Correct number of UMCs for family 19h models 70h-7fh
	dt-bindings: i2c: nvidia,tegra20-i2c: Specify the required properties
	smb: Log an error when close_all_cached_dirs fails
	serial: sh-sci: Clean sci_ports[0] after at earlycon exit
	serial: sh-sci: Increment the runtime usage counter for the earlycon device
	smb: client: fix first command failure during re-negotiation
	smb: client: fix max_sge overflow in smb_extract_folioq_to_rdma()
	s390/pci: Fix __pcilg_mio_inuser() inline assembly
	perf: Fix sample vs do_exit()
	perf: Fix cgroup state vs ERROR
	perf/core: Fix WARN in perf_cgroup_switch()
	arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth()
	scsi: elx: efct: Fix memory leak in efct_hw_parse_filter()
	RISC-V: KVM: Fix the size parameter check in SBI SFENCE calls
	RISC-V: KVM: Don't treat SBI HFENCE calls as NOPs
	gpio: pca953x: fix wrong error probe return value
	perf evsel: Missed close() when probing hybrid core PMUs
	perf test: Directory file descriptor leak
	gpio: mlxbf3: only get IRQ for device instance 0
	cifs: Remove duplicate fattr->cf_dtype assignment from wsl_to_fattr() function
	bpftool: Fix cgroup command to only show cgroup bpf programs
	Linux 6.12.35

Change-Id: Ida57d269272a624bedb979bfad0b3c5e7df7e846
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
2025-07-10 16:01:38 +00:00

1982 lines
49 KiB
C
Raw Permalink Blame History

// SPDX-License-Identifier: GPL-2.0-only
/*
* linux/kernel/exit.c
*
* Copyright (C) 1991, 1992 Linus Torvalds
*/
#include <linux/mm.h>
#include <linux/slab.h>
#include <linux/sched/autogroup.h>
#include <linux/sched/mm.h>
#include <linux/sched/stat.h>
#include <linux/sched/task.h>
#include <linux/sched/task_stack.h>
#include <linux/sched/cputime.h>
#include <linux/interrupt.h>
#include <linux/module.h>
#include <linux/capability.h>
#include <linux/completion.h>
#include <linux/personality.h>
#include <linux/tty.h>
#include <linux/iocontext.h>
#include <linux/key.h>
#include <linux/cpu.h>
#include <linux/acct.h>
#include <linux/tsacct_kern.h>
#include <linux/file.h>
#include <linux/fdtable.h>
#include <linux/freezer.h>
#include <linux/binfmts.h>
#include <linux/nsproxy.h>
#include <linux/pid_namespace.h>
#include <linux/ptrace.h>
#include <linux/profile.h>
#include <linux/mount.h>
#include <linux/proc_fs.h>
#include <linux/kthread.h>
#include <linux/mempolicy.h>
#include <linux/taskstats_kern.h>
#include <linux/delayacct.h>
#include <linux/cgroup.h>
#include <linux/syscalls.h>
#include <linux/signal.h>
#include <linux/posix-timers.h>
#include <linux/cn_proc.h>
#include <linux/mutex.h>
#include <linux/futex.h>
#include <linux/pipe_fs_i.h>
#include <linux/audit.h> /* for audit_free() */
#include <linux/resource.h>
#include <linux/task_io_accounting_ops.h>
#include <linux/blkdev.h>
#include <linux/task_work.h>
#include <linux/fs_struct.h>
#include <linux/init_task.h>
#include <linux/perf_event.h>
#include <trace/events/sched.h>
#include <linux/hw_breakpoint.h>
#include <linux/oom.h>
#include <linux/writeback.h>
#include <linux/shm.h>
#include <linux/kcov.h>
#include <linux/kmsan.h>
#include <linux/random.h>
#include <linux/rcuwait.h>
#include <linux/compat.h>
#include <linux/io_uring.h>
#include <linux/kprobes.h>
#include <linux/rethook.h>
#include <linux/sysfs.h>
#include <linux/user_events.h>
#include <linux/uaccess.h>
#include <uapi/linux/wait.h>
#include <asm/unistd.h>
#include <asm/mmu_context.h>
#include <trace/hooks/dtask.h>
#include <trace/hooks/mm.h>
#include "exit.h"
/*
* The default value should be high enough to not crash a system that randomly
* crashes its kernel from time to time, but low enough to at least not permit
* overflowing 32-bit refcounts or the ldsem writer count.
*/
static unsigned int oops_limit = 10000;
#ifdef CONFIG_SYSCTL
static struct ctl_table kern_exit_table[] = {
{
.procname = "oops_limit",
.data = &oops_limit,
.maxlen = sizeof(oops_limit),
.mode = 0644,
.proc_handler = proc_douintvec,
},
};
static __init int kernel_exit_sysctls_init(void)
{
register_sysctl_init("kernel", kern_exit_table);
return 0;
}
late_initcall(kernel_exit_sysctls_init);
#endif
static atomic_t oops_count = ATOMIC_INIT(0);
#ifdef CONFIG_SYSFS
static ssize_t oops_count_show(struct kobject *kobj, struct kobj_attribute *attr,
char *page)
{
return sysfs_emit(page, "%d\n", atomic_read(&oops_count));
}
static struct kobj_attribute oops_count_attr = __ATTR_RO(oops_count);
static __init int kernel_exit_sysfs_init(void)
{
sysfs_add_file_to_group(kernel_kobj, &oops_count_attr.attr, NULL);
return 0;
}
late_initcall(kernel_exit_sysfs_init);
#endif
static void __unhash_process(struct task_struct *p, bool group_dead)
{
nr_threads--;
detach_pid(p, PIDTYPE_PID);
if (group_dead) {
detach_pid(p, PIDTYPE_TGID);
detach_pid(p, PIDTYPE_PGID);
detach_pid(p, PIDTYPE_SID);
list_del_rcu(&p->tasks);
list_del_init(&p->sibling);
__this_cpu_dec(process_counts);
}
list_del_rcu(&p->thread_node);
}
/*
* This function expects the tasklist_lock write-locked.
*/
static void __exit_signal(struct task_struct *tsk)
{
struct signal_struct *sig = tsk->signal;
bool group_dead = thread_group_leader(tsk);
struct sighand_struct *sighand;
struct tty_struct *tty;
u64 utime, stime;
sighand = rcu_dereference_check(tsk->sighand,
lockdep_tasklist_lock_is_held());
spin_lock(&sighand->siglock);
#ifdef CONFIG_POSIX_TIMERS
posix_cpu_timers_exit(tsk);
if (group_dead)
posix_cpu_timers_exit_group(tsk);
#endif
if (group_dead) {
tty = sig->tty;
sig->tty = NULL;
} else {
/*
* If there is any task waiting for the group exit
* then notify it:
*/
if (sig->notify_count > 0 && !--sig->notify_count)
wake_up_process(sig->group_exec_task);
if (tsk == sig->curr_target)
sig->curr_target = next_thread(tsk);
}
add_device_randomness((const void*) &tsk->se.sum_exec_runtime,
sizeof(unsigned long long));
/*
* Accumulate here the counters for all threads as they die. We could
* skip the group leader because it is the last user of signal_struct,
* but we want to avoid the race with thread_group_cputime() which can
* see the empty ->thread_head list.
*/
task_cputime(tsk, &utime, &stime);
write_seqlock(&sig->stats_lock);
sig->utime += utime;
sig->stime += stime;
sig->gtime += task_gtime(tsk);
sig->min_flt += tsk->min_flt;
sig->maj_flt += tsk->maj_flt;
sig->nvcsw += tsk->nvcsw;
sig->nivcsw += tsk->nivcsw;
sig->inblock += task_io_get_inblock(tsk);
sig->oublock += task_io_get_oublock(tsk);
task_io_accounting_add(&sig->ioac, &tsk->ioac);
sig->sum_sched_runtime += tsk->se.sum_exec_runtime;
sig->nr_threads--;
__unhash_process(tsk, group_dead);
write_sequnlock(&sig->stats_lock);
/*
* Do this under ->siglock, we can race with another thread
* doing sigqueue_free() if we have SIGQUEUE_PREALLOC signals.
*/
flush_sigqueue(&tsk->pending);
tsk->sighand = NULL;
spin_unlock(&sighand->siglock);
__cleanup_sighand(sighand);
clear_tsk_thread_flag(tsk, TIF_SIGPENDING);
if (group_dead) {
flush_sigqueue(&sig->shared_pending);
tty_kref_put(tty);
}
}
static void delayed_put_task_struct(struct rcu_head *rhp)
{
struct task_struct *tsk = container_of(rhp, struct task_struct, rcu);
kprobe_flush_task(tsk);
rethook_flush_task(tsk);
perf_event_delayed_put(tsk);
trace_sched_process_free(tsk);
put_task_struct(tsk);
}
void put_task_struct_rcu_user(struct task_struct *task)
{
if (refcount_dec_and_test(&task->rcu_users))
call_rcu(&task->rcu, delayed_put_task_struct);
}
void __weak release_thread(struct task_struct *dead_task)
{
}
void release_task(struct task_struct *p)
{
struct task_struct *leader;
struct pid *thread_pid;
int zap_leader;
repeat:
/* don't need to get the RCU readlock here - the process is dead and
* can't be modifying its own credentials. But shut RCU-lockdep up */
rcu_read_lock();
dec_rlimit_ucounts(task_ucounts(p), UCOUNT_RLIMIT_NPROC, 1);
rcu_read_unlock();
cgroup_release(p);
write_lock_irq(&tasklist_lock);
ptrace_release_task(p);
thread_pid = get_pid(p->thread_pid);
__exit_signal(p);
/*
* If we are the last non-leader member of the thread
* group, and the leader is zombie, then notify the
* group leader's parent process. (if it wants notification.)
*/
zap_leader = 0;
leader = p->group_leader;
if (leader != p && thread_group_empty(leader)
&& leader->exit_state == EXIT_ZOMBIE) {
/*
* If we were the last child thread and the leader has
* exited already, and the leader's parent ignores SIGCHLD,
* then we are the one who should release the leader.
*/
zap_leader = do_notify_parent(leader, leader->exit_signal);
if (zap_leader)
leader->exit_state = EXIT_DEAD;
}
write_unlock_irq(&tasklist_lock);
proc_flush_pid(thread_pid);
put_pid(thread_pid);
release_thread(p);
put_task_struct_rcu_user(p);
p = leader;
if (unlikely(zap_leader))
goto repeat;
}
int rcuwait_wake_up(struct rcuwait *w)
{
int ret = 0;
struct task_struct *task;
rcu_read_lock();
/*
* Order condition vs @task, such that everything prior to the load
* of @task is visible. This is the condition as to why the user called
* rcuwait_wake() in the first place. Pairs with set_current_state()
* barrier (A) in rcuwait_wait_event().
*
* WAIT WAKE
* [S] tsk = current [S] cond = true
* MB (A) MB (B)
* [L] cond [L] tsk
*/
smp_mb(); /* (B) */
task = rcu_dereference(w->task);
if (task)
ret = wake_up_process(task);
rcu_read_unlock();
return ret;
}
EXPORT_SYMBOL_GPL(rcuwait_wake_up);
/*
* Determine if a process group is "orphaned", according to the POSIX
* definition in 2.2.2.52. Orphaned process groups are not to be affected
* by terminal-generated stop signals. Newly orphaned process groups are
* to receive a SIGHUP and a SIGCONT.
*
* "I ask you, have you ever known what it is to be an orphan?"
*/
static int will_become_orphaned_pgrp(struct pid *pgrp,
struct task_struct *ignored_task)
{
struct task_struct *p;
do_each_pid_task(pgrp, PIDTYPE_PGID, p) {
if ((p == ignored_task) ||
(p->exit_state && thread_group_empty(p)) ||
is_global_init(p->real_parent))
continue;
if (task_pgrp(p->real_parent) != pgrp &&
task_session(p->real_parent) == task_session(p))
return 0;
} while_each_pid_task(pgrp, PIDTYPE_PGID, p);
return 1;
}
int is_current_pgrp_orphaned(void)
{
int retval;
read_lock(&tasklist_lock);
retval = will_become_orphaned_pgrp(task_pgrp(current), NULL);
read_unlock(&tasklist_lock);
return retval;
}
static bool has_stopped_jobs(struct pid *pgrp)
{
struct task_struct *p;
do_each_pid_task(pgrp, PIDTYPE_PGID, p) {
if (p->signal->flags & SIGNAL_STOP_STOPPED)
return true;
} while_each_pid_task(pgrp, PIDTYPE_PGID, p);
return false;
}
/*
* Check to see if any process groups have become orphaned as
* a result of our exiting, and if they have any stopped jobs,
* send them a SIGHUP and then a SIGCONT. (POSIX 3.2.2.2)
*/
static void
kill_orphaned_pgrp(struct task_struct *tsk, struct task_struct *parent)
{
struct pid *pgrp = task_pgrp(tsk);
struct task_struct *ignored_task = tsk;
if (!parent)
/* exit: our father is in a different pgrp than
* we are and we were the only connection outside.
*/
parent = tsk->real_parent;
else
/* reparent: our child is in a different pgrp than
* we are, and it was the only connection outside.
*/
ignored_task = NULL;
if (task_pgrp(parent) != pgrp &&
task_session(parent) == task_session(tsk) &&
will_become_orphaned_pgrp(pgrp, ignored_task) &&
has_stopped_jobs(pgrp)) {
__kill_pgrp_info(SIGHUP, SEND_SIG_PRIV, pgrp);
__kill_pgrp_info(SIGCONT, SEND_SIG_PRIV, pgrp);
}
}
static void coredump_task_exit(struct task_struct *tsk)
{
struct core_state *core_state;
/*
* Serialize with any possible pending coredump.
* We must hold siglock around checking core_state
* and setting PF_POSTCOREDUMP. The core-inducing thread
* will increment ->nr_threads for each thread in the
* group without PF_POSTCOREDUMP set.
*/
spin_lock_irq(&tsk->sighand->siglock);
tsk->flags |= PF_POSTCOREDUMP;
core_state = tsk->signal->core_state;
spin_unlock_irq(&tsk->sighand->siglock);
if (core_state) {
struct core_thread self;
self.task = current;
if (self.task->flags & PF_SIGNALED)
self.next = xchg(&core_state->dumper.next, &self);
else
self.task = NULL;
/*
* Implies mb(), the result of xchg() must be visible
* to core_state->dumper.
*/
if (atomic_dec_and_test(&core_state->nr_threads))
complete(&core_state->startup);
for (;;) {
set_current_state(TASK_IDLE|TASK_FREEZABLE);
if (!self.task) /* see coredump_finish() */
break;
schedule();
}
__set_current_state(TASK_RUNNING);
}
}
#ifdef CONFIG_MEMCG
/* drops tasklist_lock if succeeds */
static bool __try_to_set_owner(struct task_struct *tsk, struct mm_struct *mm)
{
bool ret = false;
task_lock(tsk);
if (likely(tsk->mm == mm)) {
/* tsk can't pass exit_mm/exec_mmap and exit */
read_unlock(&tasklist_lock);
WRITE_ONCE(mm->owner, tsk);
lru_gen_migrate_mm(mm);
ret = true;
}
task_unlock(tsk);
return ret;
}
static bool try_to_set_owner(struct task_struct *g, struct mm_struct *mm)
{
struct task_struct *t;
for_each_thread(g, t) {
struct mm_struct *t_mm = READ_ONCE(t->mm);
if (t_mm == mm) {
if (__try_to_set_owner(t, mm))
return true;
} else if (t_mm)
break;
}
return false;
}
/*
* A task is exiting. If it owned this mm, find a new owner for the mm.
*/
void mm_update_next_owner(struct mm_struct *mm)
{
struct task_struct *g, *p = current;
/*
* If the exiting or execing task is not the owner, it's
* someone else's problem.
*/
if (mm->owner != p)
return;
/*
* The current owner is exiting/execing and there are no other
* candidates. Do not leave the mm pointing to a possibly
* freed task structure.
*/
if (atomic_read(&mm->mm_users) <= 1) {
WRITE_ONCE(mm->owner, NULL);
return;
}
read_lock(&tasklist_lock);
/*
* Search in the children
*/
list_for_each_entry(g, &p->children, sibling) {
if (try_to_set_owner(g, mm))
goto ret;
}
/*
* Search in the siblings
*/
list_for_each_entry(g, &p->real_parent->children, sibling) {
if (try_to_set_owner(g, mm))
goto ret;
}
/*
* Search through everything else, we should not get here often.
*/
for_each_process(g) {
if (atomic_read(&mm->mm_users) <= 1)
break;
if (g->flags & PF_KTHREAD)
continue;
if (try_to_set_owner(g, mm))
goto ret;
}
read_unlock(&tasklist_lock);
/*
* We found no owner yet mm_users > 1: this implies that we are
* most likely racing with swapoff (try_to_unuse()) or /proc or
* ptrace or page migration (get_task_mm()). Mark owner as NULL.
*/
WRITE_ONCE(mm->owner, NULL);
ret:
return;
}
#endif /* CONFIG_MEMCG */
/*
* Turn us into a lazy TLB process if we
* aren't already..
*/
static void exit_mm(void)
{
struct mm_struct *mm = current->mm;
exit_mm_release(current, mm);
if (!mm)
return;
mmap_read_lock(mm);
mmgrab_lazy_tlb(mm);
BUG_ON(mm != current->active_mm);
/* more a memory barrier than a real lock */
task_lock(current);
/*
* When a thread stops operating on an address space, the loop
* in membarrier_private_expedited() may not observe that
* tsk->mm, and the loop in membarrier_global_expedited() may
* not observe a MEMBARRIER_STATE_GLOBAL_EXPEDITED
* rq->membarrier_state, so those would not issue an IPI.
* Membarrier requires a memory barrier after accessing
* user-space memory, before clearing tsk->mm or the
* rq->membarrier_state.
*/
smp_mb__after_spinlock();
local_irq_disable();
current->mm = NULL;
membarrier_update_current_mm(NULL);
enter_lazy_tlb(mm, current);
local_irq_enable();
task_unlock(current);
mmap_read_unlock(mm);
mm_update_next_owner(mm);
trace_android_vh_exit_mm(mm);
mmput(mm);
if (test_thread_flag(TIF_MEMDIE))
exit_oom_victim();
}
static struct task_struct *find_alive_thread(struct task_struct *p)
{
struct task_struct *t;
for_each_thread(p, t) {
if (!(t->flags & PF_EXITING))
return t;
}
return NULL;
}
static struct task_struct *find_child_reaper(struct task_struct *father,
struct list_head *dead)
__releases(&tasklist_lock)
__acquires(&tasklist_lock)
{
struct pid_namespace *pid_ns = task_active_pid_ns(father);
struct task_struct *reaper = pid_ns->child_reaper;
struct task_struct *p, *n;
if (likely(reaper != father))
return reaper;
reaper = find_alive_thread(father);
if (reaper) {
pid_ns->child_reaper = reaper;
return reaper;
}
write_unlock_irq(&tasklist_lock);
list_for_each_entry_safe(p, n, dead, ptrace_entry) {
list_del_init(&p->ptrace_entry);
release_task(p);
}
zap_pid_ns_processes(pid_ns);
write_lock_irq(&tasklist_lock);
return father;
}
/*
* When we die, we re-parent all our children, and try to:
* 1. give them to another thread in our thread group, if such a member exists
* 2. give it to the first ancestor process which prctl'd itself as a
* child_subreaper for its children (like a service manager)
* 3. give it to the init process (PID 1) in our pid namespace
*/
static struct task_struct *find_new_reaper(struct task_struct *father,
struct task_struct *child_reaper)
{
struct task_struct *thread, *reaper;
thread = find_alive_thread(father);
if (thread)
return thread;
if (father->signal->has_child_subreaper) {
unsigned int ns_level = task_pid(father)->level;
/*
* Find the first ->is_child_subreaper ancestor in our pid_ns.
* We can't check reaper != child_reaper to ensure we do not
* cross the namespaces, the exiting parent could be injected
* by setns() + fork().
* We check pid->level, this is slightly more efficient than
* task_active_pid_ns(reaper) != task_active_pid_ns(father).
*/
for (reaper = father->real_parent;
task_pid(reaper)->level == ns_level;
reaper = reaper->real_parent) {
if (reaper == &init_task)
break;
if (!reaper->signal->is_child_subreaper)
continue;
thread = find_alive_thread(reaper);
if (thread)
return thread;
}
}
return child_reaper;
}
/*
* Any that need to be release_task'd are put on the @dead list.
*/
static void reparent_leader(struct task_struct *father, struct task_struct *p,
struct list_head *dead)
{
if (unlikely(p->exit_state == EXIT_DEAD))
return;
/* We don't want people slaying init. */
p->exit_signal = SIGCHLD;
/* If it has exited notify the new parent about this child's death. */
if (!p->ptrace &&
p->exit_state == EXIT_ZOMBIE && thread_group_empty(p)) {
if (do_notify_parent(p, p->exit_signal)) {
p->exit_state = EXIT_DEAD;
list_add(&p->ptrace_entry, dead);
}
}
kill_orphaned_pgrp(p, father);
}
/*
* This does two things:
*
* A. Make init inherit all the child processes
* B. Check to see if any process groups have become orphaned
* as a result of our exiting, and if they have any stopped
* jobs, send them a SIGHUP and then a SIGCONT. (POSIX 3.2.2.2)
*/
static void forget_original_parent(struct task_struct *father,
struct list_head *dead)
{
struct task_struct *p, *t, *reaper;
if (unlikely(!list_empty(&father->ptraced)))
exit_ptrace(father, dead);
/* Can drop and reacquire tasklist_lock */
reaper = find_child_reaper(father, dead);
if (list_empty(&father->children))
return;
reaper = find_new_reaper(father, reaper);
list_for_each_entry(p, &father->children, sibling) {
for_each_thread(p, t) {
RCU_INIT_POINTER(t->real_parent, reaper);
BUG_ON((!t->ptrace) != (rcu_access_pointer(t->parent) == father));
if (likely(!t->ptrace))
t->parent = t->real_parent;
if (t->pdeath_signal)
group_send_sig_info(t->pdeath_signal,
SEND_SIG_NOINFO, t,
PIDTYPE_TGID);
}
/*
* If this is a threaded reparent there is no need to
* notify anyone anything has happened.
*/
if (!same_thread_group(reaper, father))
reparent_leader(father, p, dead);
}
list_splice_tail_init(&father->children, &reaper->children);
}
/*
* Send signals to all our closest relatives so that they know
* to properly mourn us..
*/
static void exit_notify(struct task_struct *tsk, int group_dead)
{
bool autoreap;
struct task_struct *p, *n;
LIST_HEAD(dead);
write_lock_irq(&tasklist_lock);
forget_original_parent(tsk, &dead);
if (group_dead)
kill_orphaned_pgrp(tsk->group_leader, NULL);
tsk->exit_state = EXIT_ZOMBIE;
/*
* Ignore thread-group leaders that exited before all
* subthreads did.
*/
if (!delay_group_leader(tsk))
do_notify_pidfd(tsk);
if (unlikely(tsk->ptrace)) {
int sig = thread_group_leader(tsk) &&
thread_group_empty(tsk) &&
!ptrace_reparented(tsk) ?
tsk->exit_signal : SIGCHLD;
autoreap = do_notify_parent(tsk, sig);
} else if (thread_group_leader(tsk)) {
autoreap = thread_group_empty(tsk) &&
do_notify_parent(tsk, tsk->exit_signal);
} else {
autoreap = true;
}
if (autoreap) {
tsk->exit_state = EXIT_DEAD;
list_add(&tsk->ptrace_entry, &dead);
}
/* mt-exec, de_thread() is waiting for group leader */
if (unlikely(tsk->signal->notify_count < 0))
wake_up_process(tsk->signal->group_exec_task);
write_unlock_irq(&tasklist_lock);
list_for_each_entry_safe(p, n, &dead, ptrace_entry) {
list_del_init(&p->ptrace_entry);
release_task(p);
}
}
#ifdef CONFIG_DEBUG_STACK_USAGE
unsigned long stack_not_used(struct task_struct *p)
{
unsigned long *n = end_of_stack(p);
do { /* Skip over canary */
# ifdef CONFIG_STACK_GROWSUP
n--;
# else
n++;
# endif
} while (!*n);
# ifdef CONFIG_STACK_GROWSUP
return (unsigned long)end_of_stack(p) - (unsigned long)n;
# else
return (unsigned long)n - (unsigned long)end_of_stack(p);
# endif
}
/* Count the maximum pages reached in kernel stacks */
static inline void kstack_histogram(unsigned long used_stack)
{
#ifdef CONFIG_VM_EVENT_COUNTERS
if (used_stack <= 1024)
count_vm_event(KSTACK_1K);
#if THREAD_SIZE > 1024
else if (used_stack <= 2048)
count_vm_event(KSTACK_2K);
#endif
#if THREAD_SIZE > 2048
else if (used_stack <= 4096)
count_vm_event(KSTACK_4K);
#endif
#if THREAD_SIZE > 4096
else if (used_stack <= 8192)
count_vm_event(KSTACK_8K);
#endif
#if THREAD_SIZE > 8192
else if (used_stack <= 16384)
count_vm_event(KSTACK_16K);
#endif
#if THREAD_SIZE > 16384
else if (used_stack <= 32768)
count_vm_event(KSTACK_32K);
#endif
#if THREAD_SIZE > 32768
else if (used_stack <= 65536)
count_vm_event(KSTACK_64K);
#endif
#if THREAD_SIZE > 65536
else
count_vm_event(KSTACK_REST);
#endif
#endif /* CONFIG_VM_EVENT_COUNTERS */
}
static void check_stack_usage(void)
{
static DEFINE_SPINLOCK(low_water_lock);
static int lowest_to_date = THREAD_SIZE;
unsigned long free;
free = stack_not_used(current);
kstack_histogram(THREAD_SIZE - free);
if (free >= lowest_to_date)
return;
spin_lock(&low_water_lock);
if (free < lowest_to_date) {
pr_info("%s (%d) used greatest stack depth: %lu bytes left\n",
current->comm, task_pid_nr(current), free);
lowest_to_date = free;
}
spin_unlock(&low_water_lock);
}
#else
static inline void check_stack_usage(void) {}
#endif
static void synchronize_group_exit(struct task_struct *tsk, long code)
{
struct sighand_struct *sighand = tsk->sighand;
struct signal_struct *signal = tsk->signal;
spin_lock_irq(&sighand->siglock);
signal->quick_threads--;
if ((signal->quick_threads == 0) &&
!(signal->flags & SIGNAL_GROUP_EXIT)) {
signal->flags = SIGNAL_GROUP_EXIT;
signal->group_exit_code = code;
signal->group_stop_count = 0;
}
spin_unlock_irq(&sighand->siglock);
}
void __noreturn do_exit(long code)
{
struct task_struct *tsk = current;
int group_dead;
WARN_ON(irqs_disabled());
synchronize_group_exit(tsk, code);
WARN_ON(tsk->plug);
profile_task_exit(tsk);
kcov_task_exit(tsk);
kmsan_task_exit(tsk);
coredump_task_exit(tsk);
ptrace_event(PTRACE_EVENT_EXIT, code);
user_events_exit(tsk);
io_uring_files_cancel();
exit_signals(tsk); /* sets PF_EXITING */
trace_android_vh_exit_check(current);
seccomp_filter_release(tsk);
acct_update_integrals(tsk);
group_dead = atomic_dec_and_test(&tsk->signal->live);
if (group_dead) {
/*
* If the last thread of global init has exited, panic
* immediately to get a useable coredump.
*/
if (unlikely(is_global_init(tsk)))
panic("Attempted to kill init! exitcode=0x%08x\n",
tsk->signal->group_exit_code ?: (int)code);
#ifdef CONFIG_POSIX_TIMERS
hrtimer_cancel(&tsk->signal->real_timer);
exit_itimers(tsk);
#endif
if (tsk->mm)
setmax_mm_hiwater_rss(&tsk->signal->maxrss, tsk->mm);
}
acct_collect(code, group_dead);
if (group_dead)
tty_audit_exit();
audit_free(tsk);
tsk->exit_code = code;
taskstats_exit(tsk, group_dead);
/*
* Since sampling can touch ->mm, make sure to stop everything before we
* tear it down.
*
* Also flushes inherited counters to the parent - before the parent
* gets woken up by child-exit notifications.
*/
perf_event_exit_task(tsk);
exit_mm();
if (group_dead)
acct_process();
trace_sched_process_exit(tsk);
exit_sem(tsk);
exit_shm(tsk);
exit_files(tsk);
exit_fs(tsk);
if (group_dead)
disassociate_ctty(1);
exit_task_namespaces(tsk);
exit_task_work(tsk);
exit_thread(tsk);
sched_autogroup_exit_task(tsk);
cgroup_exit(tsk);
/*
* FIXME: do that only when needed, using sched_exit tracepoint
*/
flush_ptrace_hw_breakpoint(tsk);
exit_tasks_rcu_start();
exit_notify(tsk, group_dead);
proc_exit_connector(tsk);
mpol_put_task_policy(tsk);
#ifdef CONFIG_FUTEX
if (unlikely(current->pi_state_cache))
kfree(current->pi_state_cache);
#endif
/*
* Make sure we are holding no locks:
*/
debug_check_no_locks_held();
if (tsk->io_context)
exit_io_context(tsk);
if (tsk->splice_pipe)
free_pipe_info(tsk->splice_pipe);
if (tsk->task_frag.page)
put_page(tsk->task_frag.page);
exit_task_stack_account(tsk);
check_stack_usage();
preempt_disable();
if (tsk->nr_dirtied)
__this_cpu_add(dirty_throttle_leaks, tsk->nr_dirtied);
exit_rcu();
exit_tasks_rcu_finish();
lockdep_free_task(tsk);
do_task_dead();
}
void __noreturn make_task_dead(int signr)
{
/*
* Take the task off the cpu after something catastrophic has
* happened.
*
* We can get here from a kernel oops, sometimes with preemption off.
* Start by checking for critical errors.
* Then fix up important state like USER_DS and preemption.
* Then do everything else.
*/
struct task_struct *tsk = current;
unsigned int limit;
if (unlikely(in_interrupt()))
panic("Aiee, killing interrupt handler!");
if (unlikely(!tsk->pid))
panic("Attempted to kill the idle task!");
if (unlikely(irqs_disabled())) {
pr_info("note: %s[%d] exited with irqs disabled\n",
current->comm, task_pid_nr(current));
local_irq_enable();
}
if (unlikely(in_atomic())) {
pr_info("note: %s[%d] exited with preempt_count %d\n",
current->comm, task_pid_nr(current),
preempt_count());
preempt_count_set(PREEMPT_ENABLED);
}
/*
* Every time the system oopses, if the oops happens while a reference
* to an object was held, the reference leaks.
* If the oops doesn't also leak memory, repeated oopsing can cause
* reference counters to wrap around (if they're not using refcount_t).
* This means that repeated oopsing can make unexploitable-looking bugs
* exploitable through repeated oopsing.
* To make sure this can't happen, place an upper bound on how often the
* kernel may oops without panic().
*/
limit = READ_ONCE(oops_limit);
if (atomic_inc_return(&oops_count) >= limit && limit)
panic("Oopsed too often (kernel.oops_limit is %d)", limit);
/*
* We're taking recursive faults here in make_task_dead. Safest is to just
* leave this task alone and wait for reboot.
*/
if (unlikely(tsk->flags & PF_EXITING)) {
pr_alert("Fixing recursive fault but reboot is needed!\n");
futex_exit_recursive(tsk);
tsk->exit_state = EXIT_DEAD;
refcount_inc(&tsk->rcu_users);
do_task_dead();
}
do_exit(signr);
}
SYSCALL_DEFINE1(exit, int, error_code)
{
do_exit((error_code&0xff)<<8);
}
/*
* Take down every thread in the group. This is called by fatal signals
* as well as by sys_exit_group (below).
*/
void __noreturn
do_group_exit(int exit_code)
{
struct signal_struct *sig = current->signal;
if (sig->flags & SIGNAL_GROUP_EXIT)
exit_code = sig->group_exit_code;
else if (sig->group_exec_task)
exit_code = 0;
else {
struct sighand_struct *const sighand = current->sighand;
spin_lock_irq(&sighand->siglock);
if (sig->flags & SIGNAL_GROUP_EXIT)
/* Another thread got here before we took the lock. */
exit_code = sig->group_exit_code;
else if (sig->group_exec_task)
exit_code = 0;
else {
sig->group_exit_code = exit_code;
sig->flags = SIGNAL_GROUP_EXIT;
zap_other_threads(current);
}
spin_unlock_irq(&sighand->siglock);
}
trace_android_vh_do_group_exit(current);
do_exit(exit_code);
/* NOTREACHED */
}
/*
* this kills every thread in the thread group. Note that any externally
* wait4()-ing process will get the correct exit code - even if this
* thread is not the thread group leader.
*/
SYSCALL_DEFINE1(exit_group, int, error_code)
{
do_group_exit((error_code & 0xff) << 8);
/* NOTREACHED */
return 0;
}
static int eligible_pid(struct wait_opts *wo, struct task_struct *p)
{
return wo->wo_type == PIDTYPE_MAX ||
task_pid_type(p, wo->wo_type) == wo->wo_pid;
}
static int
eligible_child(struct wait_opts *wo, bool ptrace, struct task_struct *p)
{
if (!eligible_pid(wo, p))
return 0;
/*
* Wait for all children (clone and not) if __WALL is set or
* if it is traced by us.
*/
if (ptrace || (wo->wo_flags & __WALL))
return 1;
/*
* Otherwise, wait for clone children *only* if __WCLONE is set;
* otherwise, wait for non-clone children *only*.
*
* Note: a "clone" child here is one that reports to its parent
* using a signal other than SIGCHLD, or a non-leader thread which
* we can only see if it is traced by us.
*/
if ((p->exit_signal != SIGCHLD) ^ !!(wo->wo_flags & __WCLONE))
return 0;
return 1;
}
/*
* Handle sys_wait4 work for one task in state EXIT_ZOMBIE. We hold
* read_lock(&tasklist_lock) on entry. If we return zero, we still hold
* the lock and this task is uninteresting. If we return nonzero, we have
* released the lock and the system call should return.
*/
static int wait_task_zombie(struct wait_opts *wo, struct task_struct *p)
{
int state, status;
pid_t pid = task_pid_vnr(p);
uid_t uid = from_kuid_munged(current_user_ns(), task_uid(p));
struct waitid_info *infop;
if (!likely(wo->wo_flags & WEXITED))
return 0;
if (unlikely(wo->wo_flags & WNOWAIT)) {
status = (p->signal->flags & SIGNAL_GROUP_EXIT)
? p->signal->group_exit_code : p->exit_code;
get_task_struct(p);
read_unlock(&tasklist_lock);
sched_annotate_sleep();
if (wo->wo_rusage)
getrusage(p, RUSAGE_BOTH, wo->wo_rusage);
put_task_struct(p);
goto out_info;
}
/*
* Move the task's state to DEAD/TRACE, only one thread can do this.
*/
state = (ptrace_reparented(p) && thread_group_leader(p)) ?
EXIT_TRACE : EXIT_DEAD;
if (cmpxchg(&p->exit_state, EXIT_ZOMBIE, state) != EXIT_ZOMBIE)
return 0;
/*
* We own this thread, nobody else can reap it.
*/
read_unlock(&tasklist_lock);
sched_annotate_sleep();
/*
* Check thread_group_leader() to exclude the traced sub-threads.
*/
if (state == EXIT_DEAD && thread_group_leader(p)) {
struct signal_struct *sig = p->signal;
struct signal_struct *psig = current->signal;
unsigned long maxrss;
u64 tgutime, tgstime;
/*
* The resource counters for the group leader are in its
* own task_struct. Those for dead threads in the group
* are in its signal_struct, as are those for the child
* processes it has previously reaped. All these
* accumulate in the parent's signal_struct c* fields.
*
* We don't bother to take a lock here to protect these
* p->signal fields because the whole thread group is dead
* and nobody can change them.
*
* psig->stats_lock also protects us from our sub-threads
* which can reap other children at the same time.
*
* We use thread_group_cputime_adjusted() to get times for
* the thread group, which consolidates times for all threads
* in the group including the group leader.
*/
thread_group_cputime_adjusted(p, &tgutime, &tgstime);
write_seqlock_irq(&psig->stats_lock);
psig->cutime += tgutime + sig->cutime;
psig->cstime += tgstime + sig->cstime;
psig->cgtime += task_gtime(p) + sig->gtime + sig->cgtime;
psig->cmin_flt +=
p->min_flt + sig->min_flt + sig->cmin_flt;
psig->cmaj_flt +=
p->maj_flt + sig->maj_flt + sig->cmaj_flt;
psig->cnvcsw +=
p->nvcsw + sig->nvcsw + sig->cnvcsw;
psig->cnivcsw +=
p->nivcsw + sig->nivcsw + sig->cnivcsw;
psig->cinblock +=
task_io_get_inblock(p) +
sig->inblock + sig->cinblock;
psig->coublock +=
task_io_get_oublock(p) +
sig->oublock + sig->coublock;
maxrss = max(sig->maxrss, sig->cmaxrss);
if (psig->cmaxrss < maxrss)
psig->cmaxrss = maxrss;
task_io_accounting_add(&psig->ioac, &p->ioac);
task_io_accounting_add(&psig->ioac, &sig->ioac);
write_sequnlock_irq(&psig->stats_lock);
}
if (wo->wo_rusage)
getrusage(p, RUSAGE_BOTH, wo->wo_rusage);
status = (p->signal->flags & SIGNAL_GROUP_EXIT)
? p->signal->group_exit_code : p->exit_code;
wo->wo_stat = status;
if (state == EXIT_TRACE) {
write_lock_irq(&tasklist_lock);
/* We dropped tasklist, ptracer could die and untrace */
ptrace_unlink(p);
/* If parent wants a zombie, don't release it now */
state = EXIT_ZOMBIE;
if (do_notify_parent(p, p->exit_signal))
state = EXIT_DEAD;
p->exit_state = state;
write_unlock_irq(&tasklist_lock);
}
if (state == EXIT_DEAD)
release_task(p);
out_info:
infop = wo->wo_info;
if (infop) {
if ((status & 0x7f) == 0) {
infop->cause = CLD_EXITED;
infop->status = status >> 8;
} else {
infop->cause = (status & 0x80) ? CLD_DUMPED : CLD_KILLED;
infop->status = status & 0x7f;
}
infop->pid = pid;
infop->uid = uid;
}
return pid;
}
static int *task_stopped_code(struct task_struct *p, bool ptrace)
{
if (ptrace) {
if (task_is_traced(p) && !(p->jobctl & JOBCTL_LISTENING))
return &p->exit_code;
} else {
if (p->signal->flags & SIGNAL_STOP_STOPPED)
return &p->signal->group_exit_code;
}
return NULL;
}
/**
* wait_task_stopped - Wait for %TASK_STOPPED or %TASK_TRACED
* @wo: wait options
* @ptrace: is the wait for ptrace
* @p: task to wait for
*
* Handle sys_wait4() work for %p in state %TASK_STOPPED or %TASK_TRACED.
*
* CONTEXT:
* read_lock(&tasklist_lock), which is released if return value is
* non-zero. Also, grabs and releases @p->sighand->siglock.
*
* RETURNS:
* 0 if wait condition didn't exist and search for other wait conditions
* should continue. Non-zero return, -errno on failure and @p's pid on
* success, implies that tasklist_lock is released and wait condition
* search should terminate.
*/
static int wait_task_stopped(struct wait_opts *wo,
int ptrace, struct task_struct *p)
{
struct waitid_info *infop;
int exit_code, *p_code, why;
uid_t uid = 0; /* unneeded, required by compiler */
pid_t pid;
/*
* Traditionally we see ptrace'd stopped tasks regardless of options.
*/
if (!ptrace && !(wo->wo_flags & WUNTRACED))
return 0;
if (!task_stopped_code(p, ptrace))
return 0;
exit_code = 0;
spin_lock_irq(&p->sighand->siglock);
p_code = task_stopped_code(p, ptrace);
if (unlikely(!p_code))
goto unlock_sig;
exit_code = *p_code;
if (!exit_code)
goto unlock_sig;
if (!unlikely(wo->wo_flags & WNOWAIT))
*p_code = 0;
uid = from_kuid_munged(current_user_ns(), task_uid(p));
unlock_sig:
spin_unlock_irq(&p->sighand->siglock);
if (!exit_code)
return 0;
/*
* Now we are pretty sure this task is interesting.
* Make sure it doesn't get reaped out from under us while we
* give up the lock and then examine it below. We don't want to
* keep holding onto the tasklist_lock while we call getrusage and
* possibly take page faults for user memory.
*/
get_task_struct(p);
pid = task_pid_vnr(p);
why = ptrace ? CLD_TRAPPED : CLD_STOPPED;
read_unlock(&tasklist_lock);
sched_annotate_sleep();
if (wo->wo_rusage)
getrusage(p, RUSAGE_BOTH, wo->wo_rusage);
put_task_struct(p);
if (likely(!(wo->wo_flags & WNOWAIT)))
wo->wo_stat = (exit_code << 8) | 0x7f;
infop = wo->wo_info;
if (infop) {
infop->cause = why;
infop->status = exit_code;
infop->pid = pid;
infop->uid = uid;
}
return pid;
}
/*
* Handle do_wait work for one task in a live, non-stopped state.
* read_lock(&tasklist_lock) on entry. If we return zero, we still hold
* the lock and this task is uninteresting. If we return nonzero, we have
* released the lock and the system call should return.
*/
static int wait_task_continued(struct wait_opts *wo, struct task_struct *p)
{
struct waitid_info *infop;
pid_t pid;
uid_t uid;
if (!unlikely(wo->wo_flags & WCONTINUED))
return 0;
if (!(p->signal->flags & SIGNAL_STOP_CONTINUED))
return 0;
spin_lock_irq(&p->sighand->siglock);
/* Re-check with the lock held. */
if (!(p->signal->flags & SIGNAL_STOP_CONTINUED)) {
spin_unlock_irq(&p->sighand->siglock);
return 0;
}
if (!unlikely(wo->wo_flags & WNOWAIT))
p->signal->flags &= ~SIGNAL_STOP_CONTINUED;
uid = from_kuid_munged(current_user_ns(), task_uid(p));
spin_unlock_irq(&p->sighand->siglock);
pid = task_pid_vnr(p);
get_task_struct(p);
read_unlock(&tasklist_lock);
sched_annotate_sleep();
if (wo->wo_rusage)
getrusage(p, RUSAGE_BOTH, wo->wo_rusage);
put_task_struct(p);
infop = wo->wo_info;
if (!infop) {
wo->wo_stat = 0xffff;
} else {
infop->cause = CLD_CONTINUED;
infop->pid = pid;
infop->uid = uid;
infop->status = SIGCONT;
}
return pid;
}
/*
* Consider @p for a wait by @parent.
*
* -ECHILD should be in ->notask_error before the first call.
* Returns nonzero for a final return, when we have unlocked tasklist_lock.
* Returns zero if the search for a child should continue;
* then ->notask_error is 0 if @p is an eligible child,
* or still -ECHILD.
*/
static int wait_consider_task(struct wait_opts *wo, int ptrace,
struct task_struct *p)
{
/*
* We can race with wait_task_zombie() from another thread.
* Ensure that EXIT_ZOMBIE -> EXIT_DEAD/EXIT_TRACE transition
* can't confuse the checks below.
*/
int exit_state = READ_ONCE(p->exit_state);
int ret;
if (unlikely(exit_state == EXIT_DEAD))
return 0;
ret = eligible_child(wo, ptrace, p);
if (!ret)
return ret;
if (unlikely(exit_state == EXIT_TRACE)) {
/*
* ptrace == 0 means we are the natural parent. In this case
* we should clear notask_error, debugger will notify us.
*/
if (likely(!ptrace))
wo->notask_error = 0;
return 0;
}
if (likely(!ptrace) && unlikely(p->ptrace)) {
/*
* If it is traced by its real parent's group, just pretend
* the caller is ptrace_do_wait() and reap this child if it
* is zombie.
*
* This also hides group stop state from real parent; otherwise
* a single stop can be reported twice as group and ptrace stop.
* If a ptracer wants to distinguish these two events for its
* own children it should create a separate process which takes
* the role of real parent.
*/
if (!ptrace_reparented(p))
ptrace = 1;
}
/* slay zombie? */
if (exit_state == EXIT_ZOMBIE) {
/* we don't reap group leaders with subthreads */
if (!delay_group_leader(p)) {
/*
* A zombie ptracee is only visible to its ptracer.
* Notification and reaping will be cascaded to the
* real parent when the ptracer detaches.
*/
if (unlikely(ptrace) || likely(!p->ptrace))
return wait_task_zombie(wo, p);
}
/*
* Allow access to stopped/continued state via zombie by
* falling through. Clearing of notask_error is complex.
*
* When !@ptrace:
*
* If WEXITED is set, notask_error should naturally be
* cleared. If not, subset of WSTOPPED|WCONTINUED is set,
* so, if there are live subthreads, there are events to
* wait for. If all subthreads are dead, it's still safe
* to clear - this function will be called again in finite
* amount time once all the subthreads are released and
* will then return without clearing.
*
* When @ptrace:
*
* Stopped state is per-task and thus can't change once the
* target task dies. Only continued and exited can happen.
* Clear notask_error if WCONTINUED | WEXITED.
*/
if (likely(!ptrace) || (wo->wo_flags & (WCONTINUED | WEXITED)))
wo->notask_error = 0;
} else {
/*
* @p is alive and it's gonna stop, continue or exit, so
* there always is something to wait for.
*/
wo->notask_error = 0;
}
/*
* Wait for stopped. Depending on @ptrace, different stopped state
* is used and the two don't interact with each other.
*/
ret = wait_task_stopped(wo, ptrace, p);
if (ret)
return ret;
/*
* Wait for continued. There's only one continued state and the
* ptracer can consume it which can confuse the real parent. Don't
* use WCONTINUED from ptracer. You don't need or want it.
*/
return wait_task_continued(wo, p);
}
/*
* Do the work of do_wait() for one thread in the group, @tsk.
*
* -ECHILD should be in ->notask_error before the first call.
* Returns nonzero for a final return, when we have unlocked tasklist_lock.
* Returns zero if the search for a child should continue; then
* ->notask_error is 0 if there were any eligible children,
* or still -ECHILD.
*/
static int do_wait_thread(struct wait_opts *wo, struct task_struct *tsk)
{
struct task_struct *p;
list_for_each_entry(p, &tsk->children, sibling) {
int ret = wait_consider_task(wo, 0, p);
if (ret)
return ret;
}
return 0;
}
static int ptrace_do_wait(struct wait_opts *wo, struct task_struct *tsk)
{
struct task_struct *p;
list_for_each_entry(p, &tsk->ptraced, ptrace_entry) {
int ret = wait_consider_task(wo, 1, p);
if (ret)
return ret;
}
return 0;
}
bool pid_child_should_wake(struct wait_opts *wo, struct task_struct *p)
{
if (!eligible_pid(wo, p))
return false;
if ((wo->wo_flags & __WNOTHREAD) && wo->child_wait.private != p->parent)
return false;
return true;
}
static int child_wait_callback(wait_queue_entry_t *wait, unsigned mode,
int sync, void *key)
{
struct wait_opts *wo = container_of(wait, struct wait_opts,
child_wait);
struct task_struct *p = key;
if (pid_child_should_wake(wo, p))
return default_wake_function(wait, mode, sync, key);
return 0;
}
void __wake_up_parent(struct task_struct *p, struct task_struct *parent)
{
__wake_up_sync_key(&parent->signal->wait_chldexit,
TASK_INTERRUPTIBLE, p);
}
static bool is_effectively_child(struct wait_opts *wo, bool ptrace,
struct task_struct *target)
{
struct task_struct *parent =
!ptrace ? target->real_parent : target->parent;
return current == parent || (!(wo->wo_flags & __WNOTHREAD) &&
same_thread_group(current, parent));
}
/*
* Optimization for waiting on PIDTYPE_PID. No need to iterate through child
* and tracee lists to find the target task.
*/
static int do_wait_pid(struct wait_opts *wo)
{
bool ptrace;
struct task_struct *target;
int retval;
ptrace = false;
target = pid_task(wo->wo_pid, PIDTYPE_TGID);
if (target && is_effectively_child(wo, ptrace, target)) {
retval = wait_consider_task(wo, ptrace, target);
if (retval)
return retval;
}
ptrace = true;
target = pid_task(wo->wo_pid, PIDTYPE_PID);
if (target && target->ptrace &&
is_effectively_child(wo, ptrace, target)) {
retval = wait_consider_task(wo, ptrace, target);
if (retval)
return retval;
}
return 0;
}
long __do_wait(struct wait_opts *wo)
{
long retval;
/*
* If there is nothing that can match our criteria, just get out.
* We will clear ->notask_error to zero if we see any child that
* might later match our criteria, even if we are not able to reap
* it yet.
*/
wo->notask_error = -ECHILD;
if ((wo->wo_type < PIDTYPE_MAX) &&
(!wo->wo_pid || !pid_has_task(wo->wo_pid, wo->wo_type)))
goto notask;
read_lock(&tasklist_lock);
if (wo->wo_type == PIDTYPE_PID) {
retval = do_wait_pid(wo);
if (retval)
return retval;
} else {
struct task_struct *tsk = current;
do {
retval = do_wait_thread(wo, tsk);
if (retval)
return retval;
retval = ptrace_do_wait(wo, tsk);
if (retval)
return retval;
if (wo->wo_flags & __WNOTHREAD)
break;
} while_each_thread(current, tsk);
}
read_unlock(&tasklist_lock);
notask:
retval = wo->notask_error;
if (!retval && !(wo->wo_flags & WNOHANG))
return -ERESTARTSYS;
return retval;
}
static long do_wait(struct wait_opts *wo)
{
int retval;
trace_sched_process_wait(wo->wo_pid);
init_waitqueue_func_entry(&wo->child_wait, child_wait_callback);
wo->child_wait.private = current;
add_wait_queue(&current->signal->wait_chldexit, &wo->child_wait);
do {
set_current_state(TASK_INTERRUPTIBLE);
retval = __do_wait(wo);
if (retval != -ERESTARTSYS)
break;
if (signal_pending(current))
break;
schedule();
} while (1);
__set_current_state(TASK_RUNNING);
remove_wait_queue(&current->signal->wait_chldexit, &wo->child_wait);
return retval;
}
int kernel_waitid_prepare(struct wait_opts *wo, int which, pid_t upid,
struct waitid_info *infop, int options,
struct rusage *ru)
{
unsigned int f_flags = 0;
struct pid *pid = NULL;
enum pid_type type;
if (options & ~(WNOHANG|WNOWAIT|WEXITED|WSTOPPED|WCONTINUED|
__WNOTHREAD|__WCLONE|__WALL))
return -EINVAL;
if (!(options & (WEXITED|WSTOPPED|WCONTINUED)))
return -EINVAL;
switch (which) {
case P_ALL:
type = PIDTYPE_MAX;
break;
case P_PID:
type = PIDTYPE_PID;
if (upid <= 0)
return -EINVAL;
pid = find_get_pid(upid);
break;
case P_PGID:
type = PIDTYPE_PGID;
if (upid < 0)
return -EINVAL;
if (upid)
pid = find_get_pid(upid);
else
pid = get_task_pid(current, PIDTYPE_PGID);
break;
case P_PIDFD:
type = PIDTYPE_PID;
if (upid < 0)
return -EINVAL;
pid = pidfd_get_pid(upid, &f_flags);
if (IS_ERR(pid))
return PTR_ERR(pid);
break;
default:
return -EINVAL;
}
wo->wo_type = type;
wo->wo_pid = pid;
wo->wo_flags = options;
wo->wo_info = infop;
wo->wo_rusage = ru;
if (f_flags & O_NONBLOCK)
wo->wo_flags |= WNOHANG;
return 0;
}
static long kernel_waitid(int which, pid_t upid, struct waitid_info *infop,
int options, struct rusage *ru)
{
struct wait_opts wo;
long ret;
ret = kernel_waitid_prepare(&wo, which, upid, infop, options, ru);
if (ret)
return ret;
ret = do_wait(&wo);
if (!ret && !(options & WNOHANG) && (wo.wo_flags & WNOHANG))
ret = -EAGAIN;
put_pid(wo.wo_pid);
return ret;
}
SYSCALL_DEFINE5(waitid, int, which, pid_t, upid, struct siginfo __user *,
infop, int, options, struct rusage __user *, ru)
{
struct rusage r;
struct waitid_info info = {.status = 0};
long err = kernel_waitid(which, upid, &info, options, ru ? &r : NULL);
int signo = 0;
if (err > 0) {
signo = SIGCHLD;
err = 0;
if (ru && copy_to_user(ru, &r, sizeof(struct rusage)))
return -EFAULT;
}
if (!infop)
return err;
if (!user_write_access_begin(infop, sizeof(*infop)))
return -EFAULT;
unsafe_put_user(signo, &infop->si_signo, Efault);
unsafe_put_user(0, &infop->si_errno, Efault);
unsafe_put_user(info.cause, &infop->si_code, Efault);
unsafe_put_user(info.pid, &infop->si_pid, Efault);
unsafe_put_user(info.uid, &infop->si_uid, Efault);
unsafe_put_user(info.status, &infop->si_status, Efault);
user_write_access_end();
return err;
Efault:
user_write_access_end();
return -EFAULT;
}
long kernel_wait4(pid_t upid, int __user *stat_addr, int options,
struct rusage *ru)
{
struct wait_opts wo;
struct pid *pid = NULL;
enum pid_type type;
long ret;
if (options & ~(WNOHANG|WUNTRACED|WCONTINUED|
__WNOTHREAD|__WCLONE|__WALL))
return -EINVAL;
/* -INT_MIN is not defined */
if (upid == INT_MIN)
return -ESRCH;
if (upid == -1)
type = PIDTYPE_MAX;
else if (upid < 0) {
type = PIDTYPE_PGID;
pid = find_get_pid(-upid);
} else if (upid == 0) {
type = PIDTYPE_PGID;
pid = get_task_pid(current, PIDTYPE_PGID);
} else /* upid > 0 */ {
type = PIDTYPE_PID;
pid = find_get_pid(upid);
}
wo.wo_type = type;
wo.wo_pid = pid;
wo.wo_flags = options | WEXITED;
wo.wo_info = NULL;
wo.wo_stat = 0;
wo.wo_rusage = ru;
ret = do_wait(&wo);
put_pid(pid);
if (ret > 0 && stat_addr && put_user(wo.wo_stat, stat_addr))
ret = -EFAULT;
return ret;
}
int kernel_wait(pid_t pid, int *stat)
{
struct wait_opts wo = {
.wo_type = PIDTYPE_PID,
.wo_pid = find_get_pid(pid),
.wo_flags = WEXITED,
};
int ret;
ret = do_wait(&wo);
if (ret > 0 && wo.wo_stat)
*stat = wo.wo_stat;
put_pid(wo.wo_pid);
return ret;
}
SYSCALL_DEFINE4(wait4, pid_t, upid, int __user *, stat_addr,
int, options, struct rusage __user *, ru)
{
struct rusage r;
long err = kernel_wait4(upid, stat_addr, options, ru ? &r : NULL);
if (err > 0) {
if (ru && copy_to_user(ru, &r, sizeof(struct rusage)))
return -EFAULT;
}
return err;
}
#ifdef __ARCH_WANT_SYS_WAITPID
/*
* sys_waitpid() remains for compatibility. waitpid() should be
* implemented by calling sys_wait4() from libc.a.
*/
SYSCALL_DEFINE3(waitpid, pid_t, pid, int __user *, stat_addr, int, options)
{
return kernel_wait4(pid, stat_addr, options, NULL);
}
#endif
#ifdef CONFIG_COMPAT
COMPAT_SYSCALL_DEFINE4(wait4,
compat_pid_t, pid,
compat_uint_t __user *, stat_addr,
int, options,
struct compat_rusage __user *, ru)
{
struct rusage r;
long err = kernel_wait4(pid, stat_addr, options, ru ? &r : NULL);
if (err > 0) {
if (ru && put_compat_rusage(&r, ru))
return -EFAULT;
}
return err;
}
COMPAT_SYSCALL_DEFINE5(waitid,
int, which, compat_pid_t, pid,
struct compat_siginfo __user *, infop, int, options,
struct compat_rusage __user *, uru)
{
struct rusage ru;
struct waitid_info info = {.status = 0};
long err = kernel_waitid(which, pid, &info, options, uru ? &ru : NULL);
int signo = 0;
if (err > 0) {
signo = SIGCHLD;
err = 0;
if (uru) {
/* kernel_waitid() overwrites everything in ru */
if (COMPAT_USE_64BIT_TIME)
err = copy_to_user(uru, &ru, sizeof(ru));
else
err = put_compat_rusage(&ru, uru);
if (err)
return -EFAULT;
}
}
if (!infop)
return err;
if (!user_write_access_begin(infop, sizeof(*infop)))
return -EFAULT;
unsafe_put_user(signo, &infop->si_signo, Efault);
unsafe_put_user(0, &infop->si_errno, Efault);
unsafe_put_user(info.cause, &infop->si_code, Efault);
unsafe_put_user(info.pid, &infop->si_pid, Efault);
unsafe_put_user(info.uid, &infop->si_uid, Efault);
unsafe_put_user(info.status, &infop->si_status, Efault);
user_write_access_end();
return err;
Efault:
user_write_access_end();
return -EFAULT;
}
#endif
/*
* This needs to be __function_aligned as GCC implicitly makes any
* implementation of abort() cold and drops alignment specified by
* -falign-functions=N.
*
* See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88345#c11
*/
__weak __function_aligned void abort(void)
{
BUG();
/* if that doesn't kill us, halt */
panic("Oops failed to kill thread");
}
EXPORT_SYMBOL(abort);
Reference in New Issue View Git Blame Copy Permalink