GKI (arm64) relevant 87 out of 414 changes, affecting 112 files +738/-352bdb71ee651configfs: Do not override creating attribute file failure in populate_attrs() [1 file, +1/-1]ba789be63dio_uring: account drain memory to cgroup [1 file, +1/-1]c58b577cf7io_uring/kbuf: account ring io_buffer_list memory [1 file, +1/-1]f78b38af35jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() [1 file, +3/-2]2429bb9fadmedia: v4l2-dev: fix error handling in __video_register_device() [1 file, +7/-7]5d8b057ed7media: videobuf2: use sgtable-based scatterlist wrappers [1 file, +2/-2]b52dc88361media: uvcvideo: Return the number of processed controls [1 file, +10/-1]6d2b12e7c5media: uvcvideo: Send control events for partial succeeds [1 file, +9/-3]aac91ae06cmedia: uvcvideo: Fix deferred probing error [1 file, +19/-8]86d9837e46arm64/mm: Close theoretical race where stale TLB entry remains valid [1 file, +5/-4]5538af3843block: use plug request list tail for one-shot backmerge attempt [1 file, +13/-13]943801c380block: Clear BIO_EMULATES_ZONE_APPEND flag on BIO completion [1 file, +1/-0]1c71f3cf5fcgroup,freezer: fix incomplete freezing when attaching tasks [1 file, +1/-2]a0890b7805bus: firewall: Fix missing static inline annotations for stubs [1 file, +9/-6]5766da2237ext4: inline: fix len overflow in ext4_prepare_inline_data [1 file, +1/-1]796632e6f8ext4: fix calculation of credits for extent tree modification [1 file, +6/-5]4b36399711ext4: ensure i_size is smaller than maxbytes [1 file, +2/-1]be5f3061a6ext4: only dirty folios when data journaling regular files [1 file, +6/-1]a0b1c91adaInput: gpio-keys - fix possible concurrent access in gpio_keys_irq_timer() [1 file, +2/-0]fed611bd8cf2fs: fix to do sanity check on ino and xnid [1 file, +6/-0]aaa644e7fff2fs: prevent kernel warning due to negative i_nlink from corrupted image [1 file, +9/-0]ee1b421c46f2fs: fix to do sanity check on sit_bitmap_size [1 file, +8/-0]f16a797dcewatchdog: fix watchdog may detect false positive of softlockup [1 file, +27/-14]02137179ffmm: fix ratelimit_pages update error in dirty_ratio_handler() [1 file, +1/-1]462eee6d42firmware: arm_scmi: Ensure that the message-id supports fastchannel [2 files, +45/-33]e3cf1ef571dm-verity: fix a memory leak if some arguments are specified multiple times [3 files, +24/-5]f2986bccf2dm: lock limits when reading them [1 file, +7/-1]ec5f0b4412ovl: Fix nested backing file paths [1 file, +2/-2]92776ca0ccremoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() [1 file, +2/-3]f4ef928ca5remoteproc: core: Release rproc->clean_table after rproc_attach() fails [1 file, +1/-0]68e58f5791PCI: dwc: ep: Correct PBA offset in .set_msix() callback [1 file, +3/-2]b20701d594PCI: Add ACS quirk for Loongson PCIe [1 file, +23/-0]be0cf75cbdPCI: Fix lock symmetry in pci_slot_unlock() [1 file, +2/-1]7b45d2401dclocksource: Fix the CPUs' choice in the watchdog per CPU verification [1 file, +1/-1]c05aba32a9ACPICA: Avoid sequence overread in call to strncmp() [1 file, +1/-1]66613b13cdACPI: Add missing prototype for non CONFIG_SUSPEND/CONFIG_X86 case [1 file, +8/-1]33cd650d38pmdomain: core: Reset genpd->states to avoid freeing invalid data [1 file, +3/-1]f34e0c1556platform-msi: Add msi_remove_device_irq_domain() in platform_device_msi_free_irqs_all() [1 file, +1/-0]c519f81e9cgpiolib: of: Add polarity quirk for s5m8767 [1 file, +9/-0]1f152ae557PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn() [1 file, +1/-1]6c1151d53ctipc: use kfree_sensitive() for aead cleanup [1 file, +1/-1]b0e647442cf2fs: use vmalloc instead of kvmalloc in .init_{,de}compress_ctx [2 files, +15/-13]2d834477bbbpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() [1 file, +2/-1]77ff6aec7ccpufreq: scmi: Skip SCMI devices that aren't used by the CPUs [1 file, +35/-1]0a8446058ctcp: always seek for minimal rtt in tcp_rcv_rtt_update() [1 file, +8/-14]f97085d365tcp: remove zero TCP TS samples for autotuning [1 file, +5/-5]89b20c406etcp: fix initial tp->rcvq_space.space value for passive TS enabled flows [1 file, +3/-3]84c156a351tcp: add receive queue awareness in tcp_rcv_space_adjust() [2 files, +5/-3]3a9e74d158ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT [1 file, +4/-0]5eb9c50e0cnet: page_pool: Don't recycle into cache on PREEMPT_RT [1 file, +4/-0]8b0741b167xfrm: validate assignment of maximal possible SEQ number [1 file, +42/-10]8fdf2f79ebbpf: Pass the same orig_call value to trampoline functions [1 file, +1/-1]f0023d7a2af2fs: fix to bail out in get_new_segment() [2 files, +6/-1]448dc45eeabpf: Use proper type to calculate bpf_raw_tp_null_args.mask index [1 file, +2/-2]78f768e36cnet: bridge: mcast: re-implement br_multicast_{enable, disable}_port functions [1 file, +69/-8]4b3383110bsoftware node: Correct a OOB check in software_node_get_reference_args() [1 file, +1/-1]b7129ef57dsock: Correct error checking condition for (assign|release)_proto_idx() [1 file, +2/-2]a58f0a0e99f2fs: fix to set atomic write status more clear [3 files, +12/-2]b8b4b8bb34bpf, sockmap: Fix data lost during EAGAIN retries [1 file, +2/-1]7c41f73b64fs/xattr.c: fix simple_xattr_list() [1 file, +1/-0]2e10dc9c2aio_uring/kbuf: don't truncate end buffer for multiple buffer peeks [1 file, +4/-1]1a4254ab06io_uring: fix task leak issue in io_wq_create() [1 file, +3/-1]4220cc0b98nvme: always punt polled uring_cmd end_io work to task_work [1 file, +7/-14]f9b97d466enet_sched: sch_sfq: reject invalid perturb period [1 file, +8/-2]2a3ad42a57net: clear the dst when changing skb protocol [1 file, +13/-6]510a29d776mm: close theoretical race where stale TLB entries could linger [1 file, +2/-0]57ec081869sched_ext, sched/core: Don't call scx_group_set_weight() prematurely from sched_create_group() [3 files, +9/-2]3d828519bdatm: Revert atm_account_tx() if copy_from_iter_full() fails. [3 files, +8/-1]47f34289d1arm64: Restrict pagetable teardown to avoid false warning [1 file, +2/-1]9cf5b2a3b7mm/hugetlb: unshare page tables during VMA split, not before [5 files, +57/-16]dc5f0aef9enet: Fix checksum update for ILA adj-transport [4 files, +7/-7]2516299184bpf: Fix L4 csum update on IPv6 in CHECKSUM_COMPLETE [3 files, +7/-2]50189d9c5eerofs: remove unused trace event erofs_destroy_inode [1 file, +0/-18]348e541fefipv6: remove leftover ip6 cookie initializer [1 file, +0/-2]3c44ebad5aipv6: replace ipcm6_init calls with ipcm6_init_sk [4 files, +3/-29]6b358b3adfio_uring/sqpoll: don't put task_struct on tctx setup failure [1 file, +1/-4]8873080b88workqueue: Initialize wq_isolated_cpumask in workqueue_init_early() [1 file, +2/-1]ac462a75fdnet: netmem: fix skb_ensure_writable with unreadable skbs [1 file, +0/-3]61b39e189dptp: allow reading of currently dialed frequency to succeed on free-running clocks [1 file, +2/-1]397c1faf8ftcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen() behavior [1 file, +25/-12]0d3d91c350tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer [1 file, +2/-2]31d50dfe9ctcp: fix passive TFO socket having invalid NAPI ID [1 file, +3/-0]0f8df5d6f2ublk: santizize the arguments from userspace when adding a device [1 file, +3/-0]456019adaaperf: Fix sample vs do_exit() [2 files, +16/-8]7335c33d62perf: Fix cgroup state vs ERROR [1 file, +30/-21]fd199366bfperf/core: Fix WARN in perf_cgroup_switch() [1 file, +20/-2]22f935bc86arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth() [1 file, +1/-1] Changes in 6.12.35 configfs: Do not override creating attribute file failure in populate_attrs() crypto: marvell/cesa - Do not chain submitted requests gfs2: move msleep to sleepable context crypto: qat - add shutdown handler to qat_c3xxx crypto: qat - add shutdown handler to qat_420xx crypto: qat - add shutdown handler to qat_4xxx crypto: qat - add shutdown handler to qat_c62x crypto: qat - add shutdown handler to qat_dh895xcc ASoC: qcom: sdm845: Add error handling in sdm845_slim_snd_hw_params() ASoC: meson: meson-card-utils: use of_property_present() for DT parsing ASoC: amd: sof_amd_sdw: Fix unlikely uninitialized variable use in create_sdw_dailinks() io_uring: account drain memory to cgroup io_uring/kbuf: account ring io_buffer_list memory powerpc/pseries/msi: Avoid reading PCI device registers in reduced power states s390/pci: Remove redundant bus removal and disable from zpci_release_device() s390/pci: Prevent self deletion in disable_slot() s390/pci: Allow re-add of a reserved but not yet removed device s390/pci: Serialize device addition and removal regulator: max20086: Fix MAX200086 chip id regulator: max20086: Change enable gpio to optional net/mlx5_core: Add error handling inmlx5_query_nic_vport_qkey_viol_cntr() net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid() wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() wifi: mt76: mt7925: fix host interrupt register initialization wifi: ath11k: fix rx completion meta data corruption wifi: rtw88: usb: Upload the firmware in bigger chunks wifi: ath11k: fix ring-buffer corruption NFSD: unregister filesystem in case genl_register_family() fails NFSD: fix race between nfsd registration and exports_proc NFSD: Implement FATTR4_CLONE_BLKSIZE attribute nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request nfsd: Initialize ssc before laundromat_work to prevent NULL dereference SUNRPC: Prevent hang on NFS mount with xprtsec=[m]tls NFSv4: Don't check for OPEN feature support in v4.1 fs/nfs/read: fix double-unlock bug in nfs_return_empty_folio() wifi: ath12k: fix ring-buffer corruption jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() svcrdma: Unregister the device if svc_rdma_accept() fails wifi: rtw88: usb: Reduce control message timeout to 500 ms wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723 media: ov8856: suppress probe deferral errors media: ov5675: suppress probe deferral errors media: imx335: Use correct register width for HNUM media: nxp: imx8-isi: better handle the m2m usage_count media: i2c: ds90ub913: Fix returned fmt from .set_fmt() media: ccs-pll: Start VT pre-PLL multiplier search from correct value media: ov2740: Move pm-runtime cleanup on probe-errors to proper place media: ccs-pll: Start OP pre-PLL multiplier search from correct value media: ccs-pll: Correct the upper limit of maximum op_pre_pll_clk_div media: ccs-pll: Check for too high VT PLL multiplier in dual PLL case media: cxusb: no longer judge rbuf when the write fails media: davinci: vpif: Fix memory leak in probe error path media: gspca: Add error handling for stv06xx_read_sensor() media: i2c: imx335: Fix frame size enumeration media: imagination: fix a potential memory leak in e5010_probe() media: intel/ipu6: Fix dma mask for non-secure mode media: ipu6: Remove workaround for Meteor Lake ES2 media: mediatek: vcodec: Correct vsi_core framebuffer size media: omap3isp: use sgtable-based scatterlist wrappers media: v4l2-dev: fix error handling in __video_register_device() media: venus: Fix probe error handling media: videobuf2: use sgtable-based scatterlist wrappers media: vidtv: Terminating the subsequent process of initialization failure media: vivid: Change the siize of the composing media: imx-jpeg: Drop the first error frames media: imx-jpeg: Move mxc_jpeg_free_slot_data() ahead media: imx-jpeg: Reset slot data pointers when freed media: imx-jpeg: Cleanup after an allocation error media: uvcvideo: Return the number of processed controls media: uvcvideo: Send control events for partial succeeds media: uvcvideo: Fix deferred probing error arm64/mm: Close theoretical race where stale TLB entry remains valid ARM: 9447/1: arm/memremap: fix arch_memremap_can_ram_remap() ARM: omap: pmic-cpcap: do not mess around without CPCAP or OMAP4 ASoC: codecs: wcd9375: Fix double free of regulator supplies ASoC: codecs: wcd937x: Drop unused buck_supply block: use plug request list tail for one-shot backmerge attempt block: Clear BIO_EMULATES_ZONE_APPEND flag on BIO completion bus: mhi: ep: Update read pointer only after buffer is written bus: mhi: host: Fix conflict between power_up and SYSERR can: kvaser_pciefd: refine error prone echo_skb_max handling logic can: tcan4x5x: fix power regulator retrieval during probe ceph: avoid kernel BUG for encrypted inode with unaligned file size ceph: set superblock s_magic for IMA fsmagic matching cgroup,freezer: fix incomplete freezing when attaching tasks bus: firewall: Fix missing static inline annotations for stubs ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 ata: ahci: Disallow LPM for ASUSPRO-D840SA motherboard ata: ahci: Disallow LPM for Asus B550-F motherboard bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device bus: fsl-mc: fix GET/SET_TAILDROP command ids ext4: inline: fix len overflow in ext4_prepare_inline_data ext4: fix calculation of credits for extent tree modification ext4: factor out ext4_get_maxbytes() ext4: ensure i_size is smaller than maxbytes ext4: only dirty folios when data journaling regular files Input: ims-pcu - check record size in ims_pcu_flash_firmware() Input: gpio-keys - fix possible concurrent access in gpio_keys_irq_timer() f2fs: fix to do sanity check on ino and xnid f2fs: prevent kernel warning due to negative i_nlink from corrupted image f2fs: fix to do sanity check on sit_bitmap_size hwmon: (ftsteutates) Fix TOCTOU race in fts_read() NFC: nci: uart: Set tty->disc_data only in success path net/sched: fix use-after-free in taprio_dev_notifier net: ftgmac100: select FIXED_PHY iommu/vt-d: Restore context entry setup order for aliased devices fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var EDAC/altera: Use correct write width with the INTTEST register fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var parisc/unaligned: Fix hex output to show 8 hex chars vgacon: Add check for vc_origin address range in vgacon_scroll() parisc: fix building with gcc-15 clk: meson-g12a: add missing fclk_div2 to spicc ipc: fix to protect IPCS lookups using RCU watchdog: fix watchdog may detect false positive of softlockup RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction mm: fix ratelimit_pages update error in dirty_ratio_handler() soc: qcom: pmic_glink_altmode: fix spurious DP hotplug events configfs-tsm-report: Fix NULL dereference of tsm_ops firmware: arm_scmi: Ensure that the message-id supports fastchannel mtd: rawnand: sunxi: Add randomizer configuration in sunxi_nfc_hw_ecc_write_chunk mtd: nand: sunxi: Add randomizer configuration before randomizer enable KVM: SVM: Clear current_vmcb during vCPU free for all *possible* CPUs KVM: VMX: Flush shadow VMCS on emergency reboot dm-mirror: fix a tiny race condition dm-verity: fix a memory leak if some arguments are specified multiple times mtd: rawnand: qcom: Fix read len for onfi param page ftrace: Fix UAF when lookup kallsym after ftrace disabled dm: lock limits when reading them phy: fsl-imx8mq-usb: fix phy_tx_vboost_level_from_property() net: ch9200: fix uninitialised access during mii_nway_restart KVM: s390: rename PROT_NONE to PROT_TYPE_DUMMY sysfb: Fix screen_info type check for VGA video: screen_info: Relocate framebuffers behind PCI bridges pwm: axi-pwmgen: fix missing separate external clock staging: iio: ad5933: Correct settling cycles encoding per datasheet mips: Add -std= flag specified in KBUILD_CFLAGS to vdso CFLAGS ovl: Fix nested backing file paths regulator: max14577: Add error check for max14577_read_reg() remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() remoteproc: core: Release rproc->clean_table after rproc_attach() fails remoteproc: k3-m4: Don't assert reset in detach routine cifs: reset connections for all channels when reconnect requested cifs: update dstaddr whenever channel iface is updated cifs: dns resolution is needed only for primary channel smb: client: add NULL check in automount_fullpath Drivers: hv: Allocate interrupt and monitor pages aligned to system page boundary uio_hv_generic: Use correct size for interrupt and monitor pages uio_hv_generic: Align ring size to system page PCI: cadence-ep: Correct PBA offset in .set_msix() callback PCI: dwc: ep: Correct PBA offset in .set_msix() callback PCI: Add ACS quirk for Loongson PCIe PCI: Fix lock symmetry in pci_slot_unlock() PCI: dw-rockchip: Remove PCIE_L0S_ENTRY check from rockchip_pcie_link_up() PCI: dw-rockchip: Fix PHY function call sequence in rockchip_pcie_phy_deinit() iio: accel: fxls8962af: Fix temperature scan element sign accel/ivpu: Improve buffer object logging accel/ivpu: Use firmware names from upstream repo accel/ivpu: Use dma_resv_lock() instead of a custom mutex accel/ivpu: Fix warning in ivpu_gem_bo_free() dummycon: Trigger redraw when switching consoles with deferred takeover mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race iio: imu: inv_icm42600: Fix temperature calculation iio: adc: ad7944: mask high bits on direct read iio: adc: ti-ads1298: Kconfig: add kfifo dependency to fix module build iio: adc: ad7606_spi: fix reg write value mask ACPICA: fix acpi operand cache leak in dswstate.c ASoC: amd: yc: Add quirk for Lenovo Yoga Pro 7 14ASP9 clocksource: Fix the CPUs' choice in the watchdog per CPU verification power: supply: collie: Fix wakeup source leaks on device unbind mmc: Add quirk to disable DDR50 tuning ACPICA: Avoid sequence overread in call to strncmp() ASoC: tas2770: Power cycle amp on ISENSE/VSENSE change ASoC: intel/sdw_utils: Assign initial value in asoc_sdw_rt_amp_spk_rtd_init() ACPI: bus: Bail out if acpi_kobj registration fails ACPI: Add missing prototype for non CONFIG_SUSPEND/CONFIG_X86 case ACPICA: fix acpi parse and parseext cache leaks ACPICA: Apply pack(1) to union aml_resource ALSA: hda: cs35l41: Fix swapped l/r audio channels for Acer Helios laptops power: supply: bq27xxx: Retrieve again when busy pmdomain: core: Reset genpd->states to avoid freeing invalid data ACPICA: utilities: Fix overflow check in vsnprintf() platform-msi: Add msi_remove_device_irq_domain() in platform_device_msi_free_irqs_all() ASoC: tegra210_ahub: Add check to of_device_get_match_data() Make 'cc-option' work correctly for the -Wno-xyzzy pattern gpiolib: of: Add polarity quirk for s5m8767 PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn() power: supply: max17040: adjust thermal channel scaling ACPI: battery: negate current when discharging net: macb: Check return value of dma_set_mask_and_coherent() net: lan743x: Modify the EEPROM and OTP size for PCI1xxxx devices tipc: use kfree_sensitive() for aead cleanup f2fs: use vmalloc instead of kvmalloc in .init_{,de}compress_ctx bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() Bluetooth: btusb: Add new VID/PID 13d3/3584 for MT7922 i2c: designware: Invoke runtime suspend on quick slave re-registration wifi: mt76: mt7996: drop fragments with multicast or broadcast RA emulex/benet: correct command version selection in be_cmd_get_stats() Bluetooth: btusb: Add new VID/PID 13d3/3630 for MT7925 wifi: mt76: mt76x2: Add support for LiteOn WN4516R,WN4519R wifi: mt76: mt7921: add 160 MHz AP for mt7922 device wifi: mt76: mt7925: introduce thermal protection wifi: mac80211: validate SCAN_FLAG_AP in scan request during MLO sctp: Do not wake readers in __sctp_write_space() libbpf/btf: Fix string handling to support multi-split BTF cpufreq: scmi: Skip SCMI devices that aren't used by the CPUs i2c: tegra: check msg length in SMBUS block read i2c: npcm: Add clock toggle recovery clk: qcom: gcc-x1e80100: Set FORCE MEM CORE for UFS clocks net: dlink: add synchronization for stats update wifi: ath12k: fix macro definition HAL_RX_MSDU_PKT_LENGTH_GET wifi: ath12k: fix a possible dead lock caused by ab->base_lock wifi: ath11k: Fix QMI memory reuse logic iommu/amd: Allow matching ACPI HID devices without matching UIDs wifi: rtw89: leave idle mode when setting WEP encryption for AP mode tcp: always seek for minimal rtt in tcp_rcv_rtt_update() tcp: remove zero TCP TS samples for autotuning tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows tcp: add receive queue awareness in tcp_rcv_space_adjust() x86/sgx: Prevent attempts to reclaim poisoned pages ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT net: page_pool: Don't recycle into cache on PREEMPT_RT xfrm: validate assignment of maximal possible SEQ number net: atlantic: generate software timestamp just before the doorbell pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name() pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get_direction() bpf: Pass the same orig_call value to trampoline functions net: stmmac: generate software timestamp just before the doorbell pinctrl: armada-37xx: propagate error from armada_37xx_pmx_gpio_set_direction() libbpf: Check bpf_map_skeleton link for NULL pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get() net: mlx4: add SOF_TIMESTAMPING_TX_SOFTWARE flag when getting ts info net: vertexcom: mse102x: Return code for mse102x_rx_pkt_spi wireless: purelifi: plfxlc: fix memory leak in plfxlc_usb_wreq_asyn() wifi: mac80211: do not offer a mesh path if forwarding is disabled clk: rockchip: rk3036: mark ddrphy as critical hid-asus: check ROG Ally MCU version and warn wifi: iwlwifi: mvm: fix beacon CCK flag f2fs: fix to bail out in get_new_segment() netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX libbpf: Add identical pointer detection to btf_dedup_is_equiv() scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64 commands scsi: smartpqi: Add new PCI IDs iommu/amd: Ensure GA log notifier callbacks finish running before module unload wifi: iwlwifi: pcie: make sure to lock rxq->read wifi: rtw89: 8922a: fix TX fail with wrong VCO setting wifi: mac80211_hwsim: Prevent tsf from setting if beacon is disabled netdevsim: Mark NAPI ID on skb in nsim_rcv net/mlx5: HWS, Fix IP version decision bpf: Use proper type to calculate bpf_raw_tp_null_args.mask index wifi: mac80211: VLAN traffic in multicast path Revert "mac80211: Dynamically set CoDel parameters per station" wifi: iwlwifi: Add missing MODULE_FIRMWARE for Qu-c0-jf-b0 net: bridge: mcast: update multicast contex when vlan state is changed net: bridge: mcast: re-implement br_multicast_{enable, disable}_port functions vxlan: Do not treat dst cache initialization errors as fatal bnxt_en: Remove unused field "ref_count" in struct bnxt_ulp wifi: ath12k: using msdu end descriptor to check for rx multicast packets net: ethernet: ti: am65-cpsw: handle -EPROBE_DEFER software node: Correct a OOB check in software_node_get_reference_args() isofs: fix Y2038 and Y2156 issues in Rock Ridge TF entry pinctrl: mcp23s08: Reset all pins to input at probe wifi: ath12k: fix failed to set mhi state error during reboot with hardware grouping scsi: lpfc: Use memcpy() for BIOS version sock: Correct error checking condition for (assign|release)_proto_idx() i40e: fix MMIO write access to an invalid page in i40e_clear_hw ixgbe: Fix unreachable retry logic in combined and byte I2C write functions RDMA/hns: initialize db in update_srq_db() ice: fix check for existing switch rule usbnet: asix AX88772: leave the carrier control to phylink f2fs: fix to set atomic write status more clear bpf, sockmap: Fix data lost during EAGAIN retries net: ethernet: cortina: Use TOE/TSO on all TCP octeontx2-pf: Add error log forcn10k_map_unmap_rq_policer() wifi: ath11k: determine PM policy based on machine model wifi: ath12k: fix link valid field initialization in the monitor Rx wifi: ath12k: fix incorrect CE addresses wifi: ath12k: Pass correct values of center freq1 and center freq2 for 160 MHz net/mlx5: HWS, Harden IP version definer checks fbcon: Make sure modelist not set on unregistered console watchdog: da9052_wdt: respect TWDMIN bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value ARM: OMAP2+: Fix l4ls clk domain handling in STANDBY tee: Prevent size calculation wraparound on 32-bit kernels Revert "bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices first" fs/xattr.c: fix simple_xattr_list() platform/x86/amd: pmc: Clear metrics table at start of cycle platform/x86/amd: pmf: Prevent amd_pmf_tee_deinit() from running twice platform/x86: dell_rbu: Fix list usage platform/x86: dell_rbu: Stop overwriting data buffer powerpc/vdso: Fix build of VDSO32 with pcrel powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH recovery io_uring/kbuf: don't truncate end buffer for multiple buffer peeks io_uring: fix task leak issue in io_wq_create() drivers/rapidio/rio_cm.c: prevent possible heap overwrite platform/loongarch: laptop: Get brightness setting from EC on probe platform/loongarch: laptop: Unregister generic_sub_drivers on exit platform/loongarch: laptop: Add backlight power control support LoongArch: vDSO: Correctly use asm parameters in syscall wrappers LoongArch: Avoid using $r0/$r1 as "mask" for csrxchg LoongArch: Fix panic caused by NULL-PMD in huge_pte_offset() jffs2: check that raw node were preallocated before writing summary jffs2: check jffs2_prealloc_raw_node_refs() result in few other places cifs: deal with the channel loading lag while picking channels cifs: serialize other channels when query server interfaces is pending cifs: do not disable interface polling on failure smb: improve directory cache reuse for readdir operations scsi: storvsc: Increase the timeouts to storvsc_timeout scsi: s390: zfcp: Ensure synchronous unit_add nvme: always punt polled uring_cmd end_io work to task_work net_sched: sch_sfq: reject invalid perturb period net: clear the dst when changing skb protocol mm: close theoretical race where stale TLB entries could linger udmabuf: use sgtable-based scatterlist wrappers x86/virt/tdx: Avoid indirect calls to TDX assembly functions selftests/x86: Add a test to detect infinite SIGTRAP handler loop ksmbd: fix null pointer dereference in destroy_previous_session platform/x86: ideapad-laptop: use usleep_range() for EC polling selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len platform/x86/intel-uncore-freq: Fail module load when plat_info is NULL sched_ext, sched/core: Don't call scx_group_set_weight() prematurely from sched_create_group() atm: Revert atm_account_tx() if copy_from_iter_full() fails. wifi: rtw89: phy: add dummy C2H event handler for report of TAS power cpufreq/amd-pstate: Add missing NULL ptr check in amd_pstate_update Input: sparcspkr - avoid unannotated fall-through wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path wifi: cfg80211: init wiphy_work before allocating rfkill fails arm64: Restrict pagetable teardown to avoid false warning ALSA: usb-audio: Rename ALSA kcontrol PCM and PCM1 for the KTMicro sound card ALSA: hda/intel: Add Thinkpad E15 to PM deny list ALSA: hda/realtek - Add mute LED support for HP Victus 16-s1xxx and HP Victus 15-fa1xxx ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X513EA ALSA: hda/realtek: Add quirk for Asus GU605C iio: accel: fxls8962af: Fix temperature calculation mm/hugetlb: unshare page tables during VMA split, not before drm/amdgpu: read back register after written for VCN v4.0.5 kbuild: rust: add rustc-min-version support function rust: compile libcore with edition 2024 for 1.87+ net: Fix checksum update for ILA adj-transport bpf: Fix L4 csum update on IPv6 in CHECKSUM_COMPLETE erofs: remove unused trace event erofs_destroy_inode nfsd: use threads array as-is in netlink interface sunrpc: handle SVC_GARBAGE during svc auth processing as auth error drm/v3d: Avoid NULL pointer dereference in `v3d_job_update_stats()` Kunit to check the longest symbol length x86/tools: Drop duplicate unlikely() definition in insn_decoder_test.c ipv6: remove leftover ip6 cookie initializer ipv6: replace ipcm6_init calls with ipcm6_init_sk smb: fix secondary channel creation issue with kerberos by populating hostname when adding channels drm/msm/disp: Correct porch timing for SDM845 drm/msm/dsi/dsi_phy_10nm: Fix missing initial VCO rate drm/msm: Fix CP_RESET_CONTEXT_STATE bitfield names drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE drm/ssd130x: fix ssd132x_clear_screen() columns ionic: Prevent driver/fw getting out of sync on devcmd(s) drm/nouveau/bl: increase buffer size to avoid truncate warning drm/i915/pmu: Fix build error with GCOV and AutoFDO enabled hwmon: (occ) Rework attribute registration for stack usage hwmon: (occ) fix unaligned accesses hwmon: (ltc4282) avoid repeated register write pldmfw: Select CRC32 when PLDMFW is selected aoe: clean device rq_list in aoedev_downdev() io_uring/sqpoll: don't put task_struct on tctx setup failure net: ice: Perform accurate aRFS flow match ice: fix eswitch code memory leak in reset scenario e1000e: set fixed clock frequency indication for Nahum 11 and Nahum 13 workqueue: Initialize wq_isolated_cpumask in workqueue_init_early() ksmbd: add free_transport ops in ksmbd connection net: netmem: fix skb_ensure_writable with unreadable skbs bnxt_en: Fix double invocation of bnxt_ulp_stop()/bnxt_ulp_start() eth: bnxt: fix out-of-range access of vnic_info array bnxt_en: Add a helper function to configure MRU and RSS bnxt_en: Update MRU and RSS table of RSS contexts on queue reset ptp: fix breakage after ptp_vclock_in_use() rework ptp: allow reading of currently dialed frequency to succeed on free-running clocks wifi: carl9170: do not ping device which has failed to load firmware mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu(). atm: atmtcp: Free invalid length skb in atmtcp_c_send(). tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen() behavior tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer tcp: fix passive TFO socket having invalid NAPI ID eth: fbnic: avoid double free when failing to DMA-map FW msg net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get() ublk: santizize the arguments from userspace when adding a device drm/xe: Wire up device shutdown handler drm/xe/gt: Update handling of xe_force_wake_get return drm/xe/bmg: Update Wa_16023588340 calipso: Fix null-ptr-deref in calipso_req_{set,del}attr(). mlxbf_gige: return EPROBE_DEFER if PHY IRQ is not available net: atm: add lec_mutex net: atm: fix /proc/net/atm/lec handling EDAC/amd64: Correct number of UMCs for family 19h models 70h-7fh dt-bindings: i2c: nvidia,tegra20-i2c: Specify the required properties smb: Log an error when close_all_cached_dirs fails serial: sh-sci: Clean sci_ports[0] after at earlycon exit serial: sh-sci: Increment the runtime usage counter for the earlycon device smb: client: fix first command failure during re-negotiation smb: client: fix max_sge overflow in smb_extract_folioq_to_rdma() s390/pci: Fix __pcilg_mio_inuser() inline assembly perf: Fix sample vs do_exit() perf: Fix cgroup state vs ERROR perf/core: Fix WARN in perf_cgroup_switch() arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth() scsi: elx: efct: Fix memory leak in efct_hw_parse_filter() RISC-V: KVM: Fix the size parameter check in SBI SFENCE calls RISC-V: KVM: Don't treat SBI HFENCE calls as NOPs gpio: pca953x: fix wrong error probe return value perf evsel: Missed close() when probing hybrid core PMUs perf test: Directory file descriptor leak gpio: mlxbf3: only get IRQ for device instance 0 cifs: Remove duplicate fattr->cf_dtype assignment from wsl_to_fattr() function bpftool: Fix cgroup command to only show cgroup bpf programs Linux 6.12.35 Change-Id: Ida57d269272a624bedb979bfad0b3c5e7df7e846 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
1982 lines
49 KiB
C
1982 lines
49 KiB
C
// SPDX-License-Identifier: GPL-2.0-only
|
|
/*
|
|
* linux/kernel/exit.c
|
|
*
|
|
* Copyright (C) 1991, 1992 Linus Torvalds
|
|
*/
|
|
|
|
#include <linux/mm.h>
|
|
#include <linux/slab.h>
|
|
#include <linux/sched/autogroup.h>
|
|
#include <linux/sched/mm.h>
|
|
#include <linux/sched/stat.h>
|
|
#include <linux/sched/task.h>
|
|
#include <linux/sched/task_stack.h>
|
|
#include <linux/sched/cputime.h>
|
|
#include <linux/interrupt.h>
|
|
#include <linux/module.h>
|
|
#include <linux/capability.h>
|
|
#include <linux/completion.h>
|
|
#include <linux/personality.h>
|
|
#include <linux/tty.h>
|
|
#include <linux/iocontext.h>
|
|
#include <linux/key.h>
|
|
#include <linux/cpu.h>
|
|
#include <linux/acct.h>
|
|
#include <linux/tsacct_kern.h>
|
|
#include <linux/file.h>
|
|
#include <linux/fdtable.h>
|
|
#include <linux/freezer.h>
|
|
#include <linux/binfmts.h>
|
|
#include <linux/nsproxy.h>
|
|
#include <linux/pid_namespace.h>
|
|
#include <linux/ptrace.h>
|
|
#include <linux/profile.h>
|
|
#include <linux/mount.h>
|
|
#include <linux/proc_fs.h>
|
|
#include <linux/kthread.h>
|
|
#include <linux/mempolicy.h>
|
|
#include <linux/taskstats_kern.h>
|
|
#include <linux/delayacct.h>
|
|
#include <linux/cgroup.h>
|
|
#include <linux/syscalls.h>
|
|
#include <linux/signal.h>
|
|
#include <linux/posix-timers.h>
|
|
#include <linux/cn_proc.h>
|
|
#include <linux/mutex.h>
|
|
#include <linux/futex.h>
|
|
#include <linux/pipe_fs_i.h>
|
|
#include <linux/audit.h> /* for audit_free() */
|
|
#include <linux/resource.h>
|
|
#include <linux/task_io_accounting_ops.h>
|
|
#include <linux/blkdev.h>
|
|
#include <linux/task_work.h>
|
|
#include <linux/fs_struct.h>
|
|
#include <linux/init_task.h>
|
|
#include <linux/perf_event.h>
|
|
#include <trace/events/sched.h>
|
|
#include <linux/hw_breakpoint.h>
|
|
#include <linux/oom.h>
|
|
#include <linux/writeback.h>
|
|
#include <linux/shm.h>
|
|
#include <linux/kcov.h>
|
|
#include <linux/kmsan.h>
|
|
#include <linux/random.h>
|
|
#include <linux/rcuwait.h>
|
|
#include <linux/compat.h>
|
|
#include <linux/io_uring.h>
|
|
#include <linux/kprobes.h>
|
|
#include <linux/rethook.h>
|
|
#include <linux/sysfs.h>
|
|
#include <linux/user_events.h>
|
|
#include <linux/uaccess.h>
|
|
|
|
#include <uapi/linux/wait.h>
|
|
|
|
#include <asm/unistd.h>
|
|
#include <asm/mmu_context.h>
|
|
#include <trace/hooks/dtask.h>
|
|
#include <trace/hooks/mm.h>
|
|
|
|
#include "exit.h"
|
|
|
|
/*
|
|
* The default value should be high enough to not crash a system that randomly
|
|
* crashes its kernel from time to time, but low enough to at least not permit
|
|
* overflowing 32-bit refcounts or the ldsem writer count.
|
|
*/
|
|
static unsigned int oops_limit = 10000;
|
|
|
|
#ifdef CONFIG_SYSCTL
|
|
static struct ctl_table kern_exit_table[] = {
|
|
{
|
|
.procname = "oops_limit",
|
|
.data = &oops_limit,
|
|
.maxlen = sizeof(oops_limit),
|
|
.mode = 0644,
|
|
.proc_handler = proc_douintvec,
|
|
},
|
|
};
|
|
|
|
static __init int kernel_exit_sysctls_init(void)
|
|
{
|
|
register_sysctl_init("kernel", kern_exit_table);
|
|
return 0;
|
|
}
|
|
late_initcall(kernel_exit_sysctls_init);
|
|
#endif
|
|
|
|
static atomic_t oops_count = ATOMIC_INIT(0);
|
|
|
|
#ifdef CONFIG_SYSFS
|
|
static ssize_t oops_count_show(struct kobject *kobj, struct kobj_attribute *attr,
|
|
char *page)
|
|
{
|
|
return sysfs_emit(page, "%d\n", atomic_read(&oops_count));
|
|
}
|
|
|
|
static struct kobj_attribute oops_count_attr = __ATTR_RO(oops_count);
|
|
|
|
static __init int kernel_exit_sysfs_init(void)
|
|
{
|
|
sysfs_add_file_to_group(kernel_kobj, &oops_count_attr.attr, NULL);
|
|
return 0;
|
|
}
|
|
late_initcall(kernel_exit_sysfs_init);
|
|
#endif
|
|
|
|
static void __unhash_process(struct task_struct *p, bool group_dead)
|
|
{
|
|
nr_threads--;
|
|
detach_pid(p, PIDTYPE_PID);
|
|
if (group_dead) {
|
|
detach_pid(p, PIDTYPE_TGID);
|
|
detach_pid(p, PIDTYPE_PGID);
|
|
detach_pid(p, PIDTYPE_SID);
|
|
|
|
list_del_rcu(&p->tasks);
|
|
list_del_init(&p->sibling);
|
|
__this_cpu_dec(process_counts);
|
|
}
|
|
list_del_rcu(&p->thread_node);
|
|
}
|
|
|
|
/*
|
|
* This function expects the tasklist_lock write-locked.
|
|
*/
|
|
static void __exit_signal(struct task_struct *tsk)
|
|
{
|
|
struct signal_struct *sig = tsk->signal;
|
|
bool group_dead = thread_group_leader(tsk);
|
|
struct sighand_struct *sighand;
|
|
struct tty_struct *tty;
|
|
u64 utime, stime;
|
|
|
|
sighand = rcu_dereference_check(tsk->sighand,
|
|
lockdep_tasklist_lock_is_held());
|
|
spin_lock(&sighand->siglock);
|
|
|
|
#ifdef CONFIG_POSIX_TIMERS
|
|
posix_cpu_timers_exit(tsk);
|
|
if (group_dead)
|
|
posix_cpu_timers_exit_group(tsk);
|
|
#endif
|
|
|
|
if (group_dead) {
|
|
tty = sig->tty;
|
|
sig->tty = NULL;
|
|
} else {
|
|
/*
|
|
* If there is any task waiting for the group exit
|
|
* then notify it:
|
|
*/
|
|
if (sig->notify_count > 0 && !--sig->notify_count)
|
|
wake_up_process(sig->group_exec_task);
|
|
|
|
if (tsk == sig->curr_target)
|
|
sig->curr_target = next_thread(tsk);
|
|
}
|
|
|
|
add_device_randomness((const void*) &tsk->se.sum_exec_runtime,
|
|
sizeof(unsigned long long));
|
|
|
|
/*
|
|
* Accumulate here the counters for all threads as they die. We could
|
|
* skip the group leader because it is the last user of signal_struct,
|
|
* but we want to avoid the race with thread_group_cputime() which can
|
|
* see the empty ->thread_head list.
|
|
*/
|
|
task_cputime(tsk, &utime, &stime);
|
|
write_seqlock(&sig->stats_lock);
|
|
sig->utime += utime;
|
|
sig->stime += stime;
|
|
sig->gtime += task_gtime(tsk);
|
|
sig->min_flt += tsk->min_flt;
|
|
sig->maj_flt += tsk->maj_flt;
|
|
sig->nvcsw += tsk->nvcsw;
|
|
sig->nivcsw += tsk->nivcsw;
|
|
sig->inblock += task_io_get_inblock(tsk);
|
|
sig->oublock += task_io_get_oublock(tsk);
|
|
task_io_accounting_add(&sig->ioac, &tsk->ioac);
|
|
sig->sum_sched_runtime += tsk->se.sum_exec_runtime;
|
|
sig->nr_threads--;
|
|
__unhash_process(tsk, group_dead);
|
|
write_sequnlock(&sig->stats_lock);
|
|
|
|
/*
|
|
* Do this under ->siglock, we can race with another thread
|
|
* doing sigqueue_free() if we have SIGQUEUE_PREALLOC signals.
|
|
*/
|
|
flush_sigqueue(&tsk->pending);
|
|
tsk->sighand = NULL;
|
|
spin_unlock(&sighand->siglock);
|
|
|
|
__cleanup_sighand(sighand);
|
|
clear_tsk_thread_flag(tsk, TIF_SIGPENDING);
|
|
if (group_dead) {
|
|
flush_sigqueue(&sig->shared_pending);
|
|
tty_kref_put(tty);
|
|
}
|
|
}
|
|
|
|
static void delayed_put_task_struct(struct rcu_head *rhp)
|
|
{
|
|
struct task_struct *tsk = container_of(rhp, struct task_struct, rcu);
|
|
|
|
kprobe_flush_task(tsk);
|
|
rethook_flush_task(tsk);
|
|
perf_event_delayed_put(tsk);
|
|
trace_sched_process_free(tsk);
|
|
put_task_struct(tsk);
|
|
}
|
|
|
|
void put_task_struct_rcu_user(struct task_struct *task)
|
|
{
|
|
if (refcount_dec_and_test(&task->rcu_users))
|
|
call_rcu(&task->rcu, delayed_put_task_struct);
|
|
}
|
|
|
|
void __weak release_thread(struct task_struct *dead_task)
|
|
{
|
|
}
|
|
|
|
void release_task(struct task_struct *p)
|
|
{
|
|
struct task_struct *leader;
|
|
struct pid *thread_pid;
|
|
int zap_leader;
|
|
repeat:
|
|
/* don't need to get the RCU readlock here - the process is dead and
|
|
* can't be modifying its own credentials. But shut RCU-lockdep up */
|
|
rcu_read_lock();
|
|
dec_rlimit_ucounts(task_ucounts(p), UCOUNT_RLIMIT_NPROC, 1);
|
|
rcu_read_unlock();
|
|
|
|
cgroup_release(p);
|
|
|
|
write_lock_irq(&tasklist_lock);
|
|
ptrace_release_task(p);
|
|
thread_pid = get_pid(p->thread_pid);
|
|
__exit_signal(p);
|
|
|
|
/*
|
|
* If we are the last non-leader member of the thread
|
|
* group, and the leader is zombie, then notify the
|
|
* group leader's parent process. (if it wants notification.)
|
|
*/
|
|
zap_leader = 0;
|
|
leader = p->group_leader;
|
|
if (leader != p && thread_group_empty(leader)
|
|
&& leader->exit_state == EXIT_ZOMBIE) {
|
|
/*
|
|
* If we were the last child thread and the leader has
|
|
* exited already, and the leader's parent ignores SIGCHLD,
|
|
* then we are the one who should release the leader.
|
|
*/
|
|
zap_leader = do_notify_parent(leader, leader->exit_signal);
|
|
if (zap_leader)
|
|
leader->exit_state = EXIT_DEAD;
|
|
}
|
|
|
|
write_unlock_irq(&tasklist_lock);
|
|
proc_flush_pid(thread_pid);
|
|
put_pid(thread_pid);
|
|
release_thread(p);
|
|
put_task_struct_rcu_user(p);
|
|
|
|
p = leader;
|
|
if (unlikely(zap_leader))
|
|
goto repeat;
|
|
}
|
|
|
|
int rcuwait_wake_up(struct rcuwait *w)
|
|
{
|
|
int ret = 0;
|
|
struct task_struct *task;
|
|
|
|
rcu_read_lock();
|
|
|
|
/*
|
|
* Order condition vs @task, such that everything prior to the load
|
|
* of @task is visible. This is the condition as to why the user called
|
|
* rcuwait_wake() in the first place. Pairs with set_current_state()
|
|
* barrier (A) in rcuwait_wait_event().
|
|
*
|
|
* WAIT WAKE
|
|
* [S] tsk = current [S] cond = true
|
|
* MB (A) MB (B)
|
|
* [L] cond [L] tsk
|
|
*/
|
|
smp_mb(); /* (B) */
|
|
|
|
task = rcu_dereference(w->task);
|
|
if (task)
|
|
ret = wake_up_process(task);
|
|
rcu_read_unlock();
|
|
|
|
return ret;
|
|
}
|
|
EXPORT_SYMBOL_GPL(rcuwait_wake_up);
|
|
|
|
/*
|
|
* Determine if a process group is "orphaned", according to the POSIX
|
|
* definition in 2.2.2.52. Orphaned process groups are not to be affected
|
|
* by terminal-generated stop signals. Newly orphaned process groups are
|
|
* to receive a SIGHUP and a SIGCONT.
|
|
*
|
|
* "I ask you, have you ever known what it is to be an orphan?"
|
|
*/
|
|
static int will_become_orphaned_pgrp(struct pid *pgrp,
|
|
struct task_struct *ignored_task)
|
|
{
|
|
struct task_struct *p;
|
|
|
|
do_each_pid_task(pgrp, PIDTYPE_PGID, p) {
|
|
if ((p == ignored_task) ||
|
|
(p->exit_state && thread_group_empty(p)) ||
|
|
is_global_init(p->real_parent))
|
|
continue;
|
|
|
|
if (task_pgrp(p->real_parent) != pgrp &&
|
|
task_session(p->real_parent) == task_session(p))
|
|
return 0;
|
|
} while_each_pid_task(pgrp, PIDTYPE_PGID, p);
|
|
|
|
return 1;
|
|
}
|
|
|
|
int is_current_pgrp_orphaned(void)
|
|
{
|
|
int retval;
|
|
|
|
read_lock(&tasklist_lock);
|
|
retval = will_become_orphaned_pgrp(task_pgrp(current), NULL);
|
|
read_unlock(&tasklist_lock);
|
|
|
|
return retval;
|
|
}
|
|
|
|
static bool has_stopped_jobs(struct pid *pgrp)
|
|
{
|
|
struct task_struct *p;
|
|
|
|
do_each_pid_task(pgrp, PIDTYPE_PGID, p) {
|
|
if (p->signal->flags & SIGNAL_STOP_STOPPED)
|
|
return true;
|
|
} while_each_pid_task(pgrp, PIDTYPE_PGID, p);
|
|
|
|
return false;
|
|
}
|
|
|
|
/*
|
|
* Check to see if any process groups have become orphaned as
|
|
* a result of our exiting, and if they have any stopped jobs,
|
|
* send them a SIGHUP and then a SIGCONT. (POSIX 3.2.2.2)
|
|
*/
|
|
static void
|
|
kill_orphaned_pgrp(struct task_struct *tsk, struct task_struct *parent)
|
|
{
|
|
struct pid *pgrp = task_pgrp(tsk);
|
|
struct task_struct *ignored_task = tsk;
|
|
|
|
if (!parent)
|
|
/* exit: our father is in a different pgrp than
|
|
* we are and we were the only connection outside.
|
|
*/
|
|
parent = tsk->real_parent;
|
|
else
|
|
/* reparent: our child is in a different pgrp than
|
|
* we are, and it was the only connection outside.
|
|
*/
|
|
ignored_task = NULL;
|
|
|
|
if (task_pgrp(parent) != pgrp &&
|
|
task_session(parent) == task_session(tsk) &&
|
|
will_become_orphaned_pgrp(pgrp, ignored_task) &&
|
|
has_stopped_jobs(pgrp)) {
|
|
__kill_pgrp_info(SIGHUP, SEND_SIG_PRIV, pgrp);
|
|
__kill_pgrp_info(SIGCONT, SEND_SIG_PRIV, pgrp);
|
|
}
|
|
}
|
|
|
|
static void coredump_task_exit(struct task_struct *tsk)
|
|
{
|
|
struct core_state *core_state;
|
|
|
|
/*
|
|
* Serialize with any possible pending coredump.
|
|
* We must hold siglock around checking core_state
|
|
* and setting PF_POSTCOREDUMP. The core-inducing thread
|
|
* will increment ->nr_threads for each thread in the
|
|
* group without PF_POSTCOREDUMP set.
|
|
*/
|
|
spin_lock_irq(&tsk->sighand->siglock);
|
|
tsk->flags |= PF_POSTCOREDUMP;
|
|
core_state = tsk->signal->core_state;
|
|
spin_unlock_irq(&tsk->sighand->siglock);
|
|
if (core_state) {
|
|
struct core_thread self;
|
|
|
|
self.task = current;
|
|
if (self.task->flags & PF_SIGNALED)
|
|
self.next = xchg(&core_state->dumper.next, &self);
|
|
else
|
|
self.task = NULL;
|
|
/*
|
|
* Implies mb(), the result of xchg() must be visible
|
|
* to core_state->dumper.
|
|
*/
|
|
if (atomic_dec_and_test(&core_state->nr_threads))
|
|
complete(&core_state->startup);
|
|
|
|
for (;;) {
|
|
set_current_state(TASK_IDLE|TASK_FREEZABLE);
|
|
if (!self.task) /* see coredump_finish() */
|
|
break;
|
|
schedule();
|
|
}
|
|
__set_current_state(TASK_RUNNING);
|
|
}
|
|
}
|
|
|
|
#ifdef CONFIG_MEMCG
|
|
/* drops tasklist_lock if succeeds */
|
|
static bool __try_to_set_owner(struct task_struct *tsk, struct mm_struct *mm)
|
|
{
|
|
bool ret = false;
|
|
|
|
task_lock(tsk);
|
|
if (likely(tsk->mm == mm)) {
|
|
/* tsk can't pass exit_mm/exec_mmap and exit */
|
|
read_unlock(&tasklist_lock);
|
|
WRITE_ONCE(mm->owner, tsk);
|
|
lru_gen_migrate_mm(mm);
|
|
ret = true;
|
|
}
|
|
task_unlock(tsk);
|
|
return ret;
|
|
}
|
|
|
|
static bool try_to_set_owner(struct task_struct *g, struct mm_struct *mm)
|
|
{
|
|
struct task_struct *t;
|
|
|
|
for_each_thread(g, t) {
|
|
struct mm_struct *t_mm = READ_ONCE(t->mm);
|
|
if (t_mm == mm) {
|
|
if (__try_to_set_owner(t, mm))
|
|
return true;
|
|
} else if (t_mm)
|
|
break;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
/*
|
|
* A task is exiting. If it owned this mm, find a new owner for the mm.
|
|
*/
|
|
void mm_update_next_owner(struct mm_struct *mm)
|
|
{
|
|
struct task_struct *g, *p = current;
|
|
|
|
/*
|
|
* If the exiting or execing task is not the owner, it's
|
|
* someone else's problem.
|
|
*/
|
|
if (mm->owner != p)
|
|
return;
|
|
/*
|
|
* The current owner is exiting/execing and there are no other
|
|
* candidates. Do not leave the mm pointing to a possibly
|
|
* freed task structure.
|
|
*/
|
|
if (atomic_read(&mm->mm_users) <= 1) {
|
|
WRITE_ONCE(mm->owner, NULL);
|
|
return;
|
|
}
|
|
|
|
read_lock(&tasklist_lock);
|
|
/*
|
|
* Search in the children
|
|
*/
|
|
list_for_each_entry(g, &p->children, sibling) {
|
|
if (try_to_set_owner(g, mm))
|
|
goto ret;
|
|
}
|
|
/*
|
|
* Search in the siblings
|
|
*/
|
|
list_for_each_entry(g, &p->real_parent->children, sibling) {
|
|
if (try_to_set_owner(g, mm))
|
|
goto ret;
|
|
}
|
|
/*
|
|
* Search through everything else, we should not get here often.
|
|
*/
|
|
for_each_process(g) {
|
|
if (atomic_read(&mm->mm_users) <= 1)
|
|
break;
|
|
if (g->flags & PF_KTHREAD)
|
|
continue;
|
|
if (try_to_set_owner(g, mm))
|
|
goto ret;
|
|
}
|
|
read_unlock(&tasklist_lock);
|
|
/*
|
|
* We found no owner yet mm_users > 1: this implies that we are
|
|
* most likely racing with swapoff (try_to_unuse()) or /proc or
|
|
* ptrace or page migration (get_task_mm()). Mark owner as NULL.
|
|
*/
|
|
WRITE_ONCE(mm->owner, NULL);
|
|
ret:
|
|
return;
|
|
|
|
}
|
|
#endif /* CONFIG_MEMCG */
|
|
|
|
/*
|
|
* Turn us into a lazy TLB process if we
|
|
* aren't already..
|
|
*/
|
|
static void exit_mm(void)
|
|
{
|
|
struct mm_struct *mm = current->mm;
|
|
|
|
exit_mm_release(current, mm);
|
|
if (!mm)
|
|
return;
|
|
mmap_read_lock(mm);
|
|
mmgrab_lazy_tlb(mm);
|
|
BUG_ON(mm != current->active_mm);
|
|
/* more a memory barrier than a real lock */
|
|
task_lock(current);
|
|
/*
|
|
* When a thread stops operating on an address space, the loop
|
|
* in membarrier_private_expedited() may not observe that
|
|
* tsk->mm, and the loop in membarrier_global_expedited() may
|
|
* not observe a MEMBARRIER_STATE_GLOBAL_EXPEDITED
|
|
* rq->membarrier_state, so those would not issue an IPI.
|
|
* Membarrier requires a memory barrier after accessing
|
|
* user-space memory, before clearing tsk->mm or the
|
|
* rq->membarrier_state.
|
|
*/
|
|
smp_mb__after_spinlock();
|
|
local_irq_disable();
|
|
current->mm = NULL;
|
|
membarrier_update_current_mm(NULL);
|
|
enter_lazy_tlb(mm, current);
|
|
local_irq_enable();
|
|
task_unlock(current);
|
|
mmap_read_unlock(mm);
|
|
mm_update_next_owner(mm);
|
|
trace_android_vh_exit_mm(mm);
|
|
mmput(mm);
|
|
if (test_thread_flag(TIF_MEMDIE))
|
|
exit_oom_victim();
|
|
}
|
|
|
|
static struct task_struct *find_alive_thread(struct task_struct *p)
|
|
{
|
|
struct task_struct *t;
|
|
|
|
for_each_thread(p, t) {
|
|
if (!(t->flags & PF_EXITING))
|
|
return t;
|
|
}
|
|
return NULL;
|
|
}
|
|
|
|
static struct task_struct *find_child_reaper(struct task_struct *father,
|
|
struct list_head *dead)
|
|
__releases(&tasklist_lock)
|
|
__acquires(&tasklist_lock)
|
|
{
|
|
struct pid_namespace *pid_ns = task_active_pid_ns(father);
|
|
struct task_struct *reaper = pid_ns->child_reaper;
|
|
struct task_struct *p, *n;
|
|
|
|
if (likely(reaper != father))
|
|
return reaper;
|
|
|
|
reaper = find_alive_thread(father);
|
|
if (reaper) {
|
|
pid_ns->child_reaper = reaper;
|
|
return reaper;
|
|
}
|
|
|
|
write_unlock_irq(&tasklist_lock);
|
|
|
|
list_for_each_entry_safe(p, n, dead, ptrace_entry) {
|
|
list_del_init(&p->ptrace_entry);
|
|
release_task(p);
|
|
}
|
|
|
|
zap_pid_ns_processes(pid_ns);
|
|
write_lock_irq(&tasklist_lock);
|
|
|
|
return father;
|
|
}
|
|
|
|
/*
|
|
* When we die, we re-parent all our children, and try to:
|
|
* 1. give them to another thread in our thread group, if such a member exists
|
|
* 2. give it to the first ancestor process which prctl'd itself as a
|
|
* child_subreaper for its children (like a service manager)
|
|
* 3. give it to the init process (PID 1) in our pid namespace
|
|
*/
|
|
static struct task_struct *find_new_reaper(struct task_struct *father,
|
|
struct task_struct *child_reaper)
|
|
{
|
|
struct task_struct *thread, *reaper;
|
|
|
|
thread = find_alive_thread(father);
|
|
if (thread)
|
|
return thread;
|
|
|
|
if (father->signal->has_child_subreaper) {
|
|
unsigned int ns_level = task_pid(father)->level;
|
|
/*
|
|
* Find the first ->is_child_subreaper ancestor in our pid_ns.
|
|
* We can't check reaper != child_reaper to ensure we do not
|
|
* cross the namespaces, the exiting parent could be injected
|
|
* by setns() + fork().
|
|
* We check pid->level, this is slightly more efficient than
|
|
* task_active_pid_ns(reaper) != task_active_pid_ns(father).
|
|
*/
|
|
for (reaper = father->real_parent;
|
|
task_pid(reaper)->level == ns_level;
|
|
reaper = reaper->real_parent) {
|
|
if (reaper == &init_task)
|
|
break;
|
|
if (!reaper->signal->is_child_subreaper)
|
|
continue;
|
|
thread = find_alive_thread(reaper);
|
|
if (thread)
|
|
return thread;
|
|
}
|
|
}
|
|
|
|
return child_reaper;
|
|
}
|
|
|
|
/*
|
|
* Any that need to be release_task'd are put on the @dead list.
|
|
*/
|
|
static void reparent_leader(struct task_struct *father, struct task_struct *p,
|
|
struct list_head *dead)
|
|
{
|
|
if (unlikely(p->exit_state == EXIT_DEAD))
|
|
return;
|
|
|
|
/* We don't want people slaying init. */
|
|
p->exit_signal = SIGCHLD;
|
|
|
|
/* If it has exited notify the new parent about this child's death. */
|
|
if (!p->ptrace &&
|
|
p->exit_state == EXIT_ZOMBIE && thread_group_empty(p)) {
|
|
if (do_notify_parent(p, p->exit_signal)) {
|
|
p->exit_state = EXIT_DEAD;
|
|
list_add(&p->ptrace_entry, dead);
|
|
}
|
|
}
|
|
|
|
kill_orphaned_pgrp(p, father);
|
|
}
|
|
|
|
/*
|
|
* This does two things:
|
|
*
|
|
* A. Make init inherit all the child processes
|
|
* B. Check to see if any process groups have become orphaned
|
|
* as a result of our exiting, and if they have any stopped
|
|
* jobs, send them a SIGHUP and then a SIGCONT. (POSIX 3.2.2.2)
|
|
*/
|
|
static void forget_original_parent(struct task_struct *father,
|
|
struct list_head *dead)
|
|
{
|
|
struct task_struct *p, *t, *reaper;
|
|
|
|
if (unlikely(!list_empty(&father->ptraced)))
|
|
exit_ptrace(father, dead);
|
|
|
|
/* Can drop and reacquire tasklist_lock */
|
|
reaper = find_child_reaper(father, dead);
|
|
if (list_empty(&father->children))
|
|
return;
|
|
|
|
reaper = find_new_reaper(father, reaper);
|
|
list_for_each_entry(p, &father->children, sibling) {
|
|
for_each_thread(p, t) {
|
|
RCU_INIT_POINTER(t->real_parent, reaper);
|
|
BUG_ON((!t->ptrace) != (rcu_access_pointer(t->parent) == father));
|
|
if (likely(!t->ptrace))
|
|
t->parent = t->real_parent;
|
|
if (t->pdeath_signal)
|
|
group_send_sig_info(t->pdeath_signal,
|
|
SEND_SIG_NOINFO, t,
|
|
PIDTYPE_TGID);
|
|
}
|
|
/*
|
|
* If this is a threaded reparent there is no need to
|
|
* notify anyone anything has happened.
|
|
*/
|
|
if (!same_thread_group(reaper, father))
|
|
reparent_leader(father, p, dead);
|
|
}
|
|
list_splice_tail_init(&father->children, &reaper->children);
|
|
}
|
|
|
|
/*
|
|
* Send signals to all our closest relatives so that they know
|
|
* to properly mourn us..
|
|
*/
|
|
static void exit_notify(struct task_struct *tsk, int group_dead)
|
|
{
|
|
bool autoreap;
|
|
struct task_struct *p, *n;
|
|
LIST_HEAD(dead);
|
|
|
|
write_lock_irq(&tasklist_lock);
|
|
forget_original_parent(tsk, &dead);
|
|
|
|
if (group_dead)
|
|
kill_orphaned_pgrp(tsk->group_leader, NULL);
|
|
|
|
tsk->exit_state = EXIT_ZOMBIE;
|
|
/*
|
|
* Ignore thread-group leaders that exited before all
|
|
* subthreads did.
|
|
*/
|
|
if (!delay_group_leader(tsk))
|
|
do_notify_pidfd(tsk);
|
|
|
|
if (unlikely(tsk->ptrace)) {
|
|
int sig = thread_group_leader(tsk) &&
|
|
thread_group_empty(tsk) &&
|
|
!ptrace_reparented(tsk) ?
|
|
tsk->exit_signal : SIGCHLD;
|
|
autoreap = do_notify_parent(tsk, sig);
|
|
} else if (thread_group_leader(tsk)) {
|
|
autoreap = thread_group_empty(tsk) &&
|
|
do_notify_parent(tsk, tsk->exit_signal);
|
|
} else {
|
|
autoreap = true;
|
|
}
|
|
|
|
if (autoreap) {
|
|
tsk->exit_state = EXIT_DEAD;
|
|
list_add(&tsk->ptrace_entry, &dead);
|
|
}
|
|
|
|
/* mt-exec, de_thread() is waiting for group leader */
|
|
if (unlikely(tsk->signal->notify_count < 0))
|
|
wake_up_process(tsk->signal->group_exec_task);
|
|
write_unlock_irq(&tasklist_lock);
|
|
|
|
list_for_each_entry_safe(p, n, &dead, ptrace_entry) {
|
|
list_del_init(&p->ptrace_entry);
|
|
release_task(p);
|
|
}
|
|
}
|
|
|
|
#ifdef CONFIG_DEBUG_STACK_USAGE
|
|
unsigned long stack_not_used(struct task_struct *p)
|
|
{
|
|
unsigned long *n = end_of_stack(p);
|
|
|
|
do { /* Skip over canary */
|
|
# ifdef CONFIG_STACK_GROWSUP
|
|
n--;
|
|
# else
|
|
n++;
|
|
# endif
|
|
} while (!*n);
|
|
|
|
# ifdef CONFIG_STACK_GROWSUP
|
|
return (unsigned long)end_of_stack(p) - (unsigned long)n;
|
|
# else
|
|
return (unsigned long)n - (unsigned long)end_of_stack(p);
|
|
# endif
|
|
}
|
|
|
|
/* Count the maximum pages reached in kernel stacks */
|
|
static inline void kstack_histogram(unsigned long used_stack)
|
|
{
|
|
#ifdef CONFIG_VM_EVENT_COUNTERS
|
|
if (used_stack <= 1024)
|
|
count_vm_event(KSTACK_1K);
|
|
#if THREAD_SIZE > 1024
|
|
else if (used_stack <= 2048)
|
|
count_vm_event(KSTACK_2K);
|
|
#endif
|
|
#if THREAD_SIZE > 2048
|
|
else if (used_stack <= 4096)
|
|
count_vm_event(KSTACK_4K);
|
|
#endif
|
|
#if THREAD_SIZE > 4096
|
|
else if (used_stack <= 8192)
|
|
count_vm_event(KSTACK_8K);
|
|
#endif
|
|
#if THREAD_SIZE > 8192
|
|
else if (used_stack <= 16384)
|
|
count_vm_event(KSTACK_16K);
|
|
#endif
|
|
#if THREAD_SIZE > 16384
|
|
else if (used_stack <= 32768)
|
|
count_vm_event(KSTACK_32K);
|
|
#endif
|
|
#if THREAD_SIZE > 32768
|
|
else if (used_stack <= 65536)
|
|
count_vm_event(KSTACK_64K);
|
|
#endif
|
|
#if THREAD_SIZE > 65536
|
|
else
|
|
count_vm_event(KSTACK_REST);
|
|
#endif
|
|
#endif /* CONFIG_VM_EVENT_COUNTERS */
|
|
}
|
|
|
|
static void check_stack_usage(void)
|
|
{
|
|
static DEFINE_SPINLOCK(low_water_lock);
|
|
static int lowest_to_date = THREAD_SIZE;
|
|
unsigned long free;
|
|
|
|
free = stack_not_used(current);
|
|
kstack_histogram(THREAD_SIZE - free);
|
|
|
|
if (free >= lowest_to_date)
|
|
return;
|
|
|
|
spin_lock(&low_water_lock);
|
|
if (free < lowest_to_date) {
|
|
pr_info("%s (%d) used greatest stack depth: %lu bytes left\n",
|
|
current->comm, task_pid_nr(current), free);
|
|
lowest_to_date = free;
|
|
}
|
|
spin_unlock(&low_water_lock);
|
|
}
|
|
#else
|
|
static inline void check_stack_usage(void) {}
|
|
#endif
|
|
|
|
static void synchronize_group_exit(struct task_struct *tsk, long code)
|
|
{
|
|
struct sighand_struct *sighand = tsk->sighand;
|
|
struct signal_struct *signal = tsk->signal;
|
|
|
|
spin_lock_irq(&sighand->siglock);
|
|
signal->quick_threads--;
|
|
if ((signal->quick_threads == 0) &&
|
|
!(signal->flags & SIGNAL_GROUP_EXIT)) {
|
|
signal->flags = SIGNAL_GROUP_EXIT;
|
|
signal->group_exit_code = code;
|
|
signal->group_stop_count = 0;
|
|
}
|
|
spin_unlock_irq(&sighand->siglock);
|
|
}
|
|
|
|
void __noreturn do_exit(long code)
|
|
{
|
|
struct task_struct *tsk = current;
|
|
int group_dead;
|
|
|
|
WARN_ON(irqs_disabled());
|
|
|
|
synchronize_group_exit(tsk, code);
|
|
|
|
WARN_ON(tsk->plug);
|
|
|
|
profile_task_exit(tsk);
|
|
kcov_task_exit(tsk);
|
|
kmsan_task_exit(tsk);
|
|
|
|
coredump_task_exit(tsk);
|
|
ptrace_event(PTRACE_EVENT_EXIT, code);
|
|
user_events_exit(tsk);
|
|
|
|
io_uring_files_cancel();
|
|
exit_signals(tsk); /* sets PF_EXITING */
|
|
trace_android_vh_exit_check(current);
|
|
|
|
seccomp_filter_release(tsk);
|
|
|
|
acct_update_integrals(tsk);
|
|
group_dead = atomic_dec_and_test(&tsk->signal->live);
|
|
if (group_dead) {
|
|
/*
|
|
* If the last thread of global init has exited, panic
|
|
* immediately to get a useable coredump.
|
|
*/
|
|
if (unlikely(is_global_init(tsk)))
|
|
panic("Attempted to kill init! exitcode=0x%08x\n",
|
|
tsk->signal->group_exit_code ?: (int)code);
|
|
|
|
#ifdef CONFIG_POSIX_TIMERS
|
|
hrtimer_cancel(&tsk->signal->real_timer);
|
|
exit_itimers(tsk);
|
|
#endif
|
|
if (tsk->mm)
|
|
setmax_mm_hiwater_rss(&tsk->signal->maxrss, tsk->mm);
|
|
}
|
|
acct_collect(code, group_dead);
|
|
if (group_dead)
|
|
tty_audit_exit();
|
|
audit_free(tsk);
|
|
|
|
tsk->exit_code = code;
|
|
taskstats_exit(tsk, group_dead);
|
|
|
|
/*
|
|
* Since sampling can touch ->mm, make sure to stop everything before we
|
|
* tear it down.
|
|
*
|
|
* Also flushes inherited counters to the parent - before the parent
|
|
* gets woken up by child-exit notifications.
|
|
*/
|
|
perf_event_exit_task(tsk);
|
|
|
|
exit_mm();
|
|
|
|
if (group_dead)
|
|
acct_process();
|
|
trace_sched_process_exit(tsk);
|
|
|
|
exit_sem(tsk);
|
|
exit_shm(tsk);
|
|
exit_files(tsk);
|
|
exit_fs(tsk);
|
|
if (group_dead)
|
|
disassociate_ctty(1);
|
|
exit_task_namespaces(tsk);
|
|
exit_task_work(tsk);
|
|
exit_thread(tsk);
|
|
|
|
sched_autogroup_exit_task(tsk);
|
|
cgroup_exit(tsk);
|
|
|
|
/*
|
|
* FIXME: do that only when needed, using sched_exit tracepoint
|
|
*/
|
|
flush_ptrace_hw_breakpoint(tsk);
|
|
|
|
exit_tasks_rcu_start();
|
|
exit_notify(tsk, group_dead);
|
|
proc_exit_connector(tsk);
|
|
mpol_put_task_policy(tsk);
|
|
#ifdef CONFIG_FUTEX
|
|
if (unlikely(current->pi_state_cache))
|
|
kfree(current->pi_state_cache);
|
|
#endif
|
|
/*
|
|
* Make sure we are holding no locks:
|
|
*/
|
|
debug_check_no_locks_held();
|
|
|
|
if (tsk->io_context)
|
|
exit_io_context(tsk);
|
|
|
|
if (tsk->splice_pipe)
|
|
free_pipe_info(tsk->splice_pipe);
|
|
|
|
if (tsk->task_frag.page)
|
|
put_page(tsk->task_frag.page);
|
|
|
|
exit_task_stack_account(tsk);
|
|
|
|
check_stack_usage();
|
|
preempt_disable();
|
|
if (tsk->nr_dirtied)
|
|
__this_cpu_add(dirty_throttle_leaks, tsk->nr_dirtied);
|
|
exit_rcu();
|
|
exit_tasks_rcu_finish();
|
|
|
|
lockdep_free_task(tsk);
|
|
do_task_dead();
|
|
}
|
|
|
|
void __noreturn make_task_dead(int signr)
|
|
{
|
|
/*
|
|
* Take the task off the cpu after something catastrophic has
|
|
* happened.
|
|
*
|
|
* We can get here from a kernel oops, sometimes with preemption off.
|
|
* Start by checking for critical errors.
|
|
* Then fix up important state like USER_DS and preemption.
|
|
* Then do everything else.
|
|
*/
|
|
struct task_struct *tsk = current;
|
|
unsigned int limit;
|
|
|
|
if (unlikely(in_interrupt()))
|
|
panic("Aiee, killing interrupt handler!");
|
|
if (unlikely(!tsk->pid))
|
|
panic("Attempted to kill the idle task!");
|
|
|
|
if (unlikely(irqs_disabled())) {
|
|
pr_info("note: %s[%d] exited with irqs disabled\n",
|
|
current->comm, task_pid_nr(current));
|
|
local_irq_enable();
|
|
}
|
|
if (unlikely(in_atomic())) {
|
|
pr_info("note: %s[%d] exited with preempt_count %d\n",
|
|
current->comm, task_pid_nr(current),
|
|
preempt_count());
|
|
preempt_count_set(PREEMPT_ENABLED);
|
|
}
|
|
|
|
/*
|
|
* Every time the system oopses, if the oops happens while a reference
|
|
* to an object was held, the reference leaks.
|
|
* If the oops doesn't also leak memory, repeated oopsing can cause
|
|
* reference counters to wrap around (if they're not using refcount_t).
|
|
* This means that repeated oopsing can make unexploitable-looking bugs
|
|
* exploitable through repeated oopsing.
|
|
* To make sure this can't happen, place an upper bound on how often the
|
|
* kernel may oops without panic().
|
|
*/
|
|
limit = READ_ONCE(oops_limit);
|
|
if (atomic_inc_return(&oops_count) >= limit && limit)
|
|
panic("Oopsed too often (kernel.oops_limit is %d)", limit);
|
|
|
|
/*
|
|
* We're taking recursive faults here in make_task_dead. Safest is to just
|
|
* leave this task alone and wait for reboot.
|
|
*/
|
|
if (unlikely(tsk->flags & PF_EXITING)) {
|
|
pr_alert("Fixing recursive fault but reboot is needed!\n");
|
|
futex_exit_recursive(tsk);
|
|
tsk->exit_state = EXIT_DEAD;
|
|
refcount_inc(&tsk->rcu_users);
|
|
do_task_dead();
|
|
}
|
|
|
|
do_exit(signr);
|
|
}
|
|
|
|
SYSCALL_DEFINE1(exit, int, error_code)
|
|
{
|
|
do_exit((error_code&0xff)<<8);
|
|
}
|
|
|
|
/*
|
|
* Take down every thread in the group. This is called by fatal signals
|
|
* as well as by sys_exit_group (below).
|
|
*/
|
|
void __noreturn
|
|
do_group_exit(int exit_code)
|
|
{
|
|
struct signal_struct *sig = current->signal;
|
|
|
|
if (sig->flags & SIGNAL_GROUP_EXIT)
|
|
exit_code = sig->group_exit_code;
|
|
else if (sig->group_exec_task)
|
|
exit_code = 0;
|
|
else {
|
|
struct sighand_struct *const sighand = current->sighand;
|
|
|
|
spin_lock_irq(&sighand->siglock);
|
|
if (sig->flags & SIGNAL_GROUP_EXIT)
|
|
/* Another thread got here before we took the lock. */
|
|
exit_code = sig->group_exit_code;
|
|
else if (sig->group_exec_task)
|
|
exit_code = 0;
|
|
else {
|
|
sig->group_exit_code = exit_code;
|
|
sig->flags = SIGNAL_GROUP_EXIT;
|
|
zap_other_threads(current);
|
|
}
|
|
spin_unlock_irq(&sighand->siglock);
|
|
}
|
|
trace_android_vh_do_group_exit(current);
|
|
|
|
do_exit(exit_code);
|
|
/* NOTREACHED */
|
|
}
|
|
|
|
/*
|
|
* this kills every thread in the thread group. Note that any externally
|
|
* wait4()-ing process will get the correct exit code - even if this
|
|
* thread is not the thread group leader.
|
|
*/
|
|
SYSCALL_DEFINE1(exit_group, int, error_code)
|
|
{
|
|
do_group_exit((error_code & 0xff) << 8);
|
|
/* NOTREACHED */
|
|
return 0;
|
|
}
|
|
|
|
static int eligible_pid(struct wait_opts *wo, struct task_struct *p)
|
|
{
|
|
return wo->wo_type == PIDTYPE_MAX ||
|
|
task_pid_type(p, wo->wo_type) == wo->wo_pid;
|
|
}
|
|
|
|
static int
|
|
eligible_child(struct wait_opts *wo, bool ptrace, struct task_struct *p)
|
|
{
|
|
if (!eligible_pid(wo, p))
|
|
return 0;
|
|
|
|
/*
|
|
* Wait for all children (clone and not) if __WALL is set or
|
|
* if it is traced by us.
|
|
*/
|
|
if (ptrace || (wo->wo_flags & __WALL))
|
|
return 1;
|
|
|
|
/*
|
|
* Otherwise, wait for clone children *only* if __WCLONE is set;
|
|
* otherwise, wait for non-clone children *only*.
|
|
*
|
|
* Note: a "clone" child here is one that reports to its parent
|
|
* using a signal other than SIGCHLD, or a non-leader thread which
|
|
* we can only see if it is traced by us.
|
|
*/
|
|
if ((p->exit_signal != SIGCHLD) ^ !!(wo->wo_flags & __WCLONE))
|
|
return 0;
|
|
|
|
return 1;
|
|
}
|
|
|
|
/*
|
|
* Handle sys_wait4 work for one task in state EXIT_ZOMBIE. We hold
|
|
* read_lock(&tasklist_lock) on entry. If we return zero, we still hold
|
|
* the lock and this task is uninteresting. If we return nonzero, we have
|
|
* released the lock and the system call should return.
|
|
*/
|
|
static int wait_task_zombie(struct wait_opts *wo, struct task_struct *p)
|
|
{
|
|
int state, status;
|
|
pid_t pid = task_pid_vnr(p);
|
|
uid_t uid = from_kuid_munged(current_user_ns(), task_uid(p));
|
|
struct waitid_info *infop;
|
|
|
|
if (!likely(wo->wo_flags & WEXITED))
|
|
return 0;
|
|
|
|
if (unlikely(wo->wo_flags & WNOWAIT)) {
|
|
status = (p->signal->flags & SIGNAL_GROUP_EXIT)
|
|
? p->signal->group_exit_code : p->exit_code;
|
|
get_task_struct(p);
|
|
read_unlock(&tasklist_lock);
|
|
sched_annotate_sleep();
|
|
if (wo->wo_rusage)
|
|
getrusage(p, RUSAGE_BOTH, wo->wo_rusage);
|
|
put_task_struct(p);
|
|
goto out_info;
|
|
}
|
|
/*
|
|
* Move the task's state to DEAD/TRACE, only one thread can do this.
|
|
*/
|
|
state = (ptrace_reparented(p) && thread_group_leader(p)) ?
|
|
EXIT_TRACE : EXIT_DEAD;
|
|
if (cmpxchg(&p->exit_state, EXIT_ZOMBIE, state) != EXIT_ZOMBIE)
|
|
return 0;
|
|
/*
|
|
* We own this thread, nobody else can reap it.
|
|
*/
|
|
read_unlock(&tasklist_lock);
|
|
sched_annotate_sleep();
|
|
|
|
/*
|
|
* Check thread_group_leader() to exclude the traced sub-threads.
|
|
*/
|
|
if (state == EXIT_DEAD && thread_group_leader(p)) {
|
|
struct signal_struct *sig = p->signal;
|
|
struct signal_struct *psig = current->signal;
|
|
unsigned long maxrss;
|
|
u64 tgutime, tgstime;
|
|
|
|
/*
|
|
* The resource counters for the group leader are in its
|
|
* own task_struct. Those for dead threads in the group
|
|
* are in its signal_struct, as are those for the child
|
|
* processes it has previously reaped. All these
|
|
* accumulate in the parent's signal_struct c* fields.
|
|
*
|
|
* We don't bother to take a lock here to protect these
|
|
* p->signal fields because the whole thread group is dead
|
|
* and nobody can change them.
|
|
*
|
|
* psig->stats_lock also protects us from our sub-threads
|
|
* which can reap other children at the same time.
|
|
*
|
|
* We use thread_group_cputime_adjusted() to get times for
|
|
* the thread group, which consolidates times for all threads
|
|
* in the group including the group leader.
|
|
*/
|
|
thread_group_cputime_adjusted(p, &tgutime, &tgstime);
|
|
write_seqlock_irq(&psig->stats_lock);
|
|
psig->cutime += tgutime + sig->cutime;
|
|
psig->cstime += tgstime + sig->cstime;
|
|
psig->cgtime += task_gtime(p) + sig->gtime + sig->cgtime;
|
|
psig->cmin_flt +=
|
|
p->min_flt + sig->min_flt + sig->cmin_flt;
|
|
psig->cmaj_flt +=
|
|
p->maj_flt + sig->maj_flt + sig->cmaj_flt;
|
|
psig->cnvcsw +=
|
|
p->nvcsw + sig->nvcsw + sig->cnvcsw;
|
|
psig->cnivcsw +=
|
|
p->nivcsw + sig->nivcsw + sig->cnivcsw;
|
|
psig->cinblock +=
|
|
task_io_get_inblock(p) +
|
|
sig->inblock + sig->cinblock;
|
|
psig->coublock +=
|
|
task_io_get_oublock(p) +
|
|
sig->oublock + sig->coublock;
|
|
maxrss = max(sig->maxrss, sig->cmaxrss);
|
|
if (psig->cmaxrss < maxrss)
|
|
psig->cmaxrss = maxrss;
|
|
task_io_accounting_add(&psig->ioac, &p->ioac);
|
|
task_io_accounting_add(&psig->ioac, &sig->ioac);
|
|
write_sequnlock_irq(&psig->stats_lock);
|
|
}
|
|
|
|
if (wo->wo_rusage)
|
|
getrusage(p, RUSAGE_BOTH, wo->wo_rusage);
|
|
status = (p->signal->flags & SIGNAL_GROUP_EXIT)
|
|
? p->signal->group_exit_code : p->exit_code;
|
|
wo->wo_stat = status;
|
|
|
|
if (state == EXIT_TRACE) {
|
|
write_lock_irq(&tasklist_lock);
|
|
/* We dropped tasklist, ptracer could die and untrace */
|
|
ptrace_unlink(p);
|
|
|
|
/* If parent wants a zombie, don't release it now */
|
|
state = EXIT_ZOMBIE;
|
|
if (do_notify_parent(p, p->exit_signal))
|
|
state = EXIT_DEAD;
|
|
p->exit_state = state;
|
|
write_unlock_irq(&tasklist_lock);
|
|
}
|
|
if (state == EXIT_DEAD)
|
|
release_task(p);
|
|
|
|
out_info:
|
|
infop = wo->wo_info;
|
|
if (infop) {
|
|
if ((status & 0x7f) == 0) {
|
|
infop->cause = CLD_EXITED;
|
|
infop->status = status >> 8;
|
|
} else {
|
|
infop->cause = (status & 0x80) ? CLD_DUMPED : CLD_KILLED;
|
|
infop->status = status & 0x7f;
|
|
}
|
|
infop->pid = pid;
|
|
infop->uid = uid;
|
|
}
|
|
|
|
return pid;
|
|
}
|
|
|
|
static int *task_stopped_code(struct task_struct *p, bool ptrace)
|
|
{
|
|
if (ptrace) {
|
|
if (task_is_traced(p) && !(p->jobctl & JOBCTL_LISTENING))
|
|
return &p->exit_code;
|
|
} else {
|
|
if (p->signal->flags & SIGNAL_STOP_STOPPED)
|
|
return &p->signal->group_exit_code;
|
|
}
|
|
return NULL;
|
|
}
|
|
|
|
/**
|
|
* wait_task_stopped - Wait for %TASK_STOPPED or %TASK_TRACED
|
|
* @wo: wait options
|
|
* @ptrace: is the wait for ptrace
|
|
* @p: task to wait for
|
|
*
|
|
* Handle sys_wait4() work for %p in state %TASK_STOPPED or %TASK_TRACED.
|
|
*
|
|
* CONTEXT:
|
|
* read_lock(&tasklist_lock), which is released if return value is
|
|
* non-zero. Also, grabs and releases @p->sighand->siglock.
|
|
*
|
|
* RETURNS:
|
|
* 0 if wait condition didn't exist and search for other wait conditions
|
|
* should continue. Non-zero return, -errno on failure and @p's pid on
|
|
* success, implies that tasklist_lock is released and wait condition
|
|
* search should terminate.
|
|
*/
|
|
static int wait_task_stopped(struct wait_opts *wo,
|
|
int ptrace, struct task_struct *p)
|
|
{
|
|
struct waitid_info *infop;
|
|
int exit_code, *p_code, why;
|
|
uid_t uid = 0; /* unneeded, required by compiler */
|
|
pid_t pid;
|
|
|
|
/*
|
|
* Traditionally we see ptrace'd stopped tasks regardless of options.
|
|
*/
|
|
if (!ptrace && !(wo->wo_flags & WUNTRACED))
|
|
return 0;
|
|
|
|
if (!task_stopped_code(p, ptrace))
|
|
return 0;
|
|
|
|
exit_code = 0;
|
|
spin_lock_irq(&p->sighand->siglock);
|
|
|
|
p_code = task_stopped_code(p, ptrace);
|
|
if (unlikely(!p_code))
|
|
goto unlock_sig;
|
|
|
|
exit_code = *p_code;
|
|
if (!exit_code)
|
|
goto unlock_sig;
|
|
|
|
if (!unlikely(wo->wo_flags & WNOWAIT))
|
|
*p_code = 0;
|
|
|
|
uid = from_kuid_munged(current_user_ns(), task_uid(p));
|
|
unlock_sig:
|
|
spin_unlock_irq(&p->sighand->siglock);
|
|
if (!exit_code)
|
|
return 0;
|
|
|
|
/*
|
|
* Now we are pretty sure this task is interesting.
|
|
* Make sure it doesn't get reaped out from under us while we
|
|
* give up the lock and then examine it below. We don't want to
|
|
* keep holding onto the tasklist_lock while we call getrusage and
|
|
* possibly take page faults for user memory.
|
|
*/
|
|
get_task_struct(p);
|
|
pid = task_pid_vnr(p);
|
|
why = ptrace ? CLD_TRAPPED : CLD_STOPPED;
|
|
read_unlock(&tasklist_lock);
|
|
sched_annotate_sleep();
|
|
if (wo->wo_rusage)
|
|
getrusage(p, RUSAGE_BOTH, wo->wo_rusage);
|
|
put_task_struct(p);
|
|
|
|
if (likely(!(wo->wo_flags & WNOWAIT)))
|
|
wo->wo_stat = (exit_code << 8) | 0x7f;
|
|
|
|
infop = wo->wo_info;
|
|
if (infop) {
|
|
infop->cause = why;
|
|
infop->status = exit_code;
|
|
infop->pid = pid;
|
|
infop->uid = uid;
|
|
}
|
|
return pid;
|
|
}
|
|
|
|
/*
|
|
* Handle do_wait work for one task in a live, non-stopped state.
|
|
* read_lock(&tasklist_lock) on entry. If we return zero, we still hold
|
|
* the lock and this task is uninteresting. If we return nonzero, we have
|
|
* released the lock and the system call should return.
|
|
*/
|
|
static int wait_task_continued(struct wait_opts *wo, struct task_struct *p)
|
|
{
|
|
struct waitid_info *infop;
|
|
pid_t pid;
|
|
uid_t uid;
|
|
|
|
if (!unlikely(wo->wo_flags & WCONTINUED))
|
|
return 0;
|
|
|
|
if (!(p->signal->flags & SIGNAL_STOP_CONTINUED))
|
|
return 0;
|
|
|
|
spin_lock_irq(&p->sighand->siglock);
|
|
/* Re-check with the lock held. */
|
|
if (!(p->signal->flags & SIGNAL_STOP_CONTINUED)) {
|
|
spin_unlock_irq(&p->sighand->siglock);
|
|
return 0;
|
|
}
|
|
if (!unlikely(wo->wo_flags & WNOWAIT))
|
|
p->signal->flags &= ~SIGNAL_STOP_CONTINUED;
|
|
uid = from_kuid_munged(current_user_ns(), task_uid(p));
|
|
spin_unlock_irq(&p->sighand->siglock);
|
|
|
|
pid = task_pid_vnr(p);
|
|
get_task_struct(p);
|
|
read_unlock(&tasklist_lock);
|
|
sched_annotate_sleep();
|
|
if (wo->wo_rusage)
|
|
getrusage(p, RUSAGE_BOTH, wo->wo_rusage);
|
|
put_task_struct(p);
|
|
|
|
infop = wo->wo_info;
|
|
if (!infop) {
|
|
wo->wo_stat = 0xffff;
|
|
} else {
|
|
infop->cause = CLD_CONTINUED;
|
|
infop->pid = pid;
|
|
infop->uid = uid;
|
|
infop->status = SIGCONT;
|
|
}
|
|
return pid;
|
|
}
|
|
|
|
/*
|
|
* Consider @p for a wait by @parent.
|
|
*
|
|
* -ECHILD should be in ->notask_error before the first call.
|
|
* Returns nonzero for a final return, when we have unlocked tasklist_lock.
|
|
* Returns zero if the search for a child should continue;
|
|
* then ->notask_error is 0 if @p is an eligible child,
|
|
* or still -ECHILD.
|
|
*/
|
|
static int wait_consider_task(struct wait_opts *wo, int ptrace,
|
|
struct task_struct *p)
|
|
{
|
|
/*
|
|
* We can race with wait_task_zombie() from another thread.
|
|
* Ensure that EXIT_ZOMBIE -> EXIT_DEAD/EXIT_TRACE transition
|
|
* can't confuse the checks below.
|
|
*/
|
|
int exit_state = READ_ONCE(p->exit_state);
|
|
int ret;
|
|
|
|
if (unlikely(exit_state == EXIT_DEAD))
|
|
return 0;
|
|
|
|
ret = eligible_child(wo, ptrace, p);
|
|
if (!ret)
|
|
return ret;
|
|
|
|
if (unlikely(exit_state == EXIT_TRACE)) {
|
|
/*
|
|
* ptrace == 0 means we are the natural parent. In this case
|
|
* we should clear notask_error, debugger will notify us.
|
|
*/
|
|
if (likely(!ptrace))
|
|
wo->notask_error = 0;
|
|
return 0;
|
|
}
|
|
|
|
if (likely(!ptrace) && unlikely(p->ptrace)) {
|
|
/*
|
|
* If it is traced by its real parent's group, just pretend
|
|
* the caller is ptrace_do_wait() and reap this child if it
|
|
* is zombie.
|
|
*
|
|
* This also hides group stop state from real parent; otherwise
|
|
* a single stop can be reported twice as group and ptrace stop.
|
|
* If a ptracer wants to distinguish these two events for its
|
|
* own children it should create a separate process which takes
|
|
* the role of real parent.
|
|
*/
|
|
if (!ptrace_reparented(p))
|
|
ptrace = 1;
|
|
}
|
|
|
|
/* slay zombie? */
|
|
if (exit_state == EXIT_ZOMBIE) {
|
|
/* we don't reap group leaders with subthreads */
|
|
if (!delay_group_leader(p)) {
|
|
/*
|
|
* A zombie ptracee is only visible to its ptracer.
|
|
* Notification and reaping will be cascaded to the
|
|
* real parent when the ptracer detaches.
|
|
*/
|
|
if (unlikely(ptrace) || likely(!p->ptrace))
|
|
return wait_task_zombie(wo, p);
|
|
}
|
|
|
|
/*
|
|
* Allow access to stopped/continued state via zombie by
|
|
* falling through. Clearing of notask_error is complex.
|
|
*
|
|
* When !@ptrace:
|
|
*
|
|
* If WEXITED is set, notask_error should naturally be
|
|
* cleared. If not, subset of WSTOPPED|WCONTINUED is set,
|
|
* so, if there are live subthreads, there are events to
|
|
* wait for. If all subthreads are dead, it's still safe
|
|
* to clear - this function will be called again in finite
|
|
* amount time once all the subthreads are released and
|
|
* will then return without clearing.
|
|
*
|
|
* When @ptrace:
|
|
*
|
|
* Stopped state is per-task and thus can't change once the
|
|
* target task dies. Only continued and exited can happen.
|
|
* Clear notask_error if WCONTINUED | WEXITED.
|
|
*/
|
|
if (likely(!ptrace) || (wo->wo_flags & (WCONTINUED | WEXITED)))
|
|
wo->notask_error = 0;
|
|
} else {
|
|
/*
|
|
* @p is alive and it's gonna stop, continue or exit, so
|
|
* there always is something to wait for.
|
|
*/
|
|
wo->notask_error = 0;
|
|
}
|
|
|
|
/*
|
|
* Wait for stopped. Depending on @ptrace, different stopped state
|
|
* is used and the two don't interact with each other.
|
|
*/
|
|
ret = wait_task_stopped(wo, ptrace, p);
|
|
if (ret)
|
|
return ret;
|
|
|
|
/*
|
|
* Wait for continued. There's only one continued state and the
|
|
* ptracer can consume it which can confuse the real parent. Don't
|
|
* use WCONTINUED from ptracer. You don't need or want it.
|
|
*/
|
|
return wait_task_continued(wo, p);
|
|
}
|
|
|
|
/*
|
|
* Do the work of do_wait() for one thread in the group, @tsk.
|
|
*
|
|
* -ECHILD should be in ->notask_error before the first call.
|
|
* Returns nonzero for a final return, when we have unlocked tasklist_lock.
|
|
* Returns zero if the search for a child should continue; then
|
|
* ->notask_error is 0 if there were any eligible children,
|
|
* or still -ECHILD.
|
|
*/
|
|
static int do_wait_thread(struct wait_opts *wo, struct task_struct *tsk)
|
|
{
|
|
struct task_struct *p;
|
|
|
|
list_for_each_entry(p, &tsk->children, sibling) {
|
|
int ret = wait_consider_task(wo, 0, p);
|
|
|
|
if (ret)
|
|
return ret;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int ptrace_do_wait(struct wait_opts *wo, struct task_struct *tsk)
|
|
{
|
|
struct task_struct *p;
|
|
|
|
list_for_each_entry(p, &tsk->ptraced, ptrace_entry) {
|
|
int ret = wait_consider_task(wo, 1, p);
|
|
|
|
if (ret)
|
|
return ret;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
bool pid_child_should_wake(struct wait_opts *wo, struct task_struct *p)
|
|
{
|
|
if (!eligible_pid(wo, p))
|
|
return false;
|
|
|
|
if ((wo->wo_flags & __WNOTHREAD) && wo->child_wait.private != p->parent)
|
|
return false;
|
|
|
|
return true;
|
|
}
|
|
|
|
static int child_wait_callback(wait_queue_entry_t *wait, unsigned mode,
|
|
int sync, void *key)
|
|
{
|
|
struct wait_opts *wo = container_of(wait, struct wait_opts,
|
|
child_wait);
|
|
struct task_struct *p = key;
|
|
|
|
if (pid_child_should_wake(wo, p))
|
|
return default_wake_function(wait, mode, sync, key);
|
|
|
|
return 0;
|
|
}
|
|
|
|
void __wake_up_parent(struct task_struct *p, struct task_struct *parent)
|
|
{
|
|
__wake_up_sync_key(&parent->signal->wait_chldexit,
|
|
TASK_INTERRUPTIBLE, p);
|
|
}
|
|
|
|
static bool is_effectively_child(struct wait_opts *wo, bool ptrace,
|
|
struct task_struct *target)
|
|
{
|
|
struct task_struct *parent =
|
|
!ptrace ? target->real_parent : target->parent;
|
|
|
|
return current == parent || (!(wo->wo_flags & __WNOTHREAD) &&
|
|
same_thread_group(current, parent));
|
|
}
|
|
|
|
/*
|
|
* Optimization for waiting on PIDTYPE_PID. No need to iterate through child
|
|
* and tracee lists to find the target task.
|
|
*/
|
|
static int do_wait_pid(struct wait_opts *wo)
|
|
{
|
|
bool ptrace;
|
|
struct task_struct *target;
|
|
int retval;
|
|
|
|
ptrace = false;
|
|
target = pid_task(wo->wo_pid, PIDTYPE_TGID);
|
|
if (target && is_effectively_child(wo, ptrace, target)) {
|
|
retval = wait_consider_task(wo, ptrace, target);
|
|
if (retval)
|
|
return retval;
|
|
}
|
|
|
|
ptrace = true;
|
|
target = pid_task(wo->wo_pid, PIDTYPE_PID);
|
|
if (target && target->ptrace &&
|
|
is_effectively_child(wo, ptrace, target)) {
|
|
retval = wait_consider_task(wo, ptrace, target);
|
|
if (retval)
|
|
return retval;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
long __do_wait(struct wait_opts *wo)
|
|
{
|
|
long retval;
|
|
|
|
/*
|
|
* If there is nothing that can match our criteria, just get out.
|
|
* We will clear ->notask_error to zero if we see any child that
|
|
* might later match our criteria, even if we are not able to reap
|
|
* it yet.
|
|
*/
|
|
wo->notask_error = -ECHILD;
|
|
if ((wo->wo_type < PIDTYPE_MAX) &&
|
|
(!wo->wo_pid || !pid_has_task(wo->wo_pid, wo->wo_type)))
|
|
goto notask;
|
|
|
|
read_lock(&tasklist_lock);
|
|
|
|
if (wo->wo_type == PIDTYPE_PID) {
|
|
retval = do_wait_pid(wo);
|
|
if (retval)
|
|
return retval;
|
|
} else {
|
|
struct task_struct *tsk = current;
|
|
|
|
do {
|
|
retval = do_wait_thread(wo, tsk);
|
|
if (retval)
|
|
return retval;
|
|
|
|
retval = ptrace_do_wait(wo, tsk);
|
|
if (retval)
|
|
return retval;
|
|
|
|
if (wo->wo_flags & __WNOTHREAD)
|
|
break;
|
|
} while_each_thread(current, tsk);
|
|
}
|
|
read_unlock(&tasklist_lock);
|
|
|
|
notask:
|
|
retval = wo->notask_error;
|
|
if (!retval && !(wo->wo_flags & WNOHANG))
|
|
return -ERESTARTSYS;
|
|
|
|
return retval;
|
|
}
|
|
|
|
static long do_wait(struct wait_opts *wo)
|
|
{
|
|
int retval;
|
|
|
|
trace_sched_process_wait(wo->wo_pid);
|
|
|
|
init_waitqueue_func_entry(&wo->child_wait, child_wait_callback);
|
|
wo->child_wait.private = current;
|
|
add_wait_queue(¤t->signal->wait_chldexit, &wo->child_wait);
|
|
|
|
do {
|
|
set_current_state(TASK_INTERRUPTIBLE);
|
|
retval = __do_wait(wo);
|
|
if (retval != -ERESTARTSYS)
|
|
break;
|
|
if (signal_pending(current))
|
|
break;
|
|
schedule();
|
|
} while (1);
|
|
|
|
__set_current_state(TASK_RUNNING);
|
|
remove_wait_queue(¤t->signal->wait_chldexit, &wo->child_wait);
|
|
return retval;
|
|
}
|
|
|
|
int kernel_waitid_prepare(struct wait_opts *wo, int which, pid_t upid,
|
|
struct waitid_info *infop, int options,
|
|
struct rusage *ru)
|
|
{
|
|
unsigned int f_flags = 0;
|
|
struct pid *pid = NULL;
|
|
enum pid_type type;
|
|
|
|
if (options & ~(WNOHANG|WNOWAIT|WEXITED|WSTOPPED|WCONTINUED|
|
|
__WNOTHREAD|__WCLONE|__WALL))
|
|
return -EINVAL;
|
|
if (!(options & (WEXITED|WSTOPPED|WCONTINUED)))
|
|
return -EINVAL;
|
|
|
|
switch (which) {
|
|
case P_ALL:
|
|
type = PIDTYPE_MAX;
|
|
break;
|
|
case P_PID:
|
|
type = PIDTYPE_PID;
|
|
if (upid <= 0)
|
|
return -EINVAL;
|
|
|
|
pid = find_get_pid(upid);
|
|
break;
|
|
case P_PGID:
|
|
type = PIDTYPE_PGID;
|
|
if (upid < 0)
|
|
return -EINVAL;
|
|
|
|
if (upid)
|
|
pid = find_get_pid(upid);
|
|
else
|
|
pid = get_task_pid(current, PIDTYPE_PGID);
|
|
break;
|
|
case P_PIDFD:
|
|
type = PIDTYPE_PID;
|
|
if (upid < 0)
|
|
return -EINVAL;
|
|
|
|
pid = pidfd_get_pid(upid, &f_flags);
|
|
if (IS_ERR(pid))
|
|
return PTR_ERR(pid);
|
|
|
|
break;
|
|
default:
|
|
return -EINVAL;
|
|
}
|
|
|
|
wo->wo_type = type;
|
|
wo->wo_pid = pid;
|
|
wo->wo_flags = options;
|
|
wo->wo_info = infop;
|
|
wo->wo_rusage = ru;
|
|
if (f_flags & O_NONBLOCK)
|
|
wo->wo_flags |= WNOHANG;
|
|
|
|
return 0;
|
|
}
|
|
|
|
static long kernel_waitid(int which, pid_t upid, struct waitid_info *infop,
|
|
int options, struct rusage *ru)
|
|
{
|
|
struct wait_opts wo;
|
|
long ret;
|
|
|
|
ret = kernel_waitid_prepare(&wo, which, upid, infop, options, ru);
|
|
if (ret)
|
|
return ret;
|
|
|
|
ret = do_wait(&wo);
|
|
if (!ret && !(options & WNOHANG) && (wo.wo_flags & WNOHANG))
|
|
ret = -EAGAIN;
|
|
|
|
put_pid(wo.wo_pid);
|
|
return ret;
|
|
}
|
|
|
|
SYSCALL_DEFINE5(waitid, int, which, pid_t, upid, struct siginfo __user *,
|
|
infop, int, options, struct rusage __user *, ru)
|
|
{
|
|
struct rusage r;
|
|
struct waitid_info info = {.status = 0};
|
|
long err = kernel_waitid(which, upid, &info, options, ru ? &r : NULL);
|
|
int signo = 0;
|
|
|
|
if (err > 0) {
|
|
signo = SIGCHLD;
|
|
err = 0;
|
|
if (ru && copy_to_user(ru, &r, sizeof(struct rusage)))
|
|
return -EFAULT;
|
|
}
|
|
if (!infop)
|
|
return err;
|
|
|
|
if (!user_write_access_begin(infop, sizeof(*infop)))
|
|
return -EFAULT;
|
|
|
|
unsafe_put_user(signo, &infop->si_signo, Efault);
|
|
unsafe_put_user(0, &infop->si_errno, Efault);
|
|
unsafe_put_user(info.cause, &infop->si_code, Efault);
|
|
unsafe_put_user(info.pid, &infop->si_pid, Efault);
|
|
unsafe_put_user(info.uid, &infop->si_uid, Efault);
|
|
unsafe_put_user(info.status, &infop->si_status, Efault);
|
|
user_write_access_end();
|
|
return err;
|
|
Efault:
|
|
user_write_access_end();
|
|
return -EFAULT;
|
|
}
|
|
|
|
long kernel_wait4(pid_t upid, int __user *stat_addr, int options,
|
|
struct rusage *ru)
|
|
{
|
|
struct wait_opts wo;
|
|
struct pid *pid = NULL;
|
|
enum pid_type type;
|
|
long ret;
|
|
|
|
if (options & ~(WNOHANG|WUNTRACED|WCONTINUED|
|
|
__WNOTHREAD|__WCLONE|__WALL))
|
|
return -EINVAL;
|
|
|
|
/* -INT_MIN is not defined */
|
|
if (upid == INT_MIN)
|
|
return -ESRCH;
|
|
|
|
if (upid == -1)
|
|
type = PIDTYPE_MAX;
|
|
else if (upid < 0) {
|
|
type = PIDTYPE_PGID;
|
|
pid = find_get_pid(-upid);
|
|
} else if (upid == 0) {
|
|
type = PIDTYPE_PGID;
|
|
pid = get_task_pid(current, PIDTYPE_PGID);
|
|
} else /* upid > 0 */ {
|
|
type = PIDTYPE_PID;
|
|
pid = find_get_pid(upid);
|
|
}
|
|
|
|
wo.wo_type = type;
|
|
wo.wo_pid = pid;
|
|
wo.wo_flags = options | WEXITED;
|
|
wo.wo_info = NULL;
|
|
wo.wo_stat = 0;
|
|
wo.wo_rusage = ru;
|
|
ret = do_wait(&wo);
|
|
put_pid(pid);
|
|
if (ret > 0 && stat_addr && put_user(wo.wo_stat, stat_addr))
|
|
ret = -EFAULT;
|
|
|
|
return ret;
|
|
}
|
|
|
|
int kernel_wait(pid_t pid, int *stat)
|
|
{
|
|
struct wait_opts wo = {
|
|
.wo_type = PIDTYPE_PID,
|
|
.wo_pid = find_get_pid(pid),
|
|
.wo_flags = WEXITED,
|
|
};
|
|
int ret;
|
|
|
|
ret = do_wait(&wo);
|
|
if (ret > 0 && wo.wo_stat)
|
|
*stat = wo.wo_stat;
|
|
put_pid(wo.wo_pid);
|
|
return ret;
|
|
}
|
|
|
|
SYSCALL_DEFINE4(wait4, pid_t, upid, int __user *, stat_addr,
|
|
int, options, struct rusage __user *, ru)
|
|
{
|
|
struct rusage r;
|
|
long err = kernel_wait4(upid, stat_addr, options, ru ? &r : NULL);
|
|
|
|
if (err > 0) {
|
|
if (ru && copy_to_user(ru, &r, sizeof(struct rusage)))
|
|
return -EFAULT;
|
|
}
|
|
return err;
|
|
}
|
|
|
|
#ifdef __ARCH_WANT_SYS_WAITPID
|
|
|
|
/*
|
|
* sys_waitpid() remains for compatibility. waitpid() should be
|
|
* implemented by calling sys_wait4() from libc.a.
|
|
*/
|
|
SYSCALL_DEFINE3(waitpid, pid_t, pid, int __user *, stat_addr, int, options)
|
|
{
|
|
return kernel_wait4(pid, stat_addr, options, NULL);
|
|
}
|
|
|
|
#endif
|
|
|
|
#ifdef CONFIG_COMPAT
|
|
COMPAT_SYSCALL_DEFINE4(wait4,
|
|
compat_pid_t, pid,
|
|
compat_uint_t __user *, stat_addr,
|
|
int, options,
|
|
struct compat_rusage __user *, ru)
|
|
{
|
|
struct rusage r;
|
|
long err = kernel_wait4(pid, stat_addr, options, ru ? &r : NULL);
|
|
if (err > 0) {
|
|
if (ru && put_compat_rusage(&r, ru))
|
|
return -EFAULT;
|
|
}
|
|
return err;
|
|
}
|
|
|
|
COMPAT_SYSCALL_DEFINE5(waitid,
|
|
int, which, compat_pid_t, pid,
|
|
struct compat_siginfo __user *, infop, int, options,
|
|
struct compat_rusage __user *, uru)
|
|
{
|
|
struct rusage ru;
|
|
struct waitid_info info = {.status = 0};
|
|
long err = kernel_waitid(which, pid, &info, options, uru ? &ru : NULL);
|
|
int signo = 0;
|
|
if (err > 0) {
|
|
signo = SIGCHLD;
|
|
err = 0;
|
|
if (uru) {
|
|
/* kernel_waitid() overwrites everything in ru */
|
|
if (COMPAT_USE_64BIT_TIME)
|
|
err = copy_to_user(uru, &ru, sizeof(ru));
|
|
else
|
|
err = put_compat_rusage(&ru, uru);
|
|
if (err)
|
|
return -EFAULT;
|
|
}
|
|
}
|
|
|
|
if (!infop)
|
|
return err;
|
|
|
|
if (!user_write_access_begin(infop, sizeof(*infop)))
|
|
return -EFAULT;
|
|
|
|
unsafe_put_user(signo, &infop->si_signo, Efault);
|
|
unsafe_put_user(0, &infop->si_errno, Efault);
|
|
unsafe_put_user(info.cause, &infop->si_code, Efault);
|
|
unsafe_put_user(info.pid, &infop->si_pid, Efault);
|
|
unsafe_put_user(info.uid, &infop->si_uid, Efault);
|
|
unsafe_put_user(info.status, &infop->si_status, Efault);
|
|
user_write_access_end();
|
|
return err;
|
|
Efault:
|
|
user_write_access_end();
|
|
return -EFAULT;
|
|
}
|
|
#endif
|
|
|
|
/*
|
|
* This needs to be __function_aligned as GCC implicitly makes any
|
|
* implementation of abort() cold and drops alignment specified by
|
|
* -falign-functions=N.
|
|
*
|
|
* See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88345#c11
|
|
*/
|
|
__weak __function_aligned void abort(void)
|
|
{
|
|
BUG();
|
|
|
|
/* if that doesn't kill us, halt */
|
|
panic("Oops failed to kill thread");
|
|
}
|
|
EXPORT_SYMBOL(abort);
|