2cb73a87e4
Changes in 6.1.16
HID: asus: use spinlock to protect concurrent accesses
HID: asus: use spinlock to safely schedule workers
powerpc/mm: Rearrange if-else block to avoid clang warning
ata: ahci: Revert "ata: ahci: Add Tiger Lake UP{3,4} AHCI controller"
ARM: OMAP2+: Fix memory leak in realtime_counter_init()
arm64: dts: qcom: qcs404: use symbol names for PCIe resets
arm64: dts: qcom: msm8996-tone: Fix USB taking 6 minutes to wake up
arm64: dts: qcom: sm8150-kumano: Panel framebuffer is 2.5k instead of 4k
arm64: dts: qcom: sm6350: Fix up the ramoops node
arm64: dts: qcom: sm6125: Reorder HSUSB PHY clocks to match bindings
arm64: dts: qcom: sm6125-seine: Clean up gpio-keys (volume down)
arm64: dts: imx8m: Align SoC unique ID node unit address
ARM: zynq: Fix refcount leak in zynq_early_slcr_init
arm64: dts: mediatek: mt8195: Add power domain to U3PHY1 T-PHY
arm64: dts: mediatek: mt8183: Fix systimer 13 MHz clock description
arm64: dts: mediatek: mt8192: Fix systimer 13 MHz clock description
arm64: dts: mediatek: mt8195: Fix systimer 13 MHz clock description
arm64: dts: mediatek: mt8186: Fix systimer 13 MHz clock description
arm64: dts: qcom: sdm845-db845c: fix audio codec interrupt pin name
x86/acpi/boot: Do not register processors that cannot be onlined for x2APIC
arm64: dts: qcom: sc7180: correct SPMI bus address cells
arm64: dts: qcom: sc7280: correct SPMI bus address cells
arm64: dts: qcom: sc8280xp: correct SPMI bus address cells
arm64: dts: qcom: sc8280xp: Vote for CX in USB controllers
arm64: dts: meson-gxl: jethub-j80: Fix WiFi MAC address node
arm64: dts: meson-gxl: jethub-j80: Fix Bluetooth MAC node name
arm64: dts: meson-axg: jethub-j1xx: Fix MAC address node names
arm64: dts: meson-gx: Fix Ethernet MAC address unit name
arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name
arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address
cpuidle, intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE *again*
arm64: dts: ti: k3-am62: Enable SPI nodes at the board level
arm64: dts: ti: k3-am62-main: Fix clocks for McSPI
arm64: tegra: Fix duplicate regulator on Jetson TX1
arm64: dts: msm8992-bullhead: add memory hole region
arm64: dts: qcom: msm8992-bullhead: Fix cont_splash_mem size
arm64: dts: qcom: msm8992-bullhead: Disable dfps_data_mem
arm64: dts: qcom: ipq8074: correct USB3 QMP PHY-s clock output names
arm64: dts: qcom: ipq8074: fix Gen2 PCIe QMP PHY
arm64: dts: qcom: ipq8074: fix Gen3 PCIe QMP PHY
arm64: dts: qcom: ipq8074: correct Gen2 PCIe ranges
arm64: dts: qcom: ipq8074: fix Gen3 PCIe node
arm64: dts: qcom: ipq8074: correct PCIe QMP PHY output clock names
arm64: dts: meson: remove CPU opps below 1GHz for G12A boards
ARM: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init()
arm64: dts: mediatek: mt8192: Mark scp_adsp clock as broken
ARM: bcm2835_defconfig: Enable the framebuffer
ARM: s3c: fix s3c64xx_set_timer_source prototype
arm64: dts: ti: k3-j7200: Fix wakeup pinmux range
ARM: dts: exynos: correct wr-active property in Exynos3250 Rinato
ARM: imx: Call ida_simple_remove() for ida_simple_get
arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name
arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name
arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible
arm64: dts: amlogic: meson-axg-jethome-jethub-j1xx: fix supply name of USB controller node
arm64: dts: amlogic: meson-gxl-s905d-sml5442tw: drop invalid clock-names property
arm64: dts: amlogic: meson-gx: add missing unit address to rng node name
arm64: dts: amlogic: meson-gxl-s905w-jethome-jethub-j80: fix invalid rtc node name
arm64: dts: amlogic: meson-axg-jethome-jethub-j1xx: fix invalid rtc node name
arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name
arm64: dts: amlogic: meson-gx-libretech-pc: fix update button name
arm64: dts: amlogic: meson-sm1-bananapi-m5: fix adc keys node names
arm64: dts: amlogic: meson-gxl-s905d-phicomm-n1: fix led node name
arm64: dts: amlogic: meson-gxbb-kii-pro: fix led node name
arm64: dts: amlogic: meson-sm1-odroid-hc4: fix active fan thermal trip
locking/rwsem: Disable preemption in all down_read*() and up_read() code paths
arm64: dts: renesas: beacon-renesom: Fix gpio expander reference
arm64: dts: meson: radxa-zero: allow usb otg mode
arm64: dts: meson: bananapi-m5: switch VDDIO_C pin to OPEN_DRAIN
ARM: dts: sun8i: nanopi-duo2: Fix regulator GPIO reference
ublk_drv: remove nr_aborted_queues from ublk_device
ublk_drv: don't probe partitions if the ubq daemon isn't trusted
ARM: dts: imx7s: correct iomuxc gpr mux controller cells
sbitmap: remove redundant check in __sbitmap_queue_get_batch
sbitmap: Use single per-bitmap counting to wake up queued tags
sbitmap: correct wake_batch recalculation to avoid potential IO hung
arm64: dts: mt8195: Fix CPU map for single-cluster SoC
arm64: dts: mt8192: Fix CPU map for single-cluster SoC
arm64: dts: mt8186: Fix CPU map for single-cluster SoC
arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node
arm64: dts: mediatek: mt8186: Fix watchdog compatible
arm64: dts: mediatek: mt8195: Fix watchdog compatible
arm64: dts: mediatek: mt7986: Fix watchdog compatible
ARM: dts: stm32: Update part number NVMEM description on stm32mp131
blk-mq: avoid sleep in blk_mq_alloc_request_hctx
blk-mq: remove stale comment for blk_mq_sched_mark_restart_hctx
blk-mq: wait on correct sbitmap_queue in blk_mq_mark_tag_wait
blk-mq: Fix potential io hung for shared sbitmap per tagset
blk-mq: correct stale comment of .get_budget
arm64: dts: qcom: msm8996: support using GPLL0 as kryocc input
arm64: dts: qcom: msm8996 switch from RPM_SMD_BB_CLK1 to RPM_SMD_XO_CLK_SRC
arm64: dts: qcom: sm8350: drop incorrect cells from serial
arm64: dts: qcom: sm8450: drop incorrect cells from serial
arm64: dts: qcom: msm8992-lg-bullhead: Correct memory overlaps with the SMEM and MPSS memory regions
arm64: dts: qcom: msm8953: correct TLMM gpio-ranges
arm64: dts: qcom: msm8992-*: Fix up comments
arm64: dts: qcom: msm8992-lg-bullhead: Enable regulators
s390/dasd: Fix potential memleak in dasd_eckd_init()
sched/rt: pick_next_rt_entity(): check list_entry
perf/x86/intel/ds: Fix the conversion from TSC to perf time
x86/perf/zhaoxin: Add stepping check for ZXC
KEYS: asymmetric: Fix ECDSA use via keyctl uapi
block: ublk: check IO buffer based on flag need_get_data
arm64: dts: qcom: pmk8350: Specify PBS register for PON
arm64: dts: qcom: pmk8350: Use the correct PON compatible
erofs: relinquish volume with mutex held
block: sync mixed merged request's failfast with 1st bio's
block: Fix io statistics for cgroup in throttle path
block: bio-integrity: Copy flags when bio_integrity_payload is cloned
block: use proper return value from bio_failfast()
wifi: mt76: mt7915: add missing of_node_put()
wifi: mt76: mt7921s: fix slab-out-of-bounds access in sdio host
wifi: mt76: mt7915: check return value before accessing free_block_num
wifi: mt76: mt7915: drop always true condition of __mt7915_reg_addr()
wifi: mt76: mt7915: fix unintended sign extension of mt7915_hw_queue_read()
wifi: mt76: fix coverity uninit_use_in_call in mt76_connac2_reverse_frag0_hdr_trans()
wifi: rsi: Fix memory leak in rsi_coex_attach()
wifi: rtlwifi: rtl8821ae: don't call kfree_skb() under spin_lock_irqsave()
wifi: rtlwifi: rtl8188ee: don't call kfree_skb() under spin_lock_irqsave()
wifi: rtlwifi: rtl8723be: don't call kfree_skb() under spin_lock_irqsave()
wifi: iwlegacy: common: don't call dev_kfree_skb() under spin_lock_irqsave()
wifi: libertas: fix memory leak in lbs_init_adapter()
wifi: rtl8xxxu: don't call dev_kfree_skb() under spin_lock_irqsave()
wifi: rtw89: 8852c: rfk: correct DACK setting
wifi: rtw89: 8852c: rfk: correct DPK settings
wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit()
libbpf: Fix btf__align_of() by taking into account field offsets
wifi: ipw2x00: don't call dev_kfree_skb() under spin_lock_irqsave()
wifi: ipw2200: fix memory leak in ipw_wdev_init()
wifi: wilc1000: fix potential memory leak in wilc_mac_xmit()
wifi: wilc1000: add missing unregister_netdev() in wilc_netdev_ifc_init()
wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit()
wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid()
wifi: libertas_tf: don't call kfree_skb() under spin_lock_irqsave()
wifi: libertas: if_usb: don't call kfree_skb() under spin_lock_irqsave()
wifi: libertas: main: don't call kfree_skb() under spin_lock_irqsave()
wifi: libertas: cmdresp: don't call kfree_skb() under spin_lock_irqsave()
wifi: wl3501_cs: don't call kfree_skb() under spin_lock_irqsave()
libbpf: Fix invalid return address register in s390
crypto: x86/ghash - fix unaligned access in ghash_setkey()
ACPICA: Drop port I/O validation for some regions
genirq: Fix the return type of kstat_cpu_irqs_sum()
rcu-tasks: Improve comments explaining tasks_rcu_exit_srcu purpose
rcu-tasks: Remove preemption disablement around srcu_read_[un]lock() calls
rcu-tasks: Fix synchronize_rcu_tasks() VS zap_pid_ns_processes()
lib/mpi: Fix buffer overrun when SG is too long
crypto: ccp - Avoid page allocation failure warning for SEV_GET_ID2
platform/chrome: cros_ec_typec: Update port DP VDO
ACPICA: nsrepair: handle cases without a return value correctly
selftests/xsk: print correct payload for packet dump
selftests/xsk: print correct error codes when exiting
arm64/cpufeature: Fix field sign for DIT hwcap detection
kselftest/arm64: Fix syscall-abi for systems without 128 bit SME
workqueue: Protects wq_unbound_cpumask with wq_pool_attach_mutex
s390/early: fix sclp_early_sccb variable lifetime
s390/vfio-ap: fix an error handling path in vfio_ap_mdev_probe_queue()
x86/signal: Fix the value returned by strict_sas_size()
thermal/drivers/tsens: Drop msm8976-specific defines
thermal/drivers/tsens: Sort out msm8976 vs msm8956 data
thermal/drivers/tsens: fix slope values for msm8939
thermal/drivers/tsens: limit num_sensors to 9 for msm8939
wifi: rtw89: fix potential leak in rtw89_append_probe_req_ie()
wifi: rtw89: Add missing check for alloc_workqueue
wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU
wifi: orinoco: check return value of hermes_write_wordrec()
thermal/drivers/imx_sc_thermal: Drop empty platform remove function
thermal/drivers/imx_sc_thermal: Fix the loop condition
wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function
wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails
wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback()
wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup
wifi: cfg80211: Fix extended KCK key length check in nl80211_set_rekey_data()
ACPI: battery: Fix missing NUL-termination with large strings
selftests/bpf: Fix build errors if CONFIG_NF_CONNTRACK=m
crypto: ccp - Failure on re-initialization due to duplicate sysfs filename
crypto: essiv - Handle EBUSY correctly
crypto: seqiv - Handle EBUSY correctly
powercap: fix possible name leak in powercap_register_zone()
x86/microcode: Add a parameter to microcode_check() to store CPU capabilities
x86/microcode: Check CPU capabilities after late microcode update correctly
x86/microcode: Adjust late loading result reporting message
selftests/bpf: Use consistent build-id type for liburandom_read.so
selftests/bpf: Fix vmtest static compilation error
crypto: xts - Handle EBUSY correctly
leds: led-class: Add missing put_device() to led_put()
s390/bpf: Add expoline to tail calls
wifi: iwlwifi: mei: fix compilation errors in rfkill()
kselftest/arm64: Fix enumeration of systems without 128 bit SME
can: rcar_canfd: Fix R-Car V3U GAFLCFG field accesses
selftests/bpf: Initialize tc in xdp_synproxy
crypto: ccp - Flush the SEV-ES TMR memory before giving it to firmware
bpftool: profile online CPUs instead of possible
wifi: mt76: mt7915: call mt7915_mcu_set_thermal_throttling() only after init_work
wifi: mt76: mt7915: fix memory leak in mt7915_mcu_exit
wifi: mt76: mt7915: fix WED TxS reporting
wifi: mt76: add memory barrier to SDIO queue kick
wifi: mt76: mt7921: fix error code of return in mt7921_acpi_read
net/mlx5: Enhance debug print in page allocation failure
irqchip: Fix refcount leak in platform_irqchip_probe
irqchip/alpine-msi: Fix refcount leak in alpine_msix_init_domains
irqchip/irq-mvebu-gicp: Fix refcount leak in mvebu_gicp_probe
irqchip/ti-sci: Fix refcount leak in ti_sci_intr_irq_domain_probe
s390/mem_detect: fix detect_memory() error handling
s390/vmem: fix empty page tables cleanup under KASAN
s390/boot: cleanup decompressor header files
s390/mem_detect: rely on diag260() if sclp_early_get_memsize() fails
s390/boot: fix mem_detect extended area allocation
net: add sock_init_data_uid()
tun: tun_chr_open(): correctly initialize socket uid
tap: tap_open(): correctly initialize socket uid
OPP: fix error checking in opp_migrate_dentry()
cpufreq: davinci: Fix clk use after free
Bluetooth: hci_conn: Refactor hci_bind_bis() since it always succeeds
Bluetooth: L2CAP: Fix potential user-after-free
Bluetooth: hci_qca: get wakeup status from serdev device handle
net: ipa: generic command param fix
s390: vfio-ap: tighten the NIB validity check
s390/ap: fix status returned by ap_aqic()
s390/ap: fix status returned by ap_qact()
libbpf: Fix alen calculation in libbpf_nla_dump_errormsg()
xen/grant-dma-iommu: Implement a dummy probe_device() callback
rds: rds_rm_zerocopy_callback() correct order for list_add_tail()
crypto: rsa-pkcs1pad - Use akcipher_request_complete
m68k: /proc/hardware should depend on PROC_FS
RISC-V: time: initialize hrtimer based broadcast clock event device
clocksource/drivers/riscv: Patch riscv_clock_next_event() jump before first use
wifi: iwl3945: Add missing check for create_singlethread_workqueue
wifi: iwl4965: Add missing check for create_singlethread_workqueue()
wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize()
selftests/bpf: Fix out-of-srctree build
ACPI: resource: Add IRQ overrides for MAINGEAR Vector Pro 2 models
ACPI: resource: Do IRQ override on all TongFang GMxRGxx
crypto: octeontx2 - Fix objects shared between several modules
crypto: crypto4xx - Call dma_unmap_page when done
wifi: mac80211: move color collision detection report in a delayed work
wifi: mac80211: make rate u32 in sta_set_rate_info_rx()
wifi: mac80211: fix non-MLO station association
wifi: mac80211: Don't translate MLD addresses for multicast
wifi: mac80211: avoid u32_encode_bits() warning
wifi: mac80211: fix off-by-one link setting
tools/lib/thermal: Fix thermal_sampling_exit()
thermal/drivers/hisi: Drop second sensor hi3660
selftests/bpf: Fix map_kptr test.
wifi: mac80211: pass 'sta' to ieee80211_rx_data_set_sta()
bpf: Zeroing allocated object from slab in bpf memory allocator
selftests/bpf: Fix xdp_do_redirect on s390x
can: esd_usb: Move mislocated storage of SJA1000_ECC_SEG bits in case of a bus error
can: esd_usb: Make use of can_change_state() and relocate checking skb for NULL
xsk: check IFF_UP earlier in Tx path
LoongArch, bpf: Use 4 instructions for function address in JIT
bpf: Fix global subprog context argument resolution logic
irqchip/irq-brcmstb-l2: Set IRQ_LEVEL for level triggered interrupts
irqchip/irq-bcm7120-l2: Set IRQ_LEVEL for level triggered interrupts
net/smc: fix potential panic dues to unprotected smc_llc_srv_add_link()
net/smc: fix application data exception
selftests/net: Interpret UDP_GRO cmsg data as an int value
l2tp: Avoid possible recursive deadlock in l2tp_tunnel_register()
net: bcmgenet: fix MoCA LED control
net: lan966x: Fix possible deadlock inside PTP
net/mlx4_en: Introduce flexible array to silence overflow warning
selftest: fib_tests: Always cleanup before exit
sefltests: netdevsim: wait for devlink instance after netns removal
drm: Fix potential null-ptr-deref due to drmm_mode_config_init()
drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats
drm/bridge: ti-sn65dsi83: Fix delay after reset deassert to match spec
drm: mxsfb: DRM_IMX_LCDIF should depend on ARCH_MXC
drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC
drm/bridge: megachips: Fix error handling in i2c_register_driver()
drm/vkms: Fix memory leak in vkms_init()
drm/vkms: Fix null-ptr-deref in vkms_release()
drm/vc4: dpi: Fix format mapping for RGB565
drm: tidss: Fix pixel format definition
gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id()
drm/vc4: drop all currently held locks if deadlock happens
hwmon: (ftsteutates) Fix scaling of measurements
drm/msm/dpu: check for null return of devm_kzalloc() in dpu_writeback_init()
drm/msm/hdmi: Add missing check for alloc_ordered_workqueue
pinctrl: qcom: pinctrl-msm8976: Correct function names for wcss pins
pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain
pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups
drm/vc4: hvs: Set AXI panic modes
drm/vc4: hvs: SCALER_DISPBKGND_AUTOHS is only valid on HVS4
drm/vc4: hvs: Correct interrupt masking bit assignment for HVS5
drm/vc4: hvs: Fix colour order for xRGB1555 on HVS5
drm/vc4: hdmi: Correct interlaced timings again
drm/msm: clean event_thread->worker in case of an error
drm/panel-edp: fix name for IVO product id 854b
scsi: qla2xxx: Fix exchange oversubscription
scsi: qla2xxx: Fix exchange oversubscription for management commands
scsi: qla2xxx: edif: Fix clang warning
ASoC: fsl_sai: initialize is_dsp_mode flag
drm/bridge: tc358767: Set default CLRSIPO count
drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup()
ALSA: hda/ca0132: minor fix for allocation size
drm/amdgpu: Use the sched from entity for amdgpu_cs trace
drm/msm/gem: Add check for kmalloc
drm/msm/dpu: Disallow unallocated resources to be returned
drm/bridge: lt9611: fix sleep mode setup
drm/bridge: lt9611: fix HPD reenablement
drm/bridge: lt9611: fix polarity programming
drm/bridge: lt9611: fix programming of video modes
drm/bridge: lt9611: fix clock calculation
drm/bridge: lt9611: pass a pointer to the of node
regulator: tps65219: use IS_ERR() to detect an error pointer
drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness
drm: exynos: dsi: Fix MIPI_DSI*_NO_* mode flags
drm/msm/dsi: Allow 2 CTRLs on v2.5.0
scsi: ufs: exynos: Fix DMA alignment for PAGE_SIZE != 4096
drm/msm/dpu: sc7180: add missing WB2 clock control
drm/msm: use strscpy instead of strncpy
drm/msm/dpu: Add check for cstate
drm/msm/dpu: Add check for pstates
drm/msm/mdp5: Add check for kzalloc
habanalabs: bugs fixes in timestamps buff alloc
pinctrl: bcm2835: Remove of_node_put() in bcm2835_of_gpio_ranges_fallback()
pinctrl: mediatek: Initialize variable pullen and pullup to zero
pinctrl: mediatek: Initialize variable *buf to zero
gpu: host1x: Fix mask for syncpoint increment register
gpu: host1x: Don't skip assigning syncpoints to channels
drm/tegra: firewall: Check for is_addr_reg existence in IMM check
pinctrl: renesas: rzg2l: Fix configuring the GPIO pins as interrupts
drm/msm/dpu: set pdpu->is_rt_pipe early in dpu_plane_sspp_atomic_update()
drm/mediatek: dsi: Reduce the time of dsi from LP11 to sending cmd
drm/mediatek: Use NULL instead of 0 for NULL pointer
drm/mediatek: Drop unbalanced obj unref
drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc
drm/mediatek: Clean dangling pointer on bind error path
ASoC: soc-compress.c: fixup private_data on snd_soc_new_compress()
dt-bindings: display: mediatek: Fix the fallback for mediatek,mt8186-disp-ccorr
gpio: vf610: connect GPIO label to dev name
ASoC: topology: Properly access value coming from topology file
spi: dw_bt1: fix MUX_MMIO dependencies
ASoC: mchp-spdifrx: fix controls which rely on rsr register
ASoC: mchp-spdifrx: fix return value in case completion times out
ASoC: mchp-spdifrx: fix controls that works with completion mechanism
ASoC: mchp-spdifrx: disable all interrupts in mchp_spdifrx_dai_remove()
dm: improve shrinker debug names
regmap: apply reg_base and reg_downshift for single register ops
ASoC: rsnd: fixup #endif position
ASoC: mchp-spdifrx: Fix uninitialized use of mr in mchp_spdifrx_hw_params()
ASoC: dt-bindings: meson: fix gx-card codec node regex
regulator: tps65219: use generic set_bypass()
hwmon: (asus-ec-sensors) add missing mutex path
hwmon: (ltc2945) Handle error case in ltc2945_value_store
ALSA: hda: Fix the control element identification for multiple codecs
drm/amdgpu: fix enum odm_combine_mode mismatch
scsi: mpt3sas: Fix a memory leak
scsi: aic94xx: Add missing check for dma_map_single()
HID: multitouch: Add quirks for flipped axes
HID: retain initial quirks set up when creating HID devices
ASoC: qcom: q6apm-lpass-dai: unprepare stream if its already prepared
ASoC: qcom: q6apm-dai: fix race condition while updating the position pointer
ASoC: qcom: q6apm-dai: Add SNDRV_PCM_INFO_BATCH flag
ASoC: codecs: lpass: register mclk after runtime pm
ASoC: codecs: lpass: fix incorrect mclk rate
drm/amd/display: don't call dc_interrupt_set() for disabled crtcs
HID: logitech-hidpp: Hard-code HID++ 1.0 fast scroll support
spi: bcm63xx-hsspi: Fix multi-bit mode setting
hwmon: (mlxreg-fan) Return zero speed for broken fan
ASoC: tlv320adcx140: fix 'ti,gpio-config' DT property init
dm: remove flush_scheduled_work() during local_exit()
nfs4trace: fix state manager flag printing
NFS: fix disabling of swap
spi: synquacer: Fix timeout handling in synquacer_spi_transfer_one()
ASoC: soc-dapm.h: fixup warning struct snd_pcm_substream not declared
HID: bigben: use spinlock to protect concurrent accesses
HID: bigben_worker() remove unneeded check on report_field
HID: bigben: use spinlock to safely schedule workers
hid: bigben_probe(): validate report count
ALSA: hda/hdmi: Register with vga_switcheroo on Dual GPU Macbooks
drm/shmem-helper: Fix locking for drm_gem_shmem_get_pages_sgt()
NFSD: enhance inter-server copy cleanup
NFSD: fix leaked reference count of nfsd4_ssc_umount_item
nfsd: fix race to check ls_layouts
nfsd: clean up potential nfsd_file refcount leaks in COPY codepath
NFSD: fix problems with cleanup on errors in nfsd4_copy
nfsd: fix courtesy client with deny mode handling in nfs4_upgrade_open
nfsd: don't fsync nfsd_files on last close
NFSD: copy the whole verifier in nfsd_copy_write_verifier
cifs: Fix lost destroy smbd connection when MR allocate failed
cifs: Fix warning and UAF when destroy the MR list
cifs: use tcon allocation functions even for dummy tcon
gfs2: jdata writepage fix
perf llvm: Fix inadvertent file creation
leds: led-core: Fix refcount leak in of_led_get()
leds: is31fl319x: Wrap mutex_destroy() for devm_add_action_or_rest()
leds: simatic-ipc-leds-gpio: Make sure we have the GPIO providing driver
tools/tracing/rtla: osnoise_hist: use total duration for average calculation
perf inject: Use perf_data__read() for auxtrace
perf intel-pt: Do not try to queue auxtrace data on pipe
perf test bpf: Skip test if kernel-debuginfo is not present
perf tools: Fix auto-complete on aarch64
sparc: allow PM configs for sparc32 COMPILE_TEST
selftests: find echo binary to use -ne options
selftests/ftrace: Fix bash specific "==" operator
selftests: use printf instead of echo -ne
perf record: Fix segfault with --overwrite and --max-size
printf: fix errname.c list
perf tests stat_all_metrics: Change true workload to sleep workload for system wide check
objtool: add UACCESS exceptions for __tsan_volatile_read/write
mfd: cs5535: Don't build on UML
mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read()
dmaengine: idxd: Set traffic class values in GRPCFG on DSA 2.0
RDMA/erdma: Fix refcount leak in erdma_mmap
dmaengine: HISI_DMA should depend on ARCH_HISI
RDMA/hns: Fix refcount leak in hns_roce_mmap
iio: light: tsl2563: Do not hardcode interrupt trigger type
usb: gadget: fusb300_udc: free irq on the error path in fusb300_probe()
i2c: designware: fix i2c_dw_clk_rate() return size to be u32
soundwire: cadence: Don't overflow the command FIFOs
driver core: fix potential null-ptr-deref in device_add()
kobject: modify kobject_get_path() to take a const *
kobject: Fix slab-out-of-bounds in fill_kobj_path()
alpha/boot/tools/objstrip: fix the check for ELF header
media: uvcvideo: Check for INACTIVE in uvc_ctrl_is_accessible()
media: uvcvideo: Implement mask for V4L2_CTRL_TYPE_MENU
media: uvcvideo: Refactor uvc_ctrl_mappings_uvcXX
media: uvcvideo: Refactor power_line_frequency_controls_limited
coresight: etm4x: Fix accesses to TRCSEQRSTEVR and TRCSEQSTR
coresight: cti: Prevent negative values of enable count
coresight: cti: Add PM runtime call in enable_store
usb: typec: intel_pmc_mux: Don't leak the ACPI device reference count
PCI/IOV: Enlarge virtfn sysfs name buffer
PCI: switchtec: Return -EFAULT for copy_to_user() errors
PCI: endpoint: pci-epf-vntb: Clean up kernel_doc warning
PCI: endpoint: pci-epf-vntb: Add epf_ntb_mw_bar_clear() num_mws kernel-doc
hwtracing: hisi_ptt: Only add the supported devices to the filters list
tty: serial: fsl_lpuart: disable Rx/Tx DMA in lpuart32_shutdown()
tty: serial: fsl_lpuart: clear LPUART Status Register in lpuart32_shutdown()
serial: tegra: Add missing clk_disable_unprepare() in tegra_uart_hw_init()
Revert "char: pcmcia: cm4000_cs: Replace mdelay with usleep_range in set_protocol"
eeprom: idt_89hpesx: Fix error handling in idt_init()
applicom: Fix PCI device refcount leak in applicom_init()
firmware: stratix10-svc: add missing gen_pool_destroy() in stratix10_svc_drv_probe()
firmware: stratix10-svc: fix error handle while alloc/add device failed
VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF
mei: pxp: Use correct macros to initialize uuid_le
misc/mei/hdcp: Use correct macros to initialize uuid_le
misc: fastrpc: Fix an error handling path in fastrpc_rpmsg_probe()
driver core: fix resource leak in device_add()
driver core: location: Free struct acpi_pld_info *pld before return false
drivers: base: transport_class: fix possible memory leak
drivers: base: transport_class: fix resource leak when transport_add_device() fails
firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle
fotg210-udc: Add missing completion handler
dmaengine: dw-edma: Fix missing src/dst address of interleaved xfers
fpga: microchip-spi: move SPI I/O buffers out of stack
fpga: microchip-spi: rewrite status polling in a time measurable way
usb: early: xhci-dbc: Fix a potential out-of-bound memory access
tty: serial: fsl_lpuart: Fix the wrong RXWATER setting for rx dma case
RDMA/cxgb4: add null-ptr-check after ip_dev_find()
usb: musb: mediatek: don't unregister something that wasn't registered
usb: gadget: configfs: Restrict symlink creation is UDC already binded
phy: mediatek: remove temporary variable @mask_
PCI: mt7621: Delay phy ports initialization
iommu: dart: Add suspend/resume support
iommu: dart: Support >64 stream IDs
iommu/dart: Fix apple_dart_device_group for PCI groups
iommu/vt-d: Set No Execute Enable bit in PASID table entry
power: supply: remove faulty cooling logic
RDMA/cxgb4: Fix potential null-ptr-deref in pass_establish()
usb: max-3421: Fix setting of I/O pins
RDMA/irdma: Cap MSIX used to online CPUs + 1
serial: fsl_lpuart: fix RS485 RTS polariy inverse issue
tty: serial: imx: Handle RS485 DE signal active high
tty: serial: imx: disable Ageing Timer interrupt request irq
driver core: fw_devlink: Add DL_FLAG_CYCLE support to device links
driver core: fw_devlink: Don't purge child fwnode's consumer links
driver core: fw_devlink: Allow marking a fwnode link as being part of a cycle
driver core: fw_devlink: Consolidate device link flag computation
driver core: fw_devlink: Improve check for fwnode with no device/driver
driver core: fw_devlink: Make cycle detection more robust
mtd: mtdpart: Don't create platform device that'll never probe
usb: host: fsl-mph-dr-of: reuse device_set_of_node_from_dev
dmaengine: dw-edma: Fix readq_ch() return value truncation
PCI: Fix dropping valid root bus resources with .end = zero
phy: rockchip-typec: fix tcphy_get_mode error case
PCI: qcom: Fix host-init error handling
iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry()
iommu: Fix error unwind in iommu_group_alloc()
iommu/amd: Do not identity map v2 capable device when snp is enabled
dmaengine: sf-pdma: pdma_desc memory leak fix
dmaengine: dw-axi-dmac: Do not dereference NULL structure
dmaengine: ptdma: check for null desc before calling pt_cmd_callback
iommu/vt-d: Fix error handling in sva enable/disable paths
iommu/vt-d: Allow to use flush-queue when first level is default
RDMA/rxe: cleanup some error handling in rxe_verbs.c
RDMA/rxe: Fix missing memory barriers in rxe_queue.h
IB/hfi1: Fix math bugs in hfi1_can_pin_pages()
IB/hfi1: Fix sdma.h tx->num_descs off-by-one errors
Revert "remoteproc: qcom_q6v5_mss: map/unmap metadata region before/after use"
remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers
media: ti: cal: fix possible memory leak in cal_ctx_create()
media: platform: ti: Add missing check for devm_regulator_get
media: imx: imx7-media-csi: fix missing clk_disable_unprepare() in imx7_csi_init()
powerpc: Remove linker flag from KBUILD_AFLAGS
s390/vdso: Drop '-shared' from KBUILD_CFLAGS_64
builddeb: clean generated package content
media: max9286: Fix memleak in max9286_v4l2_register()
media: ov2740: Fix memleak in ov2740_init_controls()
media: ov5675: Fix memleak in ov5675_init_controls()
media: ov5640: Fix soft reset sequence and timings
media: ov5640: Handle delays when no reset_gpio set
media: mc: Get media_device directly from pad
media: i2c: ov772x: Fix memleak in ov772x_probe()
media: i2c: imx219: Split common registers from mode tables
media: i2c: imx219: Fix binning for RAW8 capture
media: platform: mtk-mdp3: Fix return value check in mdp_probe()
media: camss: csiphy-3ph: avoid undefined behavior
media: platform: mtk-mdp3: remove unused VIDEO_MEDIATEK_VPU config
media: platform: mtk-mdp3: fix Kconfig dependencies
media: v4l2-jpeg: correct the skip count in jpeg_parse_app14_data
media: v4l2-jpeg: ignore the unknown APP14 marker
media: hantro: Fix JPEG encoder ENUM_FRMSIZE on RK3399
media: imx-jpeg: Apply clk_bulk api instead of operating specific clk
media: amphion: correct the unspecified color space
media: drivers/media/v4l2-core/v4l2-h264 : add detection of null pointers
media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()
media: atomisp: Only set default_run_mode on first open of a stream/asd
media: i2c: ov7670: 0 instead of -EINVAL was returned
media: usb: siano: Fix use after free bugs caused by do_submit_urb
media: saa7134: Use video_unregister_device for radio_dev
rpmsg: glink: Avoid infinite loop on intent for missing channel
rpmsg: glink: Release driver_override
ARM: OMAP2+: omap4-common: Fix refcount leak bug
arm64: dts: qcom: msm8996: Add additional A2NoC clocks
udf: Define EFSCORRUPTED error code
context_tracking: Fix noinstr vs KASAN
exit: Detect and fix irq disabled state in oops
ARM: dts: exynos: Use Exynos5420 compatible for the MIPI video phy
fs: Use CHECK_DATA_CORRUPTION() when kernel bugs are detected
blk-iocost: fix divide by 0 error in calc_lcoefs()
blk-cgroup: dropping parent refcount after pd_free_fn() is done
blk-cgroup: synchronize pd_free_fn() from blkg_free_workfn() and blkcg_deactivate_policy()
trace/blktrace: fix memory leak with using debugfs_lookup()
btrfs: scrub: improve tree block error reporting
arm64: zynqmp: Enable hs termination flag for USB dwc3 controller
cpuidle, intel_idle: Fix CPUIDLE_FLAG_INIT_XSTATE
x86/fpu: Don't set TIF_NEED_FPU_LOAD for PF_IO_WORKER threads
cpuidle: drivers: firmware: psci: Dont instrument suspend code
cpuidle: lib/bug: Disable rcu_is_watching() during WARN/BUG
perf/x86/intel/uncore: Add Meteor Lake support
wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect()
wifi: ath11k: fix monitor mode bringup crash
wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds()
rcu: Make RCU_LOCKDEP_WARN() avoid early lockdep checks
rcu: Suppress smp_processor_id() complaint in synchronize_rcu_expedited_wait()
srcu: Delegate work to the boot cpu if using SRCU_SIZE_SMALL
rcu-tasks: Make rude RCU-Tasks work well with CPU hotplug
rcu-tasks: Handle queue-shrink/callback-enqueue race condition
wifi: ath11k: debugfs: fix to work with multiple PCI devices
thermal: intel: Fix unsigned comparison with less than zero
timers: Prevent union confusion from unexpected restart_syscall()
x86/bugs: Reset speculation control settings on init
bpftool: Always disable stack protection for BPF objects
wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds
wifi: mt7601u: fix an integer underflow
inet: fix fast path in __inet_hash_connect()
ice: restrict PTP HW clock freq adjustments to 100, 000, 000 PPB
ice: add missing checks for PF vsi type
ACPI: Don't build ACPICA with '-Os'
bpf, docs: Fix modulo zero, division by zero, overflow, and underflow
thermal: intel: intel_pch: Add support for Wellsburg PCH
clocksource: Suspend the watchdog temporarily when high read latency detected
crypto: hisilicon: Wipe entire pool on error
net: bcmgenet: Add a check for oversized packets
m68k: Check syscall_trace_enter() return code
s390/mm,ptdump: avoid Kasan vs Memcpy Real markers swapping
netfilter: nf_tables: NULL pointer dereference in nf_tables_updobj()
can: isotp: check CAN address family in isotp_bind()
gcc-plugins: drop -std=gnu++11 to fix GCC 13 build
tools/power/x86/intel-speed-select: Add Emerald Rapid quirk
wifi: mt76: dma: free rx_head in mt76_dma_rx_cleanup
ACPI: video: Fix Lenovo Ideapad Z570 DMI match
net/mlx5: fw_tracer: Fix debug print
coda: Avoid partial allocation of sig_inputArgs
uaccess: Add minimum bounds check on kernel buffer size
s390/idle: mark arch_cpu_idle() noinstr
time/debug: Fix memory leak with using debugfs_lookup()
PM: domains: fix memory leak with using debugfs_lookup()
PM: EM: fix memory leak with using debugfs_lookup()
Bluetooth: Fix issue with Actions Semi ATS2851 based devices
Bluetooth: btusb: Add new PID/VID 0489:e0f2 for MT7921
Bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE
wifi: rtw89: debug: avoid invalid access on RTW89_DBG_SEL_MAC_30
hv_netvsc: Check status in SEND_RNDIS_PKT completion message
s390/kfence: fix page fault reporting
devlink: Fix TP_STRUCT_entry in trace of devlink health report
scm: add user copy checks to put_cmsg()
drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Tab 3 X90F
drm: panel-orientation-quirks: Add quirk for DynaBook K50
drm/amd/display: Reduce expected sdp bandwidth for dcn321
drm/amd/display: Revert Reduce delay when sink device not able to ACK 00340h write
drm/amd/display: Fix potential null-deref in dm_resume
drm/omap: dsi: Fix excessive stack usage
HID: Add Mapping for System Microphone Mute
drm/tiny: ili9486: Do not assume 8-bit only SPI controllers
drm/amd/display: Defer DIG FIFO disable after VID stream enable
drm/radeon: free iio for atombios when driver shutdown
drm/amd: Avoid BUG() for case of SRIOV missing IP version
drm/amdkfd: Page aligned memory reserve size
scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write
Revert "fbcon: don't lose the console font across generic->chip driver switch"
drm/amd: Avoid ASSERT for some message failures
drm: amd: display: Fix memory leakage
drm/amd/display: fix mapping to non-allocated address
HID: uclogic: Add frame type quirk
HID: uclogic: Add battery quirk
HID: uclogic: Add support for XP-PEN Deco Pro SW
HID: uclogic: Add support for XP-PEN Deco Pro MW
drm/msm/dsi: Add missing check for alloc_ordered_workqueue
drm: rcar-du: Add quirk for H3 ES1.x pclk workaround
drm: rcar-du: Fix setting a reserved bit in DPLLCR
drm/drm_print: correct format problem
drm/amd/display: Set hvm_enabled flag for S/G mode
habanalabs: extend fatal messages to contain PCI info
habanalabs: fix bug in timestamps registration code
docs/scripts/gdb: add necessary make scripts_gdb step
drm/msm/dpu: Add DSC hardware blocks to register snapshot
ASoC: soc-compress: Reposition and add pcm_mutex
ASoC: kirkwood: Iterate over array indexes instead of using pointer math
regulator: max77802: Bounds check regulator id against opmode
regulator: s5m8767: Bounds check id indexing into arrays
Revert "drm/amdgpu: TA unload messages are not actually sent to psp when amdgpu is uninstalled"
drm/amd/display: fix FCLK pstate change underflow
gfs2: Improve gfs2_make_fs_rw error handling
hwmon: (coretemp) Simplify platform device handling
hwmon: (nct6775) Directly call ASUS ACPI WMI method
hwmon: (nct6775) B650/B660/X670 ASUS boards support
pinctrl: at91: use devm_kasprintf() to avoid potential leaks
drm/amd/display: Do not commit pipe when updating DRR
scsi: snic: Fix memory leak with using debugfs_lookup()
scsi: ufs: core: Fix device management cmd timeout flow
HID: logitech-hidpp: Don't restart communication if not necessary
drm/amd/display: Enable P-state validation checks for DCN314
drm: panel-orientation-quirks: Add quirk for Lenovo IdeaPad Duet 3 10IGL5
drm/amd/display: Disable HUBP/DPP PG on DCN314 for now
dm thin: add cond_resched() to various workqueue loops
dm cache: add cond_resched() to various workqueue loops
nfsd: zero out pointers after putting nfsd_files on COPY setup error
nfsd: don't hand out delegation on setuid files being opened for write
cifs: prevent data race in smb2_reconnect()
drm/shmem-helper: Revert accidental non-GPL export
driver core: fw_devlink: Avoid spurious error message
wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu
scsi: mpt3sas: Remove usage of dma_get_required_mask() API
firmware: coreboot: framebuffer: Ignore reserved pixel color bits
block: don't allow multiple bios for IOCB_NOWAIT issue
block: clear bio->bi_bdev when putting a bio back in the cache
block: be a bit more careful in checking for NULL bdev while polling
rtc: pm8xxx: fix set-alarm race
ipmi: ipmb: Fix the MODULE_PARM_DESC associated to 'retry_time_ms'
ipmi:ssif: resend_msg() cannot fail
ipmi_ssif: Rename idle state and check
io_uring: Replace 0-length array with flexible array
io_uring: use user visible tail in io_uring_poll()
io_uring: handle TIF_NOTIFY_RESUME when checking for task_work
io_uring: add a conditional reschedule to the IOPOLL cancelation loop
io_uring: add reschedule point to handle_tw_list()
io_uring/rsrc: disallow multi-source reg buffers
io_uring: remove MSG_NOSIGNAL from recvmsg
io_uring: fix fget leak when fs don't support nowait buffered read
s390/extmem: return correct segment type in __segment_load()
s390: discard .interp section
s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler
s390/kprobes: fix current_kprobe never cleared after kprobes reenter
KVM: s390: disable migration mode when dirty tracking is disabled
cifs: Fix uninitialized memory read in smb3_qfs_tcon()
cifs: Fix uninitialized memory reads for oparms.mode
cifs: fix mount on old smb servers
cifs: introduce cifs_io_parms in smb2_async_writev()
cifs: split out smb3_use_rdma_offload() helper
cifs: don't try to use rdma offload on encrypted connections
cifs: Check the lease context if we actually got a lease
cifs: return a single-use cfid if we did not get a lease
scsi: mpi3mr: Fix missing mrioc->evtack_cmds initialization
scsi: mpi3mr: Fix issues in mpi3mr_get_all_tgt_info()
scsi: mpi3mr: Remove unnecessary memcpy() to alltgt_info->dmi
btrfs: hold block group refcount during async discard
locking/rwsem: Prevent non-first waiter from spinning in down_write() slowpath
ksmbd: fix wrong data area length for smb2 lock request
ksmbd: do not allow the actual frame length to be smaller than the rfc1002 length
ksmbd: fix possible memory leak in smb2_lock()
torture: Fix hang during kthread shutdown phase
ARM: dts: exynos: correct HDMI phy compatible in Exynos4
io_uring: mark task TASK_RUNNING before handling resume/task work
hfs: fix missing hfs_bnode_get() in __hfs_bnode_create
fs: hfsplus: fix UAF issue in hfsplus_put_super
exfat: fix reporting fs error when reading dir beyond EOF
exfat: fix unexpected EOF while reading dir
exfat: redefine DIR_DELETED as the bad cluster number
exfat: fix inode->i_blocks for non-512 byte sector size device
fs: dlm: don't set stop rx flag after node reset
fs: dlm: move sending fin message into state change handling
fs: dlm: send FIN ack back in right cases
f2fs: fix information leak in f2fs_move_inline_dirents()
f2fs: retry to update the inode page given data corruption
f2fs: fix cgroup writeback accounting with fs-layer encryption
f2fs: fix kernel crash due to null io->bio
ocfs2: fix defrag path triggering jbd2 ASSERT
ocfs2: fix non-auto defrag path not working issue
fs/cramfs/inode.c: initialize file_ra_state
selftests/landlock: Skip overlayfs tests when not supported
selftests/landlock: Test ptrace as much as possible with Yama
udf: Truncate added extents on failed expansion
udf: Do not bother merging very long extents
udf: Do not update file length for failed writes to inline files
udf: Preserve link count of system files
udf: Detect system inodes linked into directory hierarchy
udf: Fix file corruption when appending just after end of preallocated extent
md: don't update recovery_cp when curr_resync is ACTIVE
RDMA/siw: Fix user page pinning accounting
KVM: Destroy target device if coalesced MMIO unregistration fails
KVM: VMX: Fix crash due to uninitialized current_vmcs
KVM: Register /dev/kvm as the _very_ last thing during initialization
KVM: x86: Purge "highest ISR" cache when updating APICv state
KVM: x86: Blindly get current x2APIC reg value on "nodecode write" traps
KVM: x86: Don't inhibit APICv/AVIC on xAPIC ID "change" if APIC is disabled
KVM: x86: Don't inhibit APICv/AVIC if xAPIC ID mismatch is due to 32-bit ID
KVM: SVM: Flush the "current" TLB when activating AVIC
KVM: SVM: Process ICR on AVIC IPI delivery failure due to invalid target
KVM: SVM: Don't put/load AVIC when setting virtual APIC mode
KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI
KVM: x86: Inject #GP on x2APIC WRMSR that sets reserved bits 63:32
KVM: SVM: Fix potential overflow in SEV's send|receive_update_data()
KVM: SVM: hyper-v: placate modpost section mismatch error
selftests: x86: Fix incorrect kernel headers search path
x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows)
x86/crash: Disable virt in core NMI crash handler to avoid double shootdown
x86/reboot: Disable virtualization in an emergency if SVM is supported
x86/reboot: Disable SVM, not just VMX, when stopping CPUs
x86/kprobes: Fix __recover_optprobed_insn check optimizing logic
x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range
x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter
x86/microcode/AMD: Add a @cpu parameter to the reloading functions
x86/microcode/AMD: Fix mixed steppings support
x86/speculation: Allow enabling STIBP with legacy IBRS
Documentation/hw-vuln: Document the interaction between IBRS and STIBP
virt/sev-guest: Return -EIO if certificate buffer is not large enough
brd: mark as nowait compatible
brd: return 0/-error from brd_insert_page()
brd: check for REQ_NOWAIT and set correct page allocation mask
ima: fix error handling logic when file measurement failed
ima: Align ima_file_mmap() parameters with mmap_file LSM hook
selftests/powerpc: Fix incorrect kernel headers search path
selftests/ftrace: Fix eprobe syntax test case to check filter support
selftests: sched: Fix incorrect kernel headers search path
selftests: core: Fix incorrect kernel headers search path
selftests: pid_namespace: Fix incorrect kernel headers search path
selftests: arm64: Fix incorrect kernel headers search path
selftests: clone3: Fix incorrect kernel headers search path
selftests: pidfd: Fix incorrect kernel headers search path
selftests: membarrier: Fix incorrect kernel headers search path
selftests: kcmp: Fix incorrect kernel headers search path
selftests: media_tests: Fix incorrect kernel headers search path
selftests: gpio: Fix incorrect kernel headers search path
selftests: filesystems: Fix incorrect kernel headers search path
selftests: user_events: Fix incorrect kernel headers search path
selftests: ptp: Fix incorrect kernel headers search path
selftests: sync: Fix incorrect kernel headers search path
selftests: rseq: Fix incorrect kernel headers search path
selftests: move_mount_set_group: Fix incorrect kernel headers search path
selftests: mount_setattr: Fix incorrect kernel headers search path
selftests: perf_events: Fix incorrect kernel headers search path
selftests: ipc: Fix incorrect kernel headers search path
selftests: futex: Fix incorrect kernel headers search path
selftests: drivers: Fix incorrect kernel headers search path
selftests: dmabuf-heaps: Fix incorrect kernel headers search path
selftests: vm: Fix incorrect kernel headers search path
selftests: seccomp: Fix incorrect kernel headers search path
irqdomain: Fix association race
irqdomain: Fix disassociation race
irqdomain: Look for existing mapping only once
irqdomain: Drop bogus fwspec-mapping error handling
irqdomain: Refactor __irq_domain_alloc_irqs()
irqdomain: Fix mapping-creation race
irqdomain: Fix domain registration race
crypto: qat - fix out-of-bounds read
mm/damon/paddr: fix missing folio_put()
ALSA: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls()
ALSA: hda/realtek: Add quirk for HP EliteDesk 800 G6 Tower PC
jbd2: fix data missing when reusing bh which is ready to be checkpointed
ext4: optimize ea_inode block expansion
ext4: refuse to create ea block when umounted
cxl/pmem: Fix nvdimm registration races
mtd: spi-nor: sfdp: Fix index value for SCCR dwords
mtd: spi-nor: spansion: Consider reserved bits in CFR5 register
mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type
dm: send just one event on resize, not two
dm: add cond_resched() to dm_wq_work()
dm: add cond_resched() to dm_wq_requeue_work()
wifi: rtw88: use RTW_FLAG_POWERON flag to prevent to power on/off twice
wifi: rtl8xxxu: Use a longer retry limit of 48
wifi: ath11k: allow system suspend to survive ath11k
wifi: cfg80211: Fix use after free for wext
wifi: cfg80211: Set SSID if it is not already set
cpuidle: add ARCH_SUSPEND_POSSIBLE dependencies
qede: fix interrupt coalescing configuration
thermal: intel: powerclamp: Fix cur_state for multi package system
dm flakey: fix logic when corrupting a bio
dm cache: free background tracker's queued work in btracker_destroy
dm flakey: don't corrupt the zero page
dm flakey: fix a bug with 32-bit highmem systems
hwmon: (peci/cputemp) Fix off-by-one in coretemp_label allocation
hwmon: (nct6775) Fix incorrect parenthesization in nct6775_write_fan_div()
ARM: dts: qcom: sdx65: Add Qcom SMMU-500 as the fallback for IOMMU node
ARM: dts: qcom: sdx55: Add Qcom SMMU-500 as the fallback for IOMMU node
ARM: dts: exynos: correct TMU phandle in Exynos4210
ARM: dts: exynos: correct TMU phandle in Exynos4
ARM: dts: exynos: correct TMU phandle in Odroid XU3 family
ARM: dts: exynos: correct TMU phandle in Exynos5250
ARM: dts: exynos: correct TMU phandle in Odroid XU
ARM: dts: exynos: correct TMU phandle in Odroid HC1
arm64: mm: hugetlb: Disable HUGETLB_PAGE_OPTIMIZE_VMEMMAP
fuse: add inode/permission checks to fileattr_get/fileattr_set
rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails
ceph: update the time stamps and try to drop the suid/sgid
regulator: core: Use ktime_get_boottime() to determine how long a regulator was off
panic: fix the panic_print NMI backtrace setting
mm/hwpoison: convert TTU_IGNORE_HWPOISON to TTU_HWPOISON
alpha: fix FEN fault handling
dax/kmem: Fix leak of memory-hotplug resources
mips: fix syscall_get_nr
media: ipu3-cio2: Fix PM runtime usage_count in driver unbind
remoteproc/mtk_scp: Move clk ops outside send_lock
docs: gdbmacros: print newest record
mm: memcontrol: deprecate charge moving
mm/thp: check and bail out if page in deferred queue already
ktest.pl: Give back console on Ctrt^C on monitor
kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list
ktest.pl: Fix missing "end_monitor" when machine check fails
ktest.pl: Add RUN_TIMEOUT option with default unlimited
memory tier: release the new_memtier in find_create_memory_tier()
ring-buffer: Handle race between rb_move_tail and rb_check_pages
tools/bootconfig: fix single & used for logical condition
tracing/eprobe: Fix to add filter on eprobe description in README file
iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter
iommu/amd: Improve page fault error reporting
scsi: aacraid: Allocate cmd_priv with scsicmd
scsi: qla2xxx: Fix link failure in NPIV environment
scsi: qla2xxx: Check if port is online before sending ELS
scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests
scsi: qla2xxx: Remove unintended flag clearing
scsi: qla2xxx: Fix erroneous link down
scsi: qla2xxx: Remove increment of interface err cnt
scsi: ses: Don't attach if enclosure has no components
scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process()
scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses
scsi: ses: Fix possible desc_ptr out-of-bounds accesses
scsi: ses: Fix slab-out-of-bounds in ses_intf_remove()
RISC-V: add a spin_shadow_stack declaration
riscv: Avoid enabling interrupts in die()
riscv: mm: fix regression due to update_mmu_cache change
riscv: jump_label: Fixup unaligned arch_static_branch function
riscv, mm: Perform BPF exhandler fixup on page fault
riscv: ftrace: Remove wasted nops for !RISCV_ISA_C
riscv: ftrace: Reduce the detour code size to half
MIPS: DTS: CI20: fix otg power gpio
PCI/PM: Observe reset delay irrespective of bridge_d3
PCI: Unify delay handling for reset and resume
PCI: hotplug: Allow marking devices as disconnected during bind/unbind
PCI: Avoid FLR for AMD FCH AHCI adapters
PCI/DPC: Await readiness of secondary bus after reset
bus: mhi: ep: Only send -ENOTCONN status if client driver is available
bus: mhi: ep: Move chan->lock to the start of processing queued ch ring
bus: mhi: ep: Save channel state locally during suspend and resume
iommu/vt-d: Avoid superfluous IOTLB tracking in lazy mode
iommu/vt-d: Fix PASID directory pointer coherency
vfio/type1: exclude mdevs from VFIO_UPDATE_VADDR
vfio/type1: prevent underflow of locked_vm via exec()
vfio/type1: track locked_vm per dma
vfio/type1: restore locked_vm
drm/amd: Fix initialization for nbio 7.5.1
drm/i915/quirks: Add inverted backlight quirk for HP 14-r206nv
drm/radeon: Fix eDP for single-display iMac11,2
drm/i915: Don't use stolen memory for ring buffers with LLC
drm/i915: Don't use BAR mappings for ring buffers with LLC
drm/gud: Fix UBSAN warning
drm/edid: fix AVI infoframe aspect ratio handling
drm/edid: fix parsing of 3D modes from HDMI VSDB
qede: avoid uninitialized entries in coal_entry array
brd: use radix_tree_maybe_preload instead of radix_tree_preload
sbitmap: Advance the queue index before waking up a queue
wait: Return number of exclusive waiters awaken
sbitmap: Try each queue to wake up at least one waiter
kbuild: Port silent mode detection to future gnu make.
net: avoid double iput when sock_alloc_file fails
Linux 6.1.16
Change-Id: I705caf70ee547e6d55f38d133bdcd50713aed745
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
1917 lines
48 KiB
C
1917 lines
48 KiB
C
// SPDX-License-Identifier: GPL-2.0-only
|
|
/*
|
|
* linux/kernel/exit.c
|
|
*
|
|
* Copyright (C) 1991, 1992 Linus Torvalds
|
|
*/
|
|
|
|
#include <linux/mm.h>
|
|
#include <linux/slab.h>
|
|
#include <linux/sched/autogroup.h>
|
|
#include <linux/sched/mm.h>
|
|
#include <linux/sched/stat.h>
|
|
#include <linux/sched/task.h>
|
|
#include <linux/sched/task_stack.h>
|
|
#include <linux/sched/cputime.h>
|
|
#include <linux/interrupt.h>
|
|
#include <linux/module.h>
|
|
#include <linux/capability.h>
|
|
#include <linux/completion.h>
|
|
#include <linux/personality.h>
|
|
#include <linux/tty.h>
|
|
#include <linux/iocontext.h>
|
|
#include <linux/key.h>
|
|
#include <linux/cpu.h>
|
|
#include <linux/acct.h>
|
|
#include <linux/tsacct_kern.h>
|
|
#include <linux/file.h>
|
|
#include <linux/fdtable.h>
|
|
#include <linux/freezer.h>
|
|
#include <linux/binfmts.h>
|
|
#include <linux/nsproxy.h>
|
|
#include <linux/pid_namespace.h>
|
|
#include <linux/ptrace.h>
|
|
#include <linux/profile.h>
|
|
#include <linux/mount.h>
|
|
#include <linux/proc_fs.h>
|
|
#include <linux/kthread.h>
|
|
#include <linux/mempolicy.h>
|
|
#include <linux/taskstats_kern.h>
|
|
#include <linux/delayacct.h>
|
|
#include <linux/cgroup.h>
|
|
#include <linux/syscalls.h>
|
|
#include <linux/signal.h>
|
|
#include <linux/posix-timers.h>
|
|
#include <linux/cn_proc.h>
|
|
#include <linux/mutex.h>
|
|
#include <linux/futex.h>
|
|
#include <linux/pipe_fs_i.h>
|
|
#include <linux/audit.h> /* for audit_free() */
|
|
#include <linux/resource.h>
|
|
#include <linux/task_io_accounting_ops.h>
|
|
#include <linux/blkdev.h>
|
|
#include <linux/task_work.h>
|
|
#include <linux/fs_struct.h>
|
|
#include <linux/init_task.h>
|
|
#include <linux/perf_event.h>
|
|
#include <trace/events/sched.h>
|
|
#include <linux/hw_breakpoint.h>
|
|
#include <linux/oom.h>
|
|
#include <linux/writeback.h>
|
|
#include <linux/shm.h>
|
|
#include <linux/kcov.h>
|
|
#include <linux/kmsan.h>
|
|
#include <linux/random.h>
|
|
#include <linux/rcuwait.h>
|
|
#include <linux/compat.h>
|
|
#include <linux/io_uring.h>
|
|
#include <linux/kprobes.h>
|
|
#include <linux/rethook.h>
|
|
#include <linux/sysfs.h>
|
|
|
|
#include <linux/uaccess.h>
|
|
#include <asm/unistd.h>
|
|
#include <asm/mmu_context.h>
|
|
|
|
/*
|
|
* The default value should be high enough to not crash a system that randomly
|
|
* crashes its kernel from time to time, but low enough to at least not permit
|
|
* overflowing 32-bit refcounts or the ldsem writer count.
|
|
*/
|
|
static unsigned int oops_limit = 10000;
|
|
|
|
#ifdef CONFIG_SYSCTL
|
|
static struct ctl_table kern_exit_table[] = {
|
|
{
|
|
.procname = "oops_limit",
|
|
.data = &oops_limit,
|
|
.maxlen = sizeof(oops_limit),
|
|
.mode = 0644,
|
|
.proc_handler = proc_douintvec,
|
|
},
|
|
{ }
|
|
};
|
|
|
|
static __init int kernel_exit_sysctls_init(void)
|
|
{
|
|
register_sysctl_init("kernel", kern_exit_table);
|
|
return 0;
|
|
}
|
|
late_initcall(kernel_exit_sysctls_init);
|
|
#endif
|
|
|
|
static atomic_t oops_count = ATOMIC_INIT(0);
|
|
|
|
#ifdef CONFIG_SYSFS
|
|
static ssize_t oops_count_show(struct kobject *kobj, struct kobj_attribute *attr,
|
|
char *page)
|
|
{
|
|
return sysfs_emit(page, "%d\n", atomic_read(&oops_count));
|
|
}
|
|
|
|
static struct kobj_attribute oops_count_attr = __ATTR_RO(oops_count);
|
|
|
|
static __init int kernel_exit_sysfs_init(void)
|
|
{
|
|
sysfs_add_file_to_group(kernel_kobj, &oops_count_attr.attr, NULL);
|
|
return 0;
|
|
}
|
|
late_initcall(kernel_exit_sysfs_init);
|
|
#endif
|
|
|
|
static void __unhash_process(struct task_struct *p, bool group_dead)
|
|
{
|
|
nr_threads--;
|
|
detach_pid(p, PIDTYPE_PID);
|
|
if (group_dead) {
|
|
detach_pid(p, PIDTYPE_TGID);
|
|
detach_pid(p, PIDTYPE_PGID);
|
|
detach_pid(p, PIDTYPE_SID);
|
|
|
|
list_del_rcu(&p->tasks);
|
|
list_del_init(&p->sibling);
|
|
__this_cpu_dec(process_counts);
|
|
}
|
|
list_del_rcu(&p->thread_group);
|
|
list_del_rcu(&p->thread_node);
|
|
}
|
|
|
|
/*
|
|
* This function expects the tasklist_lock write-locked.
|
|
*/
|
|
static void __exit_signal(struct task_struct *tsk)
|
|
{
|
|
struct signal_struct *sig = tsk->signal;
|
|
bool group_dead = thread_group_leader(tsk);
|
|
struct sighand_struct *sighand;
|
|
struct tty_struct *tty;
|
|
u64 utime, stime;
|
|
|
|
sighand = rcu_dereference_check(tsk->sighand,
|
|
lockdep_tasklist_lock_is_held());
|
|
spin_lock(&sighand->siglock);
|
|
|
|
#ifdef CONFIG_POSIX_TIMERS
|
|
posix_cpu_timers_exit(tsk);
|
|
if (group_dead)
|
|
posix_cpu_timers_exit_group(tsk);
|
|
#endif
|
|
|
|
if (group_dead) {
|
|
tty = sig->tty;
|
|
sig->tty = NULL;
|
|
} else {
|
|
/*
|
|
* If there is any task waiting for the group exit
|
|
* then notify it:
|
|
*/
|
|
if (sig->notify_count > 0 && !--sig->notify_count)
|
|
wake_up_process(sig->group_exec_task);
|
|
|
|
if (tsk == sig->curr_target)
|
|
sig->curr_target = next_thread(tsk);
|
|
}
|
|
|
|
add_device_randomness((const void*) &tsk->se.sum_exec_runtime,
|
|
sizeof(unsigned long long));
|
|
|
|
/*
|
|
* Accumulate here the counters for all threads as they die. We could
|
|
* skip the group leader because it is the last user of signal_struct,
|
|
* but we want to avoid the race with thread_group_cputime() which can
|
|
* see the empty ->thread_head list.
|
|
*/
|
|
task_cputime(tsk, &utime, &stime);
|
|
write_seqlock(&sig->stats_lock);
|
|
sig->utime += utime;
|
|
sig->stime += stime;
|
|
sig->gtime += task_gtime(tsk);
|
|
sig->min_flt += tsk->min_flt;
|
|
sig->maj_flt += tsk->maj_flt;
|
|
sig->nvcsw += tsk->nvcsw;
|
|
sig->nivcsw += tsk->nivcsw;
|
|
sig->inblock += task_io_get_inblock(tsk);
|
|
sig->oublock += task_io_get_oublock(tsk);
|
|
task_io_accounting_add(&sig->ioac, &tsk->ioac);
|
|
sig->sum_sched_runtime += tsk->se.sum_exec_runtime;
|
|
sig->nr_threads--;
|
|
__unhash_process(tsk, group_dead);
|
|
write_sequnlock(&sig->stats_lock);
|
|
|
|
/*
|
|
* Do this under ->siglock, we can race with another thread
|
|
* doing sigqueue_free() if we have SIGQUEUE_PREALLOC signals.
|
|
*/
|
|
flush_sigqueue(&tsk->pending);
|
|
tsk->sighand = NULL;
|
|
spin_unlock(&sighand->siglock);
|
|
|
|
__cleanup_sighand(sighand);
|
|
clear_tsk_thread_flag(tsk, TIF_SIGPENDING);
|
|
if (group_dead) {
|
|
flush_sigqueue(&sig->shared_pending);
|
|
tty_kref_put(tty);
|
|
}
|
|
}
|
|
|
|
static void delayed_put_task_struct(struct rcu_head *rhp)
|
|
{
|
|
struct task_struct *tsk = container_of(rhp, struct task_struct, rcu);
|
|
|
|
kprobe_flush_task(tsk);
|
|
rethook_flush_task(tsk);
|
|
perf_event_delayed_put(tsk);
|
|
trace_sched_process_free(tsk);
|
|
put_task_struct(tsk);
|
|
}
|
|
|
|
void put_task_struct_rcu_user(struct task_struct *task)
|
|
{
|
|
if (refcount_dec_and_test(&task->rcu_users))
|
|
call_rcu(&task->rcu, delayed_put_task_struct);
|
|
}
|
|
|
|
void __weak release_thread(struct task_struct *dead_task)
|
|
{
|
|
}
|
|
|
|
void release_task(struct task_struct *p)
|
|
{
|
|
struct task_struct *leader;
|
|
struct pid *thread_pid;
|
|
int zap_leader;
|
|
repeat:
|
|
/* don't need to get the RCU readlock here - the process is dead and
|
|
* can't be modifying its own credentials. But shut RCU-lockdep up */
|
|
rcu_read_lock();
|
|
dec_rlimit_ucounts(task_ucounts(p), UCOUNT_RLIMIT_NPROC, 1);
|
|
rcu_read_unlock();
|
|
|
|
cgroup_release(p);
|
|
|
|
write_lock_irq(&tasklist_lock);
|
|
ptrace_release_task(p);
|
|
thread_pid = get_pid(p->thread_pid);
|
|
__exit_signal(p);
|
|
|
|
/*
|
|
* If we are the last non-leader member of the thread
|
|
* group, and the leader is zombie, then notify the
|
|
* group leader's parent process. (if it wants notification.)
|
|
*/
|
|
zap_leader = 0;
|
|
leader = p->group_leader;
|
|
if (leader != p && thread_group_empty(leader)
|
|
&& leader->exit_state == EXIT_ZOMBIE) {
|
|
/*
|
|
* If we were the last child thread and the leader has
|
|
* exited already, and the leader's parent ignores SIGCHLD,
|
|
* then we are the one who should release the leader.
|
|
*/
|
|
zap_leader = do_notify_parent(leader, leader->exit_signal);
|
|
if (zap_leader)
|
|
leader->exit_state = EXIT_DEAD;
|
|
}
|
|
|
|
write_unlock_irq(&tasklist_lock);
|
|
seccomp_filter_release(p);
|
|
proc_flush_pid(thread_pid);
|
|
put_pid(thread_pid);
|
|
release_thread(p);
|
|
put_task_struct_rcu_user(p);
|
|
|
|
p = leader;
|
|
if (unlikely(zap_leader))
|
|
goto repeat;
|
|
}
|
|
|
|
int rcuwait_wake_up(struct rcuwait *w)
|
|
{
|
|
int ret = 0;
|
|
struct task_struct *task;
|
|
|
|
rcu_read_lock();
|
|
|
|
/*
|
|
* Order condition vs @task, such that everything prior to the load
|
|
* of @task is visible. This is the condition as to why the user called
|
|
* rcuwait_wake() in the first place. Pairs with set_current_state()
|
|
* barrier (A) in rcuwait_wait_event().
|
|
*
|
|
* WAIT WAKE
|
|
* [S] tsk = current [S] cond = true
|
|
* MB (A) MB (B)
|
|
* [L] cond [L] tsk
|
|
*/
|
|
smp_mb(); /* (B) */
|
|
|
|
task = rcu_dereference(w->task);
|
|
if (task)
|
|
ret = wake_up_process(task);
|
|
rcu_read_unlock();
|
|
|
|
return ret;
|
|
}
|
|
EXPORT_SYMBOL_GPL(rcuwait_wake_up);
|
|
|
|
/*
|
|
* Determine if a process group is "orphaned", according to the POSIX
|
|
* definition in 2.2.2.52. Orphaned process groups are not to be affected
|
|
* by terminal-generated stop signals. Newly orphaned process groups are
|
|
* to receive a SIGHUP and a SIGCONT.
|
|
*
|
|
* "I ask you, have you ever known what it is to be an orphan?"
|
|
*/
|
|
static int will_become_orphaned_pgrp(struct pid *pgrp,
|
|
struct task_struct *ignored_task)
|
|
{
|
|
struct task_struct *p;
|
|
|
|
do_each_pid_task(pgrp, PIDTYPE_PGID, p) {
|
|
if ((p == ignored_task) ||
|
|
(p->exit_state && thread_group_empty(p)) ||
|
|
is_global_init(p->real_parent))
|
|
continue;
|
|
|
|
if (task_pgrp(p->real_parent) != pgrp &&
|
|
task_session(p->real_parent) == task_session(p))
|
|
return 0;
|
|
} while_each_pid_task(pgrp, PIDTYPE_PGID, p);
|
|
|
|
return 1;
|
|
}
|
|
|
|
int is_current_pgrp_orphaned(void)
|
|
{
|
|
int retval;
|
|
|
|
read_lock(&tasklist_lock);
|
|
retval = will_become_orphaned_pgrp(task_pgrp(current), NULL);
|
|
read_unlock(&tasklist_lock);
|
|
|
|
return retval;
|
|
}
|
|
|
|
static bool has_stopped_jobs(struct pid *pgrp)
|
|
{
|
|
struct task_struct *p;
|
|
|
|
do_each_pid_task(pgrp, PIDTYPE_PGID, p) {
|
|
if (p->signal->flags & SIGNAL_STOP_STOPPED)
|
|
return true;
|
|
} while_each_pid_task(pgrp, PIDTYPE_PGID, p);
|
|
|
|
return false;
|
|
}
|
|
|
|
/*
|
|
* Check to see if any process groups have become orphaned as
|
|
* a result of our exiting, and if they have any stopped jobs,
|
|
* send them a SIGHUP and then a SIGCONT. (POSIX 3.2.2.2)
|
|
*/
|
|
static void
|
|
kill_orphaned_pgrp(struct task_struct *tsk, struct task_struct *parent)
|
|
{
|
|
struct pid *pgrp = task_pgrp(tsk);
|
|
struct task_struct *ignored_task = tsk;
|
|
|
|
if (!parent)
|
|
/* exit: our father is in a different pgrp than
|
|
* we are and we were the only connection outside.
|
|
*/
|
|
parent = tsk->real_parent;
|
|
else
|
|
/* reparent: our child is in a different pgrp than
|
|
* we are, and it was the only connection outside.
|
|
*/
|
|
ignored_task = NULL;
|
|
|
|
if (task_pgrp(parent) != pgrp &&
|
|
task_session(parent) == task_session(tsk) &&
|
|
will_become_orphaned_pgrp(pgrp, ignored_task) &&
|
|
has_stopped_jobs(pgrp)) {
|
|
__kill_pgrp_info(SIGHUP, SEND_SIG_PRIV, pgrp);
|
|
__kill_pgrp_info(SIGCONT, SEND_SIG_PRIV, pgrp);
|
|
}
|
|
}
|
|
|
|
static void coredump_task_exit(struct task_struct *tsk)
|
|
{
|
|
struct core_state *core_state;
|
|
|
|
/*
|
|
* Serialize with any possible pending coredump.
|
|
* We must hold siglock around checking core_state
|
|
* and setting PF_POSTCOREDUMP. The core-inducing thread
|
|
* will increment ->nr_threads for each thread in the
|
|
* group without PF_POSTCOREDUMP set.
|
|
*/
|
|
spin_lock_irq(&tsk->sighand->siglock);
|
|
tsk->flags |= PF_POSTCOREDUMP;
|
|
core_state = tsk->signal->core_state;
|
|
spin_unlock_irq(&tsk->sighand->siglock);
|
|
if (core_state) {
|
|
struct core_thread self;
|
|
|
|
self.task = current;
|
|
if (self.task->flags & PF_SIGNALED)
|
|
self.next = xchg(&core_state->dumper.next, &self);
|
|
else
|
|
self.task = NULL;
|
|
/*
|
|
* Implies mb(), the result of xchg() must be visible
|
|
* to core_state->dumper.
|
|
*/
|
|
if (atomic_dec_and_test(&core_state->nr_threads))
|
|
complete(&core_state->startup);
|
|
|
|
for (;;) {
|
|
set_current_state(TASK_UNINTERRUPTIBLE|TASK_FREEZABLE);
|
|
if (!self.task) /* see coredump_finish() */
|
|
break;
|
|
schedule();
|
|
}
|
|
__set_current_state(TASK_RUNNING);
|
|
}
|
|
}
|
|
|
|
#ifdef CONFIG_MEMCG
|
|
/*
|
|
* A task is exiting. If it owned this mm, find a new owner for the mm.
|
|
*/
|
|
void mm_update_next_owner(struct mm_struct *mm)
|
|
{
|
|
struct task_struct *c, *g, *p = current;
|
|
|
|
retry:
|
|
/*
|
|
* If the exiting or execing task is not the owner, it's
|
|
* someone else's problem.
|
|
*/
|
|
if (mm->owner != p)
|
|
return;
|
|
/*
|
|
* The current owner is exiting/execing and there are no other
|
|
* candidates. Do not leave the mm pointing to a possibly
|
|
* freed task structure.
|
|
*/
|
|
if (atomic_read(&mm->mm_users) <= 1) {
|
|
WRITE_ONCE(mm->owner, NULL);
|
|
return;
|
|
}
|
|
|
|
read_lock(&tasklist_lock);
|
|
/*
|
|
* Search in the children
|
|
*/
|
|
list_for_each_entry(c, &p->children, sibling) {
|
|
if (c->mm == mm)
|
|
goto assign_new_owner;
|
|
}
|
|
|
|
/*
|
|
* Search in the siblings
|
|
*/
|
|
list_for_each_entry(c, &p->real_parent->children, sibling) {
|
|
if (c->mm == mm)
|
|
goto assign_new_owner;
|
|
}
|
|
|
|
/*
|
|
* Search through everything else, we should not get here often.
|
|
*/
|
|
for_each_process(g) {
|
|
if (g->flags & PF_KTHREAD)
|
|
continue;
|
|
for_each_thread(g, c) {
|
|
if (c->mm == mm)
|
|
goto assign_new_owner;
|
|
if (c->mm)
|
|
break;
|
|
}
|
|
}
|
|
read_unlock(&tasklist_lock);
|
|
/*
|
|
* We found no owner yet mm_users > 1: this implies that we are
|
|
* most likely racing with swapoff (try_to_unuse()) or /proc or
|
|
* ptrace or page migration (get_task_mm()). Mark owner as NULL.
|
|
*/
|
|
WRITE_ONCE(mm->owner, NULL);
|
|
return;
|
|
|
|
assign_new_owner:
|
|
BUG_ON(c == p);
|
|
get_task_struct(c);
|
|
/*
|
|
* The task_lock protects c->mm from changing.
|
|
* We always want mm->owner->mm == mm
|
|
*/
|
|
task_lock(c);
|
|
/*
|
|
* Delay read_unlock() till we have the task_lock()
|
|
* to ensure that c does not slip away underneath us
|
|
*/
|
|
read_unlock(&tasklist_lock);
|
|
if (c->mm != mm) {
|
|
task_unlock(c);
|
|
put_task_struct(c);
|
|
goto retry;
|
|
}
|
|
WRITE_ONCE(mm->owner, c);
|
|
lru_gen_migrate_mm(mm);
|
|
task_unlock(c);
|
|
put_task_struct(c);
|
|
}
|
|
#endif /* CONFIG_MEMCG */
|
|
|
|
/*
|
|
* Turn us into a lazy TLB process if we
|
|
* aren't already..
|
|
*/
|
|
static void exit_mm(void)
|
|
{
|
|
struct mm_struct *mm = current->mm;
|
|
|
|
exit_mm_release(current, mm);
|
|
if (!mm)
|
|
return;
|
|
sync_mm_rss(mm);
|
|
mmap_read_lock(mm);
|
|
mmgrab(mm);
|
|
BUG_ON(mm != current->active_mm);
|
|
/* more a memory barrier than a real lock */
|
|
task_lock(current);
|
|
/*
|
|
* When a thread stops operating on an address space, the loop
|
|
* in membarrier_private_expedited() may not observe that
|
|
* tsk->mm, and the loop in membarrier_global_expedited() may
|
|
* not observe a MEMBARRIER_STATE_GLOBAL_EXPEDITED
|
|
* rq->membarrier_state, so those would not issue an IPI.
|
|
* Membarrier requires a memory barrier after accessing
|
|
* user-space memory, before clearing tsk->mm or the
|
|
* rq->membarrier_state.
|
|
*/
|
|
smp_mb__after_spinlock();
|
|
local_irq_disable();
|
|
current->mm = NULL;
|
|
membarrier_update_current_mm(NULL);
|
|
enter_lazy_tlb(mm, current);
|
|
local_irq_enable();
|
|
task_unlock(current);
|
|
mmap_read_unlock(mm);
|
|
mm_update_next_owner(mm);
|
|
mmput(mm);
|
|
if (test_thread_flag(TIF_MEMDIE))
|
|
exit_oom_victim();
|
|
}
|
|
|
|
static struct task_struct *find_alive_thread(struct task_struct *p)
|
|
{
|
|
struct task_struct *t;
|
|
|
|
for_each_thread(p, t) {
|
|
if (!(t->flags & PF_EXITING))
|
|
return t;
|
|
}
|
|
return NULL;
|
|
}
|
|
|
|
static struct task_struct *find_child_reaper(struct task_struct *father,
|
|
struct list_head *dead)
|
|
__releases(&tasklist_lock)
|
|
__acquires(&tasklist_lock)
|
|
{
|
|
struct pid_namespace *pid_ns = task_active_pid_ns(father);
|
|
struct task_struct *reaper = pid_ns->child_reaper;
|
|
struct task_struct *p, *n;
|
|
|
|
if (likely(reaper != father))
|
|
return reaper;
|
|
|
|
reaper = find_alive_thread(father);
|
|
if (reaper) {
|
|
pid_ns->child_reaper = reaper;
|
|
return reaper;
|
|
}
|
|
|
|
write_unlock_irq(&tasklist_lock);
|
|
|
|
list_for_each_entry_safe(p, n, dead, ptrace_entry) {
|
|
list_del_init(&p->ptrace_entry);
|
|
release_task(p);
|
|
}
|
|
|
|
zap_pid_ns_processes(pid_ns);
|
|
write_lock_irq(&tasklist_lock);
|
|
|
|
return father;
|
|
}
|
|
|
|
/*
|
|
* When we die, we re-parent all our children, and try to:
|
|
* 1. give them to another thread in our thread group, if such a member exists
|
|
* 2. give it to the first ancestor process which prctl'd itself as a
|
|
* child_subreaper for its children (like a service manager)
|
|
* 3. give it to the init process (PID 1) in our pid namespace
|
|
*/
|
|
static struct task_struct *find_new_reaper(struct task_struct *father,
|
|
struct task_struct *child_reaper)
|
|
{
|
|
struct task_struct *thread, *reaper;
|
|
|
|
thread = find_alive_thread(father);
|
|
if (thread)
|
|
return thread;
|
|
|
|
if (father->signal->has_child_subreaper) {
|
|
unsigned int ns_level = task_pid(father)->level;
|
|
/*
|
|
* Find the first ->is_child_subreaper ancestor in our pid_ns.
|
|
* We can't check reaper != child_reaper to ensure we do not
|
|
* cross the namespaces, the exiting parent could be injected
|
|
* by setns() + fork().
|
|
* We check pid->level, this is slightly more efficient than
|
|
* task_active_pid_ns(reaper) != task_active_pid_ns(father).
|
|
*/
|
|
for (reaper = father->real_parent;
|
|
task_pid(reaper)->level == ns_level;
|
|
reaper = reaper->real_parent) {
|
|
if (reaper == &init_task)
|
|
break;
|
|
if (!reaper->signal->is_child_subreaper)
|
|
continue;
|
|
thread = find_alive_thread(reaper);
|
|
if (thread)
|
|
return thread;
|
|
}
|
|
}
|
|
|
|
return child_reaper;
|
|
}
|
|
|
|
/*
|
|
* Any that need to be release_task'd are put on the @dead list.
|
|
*/
|
|
static void reparent_leader(struct task_struct *father, struct task_struct *p,
|
|
struct list_head *dead)
|
|
{
|
|
if (unlikely(p->exit_state == EXIT_DEAD))
|
|
return;
|
|
|
|
/* We don't want people slaying init. */
|
|
p->exit_signal = SIGCHLD;
|
|
|
|
/* If it has exited notify the new parent about this child's death. */
|
|
if (!p->ptrace &&
|
|
p->exit_state == EXIT_ZOMBIE && thread_group_empty(p)) {
|
|
if (do_notify_parent(p, p->exit_signal)) {
|
|
p->exit_state = EXIT_DEAD;
|
|
list_add(&p->ptrace_entry, dead);
|
|
}
|
|
}
|
|
|
|
kill_orphaned_pgrp(p, father);
|
|
}
|
|
|
|
/*
|
|
* This does two things:
|
|
*
|
|
* A. Make init inherit all the child processes
|
|
* B. Check to see if any process groups have become orphaned
|
|
* as a result of our exiting, and if they have any stopped
|
|
* jobs, send them a SIGHUP and then a SIGCONT. (POSIX 3.2.2.2)
|
|
*/
|
|
static void forget_original_parent(struct task_struct *father,
|
|
struct list_head *dead)
|
|
{
|
|
struct task_struct *p, *t, *reaper;
|
|
|
|
if (unlikely(!list_empty(&father->ptraced)))
|
|
exit_ptrace(father, dead);
|
|
|
|
/* Can drop and reacquire tasklist_lock */
|
|
reaper = find_child_reaper(father, dead);
|
|
if (list_empty(&father->children))
|
|
return;
|
|
|
|
reaper = find_new_reaper(father, reaper);
|
|
list_for_each_entry(p, &father->children, sibling) {
|
|
for_each_thread(p, t) {
|
|
RCU_INIT_POINTER(t->real_parent, reaper);
|
|
BUG_ON((!t->ptrace) != (rcu_access_pointer(t->parent) == father));
|
|
if (likely(!t->ptrace))
|
|
t->parent = t->real_parent;
|
|
if (t->pdeath_signal)
|
|
group_send_sig_info(t->pdeath_signal,
|
|
SEND_SIG_NOINFO, t,
|
|
PIDTYPE_TGID);
|
|
}
|
|
/*
|
|
* If this is a threaded reparent there is no need to
|
|
* notify anyone anything has happened.
|
|
*/
|
|
if (!same_thread_group(reaper, father))
|
|
reparent_leader(father, p, dead);
|
|
}
|
|
list_splice_tail_init(&father->children, &reaper->children);
|
|
}
|
|
|
|
/*
|
|
* Send signals to all our closest relatives so that they know
|
|
* to properly mourn us..
|
|
*/
|
|
static void exit_notify(struct task_struct *tsk, int group_dead)
|
|
{
|
|
bool autoreap;
|
|
struct task_struct *p, *n;
|
|
LIST_HEAD(dead);
|
|
|
|
write_lock_irq(&tasklist_lock);
|
|
forget_original_parent(tsk, &dead);
|
|
|
|
if (group_dead)
|
|
kill_orphaned_pgrp(tsk->group_leader, NULL);
|
|
|
|
tsk->exit_state = EXIT_ZOMBIE;
|
|
if (unlikely(tsk->ptrace)) {
|
|
int sig = thread_group_leader(tsk) &&
|
|
thread_group_empty(tsk) &&
|
|
!ptrace_reparented(tsk) ?
|
|
tsk->exit_signal : SIGCHLD;
|
|
autoreap = do_notify_parent(tsk, sig);
|
|
} else if (thread_group_leader(tsk)) {
|
|
autoreap = thread_group_empty(tsk) &&
|
|
do_notify_parent(tsk, tsk->exit_signal);
|
|
} else {
|
|
autoreap = true;
|
|
}
|
|
|
|
if (autoreap) {
|
|
tsk->exit_state = EXIT_DEAD;
|
|
list_add(&tsk->ptrace_entry, &dead);
|
|
}
|
|
|
|
/* mt-exec, de_thread() is waiting for group leader */
|
|
if (unlikely(tsk->signal->notify_count < 0))
|
|
wake_up_process(tsk->signal->group_exec_task);
|
|
write_unlock_irq(&tasklist_lock);
|
|
|
|
list_for_each_entry_safe(p, n, &dead, ptrace_entry) {
|
|
list_del_init(&p->ptrace_entry);
|
|
release_task(p);
|
|
}
|
|
}
|
|
|
|
#ifdef CONFIG_DEBUG_STACK_USAGE
|
|
static void check_stack_usage(void)
|
|
{
|
|
static DEFINE_SPINLOCK(low_water_lock);
|
|
static int lowest_to_date = THREAD_SIZE;
|
|
unsigned long free;
|
|
|
|
free = stack_not_used(current);
|
|
|
|
if (free >= lowest_to_date)
|
|
return;
|
|
|
|
spin_lock(&low_water_lock);
|
|
if (free < lowest_to_date) {
|
|
pr_info("%s (%d) used greatest stack depth: %lu bytes left\n",
|
|
current->comm, task_pid_nr(current), free);
|
|
lowest_to_date = free;
|
|
}
|
|
spin_unlock(&low_water_lock);
|
|
}
|
|
#else
|
|
static inline void check_stack_usage(void) {}
|
|
#endif
|
|
|
|
static void synchronize_group_exit(struct task_struct *tsk, long code)
|
|
{
|
|
struct sighand_struct *sighand = tsk->sighand;
|
|
struct signal_struct *signal = tsk->signal;
|
|
|
|
spin_lock_irq(&sighand->siglock);
|
|
signal->quick_threads--;
|
|
if ((signal->quick_threads == 0) &&
|
|
!(signal->flags & SIGNAL_GROUP_EXIT)) {
|
|
signal->flags = SIGNAL_GROUP_EXIT;
|
|
signal->group_exit_code = code;
|
|
signal->group_stop_count = 0;
|
|
}
|
|
spin_unlock_irq(&sighand->siglock);
|
|
}
|
|
|
|
void __noreturn do_exit(long code)
|
|
{
|
|
struct task_struct *tsk = current;
|
|
int group_dead;
|
|
|
|
WARN_ON(irqs_disabled());
|
|
|
|
synchronize_group_exit(tsk, code);
|
|
|
|
WARN_ON(tsk->plug);
|
|
|
|
profile_task_exit(tsk);
|
|
kcov_task_exit(tsk);
|
|
kmsan_task_exit(tsk);
|
|
|
|
coredump_task_exit(tsk);
|
|
ptrace_event(PTRACE_EVENT_EXIT, code);
|
|
|
|
validate_creds_for_do_exit(tsk);
|
|
|
|
io_uring_files_cancel();
|
|
exit_signals(tsk); /* sets PF_EXITING */
|
|
|
|
/* sync mm's RSS info before statistics gathering */
|
|
if (tsk->mm)
|
|
sync_mm_rss(tsk->mm);
|
|
acct_update_integrals(tsk);
|
|
group_dead = atomic_dec_and_test(&tsk->signal->live);
|
|
if (group_dead) {
|
|
/*
|
|
* If the last thread of global init has exited, panic
|
|
* immediately to get a useable coredump.
|
|
*/
|
|
if (unlikely(is_global_init(tsk)))
|
|
panic("Attempted to kill init! exitcode=0x%08x\n",
|
|
tsk->signal->group_exit_code ?: (int)code);
|
|
|
|
#ifdef CONFIG_POSIX_TIMERS
|
|
hrtimer_cancel(&tsk->signal->real_timer);
|
|
exit_itimers(tsk);
|
|
#endif
|
|
if (tsk->mm)
|
|
setmax_mm_hiwater_rss(&tsk->signal->maxrss, tsk->mm);
|
|
}
|
|
acct_collect(code, group_dead);
|
|
if (group_dead)
|
|
tty_audit_exit();
|
|
audit_free(tsk);
|
|
|
|
tsk->exit_code = code;
|
|
taskstats_exit(tsk, group_dead);
|
|
|
|
exit_mm();
|
|
|
|
if (group_dead)
|
|
acct_process();
|
|
trace_sched_process_exit(tsk);
|
|
|
|
exit_sem(tsk);
|
|
exit_shm(tsk);
|
|
exit_files(tsk);
|
|
exit_fs(tsk);
|
|
if (group_dead)
|
|
disassociate_ctty(1);
|
|
exit_task_namespaces(tsk);
|
|
exit_task_work(tsk);
|
|
exit_thread(tsk);
|
|
|
|
/*
|
|
* Flush inherited counters to the parent - before the parent
|
|
* gets woken up by child-exit notifications.
|
|
*
|
|
* because of cgroup mode, must be called before cgroup_exit()
|
|
*/
|
|
perf_event_exit_task(tsk);
|
|
|
|
sched_autogroup_exit_task(tsk);
|
|
cgroup_exit(tsk);
|
|
|
|
/*
|
|
* FIXME: do that only when needed, using sched_exit tracepoint
|
|
*/
|
|
flush_ptrace_hw_breakpoint(tsk);
|
|
|
|
exit_tasks_rcu_start();
|
|
exit_notify(tsk, group_dead);
|
|
proc_exit_connector(tsk);
|
|
mpol_put_task_policy(tsk);
|
|
#ifdef CONFIG_FUTEX
|
|
if (unlikely(current->pi_state_cache))
|
|
kfree(current->pi_state_cache);
|
|
#endif
|
|
/*
|
|
* Make sure we are holding no locks:
|
|
*/
|
|
debug_check_no_locks_held();
|
|
|
|
if (tsk->io_context)
|
|
exit_io_context(tsk);
|
|
|
|
if (tsk->splice_pipe)
|
|
free_pipe_info(tsk->splice_pipe);
|
|
|
|
if (tsk->task_frag.page)
|
|
put_page(tsk->task_frag.page);
|
|
|
|
validate_creds_for_do_exit(tsk);
|
|
exit_task_stack_account(tsk);
|
|
|
|
check_stack_usage();
|
|
preempt_disable();
|
|
if (tsk->nr_dirtied)
|
|
__this_cpu_add(dirty_throttle_leaks, tsk->nr_dirtied);
|
|
exit_rcu();
|
|
exit_tasks_rcu_finish();
|
|
|
|
lockdep_free_task(tsk);
|
|
do_task_dead();
|
|
}
|
|
|
|
void __noreturn make_task_dead(int signr)
|
|
{
|
|
/*
|
|
* Take the task off the cpu after something catastrophic has
|
|
* happened.
|
|
*
|
|
* We can get here from a kernel oops, sometimes with preemption off.
|
|
* Start by checking for critical errors.
|
|
* Then fix up important state like USER_DS and preemption.
|
|
* Then do everything else.
|
|
*/
|
|
struct task_struct *tsk = current;
|
|
unsigned int limit;
|
|
|
|
if (unlikely(in_interrupt()))
|
|
panic("Aiee, killing interrupt handler!");
|
|
if (unlikely(!tsk->pid))
|
|
panic("Attempted to kill the idle task!");
|
|
|
|
if (unlikely(irqs_disabled())) {
|
|
pr_info("note: %s[%d] exited with irqs disabled\n",
|
|
current->comm, task_pid_nr(current));
|
|
local_irq_enable();
|
|
}
|
|
if (unlikely(in_atomic())) {
|
|
pr_info("note: %s[%d] exited with preempt_count %d\n",
|
|
current->comm, task_pid_nr(current),
|
|
preempt_count());
|
|
preempt_count_set(PREEMPT_ENABLED);
|
|
}
|
|
|
|
/*
|
|
* Every time the system oopses, if the oops happens while a reference
|
|
* to an object was held, the reference leaks.
|
|
* If the oops doesn't also leak memory, repeated oopsing can cause
|
|
* reference counters to wrap around (if they're not using refcount_t).
|
|
* This means that repeated oopsing can make unexploitable-looking bugs
|
|
* exploitable through repeated oopsing.
|
|
* To make sure this can't happen, place an upper bound on how often the
|
|
* kernel may oops without panic().
|
|
*/
|
|
limit = READ_ONCE(oops_limit);
|
|
if (atomic_inc_return(&oops_count) >= limit && limit)
|
|
panic("Oopsed too often (kernel.oops_limit is %d)", limit);
|
|
|
|
/*
|
|
* We're taking recursive faults here in make_task_dead. Safest is to just
|
|
* leave this task alone and wait for reboot.
|
|
*/
|
|
if (unlikely(tsk->flags & PF_EXITING)) {
|
|
pr_alert("Fixing recursive fault but reboot is needed!\n");
|
|
futex_exit_recursive(tsk);
|
|
tsk->exit_state = EXIT_DEAD;
|
|
refcount_inc(&tsk->rcu_users);
|
|
do_task_dead();
|
|
}
|
|
|
|
do_exit(signr);
|
|
}
|
|
|
|
SYSCALL_DEFINE1(exit, int, error_code)
|
|
{
|
|
do_exit((error_code&0xff)<<8);
|
|
}
|
|
|
|
/*
|
|
* Take down every thread in the group. This is called by fatal signals
|
|
* as well as by sys_exit_group (below).
|
|
*/
|
|
void __noreturn
|
|
do_group_exit(int exit_code)
|
|
{
|
|
struct signal_struct *sig = current->signal;
|
|
|
|
if (sig->flags & SIGNAL_GROUP_EXIT)
|
|
exit_code = sig->group_exit_code;
|
|
else if (sig->group_exec_task)
|
|
exit_code = 0;
|
|
else {
|
|
struct sighand_struct *const sighand = current->sighand;
|
|
|
|
spin_lock_irq(&sighand->siglock);
|
|
if (sig->flags & SIGNAL_GROUP_EXIT)
|
|
/* Another thread got here before we took the lock. */
|
|
exit_code = sig->group_exit_code;
|
|
else if (sig->group_exec_task)
|
|
exit_code = 0;
|
|
else {
|
|
sig->group_exit_code = exit_code;
|
|
sig->flags = SIGNAL_GROUP_EXIT;
|
|
zap_other_threads(current);
|
|
}
|
|
spin_unlock_irq(&sighand->siglock);
|
|
}
|
|
|
|
do_exit(exit_code);
|
|
/* NOTREACHED */
|
|
}
|
|
|
|
/*
|
|
* this kills every thread in the thread group. Note that any externally
|
|
* wait4()-ing process will get the correct exit code - even if this
|
|
* thread is not the thread group leader.
|
|
*/
|
|
SYSCALL_DEFINE1(exit_group, int, error_code)
|
|
{
|
|
do_group_exit((error_code & 0xff) << 8);
|
|
/* NOTREACHED */
|
|
return 0;
|
|
}
|
|
|
|
struct waitid_info {
|
|
pid_t pid;
|
|
uid_t uid;
|
|
int status;
|
|
int cause;
|
|
};
|
|
|
|
struct wait_opts {
|
|
enum pid_type wo_type;
|
|
int wo_flags;
|
|
struct pid *wo_pid;
|
|
|
|
struct waitid_info *wo_info;
|
|
int wo_stat;
|
|
struct rusage *wo_rusage;
|
|
|
|
wait_queue_entry_t child_wait;
|
|
int notask_error;
|
|
};
|
|
|
|
static int eligible_pid(struct wait_opts *wo, struct task_struct *p)
|
|
{
|
|
return wo->wo_type == PIDTYPE_MAX ||
|
|
task_pid_type(p, wo->wo_type) == wo->wo_pid;
|
|
}
|
|
|
|
static int
|
|
eligible_child(struct wait_opts *wo, bool ptrace, struct task_struct *p)
|
|
{
|
|
if (!eligible_pid(wo, p))
|
|
return 0;
|
|
|
|
/*
|
|
* Wait for all children (clone and not) if __WALL is set or
|
|
* if it is traced by us.
|
|
*/
|
|
if (ptrace || (wo->wo_flags & __WALL))
|
|
return 1;
|
|
|
|
/*
|
|
* Otherwise, wait for clone children *only* if __WCLONE is set;
|
|
* otherwise, wait for non-clone children *only*.
|
|
*
|
|
* Note: a "clone" child here is one that reports to its parent
|
|
* using a signal other than SIGCHLD, or a non-leader thread which
|
|
* we can only see if it is traced by us.
|
|
*/
|
|
if ((p->exit_signal != SIGCHLD) ^ !!(wo->wo_flags & __WCLONE))
|
|
return 0;
|
|
|
|
return 1;
|
|
}
|
|
|
|
/*
|
|
* Handle sys_wait4 work for one task in state EXIT_ZOMBIE. We hold
|
|
* read_lock(&tasklist_lock) on entry. If we return zero, we still hold
|
|
* the lock and this task is uninteresting. If we return nonzero, we have
|
|
* released the lock and the system call should return.
|
|
*/
|
|
static int wait_task_zombie(struct wait_opts *wo, struct task_struct *p)
|
|
{
|
|
int state, status;
|
|
pid_t pid = task_pid_vnr(p);
|
|
uid_t uid = from_kuid_munged(current_user_ns(), task_uid(p));
|
|
struct waitid_info *infop;
|
|
|
|
if (!likely(wo->wo_flags & WEXITED))
|
|
return 0;
|
|
|
|
if (unlikely(wo->wo_flags & WNOWAIT)) {
|
|
status = (p->signal->flags & SIGNAL_GROUP_EXIT)
|
|
? p->signal->group_exit_code : p->exit_code;
|
|
get_task_struct(p);
|
|
read_unlock(&tasklist_lock);
|
|
sched_annotate_sleep();
|
|
if (wo->wo_rusage)
|
|
getrusage(p, RUSAGE_BOTH, wo->wo_rusage);
|
|
put_task_struct(p);
|
|
goto out_info;
|
|
}
|
|
/*
|
|
* Move the task's state to DEAD/TRACE, only one thread can do this.
|
|
*/
|
|
state = (ptrace_reparented(p) && thread_group_leader(p)) ?
|
|
EXIT_TRACE : EXIT_DEAD;
|
|
if (cmpxchg(&p->exit_state, EXIT_ZOMBIE, state) != EXIT_ZOMBIE)
|
|
return 0;
|
|
/*
|
|
* We own this thread, nobody else can reap it.
|
|
*/
|
|
read_unlock(&tasklist_lock);
|
|
sched_annotate_sleep();
|
|
|
|
/*
|
|
* Check thread_group_leader() to exclude the traced sub-threads.
|
|
*/
|
|
if (state == EXIT_DEAD && thread_group_leader(p)) {
|
|
struct signal_struct *sig = p->signal;
|
|
struct signal_struct *psig = current->signal;
|
|
unsigned long maxrss;
|
|
u64 tgutime, tgstime;
|
|
|
|
/*
|
|
* The resource counters for the group leader are in its
|
|
* own task_struct. Those for dead threads in the group
|
|
* are in its signal_struct, as are those for the child
|
|
* processes it has previously reaped. All these
|
|
* accumulate in the parent's signal_struct c* fields.
|
|
*
|
|
* We don't bother to take a lock here to protect these
|
|
* p->signal fields because the whole thread group is dead
|
|
* and nobody can change them.
|
|
*
|
|
* psig->stats_lock also protects us from our sub-threads
|
|
* which can reap other children at the same time. Until
|
|
* we change k_getrusage()-like users to rely on this lock
|
|
* we have to take ->siglock as well.
|
|
*
|
|
* We use thread_group_cputime_adjusted() to get times for
|
|
* the thread group, which consolidates times for all threads
|
|
* in the group including the group leader.
|
|
*/
|
|
thread_group_cputime_adjusted(p, &tgutime, &tgstime);
|
|
spin_lock_irq(¤t->sighand->siglock);
|
|
write_seqlock(&psig->stats_lock);
|
|
psig->cutime += tgutime + sig->cutime;
|
|
psig->cstime += tgstime + sig->cstime;
|
|
psig->cgtime += task_gtime(p) + sig->gtime + sig->cgtime;
|
|
psig->cmin_flt +=
|
|
p->min_flt + sig->min_flt + sig->cmin_flt;
|
|
psig->cmaj_flt +=
|
|
p->maj_flt + sig->maj_flt + sig->cmaj_flt;
|
|
psig->cnvcsw +=
|
|
p->nvcsw + sig->nvcsw + sig->cnvcsw;
|
|
psig->cnivcsw +=
|
|
p->nivcsw + sig->nivcsw + sig->cnivcsw;
|
|
psig->cinblock +=
|
|
task_io_get_inblock(p) +
|
|
sig->inblock + sig->cinblock;
|
|
psig->coublock +=
|
|
task_io_get_oublock(p) +
|
|
sig->oublock + sig->coublock;
|
|
maxrss = max(sig->maxrss, sig->cmaxrss);
|
|
if (psig->cmaxrss < maxrss)
|
|
psig->cmaxrss = maxrss;
|
|
task_io_accounting_add(&psig->ioac, &p->ioac);
|
|
task_io_accounting_add(&psig->ioac, &sig->ioac);
|
|
write_sequnlock(&psig->stats_lock);
|
|
spin_unlock_irq(¤t->sighand->siglock);
|
|
}
|
|
|
|
if (wo->wo_rusage)
|
|
getrusage(p, RUSAGE_BOTH, wo->wo_rusage);
|
|
status = (p->signal->flags & SIGNAL_GROUP_EXIT)
|
|
? p->signal->group_exit_code : p->exit_code;
|
|
wo->wo_stat = status;
|
|
|
|
if (state == EXIT_TRACE) {
|
|
write_lock_irq(&tasklist_lock);
|
|
/* We dropped tasklist, ptracer could die and untrace */
|
|
ptrace_unlink(p);
|
|
|
|
/* If parent wants a zombie, don't release it now */
|
|
state = EXIT_ZOMBIE;
|
|
if (do_notify_parent(p, p->exit_signal))
|
|
state = EXIT_DEAD;
|
|
p->exit_state = state;
|
|
write_unlock_irq(&tasklist_lock);
|
|
}
|
|
if (state == EXIT_DEAD)
|
|
release_task(p);
|
|
|
|
out_info:
|
|
infop = wo->wo_info;
|
|
if (infop) {
|
|
if ((status & 0x7f) == 0) {
|
|
infop->cause = CLD_EXITED;
|
|
infop->status = status >> 8;
|
|
} else {
|
|
infop->cause = (status & 0x80) ? CLD_DUMPED : CLD_KILLED;
|
|
infop->status = status & 0x7f;
|
|
}
|
|
infop->pid = pid;
|
|
infop->uid = uid;
|
|
}
|
|
|
|
return pid;
|
|
}
|
|
|
|
static int *task_stopped_code(struct task_struct *p, bool ptrace)
|
|
{
|
|
if (ptrace) {
|
|
if (task_is_traced(p) && !(p->jobctl & JOBCTL_LISTENING))
|
|
return &p->exit_code;
|
|
} else {
|
|
if (p->signal->flags & SIGNAL_STOP_STOPPED)
|
|
return &p->signal->group_exit_code;
|
|
}
|
|
return NULL;
|
|
}
|
|
|
|
/**
|
|
* wait_task_stopped - Wait for %TASK_STOPPED or %TASK_TRACED
|
|
* @wo: wait options
|
|
* @ptrace: is the wait for ptrace
|
|
* @p: task to wait for
|
|
*
|
|
* Handle sys_wait4() work for %p in state %TASK_STOPPED or %TASK_TRACED.
|
|
*
|
|
* CONTEXT:
|
|
* read_lock(&tasklist_lock), which is released if return value is
|
|
* non-zero. Also, grabs and releases @p->sighand->siglock.
|
|
*
|
|
* RETURNS:
|
|
* 0 if wait condition didn't exist and search for other wait conditions
|
|
* should continue. Non-zero return, -errno on failure and @p's pid on
|
|
* success, implies that tasklist_lock is released and wait condition
|
|
* search should terminate.
|
|
*/
|
|
static int wait_task_stopped(struct wait_opts *wo,
|
|
int ptrace, struct task_struct *p)
|
|
{
|
|
struct waitid_info *infop;
|
|
int exit_code, *p_code, why;
|
|
uid_t uid = 0; /* unneeded, required by compiler */
|
|
pid_t pid;
|
|
|
|
/*
|
|
* Traditionally we see ptrace'd stopped tasks regardless of options.
|
|
*/
|
|
if (!ptrace && !(wo->wo_flags & WUNTRACED))
|
|
return 0;
|
|
|
|
if (!task_stopped_code(p, ptrace))
|
|
return 0;
|
|
|
|
exit_code = 0;
|
|
spin_lock_irq(&p->sighand->siglock);
|
|
|
|
p_code = task_stopped_code(p, ptrace);
|
|
if (unlikely(!p_code))
|
|
goto unlock_sig;
|
|
|
|
exit_code = *p_code;
|
|
if (!exit_code)
|
|
goto unlock_sig;
|
|
|
|
if (!unlikely(wo->wo_flags & WNOWAIT))
|
|
*p_code = 0;
|
|
|
|
uid = from_kuid_munged(current_user_ns(), task_uid(p));
|
|
unlock_sig:
|
|
spin_unlock_irq(&p->sighand->siglock);
|
|
if (!exit_code)
|
|
return 0;
|
|
|
|
/*
|
|
* Now we are pretty sure this task is interesting.
|
|
* Make sure it doesn't get reaped out from under us while we
|
|
* give up the lock and then examine it below. We don't want to
|
|
* keep holding onto the tasklist_lock while we call getrusage and
|
|
* possibly take page faults for user memory.
|
|
*/
|
|
get_task_struct(p);
|
|
pid = task_pid_vnr(p);
|
|
why = ptrace ? CLD_TRAPPED : CLD_STOPPED;
|
|
read_unlock(&tasklist_lock);
|
|
sched_annotate_sleep();
|
|
if (wo->wo_rusage)
|
|
getrusage(p, RUSAGE_BOTH, wo->wo_rusage);
|
|
put_task_struct(p);
|
|
|
|
if (likely(!(wo->wo_flags & WNOWAIT)))
|
|
wo->wo_stat = (exit_code << 8) | 0x7f;
|
|
|
|
infop = wo->wo_info;
|
|
if (infop) {
|
|
infop->cause = why;
|
|
infop->status = exit_code;
|
|
infop->pid = pid;
|
|
infop->uid = uid;
|
|
}
|
|
return pid;
|
|
}
|
|
|
|
/*
|
|
* Handle do_wait work for one task in a live, non-stopped state.
|
|
* read_lock(&tasklist_lock) on entry. If we return zero, we still hold
|
|
* the lock and this task is uninteresting. If we return nonzero, we have
|
|
* released the lock and the system call should return.
|
|
*/
|
|
static int wait_task_continued(struct wait_opts *wo, struct task_struct *p)
|
|
{
|
|
struct waitid_info *infop;
|
|
pid_t pid;
|
|
uid_t uid;
|
|
|
|
if (!unlikely(wo->wo_flags & WCONTINUED))
|
|
return 0;
|
|
|
|
if (!(p->signal->flags & SIGNAL_STOP_CONTINUED))
|
|
return 0;
|
|
|
|
spin_lock_irq(&p->sighand->siglock);
|
|
/* Re-check with the lock held. */
|
|
if (!(p->signal->flags & SIGNAL_STOP_CONTINUED)) {
|
|
spin_unlock_irq(&p->sighand->siglock);
|
|
return 0;
|
|
}
|
|
if (!unlikely(wo->wo_flags & WNOWAIT))
|
|
p->signal->flags &= ~SIGNAL_STOP_CONTINUED;
|
|
uid = from_kuid_munged(current_user_ns(), task_uid(p));
|
|
spin_unlock_irq(&p->sighand->siglock);
|
|
|
|
pid = task_pid_vnr(p);
|
|
get_task_struct(p);
|
|
read_unlock(&tasklist_lock);
|
|
sched_annotate_sleep();
|
|
if (wo->wo_rusage)
|
|
getrusage(p, RUSAGE_BOTH, wo->wo_rusage);
|
|
put_task_struct(p);
|
|
|
|
infop = wo->wo_info;
|
|
if (!infop) {
|
|
wo->wo_stat = 0xffff;
|
|
} else {
|
|
infop->cause = CLD_CONTINUED;
|
|
infop->pid = pid;
|
|
infop->uid = uid;
|
|
infop->status = SIGCONT;
|
|
}
|
|
return pid;
|
|
}
|
|
|
|
/*
|
|
* Consider @p for a wait by @parent.
|
|
*
|
|
* -ECHILD should be in ->notask_error before the first call.
|
|
* Returns nonzero for a final return, when we have unlocked tasklist_lock.
|
|
* Returns zero if the search for a child should continue;
|
|
* then ->notask_error is 0 if @p is an eligible child,
|
|
* or still -ECHILD.
|
|
*/
|
|
static int wait_consider_task(struct wait_opts *wo, int ptrace,
|
|
struct task_struct *p)
|
|
{
|
|
/*
|
|
* We can race with wait_task_zombie() from another thread.
|
|
* Ensure that EXIT_ZOMBIE -> EXIT_DEAD/EXIT_TRACE transition
|
|
* can't confuse the checks below.
|
|
*/
|
|
int exit_state = READ_ONCE(p->exit_state);
|
|
int ret;
|
|
|
|
if (unlikely(exit_state == EXIT_DEAD))
|
|
return 0;
|
|
|
|
ret = eligible_child(wo, ptrace, p);
|
|
if (!ret)
|
|
return ret;
|
|
|
|
if (unlikely(exit_state == EXIT_TRACE)) {
|
|
/*
|
|
* ptrace == 0 means we are the natural parent. In this case
|
|
* we should clear notask_error, debugger will notify us.
|
|
*/
|
|
if (likely(!ptrace))
|
|
wo->notask_error = 0;
|
|
return 0;
|
|
}
|
|
|
|
if (likely(!ptrace) && unlikely(p->ptrace)) {
|
|
/*
|
|
* If it is traced by its real parent's group, just pretend
|
|
* the caller is ptrace_do_wait() and reap this child if it
|
|
* is zombie.
|
|
*
|
|
* This also hides group stop state from real parent; otherwise
|
|
* a single stop can be reported twice as group and ptrace stop.
|
|
* If a ptracer wants to distinguish these two events for its
|
|
* own children it should create a separate process which takes
|
|
* the role of real parent.
|
|
*/
|
|
if (!ptrace_reparented(p))
|
|
ptrace = 1;
|
|
}
|
|
|
|
/* slay zombie? */
|
|
if (exit_state == EXIT_ZOMBIE) {
|
|
/* we don't reap group leaders with subthreads */
|
|
if (!delay_group_leader(p)) {
|
|
/*
|
|
* A zombie ptracee is only visible to its ptracer.
|
|
* Notification and reaping will be cascaded to the
|
|
* real parent when the ptracer detaches.
|
|
*/
|
|
if (unlikely(ptrace) || likely(!p->ptrace))
|
|
return wait_task_zombie(wo, p);
|
|
}
|
|
|
|
/*
|
|
* Allow access to stopped/continued state via zombie by
|
|
* falling through. Clearing of notask_error is complex.
|
|
*
|
|
* When !@ptrace:
|
|
*
|
|
* If WEXITED is set, notask_error should naturally be
|
|
* cleared. If not, subset of WSTOPPED|WCONTINUED is set,
|
|
* so, if there are live subthreads, there are events to
|
|
* wait for. If all subthreads are dead, it's still safe
|
|
* to clear - this function will be called again in finite
|
|
* amount time once all the subthreads are released and
|
|
* will then return without clearing.
|
|
*
|
|
* When @ptrace:
|
|
*
|
|
* Stopped state is per-task and thus can't change once the
|
|
* target task dies. Only continued and exited can happen.
|
|
* Clear notask_error if WCONTINUED | WEXITED.
|
|
*/
|
|
if (likely(!ptrace) || (wo->wo_flags & (WCONTINUED | WEXITED)))
|
|
wo->notask_error = 0;
|
|
} else {
|
|
/*
|
|
* @p is alive and it's gonna stop, continue or exit, so
|
|
* there always is something to wait for.
|
|
*/
|
|
wo->notask_error = 0;
|
|
}
|
|
|
|
/*
|
|
* Wait for stopped. Depending on @ptrace, different stopped state
|
|
* is used and the two don't interact with each other.
|
|
*/
|
|
ret = wait_task_stopped(wo, ptrace, p);
|
|
if (ret)
|
|
return ret;
|
|
|
|
/*
|
|
* Wait for continued. There's only one continued state and the
|
|
* ptracer can consume it which can confuse the real parent. Don't
|
|
* use WCONTINUED from ptracer. You don't need or want it.
|
|
*/
|
|
return wait_task_continued(wo, p);
|
|
}
|
|
|
|
/*
|
|
* Do the work of do_wait() for one thread in the group, @tsk.
|
|
*
|
|
* -ECHILD should be in ->notask_error before the first call.
|
|
* Returns nonzero for a final return, when we have unlocked tasklist_lock.
|
|
* Returns zero if the search for a child should continue; then
|
|
* ->notask_error is 0 if there were any eligible children,
|
|
* or still -ECHILD.
|
|
*/
|
|
static int do_wait_thread(struct wait_opts *wo, struct task_struct *tsk)
|
|
{
|
|
struct task_struct *p;
|
|
|
|
list_for_each_entry(p, &tsk->children, sibling) {
|
|
int ret = wait_consider_task(wo, 0, p);
|
|
|
|
if (ret)
|
|
return ret;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int ptrace_do_wait(struct wait_opts *wo, struct task_struct *tsk)
|
|
{
|
|
struct task_struct *p;
|
|
|
|
list_for_each_entry(p, &tsk->ptraced, ptrace_entry) {
|
|
int ret = wait_consider_task(wo, 1, p);
|
|
|
|
if (ret)
|
|
return ret;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int child_wait_callback(wait_queue_entry_t *wait, unsigned mode,
|
|
int sync, void *key)
|
|
{
|
|
struct wait_opts *wo = container_of(wait, struct wait_opts,
|
|
child_wait);
|
|
struct task_struct *p = key;
|
|
|
|
if (!eligible_pid(wo, p))
|
|
return 0;
|
|
|
|
if ((wo->wo_flags & __WNOTHREAD) && wait->private != p->parent)
|
|
return 0;
|
|
|
|
return default_wake_function(wait, mode, sync, key);
|
|
}
|
|
|
|
void __wake_up_parent(struct task_struct *p, struct task_struct *parent)
|
|
{
|
|
__wake_up_sync_key(&parent->signal->wait_chldexit,
|
|
TASK_INTERRUPTIBLE, p);
|
|
}
|
|
|
|
static bool is_effectively_child(struct wait_opts *wo, bool ptrace,
|
|
struct task_struct *target)
|
|
{
|
|
struct task_struct *parent =
|
|
!ptrace ? target->real_parent : target->parent;
|
|
|
|
return current == parent || (!(wo->wo_flags & __WNOTHREAD) &&
|
|
same_thread_group(current, parent));
|
|
}
|
|
|
|
/*
|
|
* Optimization for waiting on PIDTYPE_PID. No need to iterate through child
|
|
* and tracee lists to find the target task.
|
|
*/
|
|
static int do_wait_pid(struct wait_opts *wo)
|
|
{
|
|
bool ptrace;
|
|
struct task_struct *target;
|
|
int retval;
|
|
|
|
ptrace = false;
|
|
target = pid_task(wo->wo_pid, PIDTYPE_TGID);
|
|
if (target && is_effectively_child(wo, ptrace, target)) {
|
|
retval = wait_consider_task(wo, ptrace, target);
|
|
if (retval)
|
|
return retval;
|
|
}
|
|
|
|
ptrace = true;
|
|
target = pid_task(wo->wo_pid, PIDTYPE_PID);
|
|
if (target && target->ptrace &&
|
|
is_effectively_child(wo, ptrace, target)) {
|
|
retval = wait_consider_task(wo, ptrace, target);
|
|
if (retval)
|
|
return retval;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static long do_wait(struct wait_opts *wo)
|
|
{
|
|
int retval;
|
|
|
|
trace_sched_process_wait(wo->wo_pid);
|
|
|
|
init_waitqueue_func_entry(&wo->child_wait, child_wait_callback);
|
|
wo->child_wait.private = current;
|
|
add_wait_queue(¤t->signal->wait_chldexit, &wo->child_wait);
|
|
repeat:
|
|
/*
|
|
* If there is nothing that can match our criteria, just get out.
|
|
* We will clear ->notask_error to zero if we see any child that
|
|
* might later match our criteria, even if we are not able to reap
|
|
* it yet.
|
|
*/
|
|
wo->notask_error = -ECHILD;
|
|
if ((wo->wo_type < PIDTYPE_MAX) &&
|
|
(!wo->wo_pid || !pid_has_task(wo->wo_pid, wo->wo_type)))
|
|
goto notask;
|
|
|
|
set_current_state(TASK_INTERRUPTIBLE);
|
|
read_lock(&tasklist_lock);
|
|
|
|
if (wo->wo_type == PIDTYPE_PID) {
|
|
retval = do_wait_pid(wo);
|
|
if (retval)
|
|
goto end;
|
|
} else {
|
|
struct task_struct *tsk = current;
|
|
|
|
do {
|
|
retval = do_wait_thread(wo, tsk);
|
|
if (retval)
|
|
goto end;
|
|
|
|
retval = ptrace_do_wait(wo, tsk);
|
|
if (retval)
|
|
goto end;
|
|
|
|
if (wo->wo_flags & __WNOTHREAD)
|
|
break;
|
|
} while_each_thread(current, tsk);
|
|
}
|
|
read_unlock(&tasklist_lock);
|
|
|
|
notask:
|
|
retval = wo->notask_error;
|
|
if (!retval && !(wo->wo_flags & WNOHANG)) {
|
|
retval = -ERESTARTSYS;
|
|
if (!signal_pending(current)) {
|
|
schedule();
|
|
goto repeat;
|
|
}
|
|
}
|
|
end:
|
|
__set_current_state(TASK_RUNNING);
|
|
remove_wait_queue(¤t->signal->wait_chldexit, &wo->child_wait);
|
|
return retval;
|
|
}
|
|
|
|
static long kernel_waitid(int which, pid_t upid, struct waitid_info *infop,
|
|
int options, struct rusage *ru)
|
|
{
|
|
struct wait_opts wo;
|
|
struct pid *pid = NULL;
|
|
enum pid_type type;
|
|
long ret;
|
|
unsigned int f_flags = 0;
|
|
|
|
if (options & ~(WNOHANG|WNOWAIT|WEXITED|WSTOPPED|WCONTINUED|
|
|
__WNOTHREAD|__WCLONE|__WALL))
|
|
return -EINVAL;
|
|
if (!(options & (WEXITED|WSTOPPED|WCONTINUED)))
|
|
return -EINVAL;
|
|
|
|
switch (which) {
|
|
case P_ALL:
|
|
type = PIDTYPE_MAX;
|
|
break;
|
|
case P_PID:
|
|
type = PIDTYPE_PID;
|
|
if (upid <= 0)
|
|
return -EINVAL;
|
|
|
|
pid = find_get_pid(upid);
|
|
break;
|
|
case P_PGID:
|
|
type = PIDTYPE_PGID;
|
|
if (upid < 0)
|
|
return -EINVAL;
|
|
|
|
if (upid)
|
|
pid = find_get_pid(upid);
|
|
else
|
|
pid = get_task_pid(current, PIDTYPE_PGID);
|
|
break;
|
|
case P_PIDFD:
|
|
type = PIDTYPE_PID;
|
|
if (upid < 0)
|
|
return -EINVAL;
|
|
|
|
pid = pidfd_get_pid(upid, &f_flags);
|
|
if (IS_ERR(pid))
|
|
return PTR_ERR(pid);
|
|
|
|
break;
|
|
default:
|
|
return -EINVAL;
|
|
}
|
|
|
|
wo.wo_type = type;
|
|
wo.wo_pid = pid;
|
|
wo.wo_flags = options;
|
|
wo.wo_info = infop;
|
|
wo.wo_rusage = ru;
|
|
if (f_flags & O_NONBLOCK)
|
|
wo.wo_flags |= WNOHANG;
|
|
|
|
ret = do_wait(&wo);
|
|
if (!ret && !(options & WNOHANG) && (f_flags & O_NONBLOCK))
|
|
ret = -EAGAIN;
|
|
|
|
put_pid(pid);
|
|
return ret;
|
|
}
|
|
|
|
SYSCALL_DEFINE5(waitid, int, which, pid_t, upid, struct siginfo __user *,
|
|
infop, int, options, struct rusage __user *, ru)
|
|
{
|
|
struct rusage r;
|
|
struct waitid_info info = {.status = 0};
|
|
long err = kernel_waitid(which, upid, &info, options, ru ? &r : NULL);
|
|
int signo = 0;
|
|
|
|
if (err > 0) {
|
|
signo = SIGCHLD;
|
|
err = 0;
|
|
if (ru && copy_to_user(ru, &r, sizeof(struct rusage)))
|
|
return -EFAULT;
|
|
}
|
|
if (!infop)
|
|
return err;
|
|
|
|
if (!user_write_access_begin(infop, sizeof(*infop)))
|
|
return -EFAULT;
|
|
|
|
unsafe_put_user(signo, &infop->si_signo, Efault);
|
|
unsafe_put_user(0, &infop->si_errno, Efault);
|
|
unsafe_put_user(info.cause, &infop->si_code, Efault);
|
|
unsafe_put_user(info.pid, &infop->si_pid, Efault);
|
|
unsafe_put_user(info.uid, &infop->si_uid, Efault);
|
|
unsafe_put_user(info.status, &infop->si_status, Efault);
|
|
user_write_access_end();
|
|
return err;
|
|
Efault:
|
|
user_write_access_end();
|
|
return -EFAULT;
|
|
}
|
|
|
|
long kernel_wait4(pid_t upid, int __user *stat_addr, int options,
|
|
struct rusage *ru)
|
|
{
|
|
struct wait_opts wo;
|
|
struct pid *pid = NULL;
|
|
enum pid_type type;
|
|
long ret;
|
|
|
|
if (options & ~(WNOHANG|WUNTRACED|WCONTINUED|
|
|
__WNOTHREAD|__WCLONE|__WALL))
|
|
return -EINVAL;
|
|
|
|
/* -INT_MIN is not defined */
|
|
if (upid == INT_MIN)
|
|
return -ESRCH;
|
|
|
|
if (upid == -1)
|
|
type = PIDTYPE_MAX;
|
|
else if (upid < 0) {
|
|
type = PIDTYPE_PGID;
|
|
pid = find_get_pid(-upid);
|
|
} else if (upid == 0) {
|
|
type = PIDTYPE_PGID;
|
|
pid = get_task_pid(current, PIDTYPE_PGID);
|
|
} else /* upid > 0 */ {
|
|
type = PIDTYPE_PID;
|
|
pid = find_get_pid(upid);
|
|
}
|
|
|
|
wo.wo_type = type;
|
|
wo.wo_pid = pid;
|
|
wo.wo_flags = options | WEXITED;
|
|
wo.wo_info = NULL;
|
|
wo.wo_stat = 0;
|
|
wo.wo_rusage = ru;
|
|
ret = do_wait(&wo);
|
|
put_pid(pid);
|
|
if (ret > 0 && stat_addr && put_user(wo.wo_stat, stat_addr))
|
|
ret = -EFAULT;
|
|
|
|
return ret;
|
|
}
|
|
|
|
int kernel_wait(pid_t pid, int *stat)
|
|
{
|
|
struct wait_opts wo = {
|
|
.wo_type = PIDTYPE_PID,
|
|
.wo_pid = find_get_pid(pid),
|
|
.wo_flags = WEXITED,
|
|
};
|
|
int ret;
|
|
|
|
ret = do_wait(&wo);
|
|
if (ret > 0 && wo.wo_stat)
|
|
*stat = wo.wo_stat;
|
|
put_pid(wo.wo_pid);
|
|
return ret;
|
|
}
|
|
|
|
SYSCALL_DEFINE4(wait4, pid_t, upid, int __user *, stat_addr,
|
|
int, options, struct rusage __user *, ru)
|
|
{
|
|
struct rusage r;
|
|
long err = kernel_wait4(upid, stat_addr, options, ru ? &r : NULL);
|
|
|
|
if (err > 0) {
|
|
if (ru && copy_to_user(ru, &r, sizeof(struct rusage)))
|
|
return -EFAULT;
|
|
}
|
|
return err;
|
|
}
|
|
|
|
#ifdef __ARCH_WANT_SYS_WAITPID
|
|
|
|
/*
|
|
* sys_waitpid() remains for compatibility. waitpid() should be
|
|
* implemented by calling sys_wait4() from libc.a.
|
|
*/
|
|
SYSCALL_DEFINE3(waitpid, pid_t, pid, int __user *, stat_addr, int, options)
|
|
{
|
|
return kernel_wait4(pid, stat_addr, options, NULL);
|
|
}
|
|
|
|
#endif
|
|
|
|
#ifdef CONFIG_COMPAT
|
|
COMPAT_SYSCALL_DEFINE4(wait4,
|
|
compat_pid_t, pid,
|
|
compat_uint_t __user *, stat_addr,
|
|
int, options,
|
|
struct compat_rusage __user *, ru)
|
|
{
|
|
struct rusage r;
|
|
long err = kernel_wait4(pid, stat_addr, options, ru ? &r : NULL);
|
|
if (err > 0) {
|
|
if (ru && put_compat_rusage(&r, ru))
|
|
return -EFAULT;
|
|
}
|
|
return err;
|
|
}
|
|
|
|
COMPAT_SYSCALL_DEFINE5(waitid,
|
|
int, which, compat_pid_t, pid,
|
|
struct compat_siginfo __user *, infop, int, options,
|
|
struct compat_rusage __user *, uru)
|
|
{
|
|
struct rusage ru;
|
|
struct waitid_info info = {.status = 0};
|
|
long err = kernel_waitid(which, pid, &info, options, uru ? &ru : NULL);
|
|
int signo = 0;
|
|
if (err > 0) {
|
|
signo = SIGCHLD;
|
|
err = 0;
|
|
if (uru) {
|
|
/* kernel_waitid() overwrites everything in ru */
|
|
if (COMPAT_USE_64BIT_TIME)
|
|
err = copy_to_user(uru, &ru, sizeof(ru));
|
|
else
|
|
err = put_compat_rusage(&ru, uru);
|
|
if (err)
|
|
return -EFAULT;
|
|
}
|
|
}
|
|
|
|
if (!infop)
|
|
return err;
|
|
|
|
if (!user_write_access_begin(infop, sizeof(*infop)))
|
|
return -EFAULT;
|
|
|
|
unsafe_put_user(signo, &infop->si_signo, Efault);
|
|
unsafe_put_user(0, &infop->si_errno, Efault);
|
|
unsafe_put_user(info.cause, &infop->si_code, Efault);
|
|
unsafe_put_user(info.pid, &infop->si_pid, Efault);
|
|
unsafe_put_user(info.uid, &infop->si_uid, Efault);
|
|
unsafe_put_user(info.status, &infop->si_status, Efault);
|
|
user_write_access_end();
|
|
return err;
|
|
Efault:
|
|
user_write_access_end();
|
|
return -EFAULT;
|
|
}
|
|
#endif
|
|
|
|
/**
|
|
* thread_group_exited - check that a thread group has exited
|
|
* @pid: tgid of thread group to be checked.
|
|
*
|
|
* Test if the thread group represented by tgid has exited (all
|
|
* threads are zombies, dead or completely gone).
|
|
*
|
|
* Return: true if the thread group has exited. false otherwise.
|
|
*/
|
|
bool thread_group_exited(struct pid *pid)
|
|
{
|
|
struct task_struct *task;
|
|
bool exited;
|
|
|
|
rcu_read_lock();
|
|
task = pid_task(pid, PIDTYPE_PID);
|
|
exited = !task ||
|
|
(READ_ONCE(task->exit_state) && thread_group_empty(task));
|
|
rcu_read_unlock();
|
|
|
|
return exited;
|
|
}
|
|
EXPORT_SYMBOL(thread_group_exited);
|
|
|
|
__weak void abort(void)
|
|
{
|
|
BUG();
|
|
|
|
/* if that doesn't kill us, halt */
|
|
panic("Oops failed to kill thread");
|
|
}
|
|
EXPORT_SYMBOL(abort);
|