diff options
author | graysky | 2023-06-04 05:07:26 -0400 |
---|---|---|
committer | graysky | 2023-06-04 05:07:43 -0400 |
commit | 10abe10ad26683325489f57a82e7f59fea4efde2 (patch) | |
tree | df95481976b8f943461b5f7da62d31005604d785 | |
parent | 4665378860e337cfcd1cc3961f64afc6ad71da41 (diff) | |
download | aur-10abe10ad26683325489f57a82e7f59fea4efde2.tar.gz |
Update to 6.3.6rc1-1
-rw-r--r-- | .SRCINFO | 32 | ||||
-rw-r--r-- | 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch | 38 | ||||
-rw-r--r-- | 0002-mm-vmscan-fix-extreme-overreclaim-and-swap-floods.patch | 137 | ||||
-rw-r--r-- | 0003-Bluetooth-fix-deadlock-for-RFCOMM-sk-state-change.patch | 231 | ||||
-rw-r--r-- | PKGBUILD | 145 |
5 files changed, 126 insertions, 457 deletions
@@ -1,45 +1,45 @@ pkgbase = linux-rc - pkgver = 6.0.2rc1 + pkgver = 6.3.6rc1 pkgrel = 1 url = https://www.kernel.org/ arch = x86_64 license = GPL2 makedepends = bc - makedepends = kmod - makedepends = libelf makedepends = cpio + makedepends = gettext + makedepends = git + makedepends = libelf + makedepends = pahole + makedepends = python makedepends = perl makedepends = tar makedepends = xz options = !strip - source = https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.0.2-rc1.xz - source = https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.0.2-rc1.sign - source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-6.0.1.tar.xz - source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-6.0.1.tar.sign + source = https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.3.6-rc1.xz + source = https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.3.6-rc1.sign + source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-6.3.5.tar.xz + source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-6.3.5.tar.sign source = config source = 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch - source = 0002-mm-vmscan-fix-extreme-overreclaim-and-swap-floods.patch - source = 0003-Bluetooth-fix-deadlock-for-RFCOMM-sk-state-change.patch validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886 validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E validpgpkeys = A2FF3A36AAA56654109064AB19802F8B0D70FC30 validpgpkeys = C7E7849466FE2358343588377258734B41C31549 - b2sums = cf011d218b1bd95c93fe42d6f265e7aadda8fd88098b28b057a1e24c6a197da38f18a7c83ab9def14897be563da2e4234c3e33b2d29bffc872b1999ff9b57794 + b2sums = a18e5f933756f496b3073361d0669814041593a22657206dd801bd97801a405f89e92cdd363cecd21b41dd353d3205f16a8e1197df5d1e3aa6421e50a463583a b2sums = SKIP - b2sums = c2eb16c09006df5fa4c57d24663f9f20443fc683b0890d1c70eaeb08a6da146a9421114719da1a6ed66624f07715fb6cf6d0403c472e3612944e233dd2b2f429 + b2sums = 646a94591eae93db9301a11e5300579c8cce7d2a544727cb88efed86d05ba070a247498d9c83d7b7cdbead4e7d46537134c877813aa7f188dd36b403c58d0c11 b2sums = SKIP b2sums = f6f53ed92891b063ae6874764ad370f5de2d115dcf7a5d5d35f4fa678947235abb023b156c6563c068a313654a856807298f1935d78238f698e38b9bcd4db6e6 - b2sums = 2692c46e15bf1527aa19a1db2b1c325a95a15fc2128cc49da2fa31d14f10615c736c928180ac403b76054b9e504057cedaf5252c0e1ca697162bdc7d394379cd - b2sums = 4128728302395142a282840d4408500cf8b0d45f4df70e0e4b845150222193217a11945d4c6a901813b9fed1425d2c280ef0cf5c3e9281512bdf934c93b5a0cc - b2sums = 63c2639fe24acaafb993dc06fc244d965da76730da08d23308b668c598a9d1da1be898a344fdb693acc7d8e883234437abd8d6bc89ca21eae637d8955ce5f25b + b2sums = 726829c8cf3753fa3f397f85ca828d99b8130c6d83790996ece927a46215fb843f10186aa5ae5b9904e46f0afa68b6ae3c10508370edafbbc2a0e43a35050271 pkgname = linux-rc pkgdesc = The release candidate kernel and modules depends = coreutils - depends = kmod depends = initramfs + depends = kmod optdepends = wireless-regdb: to set the correct wireless channels of your country optdepends = linux-firmware: firmware images needed for some devices + provides = KSMBD-MODULE provides = VIRTUALBOX-GUEST-MODULES provides = WIREGUARD-MODULE replaces = virtualbox-guest-modules-arch @@ -47,3 +47,5 @@ pkgname = linux-rc pkgname = linux-rc-headers pkgdesc = Headers and scripts for building modules for the linux-rc kernel + depends = pahole + depends = linux-rc diff --git a/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch b/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch index b32154cdd7bd..770cb3675719 100644 --- a/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch +++ b/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch @@ -1,7 +1,7 @@ -From 767b739b11e38223e147a890243923856b6bc9b9 Mon Sep 17 00:00:00 2001 +From 9164087958c4258f70dea478324cc9be4b670785 Mon Sep 17 00:00:00 2001 From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com> Date: Mon, 16 Sep 2019 04:53:20 +0200 -Subject: [PATCH 1/4] ZEN: Add sysctl and CONFIG to disallow unprivileged +Subject: [PATCH 1/2] ZEN: Add sysctl and CONFIG to disallow unprivileged CLONE_NEWUSER Our default behavior continues to match the vanilla kernel. @@ -14,10 +14,10 @@ Our default behavior continues to match the vanilla kernel. 5 files changed, 53 insertions(+) diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h -index 33a4240e6a6f..82213f9c4c17 100644 +index 45f09bec02c4..87b20e2ee274 100644 --- a/include/linux/user_namespace.h +++ b/include/linux/user_namespace.h -@@ -139,6 +139,8 @@ static inline void set_rlimit_ucount_max(struct user_namespace *ns, +@@ -148,6 +148,8 @@ static inline void set_userns_rlimit_max(struct user_namespace *ns, #ifdef CONFIG_USER_NS @@ -26,7 +26,7 @@ index 33a4240e6a6f..82213f9c4c17 100644 static inline struct user_namespace *get_user_ns(struct user_namespace *ns) { if (ns) -@@ -172,6 +174,8 @@ extern bool current_in_userns(const struct user_namespace *target_ns); +@@ -181,6 +183,8 @@ extern bool current_in_userns(const struct user_namespace *target_ns); struct ns_common *ns_get_owner(struct ns_common *ns); #else @@ -36,10 +36,10 @@ index 33a4240e6a6f..82213f9c4c17 100644 { return &init_user_ns; diff --git a/init/Kconfig b/init/Kconfig -index 532362fcfe31..f13bb9f371a2 100644 +index c88bb30a8b0b..32ba96d94028 100644 --- a/init/Kconfig +++ b/init/Kconfig -@@ -1241,6 +1241,22 @@ config USER_NS +@@ -1249,6 +1249,22 @@ config USER_NS If unsure, say N. @@ -63,12 +63,12 @@ index 532362fcfe31..f13bb9f371a2 100644 bool "PID Namespaces" default y diff --git a/kernel/fork.c b/kernel/fork.c -index 2b6bd511c6ed..704fe6bc9cb4 100644 +index ea332319dffe..349945168239 100644 --- a/kernel/fork.c +++ b/kernel/fork.c -@@ -99,6 +99,10 @@ +@@ -98,6 +98,10 @@ #include <linux/bpf.h> - #include <linux/sched/mm.h> + #include <linux/stackprotector.h> +#ifdef CONFIG_USER_NS +#include <linux/user_namespace.h> @@ -77,7 +77,7 @@ index 2b6bd511c6ed..704fe6bc9cb4 100644 #include <asm/pgalloc.h> #include <linux/uaccess.h> #include <asm/mmu_context.h> -@@ -2009,6 +2013,10 @@ static __latent_entropy struct task_struct *copy_process( +@@ -2032,6 +2036,10 @@ static __latent_entropy struct task_struct *copy_process( if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS)) return ERR_PTR(-EINVAL); @@ -88,7 +88,7 @@ index 2b6bd511c6ed..704fe6bc9cb4 100644 /* * Thread groups must share signals as well, and detached threads * can only be started up within the thread group. -@@ -3159,6 +3167,12 @@ int ksys_unshare(unsigned long unshare_flags) +@@ -3182,6 +3190,12 @@ int ksys_unshare(unsigned long unshare_flags) if (unshare_flags & CLONE_NEWNS) unshare_flags |= CLONE_FS; @@ -102,7 +102,7 @@ index 2b6bd511c6ed..704fe6bc9cb4 100644 if (err) goto bad_unshare_out; diff --git a/kernel/sysctl.c b/kernel/sysctl.c -index 205d605cacc5..d7247ec7ddda 100644 +index 1c240d2c99bc..2971581a27e2 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -81,6 +81,9 @@ @@ -113,9 +113,9 @@ index 205d605cacc5..d7247ec7ddda 100644 +#include <linux/user_namespace.h> +#endif - #if defined(CONFIG_SYSCTL) - -@@ -1649,6 +1652,15 @@ static struct ctl_table kern_table[] = { + /* shared constants to be used in various sysctls */ + const int sysctl_vals[] = { 0, 1, 2, 3, 4, 100, 200, 1000, 3000, INT_MAX, 65535, -1 }; +@@ -1645,6 +1648,15 @@ static struct ctl_table kern_table[] = { .mode = 0644, .proc_handler = proc_dointvec, }, @@ -132,10 +132,10 @@ index 205d605cacc5..d7247ec7ddda 100644 { .procname = "tainted", diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c -index 5481ba44a8d6..423ab2563ad7 100644 +index 1d8e47bed3f1..fec01d016a35 100644 --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c -@@ -21,6 +21,13 @@ +@@ -22,6 +22,13 @@ #include <linux/bsearch.h> #include <linux/sort.h> @@ -150,5 +150,5 @@ index 5481ba44a8d6..423ab2563ad7 100644 static DEFINE_MUTEX(userns_state_mutex); -- -2.38.0 +2.40.1 diff --git a/0002-mm-vmscan-fix-extreme-overreclaim-and-swap-floods.patch b/0002-mm-vmscan-fix-extreme-overreclaim-and-swap-floods.patch deleted file mode 100644 index 209ad61d2ed2..000000000000 --- a/0002-mm-vmscan-fix-extreme-overreclaim-and-swap-floods.patch +++ /dev/null @@ -1,137 +0,0 @@ -From 53d3043700195a20fe3d308707e43b90b6bff0b1 Mon Sep 17 00:00:00 2001 -From: Johannes Weiner <hannes@cmpxchg.org> -Date: Tue, 2 Aug 2022 12:28:11 -0400 -Subject: [PATCH 2/4] mm: vmscan: fix extreme overreclaim and swap floods - -During proactive reclaim, we sometimes observe severe overreclaim, with -several thousand times more pages reclaimed than requested. - -This trace was obtained from shrink_lruvec() during such an instance: - - prio:0 anon_cost:1141521 file_cost:7767 - nr_reclaimed:4387406 nr_to_reclaim:1047 (or_factor:4190) - nr=[7161123 345 578 1111] - -While he reclaimer requested 4M, vmscan reclaimed close to 16G, most of it -by swapping. These requests take over a minute, during which the write() -to memory.reclaim is unkillably stuck inside the kernel. - -Digging into the source, this is caused by the proportional reclaim -bailout logic. This code tries to resolve a fundamental conflict: to -reclaim roughly what was requested, while also aging all LRUs fairly and -in accordance to their size, swappiness, refault rates etc. The way it -attempts fairness is that once the reclaim goal has been reached, it stops -scanning the LRUs with the smaller remaining scan targets, and adjusts the -remainder of the bigger LRUs according to how much of the smaller LRUs was -scanned. It then finishes scanning that remainder regardless of the -reclaim goal. - -This works fine if priority levels are low and the LRU lists are -comparable in size. However, in this instance, the cgroup that is -targeted by proactive reclaim has almost no files left - they've already -been squeezed out by proactive reclaim earlier - and the remaining anon -pages are hot. Anon rotations cause the priority level to drop to 0, -which results in reclaim targeting all of anon (a lot) and all of file -(almost nothing). By the time reclaim decides to bail, it has scanned -most or all of the file target, and therefor must also scan most or all of -the enormous anon target. This target is thousands of times larger than -the reclaim goal, thus causing the overreclaim. - -The bailout code hasn't changed in years, why is this failing now? The -most likely explanations are two other recent changes in anon reclaim: - -1. Before the series starting with commit 5df741963d52 ("mm: fix LRU - balancing effect of new transparent huge pages"), the VM was - overall relatively reluctant to swap at all, even if swap was - configured. This means the LRU balancing code didn't come into play - as often as it does now, and mostly in high pressure situations - where pronounced swap activity wouldn't be as surprising. - -2. For historic reasons, shrink_lruvec() loops on the scan targets of - all LRU lists except the active anon one, meaning it would bail if - the only remaining pages to scan were active anon - even if there - were a lot of them. - - Before the series starting with commit ccc5dc67340c ("mm/vmscan: - make active/inactive ratio as 1:1 for anon lru"), most anon pages - would live on the active LRU; the inactive one would contain only a - handful of preselected reclaim candidates. After the series, anon - gets aged similarly to file, and the inactive list is the default - for new anon pages as well, making it often the much bigger list. - - As a result, the VM is now more likely to actually finish large - anon targets than before. - -Change the code such that only one SWAP_CLUSTER_MAX-sized nudge toward the -larger LRU lists is made before bailing out on a met reclaim goal. - -This fixes the extreme overreclaim problem. - -Fairness is more subtle and harder to evaluate. No obvious misbehavior -was observed on the test workload, in any case. Conceptually, fairness -should primarily be a cumulative effect from regular, lower priority -scans. Once the VM is in trouble and needs to escalate scan targets to -make forward progress, fairness needs to take a backseat. This is also -acknowledged by the myriad exceptions in get_scan_count(). This patch -makes fairness decrease gradually, as it keeps fairness work static over -increasing priority levels with growing scan targets. This should make -more sense - although we may have to re-visit the exact values. - -Link: https://lkml.kernel.org/r/20220802162811.39216-1-hannes@cmpxchg.org -Signed-off-by: Johannes Weiner <hannes@cmpxchg.org> -Reviewed-by: Rik van Riel <riel@surriel.com> -Acked-by: Mel Gorman <mgorman@techsingularity.net> -Cc: Hugh Dickins <hughd@google.com> -Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com> -Cc: <stable@vger.kernel.org> -Signed-off-by: Andrew Morton <akpm@linux-foundation.org> ---- - mm/vmscan.c | 10 ++++------ - 1 file changed, 4 insertions(+), 6 deletions(-) - -diff --git a/mm/vmscan.c b/mm/vmscan.c -index 382dbe97329f..266eb8cfe93a 100644 ---- a/mm/vmscan.c -+++ b/mm/vmscan.c -@@ -2955,8 +2955,8 @@ static void shrink_lruvec(struct lruvec *lruvec, struct scan_control *sc) - enum lru_list lru; - unsigned long nr_reclaimed = 0; - unsigned long nr_to_reclaim = sc->nr_to_reclaim; -+ bool proportional_reclaim; - struct blk_plug plug; -- bool scan_adjusted; - - get_scan_count(lruvec, sc, nr); - -@@ -2974,8 +2974,8 @@ static void shrink_lruvec(struct lruvec *lruvec, struct scan_control *sc) - * abort proportional reclaim if either the file or anon lru has already - * dropped to zero at the first pass. - */ -- scan_adjusted = (!cgroup_reclaim(sc) && !current_is_kswapd() && -- sc->priority == DEF_PRIORITY); -+ proportional_reclaim = (!cgroup_reclaim(sc) && !current_is_kswapd() && -+ sc->priority == DEF_PRIORITY); - - blk_start_plug(&plug); - while (nr[LRU_INACTIVE_ANON] || nr[LRU_ACTIVE_FILE] || -@@ -2995,7 +2995,7 @@ static void shrink_lruvec(struct lruvec *lruvec, struct scan_control *sc) - - cond_resched(); - -- if (nr_reclaimed < nr_to_reclaim || scan_adjusted) -+ if (nr_reclaimed < nr_to_reclaim || proportional_reclaim) - continue; - - /* -@@ -3046,8 +3046,6 @@ static void shrink_lruvec(struct lruvec *lruvec, struct scan_control *sc) - nr_scanned = targets[lru] - nr[lru]; - nr[lru] = targets[lru] * (100 - percentage) / 100; - nr[lru] -= min(nr[lru], nr_scanned); -- -- scan_adjusted = true; - } - blk_finish_plug(&plug); - sc->nr_reclaimed += nr_reclaimed; --- -2.38.0 - diff --git a/0003-Bluetooth-fix-deadlock-for-RFCOMM-sk-state-change.patch b/0003-Bluetooth-fix-deadlock-for-RFCOMM-sk-state-change.patch deleted file mode 100644 index e0850e65a544..000000000000 --- a/0003-Bluetooth-fix-deadlock-for-RFCOMM-sk-state-change.patch +++ /dev/null @@ -1,231 +0,0 @@ -From f5f2d7131ea930f307fbbf101c93e2493821f687 Mon Sep 17 00:00:00 2001 -From: Desmond Cheong Zhi Xi <desmondcheongzx@gmail.com> -Date: Mon, 4 Oct 2021 14:07:34 -0400 -Subject: [PATCH 3/4] Bluetooth: fix deadlock for RFCOMM sk state change - -Syzbot reports the following task hang [1]: - -INFO: task syz-executor255:8499 blocked for more than 143 seconds. - Not tainted 5.14.0-rc7-syzkaller #0 - -Call Trace: - context_switch kernel/sched/core.c:4681 [inline] - __schedule+0x93a/0x26f0 kernel/sched/core.c:5938 - schedule+0xd3/0x270 kernel/sched/core.c:6017 - __lock_sock+0x13d/0x260 net/core/sock.c:2644 - lock_sock_nested+0xf6/0x120 net/core/sock.c:3185 - lock_sock include/net/sock.h:1612 [inline] - rfcomm_sk_state_change+0xb4/0x390 net/bluetooth/rfcomm/sock.c:73 - __rfcomm_dlc_close+0x1b6/0x8a0 net/bluetooth/rfcomm/core.c:489 - rfcomm_dlc_close+0x1ea/0x240 net/bluetooth/rfcomm/core.c:520 - __rfcomm_sock_close+0xac/0x260 net/bluetooth/rfcomm/sock.c:220 - rfcomm_sock_shutdown+0xe9/0x210 net/bluetooth/rfcomm/sock.c:931 - rfcomm_sock_release+0x5f/0x140 net/bluetooth/rfcomm/sock.c:951 - __sock_release+0xcd/0x280 net/socket.c:649 - sock_close+0x18/0x20 net/socket.c:1314 - __fput+0x288/0x920 fs/file_table.c:280 - task_work_run+0xdd/0x1a0 kernel/task_work.c:164 - exit_task_work include/linux/task_work.h:32 [inline] - do_exit+0xbd4/0x2a60 kernel/exit.c:825 - do_group_exit+0x125/0x310 kernel/exit.c:922 - get_signal+0x47f/0x2160 kernel/signal.c:2808 - arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:865 - handle_signal_work kernel/entry/common.c:148 [inline] - exit_to_user_mode_loop kernel/entry/common.c:172 [inline] - exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:209 - __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline] - syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:302 - do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 - entry_SYSCALL_64_after_hwframe+0x44/0xae - -Showing all locks held in the system: -1 lock held by khungtaskd/1653: - #0: ffffffff8b97c280 (rcu_read_lock){....}-{1:2}, at: - debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6446 -1 lock held by krfcommd/4781: - #0: ffffffff8d306528 (rfcomm_mutex){+.+.}-{3:3}, at: - rfcomm_process_sessions net/bluetooth/rfcomm/core.c:1979 [inline] - #0: ffffffff8d306528 (rfcomm_mutex){+.+.}-{3:3}, at: - rfcomm_run+0x2ed/0x4a20 net/bluetooth/rfcomm/core.c:2086 -2 locks held by in:imklog/8206: - #0: ffff8880182ce5f0 (&f->f_pos_lock){+.+.}-{3:3}, at: - __fdget_pos+0xe9/0x100 fs/file.c:974 - #1: ffff8880b9c51a58 (&rq->__lock){-.-.}-{2:2}, at: - raw_spin_rq_lock_nested kernel/sched/core.c:460 [inline] - #1: ffff8880b9c51a58 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock - kernel/sched/sched.h:1307 [inline] - #1: ffff8880b9c51a58 (&rq->__lock){-.-.}-{2:2}, at: rq_lock - kernel/sched/sched.h:1610 [inline] - #1: ffff8880b9c51a58 (&rq->__lock){-.-.}-{2:2}, at: - __schedule+0x233/0x26f0 kernel/sched/core.c:5852 -4 locks held by syz-executor255/8499: - #0: ffff888039a83690 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: - inode_lock include/linux/fs.h:774 [inline] - #0: ffff888039a83690 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: - __sock_release+0x86/0x280 net/socket.c:648 - #1: - ffff88802fa31120 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, - at: lock_sock include/net/sock.h:1612 [inline] - #1: - ffff88802fa31120 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, - at: rfcomm_sock_shutdown+0x54/0x210 net/bluetooth/rfcomm/sock.c:928 - #2: ffffffff8d306528 (rfcomm_mutex){+.+.}-{3:3}, at: - rfcomm_dlc_close+0x34/0x240 net/bluetooth/rfcomm/core.c:507 - #3: ffff888141bd6d28 (&d->lock){+.+.}-{3:3}, at: - __rfcomm_dlc_close+0x162/0x8a0 net/bluetooth/rfcomm/core.c:487 -================================================================== - -The task hangs because of a deadlock that occurs when lock_sock() is -called in rfcomm_sk_state_change(). One such call stack is: - - rfcomm_sock_shutdown(): - lock_sock(); - __rfcomm_sock_close(): - rfcomm_dlc_close(): - __rfcomm_dlc_close(): - rfcomm_dlc_lock(); - rfcomm_sk_state_change(): - lock_sock(); - -lock_sock() has to be called when the sk state is changed because the -lock is not always held when rfcomm_sk_state_change() is -called. However, besides the recursive deadlock, there is also an -issue of a lock hierarchy inversion between rfcomm_dlc_lock() and -lock_sock() if the socket is locked in rfcomm_sk_state_change(). - -To avoid these issues, we can instead schedule the sk state change in -the global workqueue. This is already the implicit assumption about -how sk state changes happen. For example, in rfcomm_sock_shutdown(), -the call to __rfcomm_sock_close() is followed by -bt_sock_wait_state(). - -Additionally, the call to rfcomm_sock_kill() inside -rfcomm_sk_state_change() should be removed. The socket shouldn't be -killed here because only rfcomm_sock_release() calls sock_orphan(), -which it already follows up with a call to rfcomm_sock_kill(). - -Fixes: b7ce436a5d79 ("Bluetooth: switch to lock_sock in RFCOMM") -Link: https://syzkaller.appspot.com/bug?extid=7d51f807c81b190a127d [1] -Reported-by: syzbot+7d51f807c81b190a127d@syzkaller.appspotmail.com -Tested-by: syzbot+7d51f807c81b190a127d@syzkaller.appspotmail.com -Signed-off-by: Desmond Cheong Zhi Xi <desmondcheongzx@gmail.com> -Cc: Hillf Danton <hdanton@sina.com> ---- - include/net/bluetooth/rfcomm.h | 3 +++ - net/bluetooth/rfcomm/core.c | 2 ++ - net/bluetooth/rfcomm/sock.c | 34 ++++++++++++++++++++++------------ - 3 files changed, 27 insertions(+), 12 deletions(-) - -diff --git a/include/net/bluetooth/rfcomm.h b/include/net/bluetooth/rfcomm.h -index 99d26879b02a..a92799fc5e74 100644 ---- a/include/net/bluetooth/rfcomm.h -+++ b/include/net/bluetooth/rfcomm.h -@@ -171,6 +171,7 @@ struct rfcomm_dlc { - struct rfcomm_session *session; - struct sk_buff_head tx_queue; - struct timer_list timer; -+ struct work_struct state_change_work; - - struct mutex lock; - unsigned long state; -@@ -186,6 +187,7 @@ struct rfcomm_dlc { - u8 sec_level; - u8 role_switch; - u32 defer_setup; -+ int err; - - uint mtu; - uint cfc; -@@ -310,6 +312,7 @@ struct rfcomm_pinfo { - u8 role_switch; - }; - -+void __rfcomm_sk_state_change(struct work_struct *work); - int rfcomm_init_sockets(void); - void rfcomm_cleanup_sockets(void); - -diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c -index 7324764384b6..c6494e85cd68 100644 ---- a/net/bluetooth/rfcomm/core.c -+++ b/net/bluetooth/rfcomm/core.c -@@ -289,6 +289,7 @@ static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d) - d->flags = 0; - d->mscex = 0; - d->sec_level = BT_SECURITY_LOW; -+ d->err = 0; - d->mtu = RFCOMM_DEFAULT_MTU; - d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV; - -@@ -306,6 +307,7 @@ struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio) - timer_setup(&d->timer, rfcomm_dlc_timeout, 0); - - skb_queue_head_init(&d->tx_queue); -+ INIT_WORK(&d->state_change_work, __rfcomm_sk_state_change); - mutex_init(&d->lock); - refcount_set(&d->refcnt, 1); - -diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c -index 4bf4ea6cbb5e..4850dafbaa05 100644 ---- a/net/bluetooth/rfcomm/sock.c -+++ b/net/bluetooth/rfcomm/sock.c -@@ -61,19 +61,22 @@ static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb) - rfcomm_dlc_throttle(d); - } - --static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err) -+void __rfcomm_sk_state_change(struct work_struct *work) - { -+ struct rfcomm_dlc *d = container_of(work, struct rfcomm_dlc, -+ state_change_work); - struct sock *sk = d->owner, *parent; - - if (!sk) - return; - -- BT_DBG("dlc %p state %ld err %d", d, d->state, err); -- - lock_sock(sk); -+ rfcomm_dlc_lock(d); - -- if (err) -- sk->sk_err = err; -+ BT_DBG("dlc %p state %ld err %d", d, d->state, d->err); -+ -+ if (d->err) -+ sk->sk_err = d->err; - - sk->sk_state = d->state; - -@@ -91,15 +94,22 @@ static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err) - sk->sk_state_change(sk); - } - -+ rfcomm_dlc_unlock(d); - release_sock(sk); -+ sock_put(sk); -+} - -- if (parent && sock_flag(sk, SOCK_ZAPPED)) { -- /* We have to drop DLC lock here, otherwise -- * rfcomm_sock_destruct() will dead lock. */ -- rfcomm_dlc_unlock(d); -- rfcomm_sock_kill(sk); -- rfcomm_dlc_lock(d); -- } -+static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err) -+{ -+ struct sock *sk = d->owner; -+ -+ if (!sk) -+ return; -+ -+ d->err = err; -+ sock_hold(sk); -+ if (!schedule_work(&d->state_change_work)) -+ sock_put(sk); - } - - /* ---- Socket functions ---- */ --- -2.38.0 - @@ -1,13 +1,28 @@ # Maintainer: graysky <therealgraysky AT protonmail DOT com> # Contributor: Jan Alexander Steffens (heftig) <jan.steffens@gmail.com> +### BUILD OPTIONS +# Any/all of the next three variables may be set to ANYTHING +# that is not null to enable their respective build options + +# Tweak kernel options prior to a build via nconfig +_makenconfig= + +# Only compile select modules to reduce the number of modules built +# +# To keep track of which modules are needed for your specific system/hardware, +# give module_db a try: https://aur.archlinux.org/packages/modprobed-db +# This PKGBUILD reads the database kept if it exists +# More at this wiki page ---> https://wiki.archlinux.org/index.php/Modprobed-db +_localmodcfg= + pkgbase=linux-rc pkgrel=1 -_srcname=linux-6.0 -_major=6.0 +_srcname=linux-6.3 +_major=6.3 ### on initial release this is null otherwise it is the current stable subversion ### ie 1,2,3 corresponding $_major.1, $_major.3 etc -_minor=1 +_minor=5 _minorc=$((_minor+1)) ### on initial release this is just $_major [[ -z $_minor ]] && _fullver=$_major || _fullver=$_major.$_minor @@ -16,10 +31,19 @@ _rcver=1 _rcpatch=patch-${_major}.${_minorc}-rc${_rcver} pkgver=${_major}.${_minorc}rc${_rcver} arch=(x86_64) -license=(GPL2) url="https://www.kernel.org/" +license=(GPL2) makedepends=( - bc kmod libelf cpio perl tar xz + bc + cpio + gettext + git + libelf + pahole + python + perl + tar + xz ) options=('!strip') _modprobeddb= @@ -30,8 +54,6 @@ source=( https://www.kernel.org/pub/linux/kernel/v5.x/linux-$_fullver.tar.{xz,sign} config # the main kernel config file 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch - 0002-mm-vmscan-fix-extreme-overreclaim-and-swap-floods.patch - 0003-Bluetooth-fix-deadlock-for-RFCOMM-sk-state-change.patch ) validpgpkeys=( 'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds @@ -39,19 +61,17 @@ validpgpkeys=( 'A2FF3A36AAA56654109064AB19802F8B0D70FC30' # Jan Alexander Steffens (heftig) 'C7E7849466FE2358343588377258734B41C31549' # David Runge <dvzrv@archlinux.org> ) -b2sums=('cf011d218b1bd95c93fe42d6f265e7aadda8fd88098b28b057a1e24c6a197da38f18a7c83ab9def14897be563da2e4234c3e33b2d29bffc872b1999ff9b57794' +b2sums=('a18e5f933756f496b3073361d0669814041593a22657206dd801bd97801a405f89e92cdd363cecd21b41dd353d3205f16a8e1197df5d1e3aa6421e50a463583a' 'SKIP' - 'c2eb16c09006df5fa4c57d24663f9f20443fc683b0890d1c70eaeb08a6da146a9421114719da1a6ed66624f07715fb6cf6d0403c472e3612944e233dd2b2f429' + '646a94591eae93db9301a11e5300579c8cce7d2a544727cb88efed86d05ba070a247498d9c83d7b7cdbead4e7d46537134c877813aa7f188dd36b403c58d0c11' 'SKIP' 'f6f53ed92891b063ae6874764ad370f5de2d115dcf7a5d5d35f4fa678947235abb023b156c6563c068a313654a856807298f1935d78238f698e38b9bcd4db6e6' - '2692c46e15bf1527aa19a1db2b1c325a95a15fc2128cc49da2fa31d14f10615c736c928180ac403b76054b9e504057cedaf5252c0e1ca697162bdc7d394379cd' - '4128728302395142a282840d4408500cf8b0d45f4df70e0e4b845150222193217a11945d4c6a901813b9fed1425d2c280ef0cf5c3e9281512bdf934c93b5a0cc' - '63c2639fe24acaafb993dc06fc244d965da76730da08d23308b668c598a9d1da1be898a344fdb693acc7d8e883234437abd8d6bc89ca21eae637d8955ce5f25b') + '726829c8cf3753fa3f397f85ca828d99b8130c6d83790996ece927a46215fb843f10186aa5ae5b9904e46f0afa68b6ae3c10508370edafbbc2a0e43a35050271') - -export KBUILD_BUILD_HOST=archlinux -export KBUILD_BUILD_USER=$pkgbase -export KBUILD_BUILD_TIMESTAMP="$(date -Ru${SOURCE_DATE_EPOCH:+d @$SOURCE_DATE_EPOCH})" +_make() { + test -s version + make KERNELRELEASE="$(<version)" "$@" +} prepare() { # hacky work around for rc1 not getting extracted @@ -62,13 +82,16 @@ prepare() { cd linux-${_fullver} msg2 "Setting version..." - scripts/setlocalversion --save-scmversion echo "-$pkgrel" > localversion.10-pkgrel echo "${pkgbase#linux}" > localversion.20-pkgname msg2 "Applying $_rcpatch..." patch -Np1 <"../$_rcpatch" + make defconfig + make -s kernelrelease > version + make mrproper + local src for src in "${source[@]}"; do src="${src%%::*}" @@ -78,39 +101,40 @@ prepare() { patch -Np1 < "../$src" done - msg2 "Setting config..." + echo "Setting config..." cp ../config .config - # disable CONFIG_DEBUG_INFO at build time otherwise memory usage blows up and - # can easily overwhelm a system with 32 GB of memory using a tmpfs build. - # introduced by FS#66260, see: - # https://git.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/linux&id=663b08666b269eeeeaafbafaee07fd03389ac8d7 - scripts/config --disable CONFIG_DEBUG_INFO - scripts/config --disable CONFIG_CGROUP_BPF - scripts/config --disable CONFIG_BPF_LSM - scripts/config --disable CONFIG_BPF_PRELOAD - scripts/config --disable CONFIG_BPF_LIRC_MODE2 - scripts/config --disable CONFIG_BPF_KPROBE_OVERRIDE - - if [[ -n "$_modprobeddb" ]]; then - #msg "Running Steven Rostedt's make localmodconfig now" - #sudo /usr/bin/modprobed-db recall - #make localmodconfig - msg "Running Steven Rostedt's make localmodconfig now" - if [[ -f $HOME/.config/modprobed.db ]]; then - _useit="$HOME/.config/modprobed.db" - else - _useit="../modprobed.db" - fi - make LSMOD="$_useit" localmodconfig - fi + # non-interactively apply ck1 default options + # this isn't redundant if we want a clean selection of subarch below make olddefconfig diff -u ../config .config || : # make nconfig make -s kernelrelease > version msg2 "Prepared $pkgbase version $(<version)" + + ### Optionally load needed modules for the make localmodconfig + # See https://aur.archlinux.org/packages/modprobed-db + if [ -n "$_localmodcfg" ]; then + if [ -f $HOME/.config/modprobed.db ]; then + echo "Running Steven Rostedt's make localmodconfig now" + make LSMOD="$HOME/.config/modprobed.db" localmodconfig + else + echo "No modprobed.db data found" + exit + fi + fi + + echo "Prepared $pkgbase version $(<version)" + + [[ -z "$_makenconfig" ]] || make nconfig + + # save configuration for later reuse + cat .config > "${startdir}/config.last" + + # uncomment if you want to build with distcc + ### sed -i '/HAVE_GCC_PLUGINS/d' arch/x86/Kconfig } build() { @@ -120,15 +144,27 @@ build() { _package() { pkgdesc="The release candidate kernel and modules" - depends=(coreutils kmod initramfs) - optdepends=('wireless-regdb: to set the correct wireless channels of your country' - 'linux-firmware: firmware images needed for some devices') - provides=(VIRTUALBOX-GUEST-MODULES WIREGUARD-MODULE) - replaces=(virtualbox-guest-modules-arch wireguard-arch) + depends=( + coreutils + initramfs + kmod + ) + optdepends=( + 'wireless-regdb: to set the correct wireless channels of your country' + 'linux-firmware: firmware images needed for some devices' + ) + provides=( + KSMBD-MODULE + VIRTUALBOX-GUEST-MODULES + WIREGUARD-MODULE + ) + replaces=( + virtualbox-guest-modules-arch + wireguard-arch + ) cd linux-${_fullver} - local kernver="$(<version)" - local modulesdir="$pkgdir/usr/lib/modules/$kernver" + local modulesdir="$pkgdir/usr/lib/modules/$(<version)" echo "Installing boot image..." # systemd expects to find the kernel here to allow hibernation @@ -139,7 +175,7 @@ _package() { echo "$pkgbase" | install -Dm644 /dev/stdin "$modulesdir/pkgbase" echo "Installing modules..." - make INSTALL_MOD_PATH="$pkgdir/usr" INSTALL_MOD_STRIP=1 \ + _make INSTALL_MOD_PATH="$pkgdir/usr" INSTALL_MOD_STRIP=1 \ DEPMOD=/doesnt/exist modules_install # Suppress depmod # remove build and source links @@ -148,6 +184,7 @@ _package() { _package-headers() { pkgdesc="Headers and scripts for building modules for the linux-rc kernel" + depends=(pahole "$pkgbase") # added to keep kernel and headers packages matched cd linux-${_fullver} local builddir="$pkgdir/usr/lib/modules/$(<version)/build" @@ -163,7 +200,7 @@ _package-headers() { install -Dt "$builddir/tools/objtool" tools/objtool/objtool # required when DEBUG_INFO_BTF_MODULES is enabled - # install -Dt "$builddir/tools/bpf/resolve_btfids" tools/bpf/resolve_btfids/resolve_btfids + install -Dt "$builddir/tools/bpf/resolve_btfids" tools/bpf/resolve_btfids/resolve_btfids echo "Installing headers..." cp -t "$builddir" -a include @@ -207,7 +244,7 @@ _package-headers() { echo "Stripping build tools..." local file while read -rd '' file; do - case "$(file -bi "$file")" in + case "$(file -Sib "$file")" in application/x-sharedlib\;*) # Libraries (.so) strip -v $STRIP_SHARED "$file" ;; application/x-archive\;*) # Libraries (.a) @@ -219,14 +256,12 @@ _package-headers() { esac done < <(find "$builddir" -type f -perm -u+x ! -name vmlinux -print0) - #echo "Stripping vmlinux..." - #strip -v $STRIP_STATIC "$builddir/vmlinux" - # not needed since not building with CONFIG_DEBUG_INFO=y + echo "Stripping vmlinux..." + strip -v $STRIP_STATIC "$builddir/vmlinux" echo "Adding symlink..." mkdir -p "$pkgdir/usr/src" ln -sr "$builddir" "$pkgdir/usr/src/$pkgbase" - } pkgname=("$pkgbase" "$pkgbase-headers") |