From 9ad19171b6d6fa5dcdd8a1d5d1b82dbdeaf65ab0 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Tue, 1 Apr 2025 15:15:54 -0700 Subject: lib/crc: remove unnecessary prompt for CONFIG_CRC32 and drop 'default y' All modules that need CONFIG_CRC32 already select it, so there is no need to bother users about the option, nor to default it to y. Reviewed-by: Christoph Hellwig Reviewed-by: "Martin K. Petersen" Acked-by: Ard Biesheuvel Link: https://lore.kernel.org/r/20250401221600.24878-2-ebiggers@kernel.org Signed-off-by: Eric Biggers --- lib/Kconfig | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) (limited to 'lib') diff --git a/lib/Kconfig b/lib/Kconfig index 61cce0686b53..c91de83b3e5a 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -177,14 +177,8 @@ config CRC_ITU_T functions require M here. config CRC32 - tristate "CRC32/CRC32c functions" - default y + tristate select BITREVERSE - help - This option is provided for the case where no in-kernel-tree - modules require CRC32/CRC32c functions, but a module built outside - the kernel tree does. Such modules that use library CRC32/CRC32c - functions require M here. config ARCH_HAS_CRC32 bool -- cgit v1.2.3 From 7939da264bcc91ced4d01014241a581e79d414d9 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Tue, 1 Apr 2025 15:15:55 -0700 Subject: lib/crc: remove unnecessary prompt for CONFIG_CRC_CCITT All modules that need CONFIG_CRC_CCITT already select it, so there is no need to bother users about the option. Reviewed-by: Christoph Hellwig Reviewed-by: "Martin K. Petersen" Acked-by: Ard Biesheuvel Link: https://lore.kernel.org/r/20250401221600.24878-3-ebiggers@kernel.org Signed-off-by: Eric Biggers --- lib/Kconfig | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'lib') diff --git a/lib/Kconfig b/lib/Kconfig index c91de83b3e5a..81d8ff429dca 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -139,12 +139,7 @@ config TRACE_MMIO_ACCESS source "lib/crypto/Kconfig" config CRC_CCITT - tristate "CRC-CCITT functions" - help - This option is provided for the case where no in-kernel-tree - modules require CRC-CCITT functions, but a module built outside - the kernel tree does. Such modules that use library CRC-CCITT - functions require M here. + tristate config CRC16 tristate "CRC16 functions" -- cgit v1.2.3 From 2038af8edae281283ee10e220a3df19dcad3b61c Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Tue, 1 Apr 2025 15:15:56 -0700 Subject: lib/crc: remove unnecessary prompt for CONFIG_CRC16 All modules that need CONFIG_CRC16 already select it, so there is no need to bother users about the option. Reviewed-by: Christoph Hellwig Reviewed-by: "Martin K. Petersen" Acked-by: Ard Biesheuvel Link: https://lore.kernel.org/r/20250401221600.24878-4-ebiggers@kernel.org Signed-off-by: Eric Biggers --- lib/Kconfig | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'lib') diff --git a/lib/Kconfig b/lib/Kconfig index 81d8ff429dca..372e07c5e31d 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -142,12 +142,7 @@ config CRC_CCITT tristate config CRC16 - tristate "CRC16 functions" - help - This option is provided for the case where no in-kernel-tree - modules require CRC16 functions, but a module built outside - the kernel tree does. Such modules that use library CRC16 - functions require M here. + tristate config CRC_T10DIF tristate "CRC calculation for the T10 Data Integrity Field" -- cgit v1.2.3 From a6d0dbba950880e269d433222ca6d516ebe8a6ae Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Tue, 1 Apr 2025 15:15:57 -0700 Subject: lib/crc: remove unnecessary prompt for CONFIG_CRC_T10DIF All modules that need CONFIG_CRC_T10DIF already select it, so there is no need to bother users about the option. Reviewed-by: Christoph Hellwig Reviewed-by: "Martin K. Petersen" Acked-by: Ard Biesheuvel Link: https://lore.kernel.org/r/20250401221600.24878-5-ebiggers@kernel.org Signed-off-by: Eric Biggers --- lib/Kconfig | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'lib') diff --git a/lib/Kconfig b/lib/Kconfig index 372e07c5e31d..4301bfd08feb 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -145,11 +145,7 @@ config CRC16 tristate config CRC_T10DIF - tristate "CRC calculation for the T10 Data Integrity Field" - help - This option is only needed if a module that's not in the - kernel tree needs to calculate CRC checks for use with the - SCSI data integrity subsystem. + tristate config ARCH_HAS_CRC_T10DIF bool -- cgit v1.2.3 From a0d55dd740db75acca2afbd84a2f54f644dbc268 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Tue, 1 Apr 2025 15:15:58 -0700 Subject: lib/crc: remove unnecessary prompt for CONFIG_CRC_ITU_T All modules that need CONFIG_CRC_ITU_T already select it, so there is no need to bother users about the option. Reviewed-by: Christoph Hellwig Reviewed-by: "Martin K. Petersen" Acked-by: Ard Biesheuvel Link: https://lore.kernel.org/r/20250401221600.24878-6-ebiggers@kernel.org Signed-off-by: Eric Biggers --- lib/Kconfig | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'lib') diff --git a/lib/Kconfig b/lib/Kconfig index 4301bfd08feb..89470bb24519 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -155,12 +155,7 @@ config CRC_T10DIF_ARCH default CRC_T10DIF if ARCH_HAS_CRC_T10DIF && CRC_OPTIMIZATIONS config CRC_ITU_T - tristate "CRC ITU-T V.41 functions" - help - This option is provided for the case where no in-kernel-tree - modules require CRC ITU-T V.41 functions, but a module built outside - the kernel tree does. Such modules that use library CRC ITU-T V.41 - functions require M here. + tristate config CRC32 tristate -- cgit v1.2.3 From 31ab49a99f0572da6a62f121878e2155b04904e5 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Tue, 1 Apr 2025 15:15:59 -0700 Subject: lib/crc: document all the CRC library kconfig options Previous commits removed all the original CRC kconfig help text, since it was oriented towards people configuring the kernel, and the options are no longer user-selectable. However, it's still useful for there to be help text for kernel developers. Add this. Reviewed-by: Christoph Hellwig Reviewed-by: "Martin K. Petersen" Acked-by: Ard Biesheuvel Link: https://lore.kernel.org/r/20250401221600.24878-7-ebiggers@kernel.org Signed-off-by: Eric Biggers --- lib/Kconfig | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) (limited to 'lib') diff --git a/lib/Kconfig b/lib/Kconfig index 89470bb24519..4e796eaea2f4 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -140,12 +140,21 @@ source "lib/crypto/Kconfig" config CRC_CCITT tristate + help + The CRC-CCITT library functions. Select this if your module uses any + of the functions from . config CRC16 tristate + help + The CRC16 library functions. Select this if your module uses any of + the functions from . config CRC_T10DIF tristate + help + The CRC-T10DIF library functions. Select this if your module uses + any of the functions from . config ARCH_HAS_CRC_T10DIF bool @@ -156,10 +165,16 @@ config CRC_T10DIF_ARCH config CRC_ITU_T tristate + help + The CRC-ITU-T library functions. Select this if your module uses + any of the functions from . config CRC32 tristate select BITREVERSE + help + The CRC32 library functions. Select this if your module uses any of + the functions from or . config ARCH_HAS_CRC32 bool @@ -170,6 +185,9 @@ config CRC32_ARCH config CRC64 tristate + help + The CRC64 library functions. Select this if your module uses any of + the functions from . config ARCH_HAS_CRC64 bool @@ -180,9 +198,15 @@ config CRC64_ARCH config CRC4 tristate + help + The CRC4 library functions. Select this if your module uses any of + the functions from . config CRC7 tristate + help + The CRC7 library functions. Select this if your module uses any of + the functions from . config LIBCRC32C tristate @@ -193,6 +217,9 @@ config LIBCRC32C config CRC8 tristate + help + The CRC8 library functions. Select this if your module uses any of + the functions from . config CRC_OPTIMIZATIONS bool "Enable optimized CRC implementations" if EXPERT -- cgit v1.2.3 From b261d2222063a9a8b9ec284244c285f2998ee01e Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Tue, 1 Apr 2025 15:16:00 -0700 Subject: lib/crc: remove CONFIG_LIBCRC32C Now that LIBCRC32C does nothing besides select CRC32, make every option that selects LIBCRC32C instead select CRC32 directly. Then remove LIBCRC32C. Reviewed-by: Christoph Hellwig Reviewed-by: "Martin K. Petersen" Acked-by: Ard Biesheuvel Link: https://lore.kernel.org/r/20250401221600.24878-8-ebiggers@kernel.org Signed-off-by: Eric Biggers --- lib/Kconfig | 7 ------- 1 file changed, 7 deletions(-) (limited to 'lib') diff --git a/lib/Kconfig b/lib/Kconfig index 4e796eaea2f4..6c1b8f184267 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -208,13 +208,6 @@ config CRC7 The CRC7 library functions. Select this if your module uses any of the functions from . -config LIBCRC32C - tristate - select CRC32 - help - This option just selects CRC32 and is provided for compatibility - purposes until the users are updated to select CRC32 directly. - config CRC8 tristate help -- cgit v1.2.3 From 770c8d55c42868239c748a3ebc57c9e37755f842 Mon Sep 17 00:00:00 2001 From: Sheng Yong Date: Tue, 1 Apr 2025 22:47:12 +0800 Subject: lib/iov_iter: fix to increase non slab folio refcount When testing EROFS file-backed mount over v9fs on qemu, I encountered a folio UAF issue. The page sanity check reports the following call trace. The root cause is that pages in bvec are coalesced across a folio bounary. The refcount of all non-slab folios should be increased to ensure p9_releas_pages can put them correctly. BUG: Bad page state in process md5sum pfn:18300 page: refcount:0 mapcount:0 mapping:00000000d5ad8e4e index:0x60 pfn:0x18300 head: order:0 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 aops:z_erofs_aops ino:30b0f dentry name(?):"GoogleExtServicesCn.apk" flags: 0x100000000000041(locked|head|node=0|zone=1) raw: 0100000000000041 dead000000000100 dead000000000122 ffff888014b13bd0 raw: 0000000000000060 0000000000000020 00000000ffffffff 0000000000000000 head: 0100000000000041 dead000000000100 dead000000000122 ffff888014b13bd0 head: 0000000000000060 0000000000000020 00000000ffffffff 0000000000000000 head: 0100000000000000 0000000000000000 ffffffffffffffff 0000000000000000 head: 0000000000000010 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set Call Trace: dump_stack_lvl+0x53/0x70 bad_page+0xd4/0x220 __free_pages_ok+0x76d/0xf30 __folio_put+0x230/0x320 p9_release_pages+0x179/0x1f0 p9_virtio_zc_request+0xa2a/0x1230 p9_client_zc_rpc.constprop.0+0x247/0x700 p9_client_read_once+0x34d/0x810 p9_client_read+0xf3/0x150 v9fs_issue_read+0x111/0x360 netfs_unbuffered_read_iter_locked+0x927/0x1390 netfs_unbuffered_read_iter+0xa2/0xe0 vfs_iocb_iter_read+0x2c7/0x460 erofs_fileio_rq_submit+0x46b/0x5b0 z_erofs_runqueue+0x1203/0x21e0 z_erofs_readahead+0x579/0x8b0 read_pages+0x19f/0xa70 page_cache_ra_order+0x4ad/0xb80 filemap_readahead.isra.0+0xe7/0x150 filemap_get_pages+0x7aa/0x1890 filemap_read+0x320/0xc80 vfs_read+0x6c6/0xa30 ksys_read+0xf9/0x1c0 do_syscall_64+0x9e/0x1a0 entry_SYSCALL_64_after_hwframe+0x71/0x79 Link: https://lkml.kernel.org/r/20250401144712.1377719-1-shengyong1@xiaomi.com Fixes: b9c0e49abfca ("mm: decline to manipulate the refcount on a slab page") Signed-off-by: Sheng Yong Reviewed-by: Matthew Wilcox (Oracle) Acked-by: Vlastimil Babka Cc: Signed-off-by: Andrew Morton --- lib/iov_iter.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/iov_iter.c b/lib/iov_iter.c index 8c7fdb7d8c8f..bc9391e55d57 100644 --- a/lib/iov_iter.c +++ b/lib/iov_iter.c @@ -1191,7 +1191,7 @@ static ssize_t __iov_iter_get_pages_alloc(struct iov_iter *i, return -ENOMEM; p = *pages; for (int k = 0; k < n; k++) { - struct folio *folio = page_folio(page); + struct folio *folio = page_folio(page + k); p[k] = page + k; if (!folio_test_slab(folio)) folio_get(folio); -- cgit v1.2.3 From a5561c88cf3cddc405ae7a0ef6b606224ddabf0c Mon Sep 17 00:00:00 2001 From: Arnd Bergmann Date: Mon, 24 Mar 2025 18:32:27 +0100 Subject: ASN.1: add module description This is needed to avoid a build warning: WARNING: modpost: missing MODULE_DESCRIPTION() in lib/asn1_decoder.o Link: https://lkml.kernel.org/r/20250324173242.1501003-2-arnd@kernel.org Fixes: 6c6c1fc09de3 ("modpost: require a MODULE_DESCRIPTION()") Signed-off-by: Arnd Bergmann Tested-by: Geert Uytterhoeven Cc: Jeff Johnson Cc: Masahiro Yamada Cc: Stehen Rothwell Signed-off-by: Andrew Morton --- lib/asn1_decoder.c | 1 + 1 file changed, 1 insertion(+) (limited to 'lib') diff --git a/lib/asn1_decoder.c b/lib/asn1_decoder.c index 13da529e2e72..5738ae286b41 100644 --- a/lib/asn1_decoder.c +++ b/lib/asn1_decoder.c @@ -518,4 +518,5 @@ error: } EXPORT_SYMBOL_GPL(asn1_ber_decoder); +MODULE_DESCRIPTION("Decoder for ASN.1 BER/DER/CER encoded bytestream"); MODULE_LICENSE("GPL"); -- cgit v1.2.3 From 75dd4975f569c179284fa644e5be24cbfa77b0ee Mon Sep 17 00:00:00 2001 From: Arnd Bergmann Date: Mon, 24 Mar 2025 18:32:31 +0100 Subject: zlib: add module description Modules without a description now cause a warning: WARNING: modpost: missing MODULE_DESCRIPTION() in lib/zlib_inflate/zlib_inflate.o Link: https://lkml.kernel.org/r/20250324173242.1501003-6-arnd@kernel.org Fixes: 6c6c1fc09de3 ("modpost: require a MODULE_DESCRIPTION()") Signed-off-by: Arnd Bergmann Cc: Jeff Johnson Cc: Masahiro Yamada Cc: Stehen Rothwell Signed-off-by: Andrew Morton --- lib/zlib_inflate/inflate_syms.c | 1 + 1 file changed, 1 insertion(+) (limited to 'lib') diff --git a/lib/zlib_inflate/inflate_syms.c b/lib/zlib_inflate/inflate_syms.c index 9720114c0672..b8996d90e8bc 100644 --- a/lib/zlib_inflate/inflate_syms.c +++ b/lib/zlib_inflate/inflate_syms.c @@ -18,4 +18,5 @@ EXPORT_SYMBOL(zlib_inflateEnd); EXPORT_SYMBOL(zlib_inflateReset); EXPORT_SYMBOL(zlib_inflateIncomp); EXPORT_SYMBOL(zlib_inflate_blob); +MODULE_DESCRIPTION("Data decompression using the deflation algorithm"); MODULE_LICENSE("GPL"); -- cgit v1.2.3 From 91640531b92ec63e260b9d5c681d387676ec462c Mon Sep 17 00:00:00 2001 From: Arnd Bergmann Date: Mon, 24 Mar 2025 18:32:32 +0100 Subject: ucs2_string: add module description Modules without a description now cause a warning: WARNING: modpost: missing MODULE_DESCRIPTION() in lib/ucs2_string.o Link: https://lkml.kernel.org/r/20250324173242.1501003-7-arnd@kernel.org Fixes: 6c6c1fc09de3 ("modpost: require a MODULE_DESCRIPTION()") Signed-off-by: Arnd Bergmann Cc: Jeff Johnson Cc: Masahiro Yamada Cc: Stehen Rothwell Signed-off-by: Andrew Morton --- lib/ucs2_string.c | 1 + 1 file changed, 1 insertion(+) (limited to 'lib') diff --git a/lib/ucs2_string.c b/lib/ucs2_string.c index 9308bcfb2ad5..dfb4f2358cab 100644 --- a/lib/ucs2_string.c +++ b/lib/ucs2_string.c @@ -165,4 +165,5 @@ ucs2_as_utf8(u8 *dest, const ucs2_char_t *src, unsigned long maxlength) } EXPORT_SYMBOL(ucs2_as_utf8); +MODULE_DESCRIPTION("UCS2 string handling"); MODULE_LICENSE("GPL v2"); -- cgit v1.2.3 From 61c4e6ca8c9364e08c2c132d1bfae2f85af42c7a Mon Sep 17 00:00:00 2001 From: Arnd Bergmann Date: Mon, 24 Mar 2025 18:32:35 +0100 Subject: kunit: slub: add module description Modules without a description now cause a warning: WARNING: modpost: missing MODULE_DESCRIPTION() in lib/tests/slub_kunit.o Link: https://lkml.kernel.org/r/20250324173242.1501003-10-arnd@kernel.org Fixes: 6c6c1fc09de3 ("modpost: require a MODULE_DESCRIPTION()") Signed-off-by: Arnd Bergmann Cc: Guenetr Roeck Cc: Jeff Johnson Cc: Masahiro Yamada Cc: Pei Xiao Cc: Rae Moar Cc: Stehen Rothwell Cc: Vlastimil Babka Signed-off-by: Andrew Morton --- lib/tests/slub_kunit.c | 1 + 1 file changed, 1 insertion(+) (limited to 'lib') diff --git a/lib/tests/slub_kunit.c b/lib/tests/slub_kunit.c index d47c472b0520..848b682a2d70 100644 --- a/lib/tests/slub_kunit.c +++ b/lib/tests/slub_kunit.c @@ -325,4 +325,5 @@ static struct kunit_suite test_suite = { }; kunit_test_suite(test_suite); +MODULE_DESCRIPTION("Kunit tests for slub allocator"); MODULE_LICENSE("GPL"); -- cgit v1.2.3 From e6e07b696da529e85d1ba880555b5df5c80a46bd Mon Sep 17 00:00:00 2001 From: "T.J. Mercier" Date: Wed, 9 Apr 2025 22:51:11 +0000 Subject: alloc_tag: handle incomplete bulk allocations in vm_module_tags_populate alloc_pages_bulk_node() may partially succeed and allocate fewer than the requested nr_pages. There are several conditions under which this can occur, but we have encountered the case where CONFIG_PAGE_OWNER is enabled causing all bulk allocations to always fallback to single page allocations due to commit 187ad460b841 ("mm/page_alloc: avoid page allocator recursion with pagesets.lock held"). Currently vm_module_tags_populate() immediately fails when alloc_pages_bulk_node() returns fewer than the requested number of pages. When this happens memory allocation profiling gets disabled, for example [ 14.297583] [9: modprobe: 465] Failed to allocate memory for allocation tags in the module scsc_wlan. Memory allocation profiling is disabled! [ 14.299339] [9: modprobe: 465] modprobe: Failed to insmod '/vendor/lib/modules/scsc_wlan.ko' with args '': Out of memory This patch causes vm_module_tags_populate() to retry bulk allocations for the remaining memory instead of failing immediately which will avoid the disablement of memory allocation profiling. Link: https://lkml.kernel.org/r/20250409225111.3770347-1-tjmercier@google.com Fixes: 0f9b685626da ("alloc_tag: populate memory for module tags as needed") Signed-off-by: T.J. Mercier Reported-by: Janghyuck Kim Acked-by: Suren Baghdasaryan Cc: Kent Overstreet Cc: Signed-off-by: Andrew Morton --- lib/alloc_tag.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/alloc_tag.c b/lib/alloc_tag.c index 1d893e313614..25ecc1334b67 100644 --- a/lib/alloc_tag.c +++ b/lib/alloc_tag.c @@ -422,11 +422,20 @@ static int vm_module_tags_populate(void) unsigned long old_shadow_end = ALIGN(phys_end, MODULE_ALIGN); unsigned long new_shadow_end = ALIGN(new_end, MODULE_ALIGN); unsigned long more_pages; - unsigned long nr; + unsigned long nr = 0; more_pages = ALIGN(new_end - phys_end, PAGE_SIZE) >> PAGE_SHIFT; - nr = alloc_pages_bulk_node(GFP_KERNEL | __GFP_NOWARN, - NUMA_NO_NODE, more_pages, next_page); + while (nr < more_pages) { + unsigned long allocated; + + allocated = alloc_pages_bulk_node(GFP_KERNEL | __GFP_NOWARN, + NUMA_NO_NODE, more_pages - nr, next_page + nr); + + if (!allocated) + break; + nr += allocated; + } + if (nr < more_pages || vmap_pages_range(phys_end, phys_end + (nr << PAGE_SHIFT), PAGE_KERNEL, next_page, PAGE_SHIFT) < 0) { -- cgit v1.2.3 From d94c12bd97d567de342fd32599e7cd9e50bfa140 Mon Sep 17 00:00:00 2001 From: Peter Collingbourne Date: Wed, 2 Apr 2025 17:06:59 -0700 Subject: string: Add load_unaligned_zeropad() code path to sized_strscpy() The call to read_word_at_a_time() in sized_strscpy() is problematic with MTE because it may trigger a tag check fault when reading across a tag granule (16 bytes) boundary. To make this code MTE compatible, let's start using load_unaligned_zeropad() on architectures where it is available (i.e. architectures that define CONFIG_DCACHE_WORD_ACCESS). Because load_unaligned_zeropad() takes care of page boundaries as well as tag granule boundaries, also disable the code preventing crossing page boundaries when using load_unaligned_zeropad(). Signed-off-by: Peter Collingbourne Link: https://linux-review.googlesource.com/id/If4b22e43b5a4ca49726b4bf98ada827fdf755548 Fixes: 94ab5b61ee16 ("kasan, arm64: enable CONFIG_KASAN_HW_TAGS") Cc: stable@vger.kernel.org Reviewed-by: Catalin Marinas Link: https://lore.kernel.org/r/20250403000703.2584581-2-pcc@google.com Signed-off-by: Kees Cook --- lib/string.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/string.c b/lib/string.c index eb4486ed40d2..b632c71df1a5 100644 --- a/lib/string.c +++ b/lib/string.c @@ -119,6 +119,7 @@ ssize_t sized_strscpy(char *dest, const char *src, size_t count) if (count == 0 || WARN_ON_ONCE(count > INT_MAX)) return -E2BIG; +#ifndef CONFIG_DCACHE_WORD_ACCESS #ifdef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS /* * If src is unaligned, don't cross a page boundary, @@ -133,12 +134,14 @@ ssize_t sized_strscpy(char *dest, const char *src, size_t count) /* If src or dest is unaligned, don't do word-at-a-time. */ if (((long) dest | (long) src) & (sizeof(long) - 1)) max = 0; +#endif #endif /* - * read_word_at_a_time() below may read uninitialized bytes after the - * trailing zero and use them in comparisons. Disable this optimization - * under KMSAN to prevent false positive reports. + * load_unaligned_zeropad() or read_word_at_a_time() below may read + * uninitialized bytes after the trailing zero and use them in + * comparisons. Disable this optimization under KMSAN to prevent + * false positive reports. */ if (IS_ENABLED(CONFIG_KMSAN)) max = 0; @@ -146,7 +149,11 @@ ssize_t sized_strscpy(char *dest, const char *src, size_t count) while (max >= sizeof(unsigned long)) { unsigned long c, data; +#ifdef CONFIG_DCACHE_WORD_ACCESS + c = load_unaligned_zeropad(src+res); +#else c = read_word_at_a_time(src+res); +#endif if (has_zero(c, &data, &constants)) { data = prep_zero_mask(c, data, &constants); data = create_zero_mask(data); -- cgit v1.2.3 From cdc2e1d9d929d7f7009b3a5edca52388a2b0891f Mon Sep 17 00:00:00 2001 From: Nathan Chancellor Date: Mon, 14 Apr 2025 15:00:59 -0700 Subject: lib/Kconfig.ubsan: Remove 'default UBSAN' from UBSAN_INTEGER_WRAP CONFIG_UBSAN_INTEGER_WRAP is 'default UBSAN', which is problematic for a couple of reasons. The first is that this sanitizer is under active development on the compiler side to come up with a solution that is maintainable on the compiler side and usable on the kernel side. As a result of this, there are many warnings when the sanitizer is enabled that have no clear path to resolution yet but users may see them and report them in the meantime. The second is that this option was renamed from CONFIG_UBSAN_SIGNED_WRAP, meaning that if a configuration has CONFIG_UBSAN=y but CONFIG_UBSAN_SIGNED_WRAP=n and it is upgraded via olddefconfig (common in non-interactive scenarios such as CI), CONFIG_UBSAN_INTEGER_WRAP will be silently enabled again. Remove 'default UBSAN' from CONFIG_UBSAN_INTEGER_WRAP until it is ready for regular usage and testing from a broader community than the folks actively working on the feature. Cc: stable@vger.kernel.org Fixes: 557f8c582a9b ("ubsan: Reintroduce signed overflow sanitizer") Signed-off-by: Nathan Chancellor Link: https://lore.kernel.org/r/20250414-drop-default-ubsan-integer-wrap-v1-1-392522551d6b@kernel.org Signed-off-by: Kees Cook --- lib/Kconfig.ubsan | 1 - 1 file changed, 1 deletion(-) (limited to 'lib') diff --git a/lib/Kconfig.ubsan b/lib/Kconfig.ubsan index 4216b3a4ff21..f6ea0c5b5da3 100644 --- a/lib/Kconfig.ubsan +++ b/lib/Kconfig.ubsan @@ -118,7 +118,6 @@ config UBSAN_UNREACHABLE config UBSAN_INTEGER_WRAP bool "Perform checking for integer arithmetic wrap-around" - default UBSAN depends on !COMPILE_TEST depends on $(cc-option,-fsanitize-undefined-ignore-overflow-pattern=all) depends on $(cc-option,-fsanitize=signed-integer-overflow) -- cgit v1.2.3 From 9b044614be12d78d3a93767708b8d02fb7dfa9b0 Mon Sep 17 00:00:00 2001 From: Mostafa Saleh Date: Tue, 15 Apr 2025 20:33:54 +0000 Subject: ubsan: Fix panic from test_ubsan_out_of_bounds Running lib_ubsan.ko on arm64 (without CONFIG_UBSAN_TRAP) panics the kernel: [ 31.616546] Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: test_ubsan_out_of_bounds+0x158/0x158 [test_ubsan] [ 31.646817] CPU: 3 UID: 0 PID: 179 Comm: insmod Not tainted 6.15.0-rc2 #1 PREEMPT [ 31.648153] Hardware name: linux,dummy-virt (DT) [ 31.648970] Call trace: [ 31.649345] show_stack+0x18/0x24 (C) [ 31.650960] dump_stack_lvl+0x40/0x84 [ 31.651559] dump_stack+0x18/0x24 [ 31.652264] panic+0x138/0x3b4 [ 31.652812] __ktime_get_real_seconds+0x0/0x10 [ 31.653540] test_ubsan_load_invalid_value+0x0/0xa8 [test_ubsan] [ 31.654388] init_module+0x24/0xff4 [test_ubsan] [ 31.655077] do_one_initcall+0xd4/0x280 [ 31.655680] do_init_module+0x58/0x2b4 That happens because the test corrupts other data in the stack: 400: d5384108 mrs x8, sp_el0 404: f9426d08 ldr x8, [x8, #1240] 408: f85f83a9 ldur x9, [x29, #-8] 40c: eb09011f cmp x8, x9 410: 54000301 b.ne 470 // b.any As there is no guarantee the compiler will order the local variables as declared in the module: volatile char above[4] = { }; /* Protect surrounding memory. */ volatile int arr[4]; volatile char below[4] = { }; /* Protect surrounding memory. */ There is another problem where the out-of-bound index is 5 which is larger than the extra surrounding memory for protection. So, use a struct to enforce the ordering, and fix the index to be 4. Also, remove some of the volatiles and rely on OPTIMIZER_HIDE_VAR() Signed-off-by: Mostafa Saleh Link: https://lore.kernel.org/r/20250415203354.4109415-1-smostafa@google.com Signed-off-by: Kees Cook --- lib/test_ubsan.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) (limited to 'lib') diff --git a/lib/test_ubsan.c b/lib/test_ubsan.c index 8772e5edaa4f..a4b6f52b9c57 100644 --- a/lib/test_ubsan.c +++ b/lib/test_ubsan.c @@ -77,18 +77,22 @@ static void test_ubsan_shift_out_of_bounds(void) static void test_ubsan_out_of_bounds(void) { - volatile int i = 4, j = 5, k = -1; - volatile char above[4] = { }; /* Protect surrounding memory. */ - volatile int arr[4]; - volatile char below[4] = { }; /* Protect surrounding memory. */ + int i = 4, j = 4, k = -1; + volatile struct { + char above[4]; /* Protect surrounding memory. */ + int arr[4]; + char below[4]; /* Protect surrounding memory. */ + } data; - above[0] = below[0]; + OPTIMIZER_HIDE_VAR(i); + OPTIMIZER_HIDE_VAR(j); + OPTIMIZER_HIDE_VAR(k); UBSAN_TEST(CONFIG_UBSAN_BOUNDS, "above"); - arr[j] = i; + data.arr[j] = i; UBSAN_TEST(CONFIG_UBSAN_BOUNDS, "below"); - arr[k] = i; + data.arr[k] = i; } enum ubsan_test_enum { -- cgit v1.2.3 From 3f2925174f8bd811f9399cb4049f6b75fd2fba91 Mon Sep 17 00:00:00 2001 From: Geert Uytterhoeven Date: Mon, 14 Apr 2025 16:35:00 +0200 Subject: lib/prime_numbers: KUnit test should not select PRIME_NUMBERS Enabling a (modular) test should not silently enable additional kernel functionality, as that may increase the attack vector of a product. Fix this by making PRIME_NUMBERS_KUNIT_TEST depend on PRIME_NUMBERS instead of selecting it. After this, one can safely enable CONFIG_KUNIT_ALL_TESTS=m to build modules for all appropriate tests for ones system, without pulling in extra unwanted functionality, while still allowing a tester to manually enable PRIME_NUMBERS and this test suite on a system where PRIME_NUMBERS is not enabled by default. Resurrect CONFIG_PRIME_NUMBERS=m in tools/testing/selftests/lib/config for the latter use case. Fixes: 313b38a6ecb46db4 ("lib/prime_numbers: convert self-test to KUnit") Signed-off-by: Geert Uytterhoeven Acked-by: Tamir Duberstein Link: https://lore.kernel.org/r/40f8a40eef4930d3ac9febd205bc171eb04e171c.1744641237.git.geert@linux-m68k.org Signed-off-by: Kees Cook --- lib/Kconfig.debug | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index 9fe4d8dfe578..f9051ab610d5 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -3290,7 +3290,7 @@ config GCD_KUNIT_TEST config PRIME_NUMBERS_KUNIT_TEST tristate "Prime number generator test" if !KUNIT_ALL_TESTS depends on KUNIT - select PRIME_NUMBERS + depends on PRIME_NUMBERS default KUNIT_ALL_TESTS help This option enables the KUnit test suite for the {is,next}_prime_number -- cgit v1.2.3