Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v6.6.131 2025-02-08T08:52:32+00:00 2025-02-08T08:52:32+00:00 Masahiro Yamada masahiroy@kernel.org 2025-01-03T07:30:39+00:00 urn:sha1:4517f37bf54e2e790bcff4c4aec25c4f6c5dd8d2 [ Upstream commit be2fa44b5180a1f021efb40c55fdf63c249c3209 ] When a symbol that is already registered is read again from *.symref file, __add_symbol() removes the previous one from the hash table without freeing it. [Test Case] $ cat foo.c #include <linux/export.h> void foo(void); void foo(void) {} EXPORT_SYMBOL(foo); $ cat foo.symref foo void foo ( void ) foo void foo ( void ) When a symbol is removed from the hash table, it must be freed along with its ->name and ->defn members. However, sym->name cannot be freed because it is sometimes shared with node->string, but not always. If sym->name and node->string share the same memory, free(sym->name) could lead to a double-free bug. To resolve this issue, always assign a strdup'ed string to sym->name. Fixes: 64e6c1e12372 ("genksyms: track symbol checksum changes") Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> 2025-02-08T08:52:32+00:00 Masahiro Yamada masahiroy@kernel.org 2025-01-03T07:30:38+00:00 urn:sha1:9dc841e89ae01c362e99fa8287d9b5b75cc37d0a [ Upstream commit 45c9c4101d3d2fdfa00852274bbebba65fcc3cf2 ] When a symbol that is already registered is added again, __add_symbol() returns without freeing the symbol definition, making it unreachable. The following test cases demonstrate different memory leak points. [Test Case 1] Forward declaration with exactly the same definition $ cat foo.c #include <linux/export.h> void foo(void); void foo(void) {} EXPORT_SYMBOL(foo); [Test Case 2] Forward declaration with a different definition (e.g. attribute) $ cat foo.c #include <linux/export.h> void foo(void); __attribute__((__section__(".ref.text"))) void foo(void) {} EXPORT_SYMBOL(foo); [Test Case 3] Preserving an overridden symbol (compile with KBUILD_PRESERVE=1) $ cat foo.c #include <linux/export.h> void foo(void); void foo(void) { } EXPORT_SYMBOL(foo); $ cat foo.symref override foo void foo ( int ) The memory leaks in Test Case 1 and 2 have existed since the introduction of genksyms into the kernel tree. [1] The memory leak in Test Case 3 was introduced by commit 5dae9a550a74 ("genksyms: allow to ignore symbol checksum changes"). When multiple init_declarators are reduced to an init_declarator_list, the decl_spec must be duplicated. Otherwise, the following Test Case 4 would result in a double-free bug. [Test Case 4] $ cat foo.c #include <linux/export.h> extern int foo, bar; int foo, bar; EXPORT_SYMBOL(foo); In this case, 'foo' and 'bar' share the same decl_spec, 'int'. It must be unshared before being passed to add_symbol(). [1]: https://git.kernel.org/pub/scm/linux/kernel/git/history/history.git/commit/?id=46bd1da672d66ccd8a639d3c1f8a166048cca608 Fixes: 5dae9a550a74 ("genksyms: allow to ignore symbol checksum changes") Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> 2020-12-21T04:57:08+00:00 Marco Elver elver@google.com 2020-12-01T15:20:18+00:00 urn:sha1:9ab55d7f240fb05f84ec3b5e37f0c3ab2ce69053 The C11 _Static_assert() keyword may be used at module scope, and we need to teach genksyms about it to not abort with an error. We currently have a growing number of static_assert() (but also direct usage of _Static_assert()) users at module scope: git grep -E '^_Static_assert\(|^static_assert\(' | grep -v '^tools' | wc -l 135 More recently, when enabling CONFIG_MODVERSIONS with CONFIG_KCSAN, we observe a number of warnings: WARNING: modpost: EXPORT symbol "<..all kcsan symbols..>" [vmlinux] [...] When running a preprocessed source through 'genksyms -w' a number of syntax errors point at usage of static_assert()s. In the case of kernel/kcsan/encoding.h, new static_assert()s had been introduced which used expressions that appear to cause genksyms to not even be able to recover from the syntax error gracefully (as it appears was the case previously). Therefore, make genksyms ignore all _Static_assert() and the contained expression. With the fix, usage of _Static_assert() no longer cause "syntax error" all over the kernel, and the above modpost warnings for KCSAN are gone, too. Signed-off-by: Marco Elver <elver@google.com> Acked-by: Nick Desaulniers <ndesaulniers@google.com> Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> 2019-09-14T02:40:13+00:00 Masahiro Yamada yamada.masahiro@socionext.com 2019-09-12T11:45:07+00:00 urn:sha1:77564a4829ef6d309331d443ea6ceb065f3dc371 I used the C comment style (/* ... */) for the flex and bison files as in Kconfig (scripts/kconfig/{lexer.l,parser.y}) Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> 2019-06-23T18:43:03+00:00 Will Deacon will.deacon@arm.com 2019-06-18T13:10:48+00:00 urn:sha1:a222061b85234d8a44486a46bd4df7e2cda52385 __uint128_t crops up in a few files that export symbols to modules, so teach genksyms about it and the other GCC built-in 128-bit integer types so that we don't end up skipping the CRC generation for some symbols due to the parser failing to spot them: | WARNING: EXPORT symbol "kernel_neon_begin" [vmlinux] version | generation failed, symbol will not be versioned. | ld: arch/arm64/kernel/fpsimd.o: relocation R_AARCH64_ABS32 against | `__crc_kernel_neon_begin' can not be used when making a shared | object | ld: arch/arm64/kernel/fpsimd.o:(.data+0x0): dangerous relocation: | unsupported relocation Reported-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Will Deacon <will.deacon@arm.com> Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> 2017-01-05T12:00:54+00:00 Michal Marek mmarek@suse.com 2017-01-03T13:40:44+00:00 urn:sha1:d920f7c6628c63a390009c237fb80a203c2e400a Do not try to recover too early and segfault when parsing invalid declarations such as echo 'int (int);' | scripts/genksyms/genksyms echo 'int a, (int);' | scripts/genksyms/genksyms echo 'extern void *__inline_memcpy((void *), (const void *), (__kernel_size_t));' | scripts/genksyms/genksyms The last one was a real-life bug with include/asm-generic/asm-prototypes.h on x86_64. Reported-and-tested-by: Borislav Petkov <bp@alien8.de> Signed-off-by: Michal Marek <mmarek@suse.com> 2016-11-29T14:53:19+00:00 Nicholas Piggin npiggin@gmail.com 2016-11-23T16:41:39+00:00 urn:sha1:0efdb2282343578474d342816809710681995985 genksyms currently does not handle va_list. Add the __builtin_va_list keyword as a type. This reduces the amount of syntax errors thrown, but so far no export symbol has a type with a va_list argument, so there is currently no bug in the end result. Note: this patch does not regenerate shipped parser files. Signed-off-by: Nicholas Piggin <npiggin@gmail.com> Signed-off-by: Michal Marek <mmarek@suse.com> 2015-08-20T12:55:55+00:00 Richard Yao richard.yao@clusterhq.com 2015-07-20T23:52:48+00:00 urn:sha1:1c722503fa81888c936a8d1a5052daec859f1a7c I noticed that genksyms will segfault when it sees duplicate function pointer type declaration when I placed the same function pointer definition in two separate headers in a local branch as an intermediate step of some refactoring. This can be reproduced by piping the following minimal test case into `genksyms -r /dev/null` or alternatively, putting it into a C file attempting a build: typedef int (*f)(); typedef int (*f)(); Attaching gdb to genksyms to understand this failure is useless without changing CFLAGS to emit debuginfo. Once you have debuginfo, you will find that the failure is that `char *s` was NULL and the program executed `while(*s)`. At which point, further debugging requires familiarity with compiler front end / parser development. What happens is that flex identifies the first instance of the token "f" as IDENT and the yacc parser adds it to the symbol table. On the second instance, flex will identify "f" as TYPE, which triggers an error case in the yacc parser. Given that TYPE would have been IDENT had it not been in the symbol table, the the segmentaion fault could be avoided by treating TYPE as IDENT in the affected rule. Some might consider placing identical function pointer type declarations in different headers to be poor style might consider a failure to be beneficial. However, failing through a segmentation fault makes the cause non-obvious and can waste the time of anyone who encounters it. Signed-off-by: Richard Yao <richard.yao@clusterhq.com> Acked-by: Madhuri Yechuri <madhuriyechuri@clusterhq.com> Signed-off-by: Michal Marek <mmarek@suse.com> 2014-04-03T23:20:52+00:00 Jan Beulich JBeulich@suse.com 2014-04-03T21:46:37+00:00 urn:sha1:dc53324060f324e8af6867f57bf4891c13c6ef18 Recent increased use of typeof() throughout the tree resulted in a number of symbols (25 in a typical distro config of ours) not getting a proper CRC calculated for them anymore, due to the parser in genksyms not coping with several of these uses (interestingly in the majority of [if not all] cases the problem is due to the use of typeof() in code preceding a certain export, not in the declaration/definition of the exported function/object itself; I wasn't able to find a way to address this more general parser shortcoming). The use of parameter_declaration is a little more relaxed than would be ideal (permitting not just a bare type specification, but also one with identifier), but since the same code is being passed through an actual compiler, there's no apparent risk of allowing through any broken code. Otoh using parameter_declaration instead of the ad hoc "decl_specifier_seq '*'" / "decl_specifier_seq" pair allows all types to be handled rather than just plain ones and pointers to plain ones. Signed-off-by: Jan Beulich <jbeulich@suse.com> Cc: Michal Marek <mmarek@suse.cz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2011-10-11T10:00:39+00:00 Michal Marek mmarek@suse.cz 2011-10-07T23:18:35+00:00 urn:sha1:2c5925d6b7fedc8f1c325f4f85451f505ec69aca Consider structures, unions and enums defined in the source file as internal and do not expand them. This way, changes to e.g. struct serial_private in drivers/tty/serial/8250_pci.c will not affect the checksum of the pciserial_* exports.