Package: release.debian.org Severity: normal Tags: trixie X-Debbugs-Cc: [email protected] Control: affects -1 + src:lttng-modules User: [email protected] Usertags: pu
[ Reason ] A change in the upstream Linux kernel introduced in v6.13 results in memory corruption and a potential kernel crash when using syscall tracing with lttng-modules. While trixie only ships a v6.12 based kernel, users who build custom kernel packages could be affected by the issue. [ Impact ] Using syscall tracing with a kernel >= v6.13 could result in a system crash. [ Tests ] Tested in a trixie virtual machine using the upstream test suite. [ Risks ] Code change is minimal and since it's DKMS based only applies to kernels v6.13 or greater. The patch is already present in upstream released versions and in Debian unstable/testing. [ Checklist ] [*] *all* changes are documented in the d/changelog [*] I reviewed all changes and I approve them [*] attach debdiff against the package in (old)stable [*] the issue is verified as fixed in unstable [ Changes ] Add a patch with version based ifdef that disables preemption around the syscall probe. Prior to v6.13, preemption was disable around all probes by the kernel.
diff -Nru lttng-modules-2.13.18/debian/changelog lttng-modules-2.13.18/debian/changelog --- lttng-modules-2.13.18/debian/changelog 2025-04-14 18:01:05.000000000 -0400 +++ lttng-modules-2.13.18/debian/changelog 2025-10-07 13:46:28.000000000 -0400 @@ -1,3 +1,11 @@ +lttng-modules (2.13.18-1+deb13u1) trixie; urgency=medium + + * Fix potential kernel crash with syscall tracing (Closes: ##1117551) + * [4b4342c] debian/gbp.conf: branch config for trixie + * [a8a56d6] Add patch to fix syscall tracing with kernels >= v6.13 + + -- Michael Jeanson <[email protected]> Tue, 07 Oct 2025 13:46:28 -0400 + lttng-modules (2.13.18-1) unstable; urgency=medium * [25407c8] New upstream version 2.13.18 diff -Nru lttng-modules-2.13.18/debian/gbp.conf lttng-modules-2.13.18/debian/gbp.conf --- lttng-modules-2.13.18/debian/gbp.conf 2025-04-14 18:00:10.000000000 -0400 +++ lttng-modules-2.13.18/debian/gbp.conf 2025-10-07 13:46:28.000000000 -0400 @@ -1,3 +1,3 @@ [DEFAULT] -upstream-branch=upstream/latest -debian-branch=debian/sid +upstream-branch=upstream/2.13.18 +debian-branch=debian/trixie diff -Nru lttng-modules-2.13.18/debian/patches/fix-protect-syscall-probes-with-preemption-disable.patch lttng-modules-2.13.18/debian/patches/fix-protect-syscall-probes-with-preemption-disable.patch --- lttng-modules-2.13.18/debian/patches/fix-protect-syscall-probes-with-preemption-disable.patch 1969-12-31 19:00:00.000000000 -0500 +++ lttng-modules-2.13.18/debian/patches/fix-protect-syscall-probes-with-preemption-disable.patch 2025-10-07 13:46:28.000000000 -0400 @@ -0,0 +1,105 @@ +From df88625cf3ae0be53d4e12a7922d8a9600bcbab7 Mon Sep 17 00:00:00 2001 +From: Mathieu Desnoyers <[email protected]> +Date: Wed, 1 Oct 2025 16:04:55 -0400 +Subject: [PATCH] Fix: Protect syscall probes with preemption disable + +Since kernel v6.13, the syscall tracepoints call the probes from +faultable context (with preemption enabled). + +Adapt to this change to ensure that the LTTng-modules per-cpu data +structures that expect preemption to be disabled don't get corrupted. + +This has been noticed through a linked list corruption of the +lttng-tp-mempool per-cpu allocator. + +This only affects preemptible kernel configurations (PREEMPT, +PREEMPT_LAZY). + +Non-preemptible kernel configurations are not affected (PREEMPT_NONE, +PREEMPT_VOLOUNTARY). + +Signed-off-by: Mathieu Desnoyers <[email protected]> +Change-Id: I67211e9f8ae96dce0e05a377827d606d1e54b0f8 +--- + src/lttng-syscalls.c | 40 ++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 40 insertions(+) + +diff --git a/src/lttng-syscalls.c b/src/lttng-syscalls.c +index 2ee1ee04..0f1a205b 100644 +--- a/src/lttng-syscalls.c ++++ b/src/lttng-syscalls.c +@@ -34,6 +34,10 @@ + #include <lttng/utils.h> + #include <lttng/kernel-version.h> + ++#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(6,13,0)) ++#include <linux/cleanup.h> ++#endif ++ + #include "lttng-syscalls.h" + + #ifndef CONFIG_COMPAT +@@ -137,6 +141,15 @@ static void syscall_entry_event_unknown(struct hlist_head *unknown_action_list_h + unsigned long args[LTTNG_SYSCALL_NR_ARGS]; + struct lttng_kernel_event_common_private *event_priv; + ++#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(6,13,0)) ++ /* ++ * Starting with kernel v6.13, the syscall probes are called ++ * with preemption enabled, but the ring buffer and per-cpu data ++ * require preemption to be disabled. ++ */ ++ guard(preempt_notrace)(); ++#endif ++ + lttng_syscall_get_arguments(current, regs, args); + lttng_hlist_for_each_entry_rcu(event_priv, unknown_action_list_head, u.syscall.node) { + if (unlikely(in_compat_syscall())) +@@ -255,6 +268,15 @@ void syscall_entry_event_probe(void *__data, struct pt_regs *regs, long id) + const struct trace_syscall_entry *table, *entry; + size_t table_len; + ++#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(6,13,0)) ++ /* ++ * Starting with kernel v6.13, the syscall probes are called ++ * with preemption enabled, but the ring buffer and per-cpu data ++ * require preemption to be disabled. ++ */ ++ guard(preempt_notrace)(); ++#endif ++ + #ifdef CONFIG_X86_X32_ABI + if (in_x32_syscall()) { + /* x32 system calls are not supported. */ +@@ -371,6 +393,15 @@ static void syscall_exit_event_unknown(struct hlist_head *unknown_action_list_he + unsigned long args[LTTNG_SYSCALL_NR_ARGS]; + struct lttng_kernel_event_common_private *event_priv; + ++#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(6,13,0)) ++ /* ++ * Starting with kernel v6.13, the syscall probes are called ++ * with preemption enabled, but the ring buffer and per-cpu data ++ * require preemption to be disabled. ++ */ ++ guard(preempt_notrace)(); ++#endif ++ + lttng_syscall_get_arguments(current, regs, args); + lttng_hlist_for_each_entry_rcu(event_priv, unknown_action_list_head, u.syscall.node) { + if (unlikely(in_compat_syscall())) +@@ -498,6 +529,15 @@ void syscall_exit_event_probe(void *__data, struct pt_regs *regs, long ret) + size_t table_len; + long id; + ++#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(6,13,0)) ++ /* ++ * Starting with kernel v6.13, the syscall probes are called ++ * with preemption enabled, but the ring buffer and per-cpu data ++ * require preemption to be disabled. ++ */ ++ guard(preempt_notrace)(); ++#endif ++ + #ifdef CONFIG_X86_X32_ABI + if (in_x32_syscall()) { + /* x32 system calls are not supported. */ diff -Nru lttng-modules-2.13.18/debian/patches/series lttng-modules-2.13.18/debian/patches/series --- lttng-modules-2.13.18/debian/patches/series 2025-04-14 18:00:10.000000000 -0400 +++ lttng-modules-2.13.18/debian/patches/series 2025-10-07 13:46:28.000000000 -0400 @@ -1 +1,2 @@ fix-linux-rt-4.9-sched.patch +fix-protect-syscall-probes-with-preemption-disable.patch
