Re: [REGRESSION] rseq: refactoring in v6.19 broke everyone on arm64 and tcmalloc everywhere

[Peter Zijlstra <peterz@infradead.org>]

On Mon, Apr 27, 2026 at 12:04:48AM +0200, Thomas Gleixner wrote:

> --- a/include/linux/rseq.h
> +++ b/include/linux/rseq.h
> @@ -9,6 +9,11 @@
>  
>  void __rseq_handle_slowpath(struct pt_regs *regs);
>  
> +static __always_inline bool rseq_optimized(struct task_struct *t)
> +{
> +	return IS_ENABLED(CONFIG_GENERIC_IRQ_ENTRY) && likely(t->rseq.event.optimized);
> +}
> +
>  /* Invoked from resume_user_mode_work() */
>  static inline void rseq_handle_slowpath(struct pt_regs *regs)
>  {
> @@ -30,7 +35,7 @@ void __rseq_signal_deliver(int sig, stru
>   */
>  static inline void rseq_signal_deliver(struct ksignal *ksig, struct pt_regs *regs)
>  {
> -	if (IS_ENABLED(CONFIG_GENERIC_IRQ_ENTRY)) {
> +	if (IS_ENABLED(CONFIG_GENERIC_IRQ_ENTRY) && rseq_optimized(current)) {

rseq_optimized() already implies GENERIC_IRQ_ENTRY

>  		/* '&' is intentional to spare one conditional branch */
>  		if (current->rseq.event.has_rseq & current->rseq.event.user_irq)
>  			__rseq_signal_deliver(ksig->sig, regs);
> @@ -50,15 +55,21 @@ static __always_inline void rseq_sched_s
>  {
>  	struct rseq_event *ev = &t->rseq.event;
>  
> -	if (IS_ENABLED(CONFIG_GENERIC_IRQ_ENTRY)) {
> +	/*
> +	 * Only apply the user_irq optimization for RSEQ ABI V2
> +	 * registrations. Legacy users like TCMalloc rely on the historical ABI
> +	 * V1 behaviour which updates IDs on every context swtich.
> +	 */
> +	if (IS_ENABLED(CONFIG_GENERIC_IRQ_ENTRY) && rseq_optimized(t)) {

idem.

> --- a/include/linux/rseq_types.h
> +++ b/include/linux/rseq_types.h
> @@ -18,6 +18,7 @@ struct rseq;
>   * @ids_changed:	Indicator that IDs need to be updated
>   * @user_irq:		True on interrupt entry from user mode
>   * @has_rseq:		True if the task has a rseq pointer installed
> + * @optimized:		RSEQ ABI V2 optimized mode
>   * @error:		Compound error code for the slow path to analyze
>   * @fatal:		User space data corrupted or invalid
>   * @slowpath:		Indicator that slow path processing via TIF_NOTIFY_RESUME
> @@ -41,7 +42,7 @@ struct rseq_event {
>  			};
>  
>  			u8			has_rseq;
> -			u8			__pad;
> +			u8			optimized;
>  			union {
>  				u16		error;
>  				struct {

I know you like the 'optimized' name, it is faster etc. However, the
description there suggests: has_rseq_v2 not be a bad name.

And while I write this, I figured we could have the value of has_rseq be
2, rather than 1, but this might end up generating worse code, dunno,
haven't tried yet.


> +static bool rseq_length_valid(struct rseq __user *rseq, unsigned int rseq_len)
> +{
> +	if (rseq_len < ORIG_RSEQ_SIZE)
> +		return false;
> +
> +	/*
> +	 * Ensure the provided rseq is properly aligned, as communicated to
> +	 * user-space through the ELF auxiliary vector AT_RSEQ_ALIGN. If
> +	 * rseq_len is the original rseq size, the required alignment is the
> +	 * original struct rseq alignment.
> +	 *
> +	 * The rseq_len is required to be greater or equal than the original
> +	 * rseq size.
> +	 *
> +	 * In order to be valid, rseq_len is either the original rseq size, or
> +	 * large enough to contain all supported fields, as communicated to
> +	 * user-space through the ELF auxiliary vector AT_RSEQ_FEATURE_SIZE.
> +	 */
> +	if (rseq_len < ORIG_RSEQ_SIZE)
> +		return false;

You just did that check, I doubt it'll have changed since the comment
;-)

> +	if (rseq_len == ORIG_RSEQ_SIZE)
> +		return IS_ALIGNED((unsigned long)rseq, ORIG_RSEQ_SIZE);
> +
> +	return IS_ALIGNED((unsigned long)rseq, rseq_alloc_align()) &&
> +		rseq_len >= offsetof(struct rseq, end);
> +}

Given we really only differentiate between ORIG_RSEQ_SIZE (32) and
sizeof(struct rseq), perhaps we should also add something like:

	if (rseq_len != sizeof(struct rseq))
		return false;

?