All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH v2] ARM: enable interrupts when unhandled user faults are triggered
@ 2026-06-29 12:33 Xie Yuanbin
  2026-06-29 12:48 ` Xie Yuanbin
                   ` (3 more replies)
  0 siblings, 4 replies; 6+ messages in thread
From: Xie Yuanbin @ 2026-06-29 12:33 UTC (permalink / raw)
  To: linux, bigeasy, clrkwllms, rostedt, rmk+kernel, linusw, arnd
  Cc: linux-arm-kernel, linux-kernel, linux-rt-devel, liaohua4,
	lilinjie8, Xie Yuanbin

PREEMPT_RT requires interrupts to be enabled when sending signals.

When do_DataAbort()/do_PrefetchAbort() triggers unhandled user faults,
that is `inf->fn()` return a non-zero value, and the interrupts are not
enabled within the hook function, force_sig_fault() will be called
with interrupts disabled.

This can be triggered by user programs executing the bkpt instruction,
with kernel config CONFIG_PERF_EVENTS=n.

Enable interrupts in do_DataAbort()/do_PrefetchAbort() when unhandled
user faults are triggered to fix the issue.

Fixes: c6e61c06d606 ("ARM: 9463/1: Allow to enable RT")

Suggested-by: Russell King <linux@armlinux.org.uk>
Suggested-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Xie Yuanbin <xieyuanbin1@huawei.com>
---
v1->v2: https://lore.kernel.org/20260625073522.182503-1-xieyuanbin1@huawei.com
  - Move local_irq_enable() from arm_notify_die() to
    do_DataAbort()/do_PrefetchAbort()

 arch/arm/mm/fault.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c
index e62cc4be5adf..c68677503532 100644
--- a/arch/arm/mm/fault.c
+++ b/arch/arm/mm/fault.c
@@ -633,6 +633,9 @@ do_DataAbort(unsigned long addr, unsigned int fsr, struct pt_regs *regs)
 	if (!inf->fn(addr, fsr & ~FSR_LNX_PF, regs))
 		return;
 
+	if (likely(user_mode(regs)))
+		local_irq_enable();
+
 	pr_alert("8<--- cut here ---\n");
 	pr_alert("Unhandled fault: %s (0x%03x) at 0x%08lx\n",
 		inf->name, fsr, addr);
@@ -663,6 +666,9 @@ do_PrefetchAbort(unsigned long addr, unsigned int ifsr, struct pt_regs *regs)
 	if (!inf->fn(addr, ifsr | FSR_LNX_PF, regs))
 		return;
 
+	if (likely(user_mode(regs)))
+		local_irq_enable();
+
 	pr_alert("8<--- cut here ---\n");
 	pr_alert("Unhandled prefetch abort: %s (0x%03x) at 0x%08lx\n",
 		inf->name, ifsr, addr);
-- 
2.53.0


^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [PATCH v2] ARM: enable interrupts when unhandled user faults are triggered
  2026-06-29 12:33 [PATCH v2] ARM: enable interrupts when unhandled user faults are triggered Xie Yuanbin
@ 2026-06-29 12:48 ` Xie Yuanbin
  2026-06-29 13:12   ` Sebastian Andrzej Siewior
  2026-06-29 12:51 ` sashiko-bot
                   ` (2 subsequent siblings)
  3 siblings, 1 reply; 6+ messages in thread
From: Xie Yuanbin @ 2026-06-29 12:48 UTC (permalink / raw)
  To: bigeasy, linux, rmk+kernel
  Cc: xieyuanbin1, arnd, clrkwllms, liaohua4, lilinjie8, linusw,
	linux-arm-kernel, linux-kernel, linux-rt-devel, rostedt

On Mon, 29 Jun 2026 11:40:22 +0200, Sebastian Andrzej Siewior wrote:
> If this is moved to the callers of arm_notify_die() then I don't know
> what to do about baddataabort(). It looks like it gets invoked with
> disabled interrupts, too but I'm not sure. This looks like pre ARM v7.
> Is it reasonable to add such a check there?

Oh, I'm not sure about this place either. Would interrupts here be
disabled? I'm not familiar with the entry assembly code of v4t, so
I don't know how to construct a user-space program that can run to
baddataabort(), and I also don't have a v4t device to test it.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH v2] ARM: enable interrupts when unhandled user faults are triggered
  2026-06-29 12:33 [PATCH v2] ARM: enable interrupts when unhandled user faults are triggered Xie Yuanbin
  2026-06-29 12:48 ` Xie Yuanbin
@ 2026-06-29 12:51 ` sashiko-bot
  2026-06-29 13:14 ` Sebastian Andrzej Siewior
  2026-06-30 22:49 ` Linus Walleij
  3 siblings, 0 replies; 6+ messages in thread
From: sashiko-bot @ 2026-06-29 12:51 UTC (permalink / raw)
  To: Xie Yuanbin; +Cc: linux-rt-devel, linux-kernel

Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:

Pre-existing issues:
- [Critical] Missing interrupt enablement in baddataabort() before sending signals, causing a PREEMPT_RT sleeping-while-atomic BUG.
--

commit c514933dc1b8809c06e2a04abca8d68edc5cd623
Author: Xie Yuanbin <xieyuanbin1@huawei.com>

ARM: enable interrupts when unhandled user faults are triggered

This commit enables interrupts in do_DataAbort() and do_PrefetchAbort()
when unhandled user faults are triggered. This resolves an issue on
PREEMPT_RT where calling force_sig_fault() with interrupts disabled
would cause problems, as PREEMPT_RT requires interrupts to be enabled
when sending signals.

> diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c
> index e62cc4be5adf6..c686775035325 100644
> --- a/arch/arm/mm/fault.c
> +++ b/arch/arm/mm/fault.c
> @@ -633,6 +633,9 @@ do_DataAbort(unsigned long addr, unsigned int fsr, struct pt_regs *regs)
>  	if (!inf->fn(addr, fsr & ~FSR_LNX_PF, regs))
>  		return;
>  
> +	if (likely(user_mode(regs)))
> +		local_irq_enable();
> +

[Severity: Critical]
This is a pre-existing issue, but does a similar fix need to be applied
to baddataabort() in arch/arm/kernel/traps.c?

If a user-space program executes an unsupported data access instruction on
architectures using v4t_late_abort (like ARM720T or ARM7TDMI), it raises
a data abort exception and enters __dabt_usr with interrupts disabled.

Execution can proceed to v4t_late_abort(), and if instruction decode
fails, it branches to baddataabort():

arch/arm/mm/abort-lv4t.S:v4t_late_abort()
    .data_unknown:
        mov r0, r4
        mov r1, r8
        b   baddataabort

baddataabort() then calls arm_notify_die() which eventually calls
force_sig_fault():

arch/arm/kernel/traps.c:baddataabort()
    arm_notify_die("unknown data abort code", regs,
                   SIGILL, ILL_ILLOPC, (void __user *)addr, instr, 0);

Because baddataabort() lacks the local_irq_enable() being added here in
do_DataAbort(), interrupts remain disabled during signal delivery. Could
this allow an unprivileged local user to trigger this path and cause a
sleeping-while-atomic panic on PREEMPT_RT?

[ ... ]

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260629123349.134224-1-xieyuanbin1@huawei.com?part=1

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH v2] ARM: enable interrupts when unhandled user faults are triggered
  2026-06-29 12:48 ` Xie Yuanbin
@ 2026-06-29 13:12   ` Sebastian Andrzej Siewior
  0 siblings, 0 replies; 6+ messages in thread
From: Sebastian Andrzej Siewior @ 2026-06-29 13:12 UTC (permalink / raw)
  To: Xie Yuanbin
  Cc: linux, rmk+kernel, arnd, clrkwllms, liaohua4, lilinjie8, linusw,
	linux-arm-kernel, linux-kernel, linux-rt-devel, rostedt

On 2026-06-29 20:48:16 [+0800], Xie Yuanbin wrote:
> On Mon, 29 Jun 2026 11:40:22 +0200, Sebastian Andrzej Siewior wrote:
> > If this is moved to the callers of arm_notify_die() then I don't know
> > what to do about baddataabort(). It looks like it gets invoked with
> > disabled interrupts, too but I'm not sure. This looks like pre ARM v7.
> > Is it reasonable to add such a check there?
> 
> Oh, I'm not sure about this place either. Would interrupts here be
> disabled? I'm not familiar with the entry assembly code of v4t, so
> I don't know how to construct a user-space program that can run to
> baddataabort(), and I also don't have a v4t device to test it.

I don't have anything myself but it follows the same pattern.
Sashiko just reported that it is a pre-existing issue :)

Sebastian

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH v2] ARM: enable interrupts when unhandled user faults are triggered
  2026-06-29 12:33 [PATCH v2] ARM: enable interrupts when unhandled user faults are triggered Xie Yuanbin
  2026-06-29 12:48 ` Xie Yuanbin
  2026-06-29 12:51 ` sashiko-bot
@ 2026-06-29 13:14 ` Sebastian Andrzej Siewior
  2026-06-30 22:49 ` Linus Walleij
  3 siblings, 0 replies; 6+ messages in thread
From: Sebastian Andrzej Siewior @ 2026-06-29 13:14 UTC (permalink / raw)
  To: Xie Yuanbin
  Cc: linux, clrkwllms, rostedt, rmk+kernel, linusw, arnd,
	linux-arm-kernel, linux-kernel, linux-rt-devel, liaohua4,
	lilinjie8

On 2026-06-29 20:33:49 [+0800], Xie Yuanbin wrote:
> PREEMPT_RT requires interrupts to be enabled when sending signals.
> 
> When do_DataAbort()/do_PrefetchAbort() triggers unhandled user faults,
> that is `inf->fn()` return a non-zero value, and the interrupts are not
> enabled within the hook function, force_sig_fault() will be called
> with interrupts disabled.
> 
> This can be triggered by user programs executing the bkpt instruction,
> with kernel config CONFIG_PERF_EVENTS=n.
> 
> Enable interrupts in do_DataAbort()/do_PrefetchAbort() when unhandled
> user faults are triggered to fix the issue.
> 
> Fixes: c6e61c06d606 ("ARM: 9463/1: Allow to enable RT")
> 
> Suggested-by: Russell King <linux@armlinux.org.uk>
> Suggested-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
> Signed-off-by: Xie Yuanbin <xieyuanbin1@huawei.com>

Reviewed-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>

This fixes the issue that can be easily triggered.

Sebastian

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH v2] ARM: enable interrupts when unhandled user faults are triggered
  2026-06-29 12:33 [PATCH v2] ARM: enable interrupts when unhandled user faults are triggered Xie Yuanbin
                   ` (2 preceding siblings ...)
  2026-06-29 13:14 ` Sebastian Andrzej Siewior
@ 2026-06-30 22:49 ` Linus Walleij
  3 siblings, 0 replies; 6+ messages in thread
From: Linus Walleij @ 2026-06-30 22:49 UTC (permalink / raw)
  To: Xie Yuanbin
  Cc: linux, bigeasy, clrkwllms, rostedt, rmk+kernel, arnd,
	linux-arm-kernel, linux-kernel, linux-rt-devel, liaohua4,
	lilinjie8

On Mon, Jun 29, 2026 at 2:34 PM Xie Yuanbin <xieyuanbin1@huawei.com> wrote:

> PREEMPT_RT requires interrupts to be enabled when sending signals.
>
> When do_DataAbort()/do_PrefetchAbort() triggers unhandled user faults,
> that is `inf->fn()` return a non-zero value, and the interrupts are not
> enabled within the hook function, force_sig_fault() will be called
> with interrupts disabled.
>
> This can be triggered by user programs executing the bkpt instruction,
> with kernel config CONFIG_PERF_EVENTS=n.
>
> Enable interrupts in do_DataAbort()/do_PrefetchAbort() when unhandled
> user faults are triggered to fix the issue.
>
> Fixes: c6e61c06d606 ("ARM: 9463/1: Allow to enable RT")
>

Skip blank line.

> Suggested-by: Russell King <linux@armlinux.org.uk>
> Suggested-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
> Signed-off-by: Xie Yuanbin <xieyuanbin1@huawei.com>

I had something like this in my (currently put on ice) generic entry
patch series:
https://lore.kernel.org/linux-arm-kernel/20250225-arm-generic-entry-v5-30-2f02313653e5@linaro.org/

This goes in that direction so:
Reviewed-by: Linus Walleij <linusw@kernel.org>

Yours,
Linus Walleij

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2026-06-30 22:49 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-29 12:33 [PATCH v2] ARM: enable interrupts when unhandled user faults are triggered Xie Yuanbin
2026-06-29 12:48 ` Xie Yuanbin
2026-06-29 13:12   ` Sebastian Andrzej Siewior
2026-06-29 12:51 ` sashiko-bot
2026-06-29 13:14 ` Sebastian Andrzej Siewior
2026-06-30 22:49 ` Linus Walleij

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.