From: Thomas Gleixner <tglx@kernel.org>
To: David Stevens <stevensd@google.com>,
Pasha Tatashin <pasha.tatashin@soleen.com>,
Linus Walleij <linus.walleij@linaro.org>,
Will Deacon <willdeacon@google.com>,
Quentin Perret <qperret@google.com>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
Andy Lutomirski <luto@kernel.org>, Xin Li <xin@zytor.com>,
Peter Zijlstra <peterz@infradead.org>,
Andrew Morton <akpm@linux-foundation.org>,
David Hildenbrand <david@kernel.org>,
Lorenzo Stoakes <ljs@kernel.org>,
"Liam R. Howlett" <Liam.Howlett@oracle.com>,
Vlastimil Babka <vbabka@kernel.org>,
Mike Rapoport <rppt@kernel.org>,
Suren Baghdasaryan <surenb@google.com>,
Michal Hocko <mhocko@suse.com>,
Uladzislau Rezki <urezki@gmail.com>, Kees Cook <kees@kernel.org>
Cc: David Stevens <stevensd@google.com>,
linux-kernel@vger.kernel.org, linux-mm@kvack.org
Subject: Re: [PATCH v2 12/13] x86: Add support for dynamic kernel stacks via FRED
Date: Sat, 27 Jun 2026 00:39:52 +0200 [thread overview]
Message-ID: <87zf0hgc3r.ffs@fw13> (raw)
In-Reply-To: <20260424191456.2679717-13-stevensd@google.com>
On Fri, Apr 24 2026 at 12:14, David Stevens wrote:
As promised, I've came around to look at this part too.
> +#ifdef CONFIG_DYNAMIC_STACK
> +
> +static noinstr unsigned long copy_stack_data(struct pt_regs *regs)
> +{
> + unsigned long new_sp;
> + unsigned long data_len;
Just a minor issue. Please read and comply with the coding standards
documented in https://docs.kernel.org/process/maintainer-tip.html
> +
> + new_sp = regs->sp - (FRED_CONFIG_REDZONE_AMOUNT << 6);
> + new_sp &= FRED_STACK_FRAME_RSP_MASK;
> + data_len = sizeof(struct fred_frame);
> + new_sp -= data_len;
> +
> + memcpy((void *)new_sp, regs, data_len);
> +
> + return new_sp;
> +}
> +
> +__visible noinstr unsigned long switch_to_kstack(struct pt_regs *regs)
> +{
> + return copy_stack_data(regs);
> +}
> +
> +#define ALIGN_TO_STACK(addr) ((addr) & ~(THREAD_ALIGN - 1))
> +
> +__visible noinstr unsigned long handle_dynamic_stack_kernel_faults(struct pt_regs *regs)
> +{
> + unsigned long address;
> + struct task_struct *tsk;
> + bool on_stack;
> +
> + address = fred_event_data(regs);
> + if (fault_in_kernel_space(address) && !in_nmi()) {
Assume the following scenario:
CPU runs in user space
NMI is raised
NMI runs on SL0
NMI execution triggers the stack guard page
Don't tell me that's unlikely. As discussed before unlikely does not
exist. You just have to enable enough debug muck, build with a compiler
which aggressively out of lines code (hint CLANG) and then end up in a
deep perf/trace/bpf callchain.
> + tsk = task_from_stack_address(address);
> +
> + if (tsk && dynamic_stack_fault(tsk, address, &on_stack)) {
> + WARN_ON_ONCE(tsk != current &&
> + ALIGN_TO_STACK(regs->sp) != ALIGN_TO_STACK(address));
> + return 0;
> + }
> + }
> +
> + /*
> + * The regular fault handler won't sleep when executing in an
> + * atomic context, so we can complete the #PF directly on the
> + * #PF stack.
Q: What guarantees you that in_atomic() is giving you always the right answer?
A: Nothing
Why?
If there is a #PF (not caused by the thread stack guard) on a SL>0
stack _before_ the kernel reached the point where it increments
preempt_count, then in_atomic() returns false.
As a consequence you copy stack data around to the same place, which
should be benign, but it is well understood that memcpy() source and
destination areas _must_ not overlap. That's UB, no?
I know that should not happen, but that doesn't make it less UB :)
> + */
> + if (in_atomic())
> + return (unsigned long)regs;
> + else
> + return copy_stack_data(regs);
Thanks,
tglx
next prev parent reply other threads:[~2026-06-26 22:40 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-24 19:14 [PATCH v2 00/13] Dynamic Kernel Stacks David Stevens
2026-04-24 19:14 ` [PATCH v2 01/13] fork: Remove assumption that vm_area->nr_pages equals to THREAD_SIZE David Stevens
2026-04-24 19:14 ` [PATCH v2 02/13] fork: Don't assume fully populated stack during reuse David Stevens
2026-04-24 19:14 ` [PATCH v2 03/13] fork: Move vm_stack to the beginning of the stack David Stevens
2026-04-24 19:14 ` [PATCH v2 04/13] fork: separate vmap stack allocation and free calls David Stevens
2026-04-24 19:14 ` [PATCH v2 05/13] mm/vmalloc: Add a get_vm_area_node() and vmap_pages_range() public functions David Stevens
2026-04-24 19:14 ` [PATCH v2 06/13] fork: Move vmap stack freeing to work queue David Stevens
2026-04-24 19:14 ` [PATCH v2 07/13] fork: Dynamic Kernel Stacks David Stevens
2026-04-24 19:14 ` [PATCH v2 08/13] task_stack.h: Add stack_not_used() support for dynamic stack David Stevens
2026-04-24 19:14 ` [PATCH v2 09/13] fork: Dynamic Kernel Stack accounting David Stevens
2026-04-24 19:14 ` [PATCH v2 10/13] fork: Store task pointer in unpopulated stack ptes David Stevens
2026-06-26 22:46 ` Thomas Gleixner
2026-04-24 19:14 ` [PATCH v2 11/13] x86/entry/fred: encode frame pointer on entry David Stevens
2026-05-20 22:24 ` David Stevens
2026-05-22 22:25 ` H. Peter Anvin
2026-05-24 18:22 ` Xin Li
2026-04-24 19:14 ` [PATCH v2 12/13] x86: Add support for dynamic kernel stacks via FRED David Stevens
2026-06-26 22:39 ` Thomas Gleixner [this message]
2026-06-27 4:05 ` David Stevens
2026-04-24 19:14 ` [PATCH v2 13/13] x86: Add support for dynamic kernel stacks via IST David Stevens
2026-04-24 19:41 ` [PATCH v2 00/13] Dynamic Kernel Stacks Dave Hansen
2026-04-24 21:35 ` Pasha Tatashin
2026-04-24 22:21 ` Dave Hansen
2026-04-24 22:49 ` David Stevens
2026-04-24 22:26 ` David Laight
2026-04-24 23:06 ` Pasha Tatashin
2026-06-19 0:29 ` Dave Hansen
2026-06-19 19:56 ` Zach O'Keefe
2026-06-20 5:25 ` David Stevens
2026-06-20 23:22 ` Dave Hansen
2026-04-25 9:19 ` H. Peter Anvin
2026-04-27 16:17 ` Dave Hansen
2026-06-18 14:50 ` Zach O'Keefe
2026-06-18 18:53 ` Dave Hansen
2026-06-18 22:28 ` H. Peter Anvin
2026-06-19 0:40 ` David Stevens
2026-06-19 0:44 ` H. Peter Anvin
2026-06-19 12:45 ` Thomas Gleixner
2026-06-19 19:20 ` Zach O'Keefe
2026-06-19 21:59 ` Thomas Gleixner
2026-06-20 5:02 ` David Stevens
2026-06-20 21:59 ` Thomas Gleixner
2026-06-20 19:33 ` Zach O'Keefe
2026-06-20 19:44 ` H. Peter Anvin
2026-06-20 20:01 ` Zach O'Keefe
2026-06-20 23:34 ` Thomas Gleixner
2026-06-22 23:00 ` Zach O'Keefe
2026-06-23 7:50 ` David Hildenbrand (Arm)
2026-06-23 9:10 ` David Laight
2026-06-23 9:19 ` David Hildenbrand (Arm)
2026-06-23 21:58 ` Thomas Gleixner
2026-06-25 11:56 ` Andrew Cooper
2026-06-25 21:38 ` H. Peter Anvin
2026-06-26 8:16 ` David Laight
2026-04-27 16:31 ` Pasha Tatashin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87zf0hgc3r.ffs@fw13 \
--to=tglx@kernel.org \
--cc=Liam.Howlett@oracle.com \
--cc=akpm@linux-foundation.org \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=david@kernel.org \
--cc=hpa@zytor.com \
--cc=kees@kernel.org \
--cc=linus.walleij@linaro.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=ljs@kernel.org \
--cc=luto@kernel.org \
--cc=mhocko@suse.com \
--cc=mingo@redhat.com \
--cc=pasha.tatashin@soleen.com \
--cc=peterz@infradead.org \
--cc=qperret@google.com \
--cc=rppt@kernel.org \
--cc=stevensd@google.com \
--cc=surenb@google.com \
--cc=urezki@gmail.com \
--cc=vbabka@kernel.org \
--cc=willdeacon@google.com \
--cc=x86@kernel.org \
--cc=xin@zytor.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.