From: Ivan Hu <ivan.hu@canonical.com>
To: ardb@kernel.org, ilias.apalodimas@linaro.org, tglx@kernel.org,
mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com,
hpa@zytor.com, ebiggers@google.com
Cc: x86@kernel.org, linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH] x86/efi: Fix graceful fault handling after FPU softirq changes
Date: Thu, 30 Apr 2026 15:41:07 +0800 [thread overview]
Message-ID: <20260430074107.27051-1-ivan.hu@canonical.com> (raw)
Since commit d02198550423 ("x86/fpu: Improve crypto performance by
making kernel-mode FPU reliably usable in softirqs"), kernel_fpu_begin()
calls fpregs_lock() which uses local_bh_disable() instead of the
previous preempt_disable(). This sets SOFTIRQ_OFFSET in preempt_count
during the entire EFI runtime service call, causing in_interrupt() to
return true in normal task context.
The graceful page fault handler efi_crash_gracefully_on_page_fault()
uses in_interrupt() to bail out for faults in real interrupt context.
With SOFTIRQ_OFFSET now set, the handler always bails out, leaving EFI
firmware page faults unhandled. This escalates to die() which also sees
in_interrupt() as true and calls panic("Fatal exception in interrupt"),
resulting in a hard system freeze. On systems with buggy firmware that
triggers page faults during EFI runtime calls (e.g., accessing unmapped
memory in GetTime()), this causes an unrecoverable hang instead of the
expected graceful EFI_ABORTED recovery.
Fix by replacing in_interrupt() with in_hardirq() || in_nmi(). This
preserves the original intent of bailing for genuine hardware interrupt
or NMI faults, while no longer falsely triggering from the FPU code
path's local_bh_disable(). This is safe because softirqs cannot run
during EFI calls (they are explicitly blocked by fpregs_lock()), so
they can never be the source of a page fault in this context.
Fixes: d02198550423 ("x86/fpu: Improve crypto performance by making kernel-mode FPU reliably usable in softirqs")
Signed-off-by: Ivan Hu <ivan.hu@canonical.com>
---
arch/x86/platform/efi/quirks.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/x86/platform/efi/quirks.c b/arch/x86/platform/efi/quirks.c
index df24ffc6105d..7475405119ce 100644
--- a/arch/x86/platform/efi/quirks.c
+++ b/arch/x86/platform/efi/quirks.c
@@ -767,10 +767,10 @@ void efi_crash_gracefully_on_page_fault(unsigned long phys_addr)
return;
/*
- * If we get an interrupt/NMI while processing an EFI runtime service
+ * If we get a hard IRQ or NMI while processing an EFI runtime service
* then this is a regular OOPS, not an EFI failure.
*/
- if (in_interrupt())
+ if (in_hardirq() || in_nmi())
return;
/*
--
2.43.0
next reply other threads:[~2026-04-30 7:41 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-30 7:41 Ivan Hu [this message]
2026-04-30 8:30 ` [PATCH] x86/efi: Fix graceful fault handling after FPU softirq changes Ard Biesheuvel
2026-05-01 5:52 ` Eric Biggers
2026-05-01 6:38 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260430074107.27051-1-ivan.hu@canonical.com \
--to=ivan.hu@canonical.com \
--cc=ardb@kernel.org \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=ebiggers@google.com \
--cc=hpa@zytor.com \
--cc=ilias.apalodimas@linaro.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=tglx@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox