* [PATCH 6.1 & 6.6] LoongArch: Report dying CPU to RCU in stop_this_cpu()
@ 2026-07-03 3:24 Huacai Chen
2026-07-04 2:05 ` Sasha Levin
0 siblings, 1 reply; 2+ messages in thread
From: Huacai Chen @ 2026-07-03 3:24 UTC (permalink / raw)
To: Greg Kroah-Hartman, Sasha Levin, Huacai Chen
Cc: Xuerui Wang, stable, linux-kernel, loongarch, Huacai Chen
commit f2539c56c74691e7a88af6372ba2b48c06ed2fe4 upstream.
This is a port of MIPS commit 9f3f3bdc6d9dac1 ("MIPS: smp: report dying
CPU to RCU in stop_this_cpu()"). smp_send_stop() parks all secondary
CPUs in stop_this_cpu(). And the function marks the CPU offline for the
scheduler via set_cpu_online(false) but never informs RCU, so RCU keeps
expecting a quiescent state from CPUs that are now spinning forever with
interrupts disabled.
As long as nothing waits for an RCU grace period after smp_send_stop()
this is harmless, which is why it went unnoticed. However, since commit
91840be8f710370 ("irq_work: Fix use-after-free in irq_work_single() on
PREEMPT_RT"), irq_work_sync() calls synchronize_rcu() on architectures
without an irq_work self-IPI, i.e. where arch_irq_work_has_interrupt()
returns false. Any irq_work_sync() issued in the reboot/shutdown/halt
path after smp_send_stop() then blocks on a grace period that can never
complete, hanging the reboot:
WARNING: CPU: 0 PID: 15 at kernel/irq_work.c:144 irq_work_queue_on
...
rcu: INFO: rcu_sched detected stalls on CPUs/tasks:
rcu: Offline CPU 1 blocking current GP.
rcu: Offline CPU 2 blocking current GP.
rcu: Offline CPU 3 blocking current GP.
This issue needs some hacks to reproduce, and it was not noticed on
LoongArch because arch_irq_work_has_interrupt() usually returns true.
Call rcutree_report_cpu_dead() once interrupts are disabled, mirroring
the generic CPU-hotplug offline path, so RCU stops waiting on the parked
CPUs and grace periods can still complete. LoongArch shuts down all CPUs
here without going through the CPU-hotplug mechanism, so this report is
not otherwise issued.
Cc: <stable@vger.kernel.org>
Fixes: 91840be8f710 ("irq_work: Fix use-after-free in irq_work_single() on PREEMPT_RT")
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
---
arch/loongarch/kernel/smp.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/loongarch/kernel/smp.c b/arch/loongarch/kernel/smp.c
index d66007fbfdda..0ab9dedd7a69 100644
--- a/arch/loongarch/kernel/smp.c
+++ b/arch/loongarch/kernel/smp.c
@@ -691,6 +691,7 @@ static void stop_this_cpu(void *dummy)
set_cpu_online(smp_processor_id(), false);
calculate_cpu_foreign_map();
local_irq_disable();
+ rcu_report_dead(smp_processor_id());
while (true);
}
--
2.52.0
^ permalink raw reply related [flat|nested] 2+ messages in thread* Re: [PATCH 6.1 & 6.6] LoongArch: Report dying CPU to RCU in stop_this_cpu()
2026-07-03 3:24 [PATCH 6.1 & 6.6] LoongArch: Report dying CPU to RCU in stop_this_cpu() Huacai Chen
@ 2026-07-04 2:05 ` Sasha Levin
0 siblings, 0 replies; 2+ messages in thread
From: Sasha Levin @ 2026-07-04 2:05 UTC (permalink / raw)
To: Greg Kroah-Hartman, Huacai Chen
Cc: Sasha Levin, Xuerui Wang, stable, linux-kernel, loongarch,
Huacai Chen
On Thu, Jul 03, 2026 at 11:24:00AM +0800, Huacai Chen wrote:
> commit f2539c56c74691e7a88af6372ba2b48c06ed2fe4 upstream.
>
> This is a port of MIPS commit 9f3f3bdc6d9dac1 ("MIPS: smp: report dying
> CPU to RCU in stop_this_cpu()"). smp_send_stop() parks all secondary
> CPUs in stop_this_cpu().
Queued for 6.6.y and 6.1.y, thanks!
--
Thanks,
Sasha
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-07-04 2:05 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-07-03 3:24 [PATCH 6.1 & 6.6] LoongArch: Report dying CPU to RCU in stop_this_cpu() Huacai Chen
2026-07-04 2:05 ` Sasha Levin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox