From: "Russell King (Oracle)" <linux@armlinux.org.uk>
To: Xie Yuanbin <xieyuanbin1@huawei.com>
Cc: viro@zeniv.linux.org.uk, akpm@linux-foundation.org,
brauner@kernel.org, catalin.marinas@arm.com, hch@lst.de,
jack@suse.com, linux-arm-kernel@lists.infradead.org,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-mm@kvack.org, pangliyuan1@huawei.com,
torvalds@linux-foundation.org, wangkefeng.wang@huawei.com,
will@kernel.org, wozizhi@huaweicloud.com, yangerkun@huawei.com
Subject: Re: [Bug report] hash_name() may cross page boundary and trigger sleep in RCU context
Date: Mon, 8 Dec 2025 10:07:25 +0000 [thread overview]
Message-ID: <aTajXdAVYh9qJI6B@shell.armlinux.org.uk> (raw)
In-Reply-To: <20251208023206.44238-1-xieyuanbin1@huawei.com>
On Mon, Dec 08, 2025 at 10:32:06AM +0800, Xie Yuanbin wrote:
> On Fri, 5 Dec 2025 12:08:14 +0000, Russell King wrote:
> > Right, let's split these issues into separate patches. Please test this
> > patch, which should address only the hash_name() fault issue, and
> > provides the basis for fixing the branch predictor issue.
>
> I conducted a simple test, and it seems that both the hash_name()
> might sleep issue and the branch predictor issue have been fixed.
This isn't entirely fixed. A data abort for an alignment fault (thus
calling do_alignment()) will enable interrupts, and then may call
do_bad_area(). We can't short-circuit this path like we can with
do_page_fault() as alignment faults from userspace can be valid for
the vectors page - not that we should see them, but that doesn't mean
that there isn't something in userspace that does.
> BTW, even with this patch, test cases may still fail. There is another
> bug in hash_name() will also be triggered by the testcase, which will be
> fixed in this patch:
> Link: https://lore.kernel.org/20251127025848.363992-1-pangliyuan1@huawei.com
That patch got missed - I'm notoriously bad at catching every email.
There's just way too much email coming in.
> Test case is from:
> Link: https://lore.kernel.org/20251127140109.191657-1-xieyuanbin1@huawei.com
>
> Test in commit 6987d58a9cbc5bd57c98 ("Add linux-next specific files for
> 20251205") from linux-next branch.
>
> I still have a question about this patch: Is
> ```patch
> + if (interrupts_enabled(regs))
> + local_irq_enable();
> ```
> necessary? Although this implementation is closer to the original code,
> which can reduce side effects, do_bad_area(), do_sect_fault(),
> and do_translation_fault() all call __do_kernel_fault() with interrupts
> disabled.
It's to keep the behaviour closer to the original as possible, on the
principle of avoiding unnecessary behavioural changes to the code. As
noted above, do_bad_area() can be called with interrupts enabled.
Whether RT folk would be happy removing that is a different question,
given that they want as much of the kernel to be preemptable.
--
RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
FTTP is here! 80Mbps down 10Mbps up. Decent connectivity at last!
next prev parent reply other threads:[~2025-12-08 10:07 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-26 9:05 Zizhi Wo
2025-11-26 10:19 ` [RFC PATCH] vfs: Fix might sleep in load_unaligned_zeropad() with rcu read lock held Xie Yuanbin
2025-11-26 18:10 ` Al Viro
2025-11-26 18:48 ` Al Viro
2025-11-26 19:05 ` Russell King (Oracle)
2025-11-26 19:26 ` Al Viro
2025-11-26 19:51 ` Russell King (Oracle)
2025-11-26 20:02 ` Al Viro
2025-11-26 22:25 ` david laight
2025-11-26 23:51 ` Al Viro
2025-11-26 23:31 ` Russell King (Oracle)
2025-11-27 3:03 ` Xie Yuanbin
2025-11-27 7:20 ` Sebastian Andrzej Siewior
2025-11-27 11:20 ` Xie Yuanbin
2025-11-28 1:39 ` Xie Yuanbin
2025-11-26 20:42 ` Al Viro
2025-11-26 10:27 ` [Bug report] hash_name() may cross page boundary and trigger sleep in RCU context Zizhi Wo
2025-11-26 21:12 ` Linus Torvalds
2025-11-27 10:27 ` Will Deacon
2025-11-27 10:57 ` Russell King (Oracle)
2025-11-28 17:06 ` Linus Torvalds
2025-11-29 1:01 ` Zizhi Wo
2025-11-29 1:35 ` Linus Torvalds
2025-11-29 4:08 ` [Bug report] hash_name() may cross page boundary and trigger Xie Yuanbin
2025-11-29 9:08 ` Al Viro
2025-11-29 9:25 ` Xie Yuanbin
2025-11-29 9:44 ` Al Viro
2025-11-29 10:05 ` Xie Yuanbin
2025-11-29 10:45 ` david laight
2025-11-29 8:54 ` [Bug report] hash_name() may cross page boundary and trigger sleep in RCU context Al Viro
2025-12-01 2:08 ` Zizhi Wo
2025-11-29 2:18 ` [Bug report] hash_name() may cross page boundary and trigger Xie Yuanbin
2025-12-01 13:28 ` [Bug report] hash_name() may cross page boundary and trigger sleep in RCU context Will Deacon
2025-12-02 12:43 ` Russell King (Oracle)
2025-12-02 13:02 ` Xie Yuanbin
2025-12-02 22:07 ` Linus Torvalds
2025-12-03 1:48 ` Xie Yuanbin
2025-12-05 12:08 ` Russell King (Oracle)
2025-12-08 2:32 ` Xie Yuanbin
2025-12-08 9:26 ` David Laight
2025-12-08 10:07 ` Russell King (Oracle) [this message]
2025-12-08 13:18 ` Xie Yuanbin
2025-12-08 15:43 ` Russell King (Oracle)
2025-12-09 1:30 ` Xie Yuanbin
2025-11-26 18:55 ` Al Viro
2025-11-27 2:24 ` Zizhi Wo
2025-11-29 3:37 ` Al Viro
2025-11-30 3:01 ` [RFC][alpha] saner vmalloc handling (was Re: [Bug report] hash_name() may cross page boundary and trigger sleep in RCU context) Al Viro
2025-11-30 11:32 ` david laight
2025-11-30 16:43 ` Al Viro
2025-11-30 18:14 ` Magnus Lindholm
2025-11-30 19:03 ` david laight
2025-11-30 20:31 ` Al Viro
2025-11-30 20:32 ` Al Viro
2025-11-30 22:16 ` Linus Torvalds
2025-11-30 23:37 ` Al Viro
2025-12-01 2:03 ` [Bug report] hash_name() may cross page boundary and trigger sleep in RCU context Zizhi Wo
2025-11-27 12:59 ` Will Deacon
2025-11-28 1:17 ` Zizhi Wo
2025-11-28 1:18 ` Zizhi Wo
2025-11-28 1:39 ` Zizhi Wo
2025-11-28 12:25 ` Will Deacon
2025-11-29 1:02 ` Zizhi Wo
2025-11-29 3:55 ` Al Viro
2025-12-01 2:38 ` Zizhi Wo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aTajXdAVYh9qJI6B@shell.armlinux.org.uk \
--to=linux@armlinux.org.uk \
--cc=akpm@linux-foundation.org \
--cc=brauner@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=hch@lst.de \
--cc=jack@suse.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=pangliyuan1@huawei.com \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
--cc=wangkefeng.wang@huawei.com \
--cc=will@kernel.org \
--cc=wozizhi@huaweicloud.com \
--cc=xieyuanbin1@huawei.com \
--cc=yangerkun@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox