* Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote: > On Mon, 15 Jun 2009, tip-bot for Peter Zijlstra wrote: > > > > __copy_from_user_inatomic() isn't NMI safe in that it can trigger > > the page fault handler which is another trap and its return path > > invokes IRET which will also close the NMI context. > > That's not the only problem. > > An even more fundamental problem is that the page fault handler is > not re-entrant because of simple the value in %cr2. So regardless > of any 'iret' issues, you *CANNOT* take a page fault in an NMI, > because the NMI might happen while we're in the critical region of > having taken another page fault, but before we've saved off the > value of %cr2 in that old page fault. > > If the NMI handler causes a page fault, it will corrupt the %cr2 > of the outer page fault. That's why the page fault is done with an > interrupt gate, and why we have that conditional > local_irq_enable() in it. > > So page faults are fundamentally only safe wrt normal interrupts, > not NMI. ahhh ... a light goes up. Indeed. I was suspecting something much more complex: like the CPU somehow having shadow state for attempted-fault which gets confused by NMI->fault. A simple cr2 corruption would explain all those cc1 SIGSEGVs and other user-space crashes i saw, with sufficiently intense sampling - easily. The thing is, that __copy_user_inatomic() has been in arch/x86/oprofile/backtrace.c for years, i didnt even suspect some simple, fundamental flaw like this. Apparently nobody uses it. This is really good news in a sense: i really hate that additional entry*.S mucking in the exception path in the dont-IRET patch. We want less entry*.S magic, not more. Ingo -- To unsubscribe from this list: send the line "unsubscribe linux-tip-commits" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html