On Mon, Feb 19, 2024 at 05:57:07PM +0100, Ard Biesheuvel wrote:
> On Mon, 19 Feb 2024 at 14:24, Xiang Yang <xiangyang3@xxxxxxxxxx> wrote:
> >
> > This reverts commit 3f225f29c69c13ce1cbdb1d607a42efeef080056.
> >
> > The shadow call stack for irq now is stored in current task's thread info
> > in irq_stack_entry. There is a possibility that we have some soft irqs
> > pending at the end of hard irq, and when we process softirq with the irq
> > enabled, irq_stack_entry will enter again and overwrite the shadow call
> > stack whitch stored in current task's thread info, leading to the
> > incorrect shadow call stack restoration for the first entry of the hard
> > IRQ, then the system end up with a panic.
> >
> > task A | task A
> > -------------------------------------+------------------------------------
> > el1_irq //irq1 enter |
> > irq_handler //save scs_sp1 |
> > gic_handle_irq |
> > irq_exit |
> > __do_softirq |
> > | el1_irq //irq2 enter
> > | irq_handler //save scs_sp2
> > | //overwrite scs_sp1
> > | ...
> > | irq_stack_exit //restore scs_sp2
> > irq_stack_exit //restore wrong |
> > //scs_sp2 |
> >
> > So revert this commit to fix it.
> >
> > Fixes: 3f225f29c69c ("arm64: Stash shadow stack pointer in the task struct on interrupt")
> >
> > Signed-off-by: Xiang Yang <xiangyang3@xxxxxxxxxx>
>
> Acked-by: Ard Biesheuvel <ardb@xxxxxxxxxx>
Now queued up, thanks.
greg k-h
