[PATCH] arm64: panic if IRQ shadow call stack allocation fails

Breno Leitao leitao at debian.org
Wed Mar 25 01:54:32 PDT 2026 

On Tue, Mar 24, 2026 at 05:15:41PM +0100, Osama Abdelkader wrote:
> scs_alloc() can return NULL when vmalloc fails. init_irq_scs() previously
> stored that NULL in per-cpu irq_shadow_call_stack_ptr, which IRQ entry
> would then use under CONFIG_SHADOW_CALL_STACK. Match other SCS setup paths
> (e.g. SDEI) by failing explicitly instead of continuing with a NULL
> pointer.

Right,  _init_sdei_scs() doesn't not assign the per cpu pointer with
NULL, but, at the same time it doesn't panic. SDEI propagates -ENOMEM
back up the call chain and even frees already allocated stacks via
free_sdei_scs(). Should it panic as well?

> Mark init_irq_scs() __init since it is only called from init_IRQ().
> 
> Signed-off-by: Osama Abdelkader <osama.abdelkader at gmail.com>
> ---
>  arch/arm64/kernel/irq.c | 14 +++++++++-----
>  1 file changed, 9 insertions(+), 5 deletions(-)
> 
> diff --git a/arch/arm64/kernel/irq.c b/arch/arm64/kernel/irq.c
> index 15dedb385b9e..b32ed7ef8e00 100644
> --- a/arch/arm64/kernel/irq.c
> +++ b/arch/arm64/kernel/irq.c
> @@ -14,6 +14,7 @@
>  #include <linux/init.h>
>  #include <linux/irq.h>
>  #include <linux/irqchip.h>
> +#include <linux/kernel.h>

Why do you need kernel.h in here? I initially thought it was
for panic(), but, later I found panic() is already in use in this file.

Isn't kernel.h being included transitively?
>  #include <linux/kprobes.h>
>  #include <linux/memory.h>
>  #include <linux/scs.h>
> @@ -32,23 +33,26 @@ DEFINE_PER_CPU(struct nmi_ctx, nmi_contexts);
>  
>  DEFINE_PER_CPU(unsigned long *, irq_stack_ptr);
>  
> -
>  DECLARE_PER_CPU(unsigned long *, irq_shadow_call_stack_ptr);
>  
>  #ifdef CONFIG_SHADOW_CALL_STACK
>  DEFINE_PER_CPU(unsigned long *, irq_shadow_call_stack_ptr);
>  #endif
>  
> -static void init_irq_scs(void)
> +static void __init init_irq_scs(void)
>  {
>  	int cpu;
> +	void *s;
>  
>  	if (!scs_is_enabled())
>  		return;
>  
> -	for_each_possible_cpu(cpu)
> -		per_cpu(irq_shadow_call_stack_ptr, cpu) =
> -			scs_alloc(early_cpu_to_node(cpu));
> +	for_each_possible_cpu(cpu) {
> +		s = scs_alloc(early_cpu_to_node(cpu));
> +		if (!s)
> +			panic("irq: Failed to allocate shadow call stack\n");
> +		per_cpu(irq_shadow_call_stack_ptr, cpu) = s;
> +	}
>  }

Reading RISC-V code, it seems it has the same problem. Is it worth fixing also?

 static void init_irq_scs(void)
  {
          int cpu;

          if (!scs_is_enabled())
                  return;

          for_each_possible_cpu(cpu)
                  per_cpu(irq_shadow_call_stack_ptr, cpu) =
                          scs_alloc(cpu_to_node(cpu));
  }

Other than these nits, feel free to add:

Reviewed-by: Breno Leitao <leitao at debian.org>

More information about the linux-arm-kernel mailing list