[PATCH] arm64: panic if IRQ shadow call stack allocation fails
Osama Abdelkader
osama.abdelkader at gmail.com
Thu Mar 26 16:02:14 PDT 2026
On Wed, Mar 25, 2026 at 01:54:32AM -0700, Breno Leitao wrote:
> On Tue, Mar 24, 2026 at 05:15:41PM +0100, Osama Abdelkader wrote:
> > scs_alloc() can return NULL when vmalloc fails. init_irq_scs() previously
> > stored that NULL in per-cpu irq_shadow_call_stack_ptr, which IRQ entry
> > would then use under CONFIG_SHADOW_CALL_STACK. Match other SCS setup paths
> > (e.g. SDEI) by failing explicitly instead of continuing with a NULL
> > pointer.
>
> Right, _init_sdei_scs() doesn't not assign the per cpu pointer with
> NULL, but, at the same time it doesn't panic. SDEI propagates -ENOMEM
> back up the call chain and even frees already allocated stacks via
> free_sdei_scs(). Should it panic as well?
>
Thanks, I changed it to return -ENOMEM in v2 to address will's review.
> > Mark init_irq_scs() __init since it is only called from init_IRQ().
> >
> > Signed-off-by: Osama Abdelkader <osama.abdelkader at gmail.com>
> > ---
> > arch/arm64/kernel/irq.c | 14 +++++++++-----
> > 1 file changed, 9 insertions(+), 5 deletions(-)
> >
> > diff --git a/arch/arm64/kernel/irq.c b/arch/arm64/kernel/irq.c
> > index 15dedb385b9e..b32ed7ef8e00 100644
> > --- a/arch/arm64/kernel/irq.c
> > +++ b/arch/arm64/kernel/irq.c
> > @@ -14,6 +14,7 @@
> > #include <linux/init.h>
> > #include <linux/irq.h>
> > #include <linux/irqchip.h>
> > +#include <linux/kernel.h>
>
> Why do you need kernel.h in here? I initially thought it was
> for panic(), but, later I found panic() is already in use in this file.
>
> Isn't kernel.h being included transitively?
Right, I removed it in v2, thanks.
> > #include <linux/kprobes.h>
> > #include <linux/memory.h>
> > #include <linux/scs.h>
> > @@ -32,23 +33,26 @@ DEFINE_PER_CPU(struct nmi_ctx, nmi_contexts);
> >
> > DEFINE_PER_CPU(unsigned long *, irq_stack_ptr);
> >
> > -
> > DECLARE_PER_CPU(unsigned long *, irq_shadow_call_stack_ptr);
> >
> > #ifdef CONFIG_SHADOW_CALL_STACK
> > DEFINE_PER_CPU(unsigned long *, irq_shadow_call_stack_ptr);
> > #endif
> >
> > -static void init_irq_scs(void)
> > +static void __init init_irq_scs(void)
> > {
> > int cpu;
> > + void *s;
> >
> > if (!scs_is_enabled())
> > return;
> >
> > - for_each_possible_cpu(cpu)
> > - per_cpu(irq_shadow_call_stack_ptr, cpu) =
> > - scs_alloc(early_cpu_to_node(cpu));
> > + for_each_possible_cpu(cpu) {
> > + s = scs_alloc(early_cpu_to_node(cpu));
> > + if (!s)
> > + panic("irq: Failed to allocate shadow call stack\n");
> > + per_cpu(irq_shadow_call_stack_ptr, cpu) = s;
> > + }
> > }
>
> Reading RISC-V code, it seems it has the same problem. Is it worth fixing also?
>
> static void init_irq_scs(void)
> {
> int cpu;
>
> if (!scs_is_enabled())
> return;
>
> for_each_possible_cpu(cpu)
> per_cpu(irq_shadow_call_stack_ptr, cpu) =
> scs_alloc(cpu_to_node(cpu));
> }
Yes, thanks for the check.
>
> Other than these nits, feel free to add:
>
> Reviewed-by: Breno Leitao <leitao at debian.org>
Thank you. I sent v2:
[PATCH v2] arm64: panic from init_IRQ if IRQ handler stacks cannot be
allocated
To cover init_irq_stacks as well.
Best regards,
Osama
More information about the linux-arm-kernel
mailing list