Re: [PATCH 10/10] arm64: Check DAIF (and PMR) at task-switch time

[Mark Rutland]

On Wed, Apr 08, 2026 at 10:17:56AM +0800, Jinjie Ruan wrote:
> On 2026/4/7 21:16, Mark Rutland wrote:
> > +static inline void debug_switch_state(void)
> > +{
> > +	if (system_uses_irq_prio_masking()) {
> > +		unsigned long daif_expected = 0;
> > +		unsigned long daif_actual = read_sysreg(daif);
> > +		unsigned long pmr_expected = GIC_PRIO_IRQOFF;
> > +		unsigned long pmr_actual = read_sysreg_s(SYS_ICC_PMR_EL1);
> > +
> > +		WARN_ONCE(daif_actual != daif_expected ||
> > +			  pmr_actual != pmr_expected,
> > +			  "Unexpected DAIF + PMR: 0x%lx + 0x%lx (expected 0x%lx + 0x%lx)\n",
> > +			  daif_actual, pmr_actual,
> > +			  daif_expected, pmr_expected);
> > +	} else {
> > +		unsigned long daif_expected = DAIF_PROCCTX_NOIRQ;
> > +		unsigned long daif_actual = read_sysreg(daif);
> > +
> > +		WARN_ONCE(daif_actual != daif_expected,
> > +			  "Unexpected DAIF value: 0x%lx (expected 0x%lx)\n",
> > +			  daif_actual, daif_expected);
> > +	}
> 
> This logic seems consistent with arm64's local_irq_disable()
> implementation. Do we need to wrap these debug checks in a config option
> (e.g., CONFIG_ARM64_DEBUG_PRIORITY_MASKING) to avoid unnecessary overhead?

Possibly. I'd expected this was infrequent enough that there wouldn't be
a noticeable overhead, but admittedly I don't have numbers.

Given Thomas seems happy to queue the preparatory bits, (hopefully) we
can queue the rest of this as-is, and I reckon it's probably best to
drop this patch for now and follow up with a better version later.

There are some other bits of state I'd like to check here (e.g. PAN),
and I think this requires a bit more work.

Thanks for looking at this!

Mark.

> 
> 
> __schedule()
>   -> local_irq_disable()
>     -> arch_local_irq_disable()
> 
> 52 static __always_inline void __daif_local_irq_disable(void)
>  53 {
>  54         barrier();
>  55         asm volatile("msr daifset, #3");
>  56         barrier();
>  57 }
>  58
>  59 static __always_inline void __pmr_local_irq_disable(void)
>  60 {
>  61         if (IS_ENABLED(CONFIG_ARM64_DEBUG_PRIORITY_MASKING)) {
>  62                 u32 pmr = read_sysreg_s(SYS_ICC_PMR_EL1);
>  63                 WARN_ON_ONCE(pmr != GIC_PRIO_IRQON && pmr !=
> GIC_PRIO_IRQOFF);
>  64         }
>  65
>  66         barrier();
>  67         write_sysreg_s(GIC_PRIO_IRQOFF, SYS_ICC_PMR_EL1);
>  68         barrier();
>  69 }
>  70
>  71 static inline void arch_local_irq_disable(void)
>  72 {
>  73         if (system_uses_irq_prio_masking()) {
>  74                 __pmr_local_irq_disable();
>  75         } else {
>  76                 __daif_local_irq_disable();
>  77         }
>  78 }
> 
> 
> > +}
> > +
> >  /*
> >   * Thread switching.
> >   */
> > @@ -708,6 +731,8 @@ struct task_struct *__switch_to(struct task_struct *prev,
> >  {
> >  	struct task_struct *last;
> >  
> > +	debug_switch_state();
> > +
> >  	fpsimd_thread_switch(next);
> >  	tls_thread_switch(next);
> >  	hw_breakpoint_thread_switch(next);