Re: [PATCH] x86/efi: Fix graceful fault handling after FPU softirq changes

[Ard Biesheuvel]

On Fri, 1 May 2026, at 07:52, Eric Biggers wrote:
> On Thu, Apr 30, 2026 at 03:41:07PM +0800, Ivan Hu wrote:
>> Since commit d02198550423 ("x86/fpu: Improve crypto performance by
>> making kernel-mode FPU reliably usable in softirqs"), kernel_fpu_begin()
>> calls fpregs_lock() which uses local_bh_disable() instead of the
>> previous preempt_disable(). This sets SOFTIRQ_OFFSET in preempt_count
>> during the entire EFI runtime service call, causing in_interrupt() to
>> return true in normal task context.
>> 
>> The graceful page fault handler efi_crash_gracefully_on_page_fault()
>> uses in_interrupt() to bail out for faults in real interrupt context.
>> With SOFTIRQ_OFFSET now set, the handler always bails out, leaving EFI
>> firmware page faults unhandled. This escalates to die() which also sees
>> in_interrupt() as true and calls panic("Fatal exception in interrupt"),
>> resulting in a hard system freeze. On systems with buggy firmware that
>> triggers page faults during EFI runtime calls (e.g., accessing unmapped
>> memory in GetTime()), this causes an unrecoverable hang instead of the
>> expected graceful EFI_ABORTED recovery.
>> 
>> Fix by replacing in_interrupt() with in_hardirq() || in_nmi(). This
>> preserves the original intent of bailing for genuine hardware interrupt
>> or NMI faults, while no longer falsely triggering from the FPU code
>> path's local_bh_disable(). This is safe because softirqs cannot run
>> during EFI calls (they are explicitly blocked by fpregs_lock()), so
>> they can never be the source of a page fault in this context.
>> 
>> Fixes: d02198550423 ("x86/fpu: Improve crypto performance by making kernel-mode FPU reliably usable in softirqs")
>> Signed-off-by: Ivan Hu <ivan.hu@xxxxxxxxxxxxx>
>
> Sorry for the trouble here.
>
> Can you check the Sashiko review at
> https://sashiko.dev/#/patchset/20260430074107.27051-1-ivan.hu%40canonical.com
> ?  The two things it found look legitimate.
>

Ah thanks for bringing that up. Yes, those concerns seem valid (as
usual for Sashiko :-))

So we should be using !in_task() here instead, to ensure that
in_serving_softirq() is taken into account too, or we might
trigger the EFI page fault handler inadvertently.

I will send out a patch for the other issue it identified separately.