[tip: sched/urgent] rseq: Protect rseq_reset() against interrupts

Next message: tip-bot2 for Thomas Gleixner: "[tip: timers/core] posix-timers: Expand timer_[re]arm() callbacks with a boolean return value"
Previous message: tip-bot2 for Thomas Gleixner: "[tip: timers/core] hrtimer: Use hrtimer_start_expires_user() for hrtimer sleepers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: tip-bot2 for Thomas Gleixner

Date: Fri May 01 2026 - 15:45:37 EST

The following commit has been merged into the sched/urgent branch of tip:

Commit-ID: e9766e6f7d330dce7530918d8c6e3ec96d6c6e24
Gitweb: https://git.kernel.org/tip/e9766e6f7d330dce7530918d8c6e3ec96d6c6e24
Author: Thomas Gleixner <tglx@xxxxxxxxxx>
AuthorDate: Tue, 28 Apr 2026 10:14:41 +02:00
Committer: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
CommitterDate: Fri, 01 May 2026 21:32:20 +02:00

rseq: Protect rseq_reset() against interrupts

rseq_reset() uses memset() to clear the tasks rseq data. That's racy
against membarrier() and preemption.

Guard it with irqsave to cure this.

Fixes: faba9d250eae ("rseq: Introduce struct rseq_data")
Reported-by: Dmitry Vyukov <dvyukov@xxxxxxxxxx>
Signed-off-by: Thomas Gleixner <tglx@xxxxxxxxxx>
Signed-off-by: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx>
Reviewed-by: Dmitry Vyukov <dvyukov@xxxxxxxxxx>
Tested-by: Dmitry Vyukov <dvyukov@xxxxxxxxxx>
Link: https://patch.msgid.link/20260428224427.353887714%40kernel.org
Cc: stable@xxxxxxxxxxxxxxx
---
include/linux/rseq.h | 2 ++
1 file changed, 2 insertions(+)

diff --git a/include/linux/rseq.h b/include/linux/rseq.h
index b9d62fc..f446909 100644
--- a/include/linux/rseq.h
+++ b/include/linux/rseq.h
@@ -119,6 +119,8 @@ static inline void rseq_virt_userspace_exit(void)

static inline void rseq_reset(struct task_struct *t)
{
+ /* Protect against preemption and membarrier IPI */
+ guard(irqsave)();
memset(&t->rseq, 0, sizeof(t->rseq));
t->rseq.ids.cpu_id = RSEQ_CPU_ID_UNINITIALIZED;
}