Re: [RESEND PATCH] smp: Avoid invalid per-CPU CSD lookup with CSD lock debug

Next message: Luiz Angelo Daros de Luca: "Re: [net-next PATCH v7 0/8] net: dsa: realtek: rtl8365mb: bridge offloading and VLAN support"
Previous message: Muchun Song: "[PATCH v2] mm/cma: fix reserved page leak on activation failure"
In reply to: Chuyi Zhou: "[RESEND PATCH] smp: Avoid invalid per-CPU CSD lookup with CSD lock debug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Muchun Song

Date: Sat May 23 2026 - 02:08:20 EST

> On May 23, 2026, at 12:27, Chuyi Zhou <zhouchuyi@xxxxxxxxxxxxx> wrote:
>
> Commit b0473dcd4b1d ("smp: Improve smp_call_function_single()
> CSD-lock diagnostics") made smp_call_function_single() use the destination
> CPU's csd_data when CSD lock debugging is enabled. That lets the debug code
> associate a stuck CSD lock with the target CPU, but it also means the CPU
> argument is used in per_cpu_ptr() before generic_exec_single() has a chance
> to validate it.
>
> This becomes unsafe when smp_call_function_any() cannot find an online CPU
> in the supplied mask. In that case the selected CPU can be nr_cpu_ids, and
> the !wait path calls get_single_csd_data(cpu) before generic_exec_single()
> returns -ENXIO. With csdlock_debug_enabled set, that indexes the per-CPU
> offset array with an invalid CPU number.
>
> Use the destination CPU's csd_data only when the CPU number is within
> nr_cpu_ids. For invalid CPU numbers, fall back to the local CPU's csd_data
> and let generic_exec_single() perform the existing validation and return
> -ENXIO.
>
> Fixes: b0473dcd4b1d ("smp: Improve smp_call_function_single() CSD-lock diagnostics")
> Signed-off-by: Chuyi Zhou <zhouchuyi@xxxxxxxxxxxxx>
> Reviewed-by: Paul E. McKenney <paulmck@xxxxxxxxxx>

Acked-by: Muchun Song <muchun.song@xxxxxxxxx>

Thanks.