Re: [PATCH v2] MIPS: smp: report dying CPU to RCU in stop_this_cpu()
From: Huacai Chen
Date: Mon Jun 15 2026 - 03:09:28 EST
On Mon, Jun 15, 2026 at 3:00 PM Jonas Jelonek <jelonek.jonas@xxxxxxxxx> wrote:
>
> Hi Huacai,
>
> sorry for the reply delay.
>
> On 10.06.26 08:05, Huacai Chen wrote:
> > [...]
> > In theory LoongArch has the same problem, but I cannot reproduce,
> > should I enable PREEMPT_RT? Or there are some special configurations?
>
> Sadly I cannot help with that. For MIPS, this seems to be the default
> behavior.
This patch fixes 91840be8f710, and 91840be8f710 adds synchronize_rcu()
in irq_work_sync(). Your problem is caused by this synchronize_rcu(),
right?
However, synchronize_rcu() only gets called in the
IS_ENABLED(CONFIG_PREEMPT_RT) case, so I think your configuration
needs PREEMPT_RT, right?
You said this is the default behavior, but PREEMPT_RT is not enabled by default.
Huacai
>
> > Huacai
> >
> >> This issue was noticed on several Realtek MIPS switch SoCs (MIPS
> >> interAptiv) and came up during kernel bump downstream in OpenWrt from
> >> 6.18.33 to 6.18.34, after the backport of the patch to the 6.18 stable
> >> branch. The patch also has been backported all the way back to 6.1.
> >>
> >> Call rcutree_report_cpu_dead() once interrupts are disabled, mirroring the
> >> generic CPU-hotplug offline path, so RCU stops waiting on the parked CPUs
> >> and grace periods can still complete. MIPS shuts down all CPUs here
> >> without going through the CPU-hotplug mechanism, so this report is not
> >> otherwise issued. Reporting a dying CPU to RCU outside the regular hotplug
> >> offline path is not unprecedented: arm64 does the same in cpu_die_early().
> >> There it is an exception for a CPU that was coming online and is aborting
> >> bringup, rather than the default shutdown action as on MIPS.
> >>
> >> Fixes: 91840be8f710 ("irq_work: Fix use-after-free in irq_work_single() on PREEMPT_RT")
> >> CC: stable@xxxxxxxxxxxxxxx
> >> Signed-off-by: Jonas Jelonek <jelonek.jonas@xxxxxxxxx>
> >>
> >> diff --git a/arch/mips/kernel/smp.c b/arch/mips/kernel/smp.c
> >> index 4868e79f3b30..0f28b4a62e72 100644
> >> --- a/arch/mips/kernel/smp.c
> >> +++ b/arch/mips/kernel/smp.c
> >> @@ -20,6 +20,7 @@
> >> #include <linux/sched/mm.h>
> >> #include <linux/cpumask.h>
> >> #include <linux/cpu.h>
> >> +#include <linux/rcupdate.h>
> >> #include <linux/err.h>
> >> #include <linux/ftrace.h>
> >> #include <linux/irqdomain.h>
> >> @@ -422,6 +423,7 @@ static void stop_this_cpu(void *dummy)
> >> set_cpu_online(smp_processor_id(), false);
> >> calculate_cpu_foreign_map();
> >> local_irq_disable();
> >> + rcutree_report_cpu_dead();
> >> while (1);
> >> }
> >>
> >> --
> >> 2.51.0
> >>
> >>
>
> Best,
> Jonas