Re: [PATCH v2] ARM: enable interrupts when unhandled user faults are triggered
From: sashiko-bot
Date: Mon Jun 29 2026 - 08:55:40 EST
Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
Pre-existing issues:
- [Critical] Missing interrupt enablement in baddataabort() before sending signals, causing a PREEMPT_RT sleeping-while-atomic BUG.
--
commit c514933dc1b8809c06e2a04abca8d68edc5cd623
Author: Xie Yuanbin <xieyuanbin1@xxxxxxxxxx>
ARM: enable interrupts when unhandled user faults are triggered
This commit enables interrupts in do_DataAbort() and do_PrefetchAbort()
when unhandled user faults are triggered. This resolves an issue on
PREEMPT_RT where calling force_sig_fault() with interrupts disabled
would cause problems, as PREEMPT_RT requires interrupts to be enabled
when sending signals.
> diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c
> index e62cc4be5adf6..c686775035325 100644
> --- a/arch/arm/mm/fault.c
> +++ b/arch/arm/mm/fault.c
> @@ -633,6 +633,9 @@ do_DataAbort(unsigned long addr, unsigned int fsr, struct pt_regs *regs)
> if (!inf->fn(addr, fsr & ~FSR_LNX_PF, regs))
> return;
>
> + if (likely(user_mode(regs)))
> + local_irq_enable();
> +
[Severity: Critical]
This is a pre-existing issue, but does a similar fix need to be applied
to baddataabort() in arch/arm/kernel/traps.c?
If a user-space program executes an unsupported data access instruction on
architectures using v4t_late_abort (like ARM720T or ARM7TDMI), it raises
a data abort exception and enters __dabt_usr with interrupts disabled.
Execution can proceed to v4t_late_abort(), and if instruction decode
fails, it branches to baddataabort():
arch/arm/mm/abort-lv4t.S:v4t_late_abort()
.data_unknown:
mov r0, r4
mov r1, r8
b baddataabort
baddataabort() then calls arm_notify_die() which eventually calls
force_sig_fault():
arch/arm/kernel/traps.c:baddataabort()
arm_notify_die("unknown data abort code", regs,
SIGILL, ILL_ILLOPC, (void __user *)addr, instr, 0);
Because baddataabort() lacks the local_irq_enable() being added here in
do_DataAbort(), interrupts remain disabled during signal delivery. Could
this allow an unprivileged local user to trigger this path and cause a
sleeping-while-atomic panic on PREEMPT_RT?
[ ... ]
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260629123349.134224-1-xieyuanbin1@xxxxxxxxxx?part=1