Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
task_work: Fix NMI race condition
__schedule()
// disable irqs
<NMI>
task_work_add(current, work, TWA_NMI_CURRENT);
</NMI>
// current = next;
// enable irqs
<IRQ>
task_work_set_notify_irq()
test_and_set_tsk_thread_flag(current,
TIF_NOTIFY_RESUME); // wrong task!
</IRQ>
// original task skips task work on its next return to user (or exit!)
Fixes: 466e4d801cd4 ("task_work: Add TWA_NMI_CURRENT as an additional notify mode.")
Reported-by: Josh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Link: https://patch.msgid.link/20250924080118.425949403@infradead.org
+7
-1
+7
-1
kernel/task_work.c
+7
-1
kernel/task_work.c
···
9
9
#ifdef CONFIG_IRQ_WORK
10
10
static void task_work_set_notify_irq(struct irq_work *entry)
11
11
{
12
-
test_and_set_tsk_thread_flag(current, TIF_NOTIFY_RESUME);
12
+
/*
13
+
* no-op IPI
14
+
*
15
+
* TWA_NMI_CURRENT will already have set the TIF flag, all
16
+
* this interrupt does it tickle the return-to-user path.
17
+
*/
13
18
}
14
19
static DEFINE_PER_CPU(struct irq_work, irq_work_NMI_resume) =
15
20
IRQ_WORK_INIT_HARD(task_work_set_notify_irq);
···
91
86
break;
92
87
#ifdef CONFIG_IRQ_WORK
93
88
case TWA_NMI_CURRENT:
89
+
set_tsk_thread_flag(current, TIF_NOTIFY_RESUME);
94
90
irq_work_queue(this_cpu_ptr(&irq_work_NMI_resume));
95
91
break;
96
92
#endif