[PATCH 6/6] irqchip/gic-v3: Fix one race condition due to NMI withdraw

30 Jun 2025

From: Yicong Yang <yangyicong@hisilicon.com>

kunpeng inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I9QIWG
CVE: NA

----------------------------------------------------------------------

The introduce of FEAT_NMI/FEAT_GICv3_NMI will cause a race problem that
we may handle the normal interrupt in interrupt disabled context due to
the withdraw of NMI interrupt. The flow will be like below:

[interrupt disabled]
                  <- normal interrupt pending, for example timer interrupt
                  <- NMI occurs, ISR_EL1.nmi = 1
do_el1_interrupt()
                  <- NMI withdraw, ISR_EL1.nmi = 0
  ISR_EL1.nmi = 0, not an NMI interrupt
  gic_handle_irq()
    __gic_handle_irq_from_irqson()
      irqnr = gic_read_iar() <- Oops, ack and handle an normal interrupt
                                in interrupt disabled context!

Fix this by checking the interrupt status in __gic_handle_irq_from_irqson()
and ignore the interrupt if we're in interrupt disabled context.

Fixes: 0408b5bc4300 ("irqchip/gic-v3: Implement FEAT_GICv3_NMI support")
Signed-off-by: Yicong Yang <yangyicong@hisilicon.com>
Signed-off-by: Jie Liu <liujie375@h-partners.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
---
 drivers/irqchip/irq-gic-v3.c | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/drivers/irqchip/irq-gic-v3.c b/drivers/irqchip/irq-gic-v3.c
index 1c744285bc38..a46e8ff4a50e 100644
--- a/drivers/irqchip/irq-gic-v3.c
+++ b/drivers/irqchip/irq-gic-v3.c
@@ -679,6 +679,28 @@ static asmlinkage void __exception_irq_entry gic_handle_irq(struct pt_regs *regs
 	}
 #endif
 
+	/*
+	 * We should enter here with interrupts disabled, otherwise we may met
+	 * a race here with FEAT_NMI/FEAT_GICv3_NMI:
+	 *
+	 * [interrupt disabled]
+	 *                   <- normal interrupt pending, for example timer interrupt
+	 *                   <- NMI occurs, ISR_EL1.nmi = 1
+	 * do_el1_interrupt()
+	 *                   <- NMI withdraw, ISR_EL1.nmi = 0
+	 *   ISR_EL1.nmi = 0, not an NMI interrupt
+	 *   gic_handle_irq()
+	 *     __gic_handle_irq_from_irqson()
+	 *       irqnr = gic_read_iar() <- Oops, ack and handle an normal interrupt
+	 *                                 in interrupt disabled context!
+	 *
+	 * So if we met this case here, just return from the interrupt context.
+	 * Since the interrupt is still pending, we can handle it once the
+	 * interrupt re-enabled and it'll not be missing.
+	 */
+	if (unlikely(!gic_supports_pseudo_nmis() && !interrupts_enabled(regs)))
+		return;
+
 	irqnr = gic_read_iar();
 
 	/* Check for special IDs first */
-- 
2.25.1

    