1. Patchew
  2. linux
  3. View series

[PATCH] genirq/proc: fix race in show_irq_affinity()

Muchun Song posted 1 patch 3 months, 1 week ago 
kernel/irq/proc.c | 2 ++
1 file changed, 2 insertions(+)
[PATCH] genirq/proc: fix race in show_irq_affinity()
Posted by Muchun Song 3 months, 1 week ago 
Reading /proc/irq/N/smp_affinity* races with irq_set_affinity() and
irq_move_masked_irq(), leading to old or torn output for users.

We hit a real-world issue: after a user writes a new CPU mask to
/proc/irq/N/affinity*, the syscall returns success, yet a subsequent
read of the same file immediately returns a value different from
what was just written—much to the user’s surprise. Root-causing
showed that a race between show_irq_affinity() and
irq_move_masked_irq() lets the read observe a transient, inconsistent
affinity mask. struct irq_desc is supposed to be accessed under the
desc->lock, it seems that show_irq_affinity() forgets that, so fix it.

Signed-off-by: Muchun Song <songmuchun@bytedance.com>
---
 kernel/irq/proc.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/kernel/irq/proc.c b/kernel/irq/proc.c
index 8e29809de38d..d8979d46abbd 100644
--- a/kernel/irq/proc.c
+++ b/kernel/irq/proc.c
@@ -48,6 +48,8 @@ static int show_irq_affinity(int type, struct seq_file *m)
 	struct irq_desc *desc = irq_to_desc((long)m->private);
 	const struct cpumask *mask;
 
+	guard(raw_spinlock_irq)(&desc->lock);
+
 	switch (type) {
 	case AFFINITY:
 	case AFFINITY_LIST:
-- 
2.20.1
[tip: irq/core] genirq/proc: Fix race in show_irq_affinity()
Posted by tip-bot2 for Muchun Song 3 months, 1 week ago 
The following commit has been merged into the irq/core branch of tip:

Commit-ID:     9ea2b810d51ae662cc5b5578f9395cb620a34a26
Gitweb:        https://git.kernel.org/tip/9ea2b810d51ae662cc5b5578f9395cb620a34a26
Author:        Muchun Song <songmuchun@bytedance.com>
AuthorDate:    Tue, 28 Oct 2025 17:04:08 +08:00
Committer:     Thomas Gleixner <tglx@linutronix.de>
CommitterDate: Fri, 31 Oct 2025 22:30:05 +01:00

genirq/proc: Fix race in show_irq_affinity()

Reading /proc/irq/N/smp_affinity* races with irq_set_affinity() and
irq_move_masked_irq(), leading to old or torn output for users.

After a user writes a new CPU mask to /proc/irq/N/affinity*, the syscall
returns success, yet a subsequent read of the same file immediately returns
a value different from what was just written.

That's due to a race between show_irq_affinity() and irq_move_masked_irq()
which lets the read observe a transient, inconsistent affinity mask.

Cure it by guarding the read with irq_desc::lock.

[ tglx: Massaged change log ]

Signed-off-by: Muchun Song <songmuchun@bytedance.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://patch.msgid.link/20251028090408.76331-1-songmuchun@bytedance.com
---
 kernel/irq/proc.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/kernel/irq/proc.c b/kernel/irq/proc.c
index 29c2404..77258ea 100644
--- a/kernel/irq/proc.c
+++ b/kernel/irq/proc.c
@@ -48,6 +48,8 @@ static int show_irq_affinity(int type, struct seq_file *m)
 	struct irq_desc *desc = irq_to_desc((long)m->private);
 	const struct cpumask *mask;
 
+	guard(raw_spinlock_irq)(&desc->lock);
+
 	switch (type) {
 	case AFFINITY:
 	case AFFINITY_LIST:

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.