Le Fri, Oct 10, 2025 at 05:38:34PM +0200, Valentin Schneider a écrit : > text_poke_bp_batch() sends IPIs to all online CPUs to synchronize > them vs the newly patched instruction. CPUs that are executing in userspace > do not need this synchronization to happen immediately, and this is > actually harmful interference for NOHZ_FULL CPUs. > > As the synchronization IPIs are sent using a blocking call, returning from > text_poke_bp_batch() implies all CPUs will observe the patched > instruction(s), and this should be preserved even if the IPI is deferred. > In other words, to safely defer this synchronization, any kernel > instruction leading to the execution of the deferred instruction > sync (ct_work_flush()) must *not* be mutable (patchable) at runtime. > > This means we must pay attention to mutable instructions in the early entry > code: > - alternatives > - static keys > - static calls > - all sorts of probes (kprobes/ftrace/bpf/???) > > The early entry code leading to ct_work_flush() is noinstr, which gets rid > of the probes. > > Alternatives are safe, because it's boot-time patching (before SMP is > even brought up) which is before any IPI deferral can happen. > > This leaves us with static keys and static calls. > > Any static key used in early entry code should be only forever-enabled at > boot time, IOW __ro_after_init (pretty much like alternatives). Exceptions > are explicitly marked as allowed in .noinstr and will always generate an > IPI when flipped. > > The same applies to static calls - they should be only updated at boot > time, or manually marked as an exception. > > Objtool is now able to point at static keys/calls that don't respect this, > and all static keys/calls used in early entry code have now been verified > as behaving appropriately. > > Leverage the new context_tracking infrastructure to defer sync_core() IPIs > to a target CPU's next kernel entry. > > Signed-off-by: Peter Zijlstra (Intel) <[email protected]> > Signed-off-by: Nicolas Saenz Julienne <[email protected]> > Signed-off-by: Valentin Schneider <[email protected]>
Acked-by: Frederic Weisbecker <[email protected]> -- Frederic Weisbecker SUSE Labs
