From nobody Sat Feb  7 15:10:36 2026
Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.223.131])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id C93C82F9DA1
	for <linux-kernel@vger.kernel.org>; Mon,  5 Jan 2026 08:05:10 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=195.135.223.131
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1767600313; cv=none;
 b=iriKDhxRGFnhVRHnyzscxi8luDvw3woehBkbUk3TBlQzIB8intUHjPHXAktOU4j8RxOZ3a1kgb90tqfTwxyZTgGKEESWIUObt4VWulai5zojyA2leuKVmXjKFYg8bWbEULvaYcTqmvZkEMrCdT4B8xwBJloeWveW0vicSI8hs0Q=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1767600313; c=relaxed/simple;
	bh=I9xeZ3pkAwPZijUsRoDEZDEMq69ZS0AvzVUkdnNE5fU=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=K2EDKvHEC/hraTMasZ9Tal5cDsKWiK6GNNo2upXcgF95823bh3ii8JIgesNWNhlBX0mQnYUZ7k222I9G7ivGVpfQQB4e//rVey30QS1ol5VAbXLvq1CeCIsgCSPkot8b4ZKnY3QwH7tMA1RJUiF2Q5mibYIx+w7xGBIntLikvkg=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=quarantine dis=none) header.from=suse.com;
 spf=pass smtp.mailfrom=suse.com;
 dkim=pass (1024-bit key) header.d=suse.com header.i=@suse.com
 header.b=f1yPzD73;
 dkim=pass (1024-bit key) header.d=suse.com header.i=@suse.com
 header.b=f1yPzD73; arc=none smtp.client-ip=195.135.223.131
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=quarantine dis=none) header.from=suse.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=suse.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=suse.com header.i=@suse.com
 header.b="f1yPzD73";
	dkim=pass (1024-bit key) header.d=suse.com header.i=@suse.com
 header.b="f1yPzD73"
Received: from imap1.dmz-prg2.suse.org (unknown [10.150.64.97])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by smtp-out2.suse.de (Postfix) with ESMTPS id 1816F5BE33;
	Mon,  5 Jan 2026 08:05:06 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1;
	t=1767600306;
 h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=3C7fM+390Onh/eoPNbgyZkBFMZraYAqZIXwVAkpNCW4=;
	b=f1yPzD732Cv0ALFCE5ehXLZKtB/Z7PWXZKShHTacMNFv5MGQIbC2imaJWhsbnqfT0iE931
	EbxkrV4owtUB3WCkgNt6NgJc3KQ4ixgXLOrWSBhP+XgNKUknpcsJFKrWaHi1Y2C/SfkEMc
	qtoB0uxts8r6UByomeB/pvcxrfH0IbA=
Authentication-Results: smtp-out2.suse.de;
	none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1;
	t=1767600306;
 h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=3C7fM+390Onh/eoPNbgyZkBFMZraYAqZIXwVAkpNCW4=;
	b=f1yPzD732Cv0ALFCE5ehXLZKtB/Z7PWXZKShHTacMNFv5MGQIbC2imaJWhsbnqfT0iE931
	EbxkrV4owtUB3WCkgNt6NgJc3KQ4ixgXLOrWSBhP+XgNKUknpcsJFKrWaHi1Y2C/SfkEMc
	qtoB0uxts8r6UByomeB/pvcxrfH0IbA=
Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id CB0C53EA63;
	Mon,  5 Jan 2026 08:05:05 +0000 (UTC)
Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167])
	by imap1.dmz-prg2.suse.org with ESMTPSA
	id 2EoNMLFwW2lRNQAAD6G6ig
	(envelope-from <jgross@suse.com>); Mon, 05 Jan 2026 08:05:05 +0000
From: Juergen Gross <jgross@suse.com>
To: linux-kernel@vger.kernel.org,
	x86@kernel.org
Cc: Juergen Gross <jgross@suse.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>,
	Borislav Petkov <bp@alien8.de>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	"H. Peter Anvin" <hpa@zytor.com>
Subject: [PATCH v5 2/2] x86/alternative: Patch a single alternative location
 only once
Date: Mon,  5 Jan 2026 09:04:52 +0100
Message-ID: <20260105080452.5064-3-jgross@suse.com>
X-Mailer: git-send-email 2.51.0
In-Reply-To: <20260105080452.5064-1-jgross@suse.com>
References: <20260105080452.5064-1-jgross@suse.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-Spamd-Result: default: False [-6.80 / 50.00];
	REPLY(-4.00)[];
	BAYES_HAM(-3.00)[100.00%];
	MID_CONTAINS_FROM(1.00)[];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	R_MISSING_CHARSET(0.50)[];
	NEURAL_HAM_SHORT(-0.20)[-0.990];
	MIME_GOOD(-0.10)[text/plain];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	DKIM_SIGNED(0.00)[suse.com:s=susede1];
	MIME_TRACE(0.00)[0:+];
	FUZZY_RATELIMITED(0.00)[rspamd.com];
	ARC_NA(0.00)[];
	RCVD_TLS_ALL(0.00)[];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	FROM_HAS_DN(0.00)[];
	TO_DN_SOME(0.00)[];
	FROM_EQ_ENVFROM(0.00)[];
	RCPT_COUNT_SEVEN(0.00)[8];
	RCVD_COUNT_TWO(0.00)[2];
	DBL_BLOCKED_OPENRESOLVER(0.00)[suse.com:mid,suse.com:email]
X-Spam-Level: 
X-Spam-Flag: NO
X-Spam-Score: -6.80
Content-Type: text/plain; charset="utf-8"

Instead of patching a single location potentially multiple times in
case of nested ALTERNATIVE()s, do the patching only after having
evaluated all alt_instr instances for that location.

This has multiple advantages:

- In case of replacing an indirect with a direct call using the
  ALT_FLAG_DIRECT_CALL flag, there is no longer the need to have that
  instance before any other instances at the same location (the
  original instruction is needed for finding the target of the direct
  call).
  This issue has been hit when trying to do paravirt patching similar
  to the following:
    ALTERNATIVE_2(PARAVIRT_CALL,    // indirect call
                  instr, feature,   // native instruction
                  ALT_CALL_INSTR, X86_FEATURE_XENPV)  // Xen function
  In case "feature" was true, "instr" replaced the indirect call. Under
  Xen PV the patching to have a direct call failed, as the original
  indirect call was no longer there to find the call target.

- In case of nested ALTERNATIVE()s there is no intermediate replacement
  visible. This avoids any problems in case e.g. an interrupt is
  happening between the single instances and the patched location is
  used during handling the interrupt.

Signed-off-by: Juergen Gross <jgross@suse.com>
---
V2:
- complete rework (Boris Petkov)
V3:
- rebase to added patch 2
V5:
- small cosmetic changes (Boris Petkov)
- rebase due to changes in patch
---
 arch/x86/kernel/alternative.c | 49 +++++++++++++++++++----------------
 1 file changed, 26 insertions(+), 23 deletions(-)

diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c
index 6e3eec048d19..693b59b2f7d0 100644
--- a/arch/x86/kernel/alternative.c
+++ b/arch/x86/kernel/alternative.c
@@ -593,39 +593,38 @@ struct patch_site {
 	u8 len;
 };
=20
-static void __init_or_module analyze_patch_site(struct patch_site *ps,
-						struct alt_instr *start,
-						struct alt_instr *end)
+static struct alt_instr * __init_or_module analyze_patch_site(struct patch=
_site *ps,
+							     struct alt_instr *start,
+							     struct alt_instr *end)
 {
-	struct alt_instr *r;
+	struct alt_instr *alt =3D start;
=20
 	ps->instr =3D instr_va(start);
-	ps->len =3D start->instrlen;
=20
 	/*
 	 * In case of nested ALTERNATIVE()s the outer alternative might add
 	 * more padding. To ensure consistent patching find the max padding for
 	 * all alt_instr entries for this site (nested alternatives result in
 	 * consecutive entries).
+	 * Find the last alt_instr eligible for patching at the site.
 	 */
-	for (r =3D start+1; r < end && instr_va(r) =3D=3D ps->instr; r++) {
-		ps->len =3D max(ps->len, r->instrlen);
-		start->instrlen =3D r->instrlen =3D ps->len;
+	for (; alt < end && instr_va(alt) =3D=3D ps->instr; alt++) {
+		ps->len =3D max(ps->len, alt->instrlen);
+
+		BUG_ON(alt->cpuid >=3D (NCAPINTS + NBUGINTS) * 32);
+		/*
+		 * Patch if either:
+		 * - feature is present
+		 * - feature not present but ALT_FLAG_NOT is set to mean,
+		 *   patch if feature is *NOT* present.
+		 */
+		if (!boot_cpu_has(alt->cpuid) !=3D !(alt->flags & ALT_FLAG_NOT))
+			ps->alt =3D alt;
 	}
=20
 	BUG_ON(ps->len > sizeof(ps->buff));
-	BUG_ON(start->cpuid >=3D (NCAPINTS + NBUGINTS) * 32);
=20
-	/*
-	 * Patch if either:
-	 * - feature is present
-	 * - feature not present but ALT_FLAG_NOT is set to mean,
-	 *   patch if feature is *NOT* present.
-	 */
-	if (!boot_cpu_has(start->cpuid) =3D=3D !(start->flags & ALT_FLAG_NOT))
-		ps->alt =3D NULL;
-	else
-		ps->alt =3D start;
+	return alt;
 }
=20
 static void __init_or_module prep_patch_site(struct patch_site *ps)
@@ -704,10 +703,14 @@ void __init_or_module noinline apply_alternatives(str=
uct alt_instr *start,
 	 * So be careful if you want to change the scan order to any other
 	 * order.
 	 */
-	for (a =3D start; a < end; a++) {
-		struct patch_site ps;
-
-		analyze_patch_site(&ps, a, end);
+	a =3D start;
+	while (a < end) {
+		struct patch_site ps =3D {
+			.alt =3D NULL,
+			.len =3D 0
+		};
+
+		a =3D analyze_patch_site(&ps, a, end);
 		prep_patch_site(&ps);
 		patch_site(&ps);
 	}
--=20
2.51.0