From: Leon Hwang leon.hwang@linux.dev
[ Upstream commit e25ddfb388c8b7e5f20e3bf38d627fb485003781 ]
When enable CONFIG_PREEMPT_RT, the kernel will warn when run timer selftests by './test_progs -t timer':
BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48
In order to avoid such warning, reject bpf_timer in verifier when PREEMPT_RT is enabled.
Signed-off-by: Leon Hwang leon.hwang@linux.dev Link: https://lore.kernel.org/r/20250910125740.52172-2-leon.hwang@linux.dev Signed-off-by: Alexei Starovoitov ast@kernel.org Signed-off-by: Sasha Levin sashal@kernel.org ---
LLM Generated explanations, may be completely bogus:
Based on my extensive investigation using multiple specialized agents, I can now provide a comprehensive assessment:
## **Backport Status: YES**
This commit absolutely should be backported to stable kernel trees, specifically to 6.12+ where PREEMPT_RT is mainlined.
## Detailed Justification:
### 1. **Fixes a Critical Bug for RT Systems** The commit prevents a serious "sleeping function called from invalid context" warning at `kernel/locking/spinlock_rt.c:48` that occurs when BPF programs using timers run on PREEMPT_RT kernels. This was reported by Sebastian Andrzej Siewior (RT maintainer) and causes: - System warnings and log flooding - Potential deadlocks - Violation of real-time guarantees - System instability
### 2. **Meets All Stable Kernel Criteria** - **Small and contained**: Only 4 lines of code added to `process_timer_func()` - **Obviously correct**: Simple verification-time check that returns `-EOPNOTSUPP` - **Fixes real issue**: Addresses reported bug affecting RT users - **Already tested**: Has corresponding selftest updates - **No new features**: Pure bug fix, no functionality additions
### 3. **High Impact on Affected Users** PREEMPT_RT kernels are used in: - Industrial control systems - Medical devices - Automotive systems - Robotics and automation - Any safety-critical application requiring deterministic timing
Without this fix, these systems face stability risks that could violate safety requirements.
### 4. **Clean Prevention vs Runtime Failure** The fix provides a clean, early rejection at BPF program load time with a clear error message, rather than allowing runtime failures that could compromise system stability. This follows the principle of "fail fast and fail clearly."
### 5. **Part of Broader RT Compatibility Effort** This aligns with other PREEMPT_RT compatibility fixes in the BPF subsystem that have been backported, such as: - Memory allocation adaptations for RT - Per-CPU data structure changes - Locking mechanism adjustments
### 6. **No Alternative Workaround** Users cannot work around this issue - BPF timers fundamentally conflict with RT's sleeping lock model due to the `hrtimer_cancel()` path requiring sleepable locks while holding spinlocks with IRQs disabled.
### 7. **Recommended Stable Tags** The commit should include: ``` Fixes: b00628b1c7d5 ("bpf: Introduce bpf timers.") Cc: stable@vger.kernel.org # 6.12+ ```
This is a textbook example of what belongs in stable: a small, correct fix for a real bug with significant user impact on specialized but important systems.
kernel/bpf/verifier.c | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index d6782efd25734..a6338936085ae 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -8405,6 +8405,10 @@ static int process_timer_func(struct bpf_verifier_env *env, int regno, verifier_bug(env, "Two map pointers in a timer helper"); return -EFAULT; } + if (IS_ENABLED(CONFIG_PREEMPT_RT)) { + verbose(env, "bpf_timer cannot be used for PREEMPT_RT.\n"); + return -EOPNOTSUPP; + } meta->map_uid = reg->map_uid; meta->map_ptr = map; return 0;