Re: [PATCH bpf-next v6 8/9] selftests/bpf: Add tracing prog private stack tests

[Yonghong Song <yonghong.song@linux.dev>]

On 10/20/24 2:59 PM, Jiri Olsa wrote:
> On Sun, Oct 20, 2024 at 12:14:31PM -0700, Yonghong Song wrote:
>
> SNIP
>
>> +__naked __noinline __used
>> +static unsigned long loop_callback(void)
>> +{
>> +	asm volatile (
>> +	"call %[bpf_get_prandom_u32];"
>> +	"r1 = 42;"
>> +	"*(u64 *)(r10 - 512) = r1;"
>> +	"call cumulative_stack_depth_subprog;"
>> +	"r0 = 0;"
>> +	"exit;"
>> +	:
>> +	: __imm(bpf_get_prandom_u32)
>> +	: __clobber_common);
>> +}
>> +
>> +SEC("raw_tp")
>> +__description("Private stack, callback")
>> +__success
>> +__arch_x86_64
>> +/* for func loop_callback */
>> +__jited("func #1")
>> +__jited("	endbr64")
> this should fail if CONFIG_X86_KERNEL_IBT is not enabled, right?
>
> hm, but I can see that also in other tests, so I guess it's fine,
> should we add it to config.x86_64 ?

The CI has CONFIG_X86_KERNEL_IBT as well.

I checked x86 kconfig, I see

config CC_HAS_IBT
         # GCC >= 9 and binutils >= 2.29
         # Retpoline check to work around https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93654
         # Clang/LLVM >= 14
         # https://github.com/llvm/llvm-project/commit/e0b89df2e0f0130881bf6c39bf31d7f6aac00e0f
         # https://github.com/llvm/llvm-project/commit/dfcf69770bc522b9e411c66454934a37c1f35332
         def_bool ((CC_IS_GCC && $(cc-option, -fcf-protection=branch -mindirect-branch-register)) || \
                   (CC_IS_CLANG && CLANG_VERSION >= 140000)) && \
                   $(as-instr,endbr64)

config X86_KERNEL_IBT
         prompt "Indirect Branch Tracking"
         def_bool y
         depends on X86_64 && CC_HAS_IBT && HAVE_OBJTOOL
         # https://github.com/llvm/llvm-project/commit/9d7001eba9c4cb311e03cd8cdc231f9e579f2d0f
         depends on !LD_IS_LLD || LLD_VERSION >= 140000
         select OBJTOOL
         select X86_CET
         help
           Build the kernel with support for Indirect Branch Tracking, a
           hardware support course-grain forward-edge Control Flow Integrity
           protection. It enforces that all indirect calls must land on
           an ENDBR instruction, as such, the compiler will instrument the
           code with them to make this happen.
         
           In addition to building the kernel with IBT, seal all functions that
           are not indirect call targets, avoiding them ever becoming one.
           
           This requires LTO like objtool runs and will slow down the build. It
           does significantly reduce the number of ENDBR instructions in the
           kernel image.

So CONFIG_X86_KERNEL_IBT will be enabled if clang >= version_14 or newer gcc.
In my system, the gcc version is 13.1. So there is no need to explicitly add
CONFIG_X86_KERNEL_IBT to the selftests/bpf/config.x86_64 file.



>
> jirka