From: "Alexis Lothoré" <alexis.lothore@bootlin.com>
To: "Xu Kuohai" <xukuohai@huaweicloud.com>, <bpf@vger.kernel.org>,
<linux-kernel@vger.kernel.org>,
<linux-arm-kernel@lists.infradead.org>
Cc: "Alexei Starovoitov" <ast@kernel.org>,
"Daniel Borkmann" <daniel@iogearbox.net>,
"Andrii Nakryiko" <andrii@kernel.org>,
"Martin KaFai Lau" <martin.lau@linux.dev>,
"Eduard Zingerman" <eddyz87@gmail.com>,
"Yonghong Song" <yonghong.song@linux.dev>,
"Puranjay Mohan" <puranjay@kernel.org>,
"Anton Protopopov" <a.s.protopopov@gmail.com>
Subject: Re: [PATCH bpf-next v5 0/5] emit ENDBR/BTI instructions for indirect jump targets
Date: Tue, 03 Mar 2026 17:29:27 +0100 [thread overview]
Message-ID: <DGTAFQ1WX43H.2R6R1RS5F09Q7@bootlin.com> (raw)
In-Reply-To: <20260302102726.1126019-1-xukuohai@huaweicloud.com>
Hi Xu,
On Mon Mar 2, 2026 at 11:27 AM CET, Xu Kuohai wrote:
> On x86 CPUs with CET/IBT and arm64 CPUs with BTI, missing landing pad instructions
> at indirect jump targets triggers kernel panic. So emit ENDBR instructions for
> indirect jump targets on x86 and BTI on arm64. Indirect jump targets are identified
> based on the insn_aux_data created by the verifier.
>
> v5:
> - Switch to pass env to JIT directly to get rid of coping private insn_aux_data for
> each prog
Nice, thanks for this. As discussed in [1], I'm planning to reuse this
in my KASAN work to pass info to JIT comp about ldx/stx instructions
(especially, whether those insn are accessing prog stack or elsewhere).
So far I've been using a small POC aiming to do the same kind of thing,
but your series made me aware of a few points I missed, like the offset
induced by constant blinding. I'll keep my work rebased on top of your
series, and track it until it is merged.
Thanks
Alexis
[1] https://lore.kernel.org/bpf/CAADnVQLX7RSnOqQuU32Cgq-e0MVqyeNrtCQSBbk0W2xGkE-ZNw@mail.gmail.com/
> v4: https://lore.kernel.org/all/20260114093914.2403982-1-xukuohai@huaweicloud.com/
> - Switch to the approach proposed by Eduard, using insn_aux_data to indentify indirect
> jump targets, and emit ENDBR on x86
>
> v3: https://lore.kernel.org/bpf/20251227081033.240336-1-xukuohai@huaweicloud.com/
> - Get rid of unnecessary enum definition (Yonghong Song, Anton Protopopov)
>
> v2: https://lore.kernel.org/bpf/20251223085447.139301-1-xukuohai@huaweicloud.com/
> - Exclude instruction arrays not used for indirect jumps (Anton Protopopov)
>
> v1: https://lore.kernel.org/bpf/20251127140318.3944249-1-xukuohai@huaweicloud.com/
>
> Xu Kuohai (5):
> bpf: Move JIT for single-subprog programs to verifier
> bpf: Pass bpf_verifier_env to jit
> bpf: Add helper to detect indirect jump targets
> bpf, x86: Emit ENDBR for indirect jump targets
> bpf, arm64: Emit BTI for indirect jump target
>
> arch/arc/net/bpf_jit_core.c | 19 +++----
> arch/arm/net/bpf_jit_32.c | 4 +-
> arch/arm64/net/bpf_jit_comp.c | 21 ++++----
> arch/loongarch/net/bpf_jit.c | 4 +-
> arch/mips/net/bpf_jit_comp.c | 4 +-
> arch/parisc/net/bpf_jit_core.c | 4 +-
> arch/powerpc/net/bpf_jit_comp.c | 4 +-
> arch/riscv/net/bpf_jit_core.c | 4 +-
> arch/s390/net/bpf_jit_comp.c | 4 +-
> arch/sparc/net/bpf_jit_comp_64.c | 4 +-
> arch/x86/net/bpf_jit_comp.c | 25 +++++----
> arch/x86/net/bpf_jit_comp32.c | 4 +-
> include/linux/bpf.h | 2 +
> include/linux/bpf_verifier.h | 10 ++--
> include/linux/filter.h | 6 ++-
> kernel/bpf/core.c | 93 ++++++++++++++++++++++++--------
> kernel/bpf/syscall.c | 2 +-
> kernel/bpf/verifier.c | 22 ++++++--
> 18 files changed, 157 insertions(+), 79 deletions(-)
--
Alexis Lothoré, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
next prev parent reply other threads:[~2026-03-03 16:29 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-02 10:27 [PATCH bpf-next v5 0/5] emit ENDBR/BTI instructions for indirect jump targets Xu Kuohai
2026-03-02 10:27 ` [PATCH bpf-next v5 1/5] bpf: Move JIT for single-subprog programs to verifier Xu Kuohai
2026-03-02 10:46 ` bot+bpf-ci
2026-03-03 2:28 ` Xu Kuohai
2026-03-04 6:05 ` Eduard Zingerman
2026-03-04 12:22 ` Xu Kuohai
2026-03-02 10:27 ` [PATCH bpf-next v5 2/5] bpf: Pass bpf_verifier_env to jit Xu Kuohai
2026-03-02 10:27 ` [PATCH bpf-next v5 3/5] bpf: Add helper to detect indirect jump targets Xu Kuohai
2026-03-03 17:19 ` Alexei Starovoitov
2026-03-04 12:45 ` Xu Kuohai
2026-03-04 15:37 ` Alexei Starovoitov
2026-03-05 3:47 ` Xu Kuohai
2026-03-05 3:56 ` Alexei Starovoitov
2026-03-02 10:27 ` [PATCH bpf-next v5 4/5] bpf, x86: Emit ENDBR for " Xu Kuohai
2026-03-04 6:23 ` Eduard Zingerman
2026-03-04 13:03 ` Xu Kuohai
2026-03-05 6:38 ` kernel test robot
2026-03-02 10:27 ` [PATCH bpf-next v5 5/5] bpf, arm64: Emit BTI for indirect jump target Xu Kuohai
2026-03-03 16:29 ` Alexis Lothoré [this message]
2026-03-04 12:11 ` [PATCH bpf-next v5 0/5] emit ENDBR/BTI instructions for indirect jump targets Xu Kuohai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DGTAFQ1WX43H.2R6R1RS5F09Q7@bootlin.com \
--to=alexis.lothore@bootlin.com \
--cc=a.s.protopopov@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=eddyz87@gmail.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=martin.lau@linux.dev \
--cc=puranjay@kernel.org \
--cc=xukuohai@huaweicloud.com \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox