From: "Alexis Lothoré" <alexis.lothore@bootlin.com>
To: "Peter Zijlstra" <peterz@infradead.org>
Cc: "Alexei Starovoitov" <ast@kernel.org>,
"Daniel Borkmann" <daniel@iogearbox.net>,
"Andrii Nakryiko" <andrii@kernel.org>,
"Martin KaFai Lau" <martin.lau@linux.dev>,
"Eduard Zingerman" <eddyz87@gmail.com>,
"Song Liu" <song@kernel.org>,
"Yonghong Song" <yonghong.song@linux.dev>,
"John Fastabend" <john.fastabend@gmail.com>,
"KP Singh" <kpsingh@kernel.org>,
"Stanislav Fomichev" <sdf@fomichev.me>,
"Hao Luo" <haoluo@google.com>, "Jiri Olsa" <jolsa@kernel.org>,
"David S. Miller" <davem@davemloft.net>,
"David Ahern" <dsahern@kernel.org>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Ingo Molnar" <mingo@redhat.com>,
"Borislav Petkov" <bp@alien8.de>,
"Dave Hansen" <dave.hansen@linux.intel.com>,
x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
"Menglong Dong" <imagedong@tencent.com>,
"Björn Töpel" <bjorn@kernel.org>, "Pu Lehui" <pulehui@huawei.com>,
"Puranjay Mohan" <puranjay@kernel.org>,
"Paul Walmsley" <paul.walmsley@sifive.com>,
"Palmer Dabbelt" <palmer@dabbelt.com>,
"Albert Ou" <aou@eecs.berkeley.edu>,
"Alexandre Ghiti" <alex@ghiti.fr>,
"Ilya Leoshkevich" <iii@linux.ibm.com>,
"Heiko Carstens" <hca@linux.ibm.com>,
"Vasily Gorbik" <gor@linux.ibm.com>,
"Alexander Gordeev" <agordeev@linux.ibm.com>,
"Christian Borntraeger" <borntraeger@linux.ibm.com>,
"Sven Schnelle" <svens@linux.ibm.com>,
"Hari Bathini" <hbathini@linux.ibm.com>,
"Christophe Leroy" <christophe.leroy@csgroup.eu>,
"Naveen N Rao" <naveen@kernel.org>,
"Madhavan Srinivasan" <maddy@linux.ibm.com>,
"Michael Ellerman" <mpe@ellerman.id.au>,
"Nicholas Piggin" <npiggin@gmail.com>,
"Mykola Lysenko" <mykolal@fb.com>,
"Shuah Khan" <shuah@kernel.org>,
"Maxime Coquelin" <mcoquelin.stm32@gmail.com>,
"Alexandre Torgue" <alexandre.torgue@foss.st.com>,
ebpf@linuxfoundation.org,
"Thomas Petazzoni" <thomas.petazzoni@bootlin.com>,
"Bastien Curutchet" <bastien.curutchet@bootlin.com>,
netdev@vger.kernel.org, bpf@vger.kernel.org,
linux-kernel@vger.kernel.org, "Björn Töpel" <bjorn@rivosinc.com>,
linux-riscv@lists.infradead.org, linux-s390@vger.kernel.org,
linuxppc-dev@lists.ozlabs.org, linux-kselftest@vger.kernel.org,
linux-stm32@st-md-mailman.stormreply.com,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH bpf 2/7] bpf/x86: prevent trampoline attachment when args location on stack is uncertain
Date: Fri, 13 Jun 2025 10:26:37 +0200 [thread overview]
Message-ID: <DAL9GRMH74F4.2IV0HN0NGU65X@bootlin.com> (raw)
In-Reply-To: <20250613081150.GJ2273038@noisy.programming.kicks-ass.net>
Hi Peter,
On Fri Jun 13, 2025 at 10:11 AM CEST, Peter Zijlstra wrote:
> On Fri, Jun 13, 2025 at 09:37:11AM +0200, Alexis Lothoré (eBPF Foundation) wrote:
>> When the target function receives more arguments than available
>> registers, the additional arguments are passed on stack, and so the
>> generated trampoline needs to read those to prepare the bpf context,
>> but also to prepare the target function stack when it is in charge of
>> calling it. This works well for scalar types, but if the value is a
>> struct, we can not know for sure the exact struct location, as it may
>> have been packed or manually aligned to a greater value.
>
> https://refspecs.linuxbase.org/elf/x86_64-abi-0.99.pdf
>
> Has fairly clear rules on how arguments are encoded. Broadly speaking
> for the kernel, if the structure exceeds 2 registers in size, it is
> passed as a reference, otherwise it is passed as two registers.
Maybe my commit wording is not precise enough, but indeed, there's not
doubt about whether the struct value is passed on the stack or through a
register/a pair of registers. The doubt is rather about the struct location
when it is passed _by value_ and _on the stack_: the ABI indeed clearly
states that "Structures and unions assume the alignment of their most
strictly aligned component" (p.13), but this rule is "silently broken" when
a struct has an __attribute__((packed)) or and __attribute__((aligned(X))),
and AFAICT this case can not be detected at runtime with current BTF info.
--
Alexis Lothoré, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
next prev parent reply other threads:[~2025-06-13 12:30 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-13 7:37 [PATCH bpf 0/7] bpf: deny trampoline attachment if args can not be located exactly on stack Alexis Lothoré (eBPF Foundation)
2025-06-13 7:37 ` [PATCH bpf 1/7] bpf/x86: use define for max regs count used for arguments Alexis Lothoré (eBPF Foundation)
2025-06-13 7:37 ` [PATCH bpf 2/7] bpf/x86: prevent trampoline attachment when args location on stack is uncertain Alexis Lothoré (eBPF Foundation)
2025-06-13 8:11 ` Peter Zijlstra
2025-06-13 8:26 ` Alexis Lothoré [this message]
2025-06-13 8:32 ` Peter Zijlstra
2025-06-13 8:59 ` Alexis Lothoré
2025-06-13 22:35 ` Alexei Starovoitov
2025-06-15 14:00 ` Alexis Lothoré
2025-06-15 15:44 ` Alexei Starovoitov
2025-06-13 7:37 ` [PATCH bpf 3/7] bpf/riscv: " Alexis Lothoré (eBPF Foundation)
2025-06-13 7:37 ` [PATCH bpf 4/7] bpf/s390: " Alexis Lothoré (eBPF Foundation)
2025-06-13 7:37 ` [PATCH bpf 5/7] bpf/powerpc64: use define for max regs count used for arguments Alexis Lothoré (eBPF Foundation)
2025-06-13 7:37 ` [PATCH bpf 6/7] bpf/powerpc64: prevent trampoline attachment when args location on stack is uncertain Alexis Lothoré (eBPF Foundation)
2025-06-13 7:37 ` [PATCH bpf 7/7] selftests/bpf: ensure that functions passing structs on stack can not be hooked Alexis Lothoré (eBPF Foundation)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DAL9GRMH74F4.2IV0HN0NGU65X@bootlin.com \
--to=alexis.lothore@bootlin.com \
--cc=agordeev@linux.ibm.com \
--cc=alex@ghiti.fr \
--cc=alexandre.torgue@foss.st.com \
--cc=andrii@kernel.org \
--cc=aou@eecs.berkeley.edu \
--cc=ast@kernel.org \
--cc=bastien.curutchet@bootlin.com \
--cc=bjorn@kernel.org \
--cc=bjorn@rivosinc.com \
--cc=borntraeger@linux.ibm.com \
--cc=bp@alien8.de \
--cc=bpf@vger.kernel.org \
--cc=christophe.leroy@csgroup.eu \
--cc=daniel@iogearbox.net \
--cc=dave.hansen@linux.intel.com \
--cc=davem@davemloft.net \
--cc=dsahern@kernel.org \
--cc=ebpf@linuxfoundation.org \
--cc=eddyz87@gmail.com \
--cc=gor@linux.ibm.com \
--cc=haoluo@google.com \
--cc=hbathini@linux.ibm.com \
--cc=hca@linux.ibm.com \
--cc=hpa@zytor.com \
--cc=iii@linux.ibm.com \
--cc=imagedong@tencent.com \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kpsingh@kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=linux-s390@vger.kernel.org \
--cc=linux-stm32@st-md-mailman.stormreply.com \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=maddy@linux.ibm.com \
--cc=martin.lau@linux.dev \
--cc=mcoquelin.stm32@gmail.com \
--cc=mingo@redhat.com \
--cc=mpe@ellerman.id.au \
--cc=mykolal@fb.com \
--cc=naveen@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=npiggin@gmail.com \
--cc=palmer@dabbelt.com \
--cc=paul.walmsley@sifive.com \
--cc=peterz@infradead.org \
--cc=pulehui@huawei.com \
--cc=puranjay@kernel.org \
--cc=sdf@fomichev.me \
--cc=shuah@kernel.org \
--cc=song@kernel.org \
--cc=svens@linux.ibm.com \
--cc=tglx@linutronix.de \
--cc=thomas.petazzoni@bootlin.com \
--cc=x86@kernel.org \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).