From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-qk1-f173.google.com (mail-qk1-f173.google.com [209.85.222.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 134513ECBFC for ; Mon, 9 Mar 2026 17:26:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.222.173 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773077185; cv=none; b=QlxckV3Z/Sym+FajgAvkEUsKEaFU/HWHykb+9XMco4ksHCXZB96ifdAQQ/TuXKxJRs14NntSoB9twHe/gI1I2U1+euQTV37bIsbwCQrRhAehWYZsv164L3EhIHlrjgefPHulqUgxUR91YvRkJutvH9FKUQdtvRYLE4WIGU/fq58= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773077185; c=relaxed/simple; bh=NERabj5m4gDnVtXCFk2aZUnGbJgtAqwV4vs/cR0Tfu4=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=aznYNpzQ9eJZkccWnl3psYLZOwH3w76Kn6z+CRwow0lVC3OxRbBKtHKZ9Z51qPZNX8qdgMA6ZWcCEJ1D8Nok3h+AHzFXx+RwbaW/LmCo1rppPKTEhedHvkEOeCaRNGSBq12Or6bWXoUsVbJqXtrQ0IOjlTgogKq1RUvjZx5HNsc= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=VnwbOreO; arc=none smtp.client-ip=209.85.222.173 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="VnwbOreO" Received: by mail-qk1-f173.google.com with SMTP id af79cd13be357-8cd7aab92dfso230899485a.0 for ; Mon, 09 Mar 2026 10:26:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1773077183; x=1773681983; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=8jXCW9TlCZ3hHSi9kSS7Ek8EU10bJr55LqLcA1zyr+4=; b=VnwbOreOrdyAIE0pP4dCr/nGFQm/SLVnYu9/LSL/ICNeBIyK+MnpEczCcclBUCAsEj u+BeXSaxWmKZB1fuePzxLpg0itBgfEIxTP/fM3y/Sk6L9yuVIpLPxUiAsLHIZfv6LA2B NOZBCt1H/5uFMIlCG7qcpLE07cIKW3LOd8iVgdtH0Buef9cczeumDD8DRGoUH4Fpo6mw Ct7EzbPfju9PCmDBfmO2ugpoIHT55jAebsNy9WEnaLLOgh2hZRLsX2X0fMgGeqIwid2W jZqOLMXb5xy1eWxSw9cJle6tQEosPN1Fx4uXp6JcsKIfCrlDRUlcQKoI8buIsgXXi17E AgdA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773077183; x=1773681983; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=8jXCW9TlCZ3hHSi9kSS7Ek8EU10bJr55LqLcA1zyr+4=; b=S1/b8OzflfDfjyJ2IjMtm2SUGm8oUVW4T0G84h8Zbebd1AJFm6bKuyA1IuEcvuzWUW Xz5++RDz6YX8Sqq7LawImzMMbHjPvhRy2wZF9kk2DWzxKXYQRJidKTalIYrOhdxPDzV1 DEQ8JWJVKn0wSgJkGwd56tLnYcFOGygZmFmWOUGWVD3JKSC7URhycw+jnijwLD3zF5Ol 9vckWBLBLasZuLg+XwEcmUt85wTXJo/t1clwuvB4ScACSIGcIfHym0RTh9dr/31eb3+9 KOe5DvqyEtuLpbEVHXt0qqxESkVdrXNLRKTKe9o2N6twhdBnpa7bRx2unOWp5AfiMyIV xSxg== X-Forwarded-Encrypted: i=1; AJvYcCXCL8uiRyiwaH+UOarHXfwafSeibDwM1EsFdCKi+n1gmHDswp/xVUNQvGsdAw5IO4BdaeKHGWIDHgz1yBE=@vger.kernel.org X-Gm-Message-State: AOJu0Yw59ZjvllT2/zdq3cjMpwBf6hsG3E5ryTpQaRy8fmow4n7mpKcZ Rv6+d4AIVcey7TRcvO8e97tMc7wJZA17W5JzNXjwOWt/khSMbJlt0zUR X-Gm-Gg: ATEYQzzuQcgUKUdxlPP/4SJX8gUP837uPm7vtPVSKIIvR0J0Df954V16K/JE6yTYA3F w82WCMYd92fXHl4yXG9wniBTAzUUitqL3kxNJgNjiPurtmFy9FOT2XWtc+DLd1Cw9r60ovOtQTR k5IorQJ9qoBGG/N6YU+C4e62ZkkYZjKTCv3jntD2Sxud0OXwRRySFL1jEOeTbxhvdUAa7I83luy awyGE9sAS6zwiPjYBYVOgzrZ49D/EmyT3TJwhrSypVJlaWMCL9S05/8SzdRotkNjWEip+tCCwkG C+fJ8Sx0A2cc7xQIPvl6jpgJ5vHL8P5cGDwK3ojPFUlDF9NaEtglsla/6aCaEHE92rT7ZbI/UVv n+NFP2vqzjQNDo1bMf+JIaNRgDr+ReSjhUc5THnEd991G6G70qltJbFqdCcn8yhPQHwASLNlZEE UsoygNwSRSZflP+qU8AhbfQ7Lm+pj5Mti+t5UMdrl76ss= X-Received: by 2002:a05:620a:414a:b0:8b2:1fa8:4684 with SMTP id af79cd13be357-8cd93b4cec5mr56470085a.2.1773077182874; Mon, 09 Mar 2026 10:26:22 -0700 (PDT) Received: from mail.gmail.com ([2a04:ee41:4:b2de:1ac0:4dff:fe0f:3782]) by smtp.gmail.com with ESMTPSA id af79cd13be357-8cd90aae370sm114447185a.28.2026.03.09.10.26.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 Mar 2026 10:26:21 -0700 (PDT) Date: Mon, 9 Mar 2026 17:34:49 +0000 From: Anton Protopopov To: Xu Kuohai Cc: bpf@vger.kernel.org, linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Yonghong Song , Puranjay Mohan , Shahab Vahedi , Russell King , Tiezhu Yang , Hengqi Chen , Johan Almbladh , Paul Burton , Hari Bathini , Christophe Leroy , Naveen N Rao , Luke Nelson , Xi Wang , =?iso-8859-1?Q?Bj=F6rn_T=F6pel?= , Pu Lehui , Ilya Leoshkevich , Heiko Carstens , Vasily Gorbik , "David S . Miller" , Wang YanQing Subject: Re: [bpf-next v8 0/5] emit ENDBR/BTI instructions for indirect jump targets Message-ID: References: <20260309140044.2652538-1-xukuohai@huaweicloud.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20260309140044.2652538-1-xukuohai@huaweicloud.com> On 26/03/09 10:00PM, Xu Kuohai wrote: > On architectures with CFI protection enabled that require landing pad > instructions at indirect jump targets, such as x86 with CET/IBT eanbled ^ enabled > and arm64 with BTI enabled, kernel panics when an indirect jump lands on > a target witout landing pad. Therefore, the JIT must emit landing pad ^ without > instructions for indirect jump targets. > > The verifier already recognizes which instructions are indirect jump > targets during the verification phase. So we can stores this information ^ store > in env->insn_aux_data and pass it to the JIT as new parameter, so the JIT > knows which instructions are indirect jump targets. > > During JIT, constants blinding is performed. It rewrites the private copy > of instructions for the JITed program, but it does not adjust the global > env->insn_aux_data array. As a result, after constants blinding, the > instruction indexes used by JIT may no longer match the indexes in > env->insn_aux_data, so the JIT can not lookup env->insn_aux_data directly. > > To avoid this mistach, and considering that all existing arch-specific JITs ^ mismatch? > already implement constants blinding with largely duplicated code, move > constants blinding from JIT to generic code, before copying instructions > for each subprog. > > v8: > - Define void bpf_jit_blind_constants() function when CONFIG_BPF_JIT is not set > - Move indirect_target fixup for insn patching from bpf_jit_blind_constants() > to adjust_insn_aux_data() > > v7: https://lore.kernel.org/bpf/20260307103949.2340104-1-xukuohai@huaweicloud.com > - Move constants blinding logic back to bpf/core.c > - Compute ip address before switch statement in x86 JIT > - Clear JIT state from error path on arm64 and loongarch > > v6: https://lore.kernel.org/bpf/20260306102329.2056216-1-xukuohai@huaweicloud.com/ > - Move constants blinding from JIT to verifier > - Move call to bpf_prog_select_runtime from bpf_prog_load to verifier > > v5: https://lore.kernel.org/bpf/20260302102726.1126019-1-xukuohai@huaweicloud.com/ > - Switch to pass env to JIT directly to get rid of coping private insn_aux_data for > each prog > > v4: https://lore.kernel.org/all/20260114093914.2403982-1-xukuohai@huaweicloud.com/ > - Switch to the approach proposed by Eduard, using insn_aux_data to indentify indirect > jump targets, and emit ENDBR on x86 > > v3: https://lore.kernel.org/bpf/20251227081033.240336-1-xukuohai@huaweicloud.com/ > - Get rid of unnecessary enum definition (Yonghong Song, Anton Protopopov) > > v2: https://lore.kernel.org/bpf/20251223085447.139301-1-xukuohai@huaweicloud.com/ > - Exclude instruction arrays not used for indirect jumps (Anton Protopopov) > > v1: https://lore.kernel.org/bpf/20251127140318.3944249-1-xukuohai@huaweicloud.com/ > > Xu Kuohai (5): > bpf: Move constants blinding from JIT to verifier > bpf: Pass bpf_verifier_env to JIT > bpf: Add helper to detect indirect jump targets > bpf, x86: Emit ENDBR for indirect jump targets > bpf, arm64: Emit BTI for indirect jump target > > arch/arc/net/bpf_jit_core.c | 37 +++----- > arch/arm/net/bpf_jit_32.c | 43 ++-------- > arch/arm64/net/bpf_jit_comp.c | 86 +++++++------------ > arch/loongarch/net/bpf_jit.c | 58 ++++--------- > arch/mips/net/bpf_jit_comp.c | 22 +---- > arch/parisc/net/bpf_jit_core.c | 40 ++------- > arch/powerpc/net/bpf_jit_comp.c | 47 +++------- > arch/riscv/net/bpf_jit_core.c | 47 +++------- > arch/s390/net/bpf_jit_comp.c | 43 ++-------- > arch/sparc/net/bpf_jit_comp_64.c | 43 ++-------- > arch/x86/net/bpf_jit_comp.c | 68 +++++---------- > arch/x86/net/bpf_jit_comp32.c | 35 ++------ > include/linux/bpf.h | 2 + > include/linux/bpf_verifier.h | 9 +- > include/linux/filter.h | 15 +++- > kernel/bpf/core.c | 142 +++++++++---------------------- > kernel/bpf/syscall.c | 4 - > kernel/bpf/verifier.c | 45 +++++++--- > 18 files changed, 233 insertions(+), 553 deletions(-) > > -- > 2.47.3 >