Re: [PATCH bpf-next] bpf, arm64: sign return address for jited code

From: Xu Kuohai
Date: Sat Apr 02 2022 - 11:07:08 EST

Next message: Paul Moore: "Re: [PATCH] audit: do a quick exit when syscall number is invalid"
Previous message: Krzysztof Kozlowski: "Re: [PATCH 08/10] dt-bindings: soc: qcom,smd: convert to dtschema"
In reply to: Daniel Borkmann: "Re: [PATCH bpf-next] bpf, arm64: sign return address for jited code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 4/2/2022 4:22 AM, Daniel Borkmann wrote:

On 3/18/22 11:29 AM, Xu Kuohai wrote:

Sign return address for jited code when the kernel is built with pointer
authentication enabled.

1. Sign lr with paciasp instruction before lr is pushed to stack. Since
paciasp acts like landing pads for function entry, no need to insert
bti instruction before paciasp.

2. Authenticate lr with autiasp instruction after lr is poped from stack.

Signed-off-by: Xu Kuohai <xukuohai@xxxxxxxxxx>

This would need a rebase, but please also use the commit description to provide
some more details how this inter-operates wrt BPF infra such as tail calls and
BPF-2-BPF calls when we look back into this in few months from now.

Thanks,
Daniel
.

updated in v2, thanks.

Next message: Paul Moore: "Re: [PATCH] audit: do a quick exit when syscall number is invalid"
Previous message: Krzysztof Kozlowski: "Re: [PATCH 08/10] dt-bindings: soc: qcom,smd: convert to dtschema"
In reply to: Daniel Borkmann: "Re: [PATCH bpf-next] bpf, arm64: sign return address for jited code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]