[PATCH bpf-next v3 0/3] Support kCFI + BPF on arm64
From: Maxwell Bland
Date: Tue May 07 2024 - 20:05:36 EST
In preparation for the BPF summit, I took a look back on BPF-CFI patches
to check the status and found that there had been no updates for around
a month, so I went ahead and made the fixes suggested in v2.
This patchset handles emitting proper CFI hashes during JIT, which
can cause some of the selftests to fail, and handles removing the
__nocfi tag from bpf_dispatch_*_func on ARM, meaning Clang CFI
checks will be generated:
0000000000fea1e8 <bpf_dispatcher_xdp_func>:
paciasp
stp x29, x30, [sp, #-0x10]!
mov x29, sp
+ ldur w16, [x2, #-0x4]
+ movk w17, #0x1881
+ movk w17, #0xd942, lsl #16
+ cmp w16, w17
+ b.eq 0xffff8000810016a0 <bpf_dispatcher_xdp_func+0x24>
+ brk #0x8222
blr x2
ldp x29, x30, [sp], #0x10
autiasp
ret
Where ^+ indicates the additional assembly.
Credit goes to Puranjay Mohan entirely for this, I just did some fixes,
hopefully that is OK.
Cc: stable@xxxxxxxxxxxxxxx
Changes in v2->v3:
https://lore.kernel.org/all/20240324211518.93892-1-puranjay12@xxxxxxxxx/
- Simplify cfi_get_func_hash to avoid needless failure case
- Use DEFINE_CFI_TYPE as suggested by Mark Rutland
Changes in v1->v2:
https://lore.kernel.org/bpf/20240227151115.4623-1-puranjay12@xxxxxxxxx/
- Rebased on latest bpf-next/master
Mark Rutland (1):
cfi: add C CFI type macro
Maxwell Bland (1):
arm64/cfi,bpf: Use DEFINE_CFI_TYPE in arm64
Puranjay Mohan (1):
arm64/cfi,bpf: Support kCFI + BPF on arm64
arch/arm64/include/asm/cfi.h | 23 ++++++++++++++++++++++
arch/arm64/kernel/alternative.c | 18 +++++++++++++++++
arch/arm64/net/bpf_jit_comp.c | 18 +++++++++++++++--
arch/riscv/kernel/cfi.c | 34 ++------------------------------
arch/x86/kernel/alternative.c | 35 +++------------------------------
include/linux/cfi_types.h | 23 ++++++++++++++++++++++
6 files changed, 85 insertions(+), 66 deletions(-)
create mode 100644 arch/arm64/include/asm/cfi.h
base-commit: 329a6720a3ebbc041983b267981ab2cac102de93
--
2.34.1