Re: [PATCH v4] bpftool: Add CET-aware symbol matching for x86/x86_64 architectures
From: Quentin Monnet
Date: Tue Jul 22 2025 - 10:29:27 EST
2025-07-22 10:00 UTC+0800 ~ chenyuan_fl@xxxxxxx
> From: Yuan Chen <chenyuan@xxxxxxxxxx>
>
> Adjust symbol matching logic to account for Control-flow Enforcement
> Technology (CET) on x86/x86_64 systems. CET prefixes functions with
> a 4-byte 'endbr' instruction, shifting the actual hook entry point to
> symbol + 4.
>
> Changed in PATCH v4:
> * Refactor repeated code into a function.
> * Add detection for the x86 architecture.
>
> Signed-off-by: Yuan Chen <chenyuan@xxxxxxxxxx>
> ---
> tools/bpf/bpftool/link.c | 26 ++++++++++++++++++++++++--
> 1 file changed, 24 insertions(+), 2 deletions(-)
>
> diff --git a/tools/bpf/bpftool/link.c b/tools/bpf/bpftool/link.c
> index a773e05d5ade..717ca8c5ff83 100644
> --- a/tools/bpf/bpftool/link.c
> +++ b/tools/bpf/bpftool/link.c
> @@ -282,6 +282,28 @@ get_addr_cookie_array(__u64 *addrs, __u64 *cookies, __u32 count)
> return data;
> }
>
> +static bool
> +symbol_matches_target(__u64 sym_addr, __u64 target_addr)
> +{
> + if (sym_addr == target_addr)
> + return true;
> +
> +#if defined(__i386__) || defined(__x86_64__)
Do you really need it for __i386__ as well? My understanding was that
CET would apply only to 64-bit?
Thanks,
Quentin