On Fri, Jul 08, 2022 at 10:41:46AM +0800, Xu Kuohai wrote: > >> +/* generated prologue: > >> + * bti c // if CONFIG_ARM64_BTI_KERNEL > >> + * mov x9, lr > >> + * nop // POKE_OFFSET > >> + * paciasp // if CONFIG_ARM64_PTR_AUTH_KERNEL > > > > Any reason for the change regarding BTI and pointer auth? We used to put > > 'bti c' at the function entry if (BTI && !PA), or 'paciasp' if (BTI && PA), > > because 'paciasp' is an implicit BTI. > > > > Assuming paciasp is the first instruction if (BTI && PA), when a > trampoline with BPF_TRAMP_F_CALL_ORIG flag attached, we'll encounter the > following scenario. > > bpf_prog: > paciasp // LR1 > mov x9, lr > bl <trampoline> ----> trampoline: > .... > mov x10, <entry_for_CALL_ORIG> > blr x10 > | > CALL_ORIG_entry: | > bti c <------------------| > stp x29, lr, [sp, #- 16]! > ... > autiasp // LR2 > ret > > Because LR1 and LR2 are not equal, the autiasp will fail! > > To make this scenario work properly, the first instruction should be > 'bti c'. Right my mistake, this layout is also what GCC generates for normal kernel functions when (BTI && PA), so it makes sense to use the same Thanks, Jean
