Re: [PATCH bpf-next v3 5/7] bpf, arm64: Support to poke bpf prog

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, May 11, 2022 at 11:12 AM +08, Xu Kuohai wrote:
> On 5/10/2022 5:36 PM, Jakub Sitnicki wrote:
>> On Sun, Apr 24, 2022 at 11:40 AM -04, Xu Kuohai wrote:

[...]

>>> @@ -281,12 +290,15 @@ static int build_prologue(struct jit_ctx *ctx, bool ebpf_from_cbpf)
>>>  	 *
>>>  	 */
>>>  
>>> +	if (IS_ENABLED(CONFIG_ARM64_BTI_KERNEL))
>>> +		emit(A64_BTI_C, ctx);
>> 
>> I'm no arm64 expert, but this looks like a fix for BTI.
>> 
>> Currently we never emit BTI because ARM64_BTI_KERNEL depends on
>> ARM64_PTR_AUTH_KERNEL, while BTI must be the first instruction for the
>> jump target [1]. Am I following correctly?
>> 
>> [1] https://lwn.net/Articles/804982/
>> 
>
> Not quite correct. When the jump target is a PACIASP instruction, no
> Branch Target Exception is generated, so there is no need to insert a
> BTI before PACIASP [2].
>
> In order to attach trampoline to bpf prog, a MOV and NOP are inserted
> before the PACIASP, so BTI instruction is required to avoid Branch
> Target Exception.
>
> The reason for inserting NOP before PACIASP instead of after PACIASP is
> that no call frame is built before entering trampoline, so there is no
> return address on the stack and nothing to be protected by PACIASP.
>
> [2]
> https://developer.arm.com/documentation/ddi0596/2021-12/Base-Instructions/BTI--Branch-Target-Identification-?lang=en

That makes sense. Thanks for the explanation!



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux