1. Patchew
  2. linux
  3. View series

[PATCH bpf-next v3 0/3] Support kCFI + BPF on arm64

Maxwell Bland posted 3 patches 1 year, 7 months ago
There is a newer version of this series
arch/arm64/include/asm/cfi.h    | 23 ++++++++++++++++++++++
arch/arm64/kernel/alternative.c | 18 +++++++++++++++++
arch/arm64/net/bpf_jit_comp.c   | 18 +++++++++++++++--
arch/riscv/kernel/cfi.c         | 34 ++------------------------------
arch/x86/kernel/alternative.c   | 35 +++------------------------------
include/linux/cfi_types.h       | 23 ++++++++++++++++++++++
6 files changed, 85 insertions(+), 66 deletions(-)
create mode 100644 arch/arm64/include/asm/cfi.h
[PATCH bpf-next v3 0/3] Support kCFI + BPF on arm64
Posted by Maxwell Bland 1 year, 7 months ago 
In preparation for the BPF summit, I took a look back on BPF-CFI patches
to check the status and found that there had been no updates for around
a month, so I went ahead and made the fixes suggested in v2.

This patchset handles emitting proper CFI hashes during JIT, which
can cause some of the selftests to fail, and handles removing the
__nocfi tag from bpf_dispatch_*_func on ARM, meaning Clang CFI 
checks will be generated:

0000000000fea1e8 <bpf_dispatcher_xdp_func>:
paciasp
stp     x29, x30, [sp, #-0x10]!
mov     x29, sp
+ ldur    w16, [x2, #-0x4]                           
+ movk    w17, #0x1881                               
+ movk    w17, #0xd942, lsl #16                      
+ cmp     w16, w17                                
+ b.eq    0xffff8000810016a0 <bpf_dispatcher_xdp_func+0x24>
+ brk     #0x8222   
blr     x2
ldp     x29, x30, [sp], #0x10
autiasp
ret

Where ^+ indicates the additional assembly.

Credit goes to Puranjay Mohan entirely for this, I just did some fixes,
hopefully that is OK.

Cc: stable@vger.kernel.org

Changes in v2->v3:
https://lore.kernel.org/all/20240324211518.93892-1-puranjay12@gmail.com/
- Simplify cfi_get_func_hash to avoid needless failure case
- Use DEFINE_CFI_TYPE as suggested by Mark Rutland

Changes in v1->v2:
https://lore.kernel.org/bpf/20240227151115.4623-1-puranjay12@gmail.com/
- Rebased on latest bpf-next/master

Mark Rutland (1):
  cfi: add C CFI type macro

Maxwell Bland (1):
  arm64/cfi,bpf: Use DEFINE_CFI_TYPE in arm64

Puranjay Mohan (1):
  arm64/cfi,bpf: Support kCFI + BPF on arm64

 arch/arm64/include/asm/cfi.h    | 23 ++++++++++++++++++++++
 arch/arm64/kernel/alternative.c | 18 +++++++++++++++++
 arch/arm64/net/bpf_jit_comp.c   | 18 +++++++++++++++--
 arch/riscv/kernel/cfi.c         | 34 ++------------------------------
 arch/x86/kernel/alternative.c   | 35 +++------------------------------
 include/linux/cfi_types.h       | 23 ++++++++++++++++++++++
 6 files changed, 85 insertions(+), 66 deletions(-)
 create mode 100644 arch/arm64/include/asm/cfi.h


base-commit: 329a6720a3ebbc041983b267981ab2cac102de93
-- 
2.34.1
Re: [PATCH bpf-next v3 0/3] Support kCFI + BPF on arm64
Posted by Puranjay Mohan 1 year, 7 months ago 
Maxwell Bland <mbland@motorola.com> writes:

Hi Maxwell,

> In preparation for the BPF summit, I took a look back on BPF-CFI patches
> to check the status and found that there had been no updates for around
> a month, so I went ahead and made the fixes suggested in v2.
>
> This patchset handles emitting proper CFI hashes during JIT, which
> can cause some of the selftests to fail, and handles removing the
> __nocfi tag from bpf_dispatch_*_func on ARM, meaning Clang CFI 
> checks will be generated:
>
> 0000000000fea1e8 <bpf_dispatcher_xdp_func>:
> paciasp
> stp     x29, x30, [sp, #-0x10]!
> mov     x29, sp
> + ldur    w16, [x2, #-0x4]                           
> + movk    w17, #0x1881                               
> + movk    w17, #0xd942, lsl #16                      
> + cmp     w16, w17                                
> + b.eq    0xffff8000810016a0 <bpf_dispatcher_xdp_func+0x24>
> + brk     #0x8222   
> blr     x2
> ldp     x29, x30, [sp], #0x10
> autiasp
> ret
>
> Where ^+ indicates the additional assembly.
>
> Credit goes to Puranjay Mohan entirely for this, I just did some fixes,
> hopefully that is OK.

Thanks for taking this effort forward.

checkpatch.pl complains about the patches like the following:

ERROR: Missing Signed-off-by: line by nominal patch author 'Maxwell Bland <mbland@motorola.com>'

So, you can change the authorship of the patch like:

git commit --amend --author "Puranjay Mohan <puranjay12@gmail.com>"

similar for the patch by Mark:

git commit --amend --author "Mark Rutland <mark.rutland@arm.com>"

Thanks,
Puranjay
Re: [PATCH bpf-next v3 0/3] Support kCFI + BPF on arm64
Posted by Maxwell Bland 1 year, 7 months ago 
On Wed, May 08, 2024 at 10:05:30AM GMT, Puranjay Mohan wrote:
> checkpatch.pl complains about the patches like the following:
> 
> ERROR: Missing Signed-off-by: line by nominal patch author 'Maxwell Bland <mbland@motorola.com>'
> 
> So, you can change the authorship of the patch like:
> 
> git commit --amend --author "Puranjay Mohan <puranjay12@gmail.com>"
> 

Thanks for the heads up! To avoid spamming the list I will respin the
series with appropriate attribution tags on Monday, apologies for the
mistake.

Maxwell

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.