| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <32bd1c9d-ef1a-4e97-80b5-a069ce28125f@huaweicloud.com> Date: Mon, 19 Jan 2026 10:35:02 +0800 From: Xu Kuohai <xukuohai@...weicloud.com> To: Alexei Starovoitov <alexei.starovoitov@...il.com>, Kumar Kartikeya Dwivedi <memxor@...il.com> Cc: Eduard Zingerman <eddyz87@...il.com>, bpf <bpf@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org>, linux-arm-kernel <linux-arm-kernel@...ts.infradead.org>, Alexei Starovoitov <ast@...nel.org>, Daniel Borkmann <daniel@...earbox.net>, Andrii Nakryiko <andrii@...nel.org>, Martin KaFai Lau <martin.lau@...ux.dev>, Yonghong Song <yonghong.song@...ux.dev>, Puranjay Mohan <puranjay@...nel.org>, Anton Protopopov <a.s.protopopov@...il.com> Subject: Re: [PATCH bpf-next v4 2/4] bpf: Add helper to detect indirect jump targets On 1/19/2026 1:20 AM, Alexei Starovoitov wrote: > On Wed, Jan 14, 2026 at 11:47 PM Xu Kuohai <xukuohai@...weicloud.com> wrote: >> >> On 1/15/2026 4:46 AM, Eduard Zingerman wrote: >>> On Wed, 2026-01-14 at 17:39 +0800, Xu Kuohai wrote: >>>> From: Xu Kuohai <xukuohai@...wei.com> >>>> >>>> Introduce helper bpf_insn_is_indirect_target to determine whether a BPF >>>> instruction is an indirect jump target. This helper will be used by >>>> follow-up patches to decide where to emit indirect landing pad instructions. >>>> >>>> Add a new flag to struct bpf_insn_aux_data to mark instructions that are >>>> indirect jump targets. The BPF verifier sets this flag, and the helper >>>> checks it to determine whether an instruction is an indirect jump target. >>>> >>>> Since bpf_insn_aux_data is only available before JIT stage, add a new >>>> field to struct bpf_prog_aux to store a pointer to the bpf_insn_aux_data >>>> array, making it accessible to the JIT. >>>> >>>> For programs with multiple subprogs, each subprog uses its own private >>>> copy of insn_aux_data, since subprogs may insert additional instructions >>>> during JIT and need to update the array. For non-subprog, the verifier's >>>> insn_aux_data array is used directly to avoid unnecessary copying. >>>> >>>> Signed-off-by: Xu Kuohai <xukuohai@...wei.com> >>>> --- >>> >>> Hm, I've missed the fact insn_aux_data is not currently available to jit. >>> Is it really necessary to copy this array for each subprogram? >>> Given that we still want to free insn_aux_data after program load, >>> I'd expect that it should be possible just to pass a pointer with an >>> offset pointing to a start of specific subprogram. Wdyt? >>> >> >> I think it requires an additional field in struct bpf_prog to record the length >> of the global insn_aux_data array. If a subprog inserts new instructions during >> JIT (e.g., due to constant blinding), all entries in the array, including those >> of the subsequent subprogs, would need to be adjusted. With per-subprog copying, >> only the local insn_aux_data needs to be updated, reducing the amount of copying. >> >> However, if you prefer a global array, I’m happy to switch to it. > > iirc we struggled with lack of env/insn_aux in JIT earlier. > > func[i]->aux->used_maps = env->used_maps; > is one such example. > > Let's move bpf_prog_select_runtime() into bpf_check() and > consistently pass 'env' into bpf_int_jit_compile() while > env is still valid. > Close to jit_subprogs(). > Or remove bpf_prog_select_runtime() and make jit_subprogs() > do the whole thing. tbd. > > This way we can remove used_maps workaround and don't need to do > this insn_aux copy. > Errors during JIT can be printed into the verifier log too. > Sounds great. Using jit_subprogs for the whole thing seems cleaner. I'll try this approach first. > Kumar, > what do you think about it from modularization pov ?
Powered by blists - more mailing lists