diff mbox series

[bpf-next] bpf, arm64: sign return address for jited code

Message ID 20220318102936.838459-1-xukuohai@huawei.com (mailing list archive)
State New, archived
Delegated to: BPF
Headers show
Series [bpf-next] bpf, arm64: sign return address for jited code | expand

Checks

Context Check Description
netdev/tree_selection success Clearly marked for bpf-next
netdev/fixes_present success Fixes tag not required for -next series
netdev/subject_prefix success Link
netdev/cover_letter success Single patches do not need cover letters
netdev/patch_count success Link
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 0 this patch: 0
netdev/cc_maintainers success CCed 14 of 14 maintainers
netdev/build_clang success Errors and warnings before: 0 this patch: 0
netdev/module_param success Was 0 now: 0
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 0 this patch: 0
netdev/checkpatch warning WARNING: line length of 83 exceeds 80 columns
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
bpf/vmtest-bpf-next-PR fail PR summary

Commit Message

Xu Kuohai March 18, 2022, 10:29 a.m. UTC
Sign return address for jited code when the kernel is built with pointer
authentication enabled.

1. Sign lr with paciasp instruction before lr is pushed to stack. Since
   paciasp acts like landing pads for function entry, no need to insert
   bti instruction before paciasp.

2. Authenticate lr with autiasp instruction after lr is poped from stack.

Signed-off-by: Xu Kuohai <xukuohai@huawei.com>
---
 arch/arm64/net/bpf_jit.h      |  3 +++
 arch/arm64/net/bpf_jit_comp.c | 11 +++++++++--
 2 files changed, 12 insertions(+), 2 deletions(-)

Comments

Daniel Borkmann April 1, 2022, 8:22 p.m. UTC | #1
On 3/18/22 11:29 AM, Xu Kuohai wrote:
> Sign return address for jited code when the kernel is built with pointer
> authentication enabled.
> 
> 1. Sign lr with paciasp instruction before lr is pushed to stack. Since
>     paciasp acts like landing pads for function entry, no need to insert
>     bti instruction before paciasp.
> 
> 2. Authenticate lr with autiasp instruction after lr is poped from stack.
> 
> Signed-off-by: Xu Kuohai <xukuohai@huawei.com>

This would need a rebase, but please also use the commit description to provide
some more details how this inter-operates wrt BPF infra such as tail calls and
BPF-2-BPF calls when we look back into this in few months from now.

Thanks,
Daniel
Xu Kuohai April 2, 2022, 3:06 p.m. UTC | #2
On 4/2/2022 4:22 AM, Daniel Borkmann wrote:
> On 3/18/22 11:29 AM, Xu Kuohai wrote:
>> Sign return address for jited code when the kernel is built with pointer
>> authentication enabled.
>>
>> 1. Sign lr with paciasp instruction before lr is pushed to stack. Since
>>     paciasp acts like landing pads for function entry, no need to insert
>>     bti instruction before paciasp.
>>
>> 2. Authenticate lr with autiasp instruction after lr is poped from stack.
>>
>> Signed-off-by: Xu Kuohai <xukuohai@huawei.com>
> 
> This would need a rebase, but please also use the commit description to 
> provide
> some more details how this inter-operates wrt BPF infra such as tail 
> calls and
> BPF-2-BPF calls when we look back into this in few months from now.
> 
> Thanks,
> Daniel
> .

updated in v2, thanks.
diff mbox series

Patch

diff --git a/arch/arm64/net/bpf_jit.h b/arch/arm64/net/bpf_jit.h
index dd59b5ad8fe4..679c80aa1f2e 100644
--- a/arch/arm64/net/bpf_jit.h
+++ b/arch/arm64/net/bpf_jit.h
@@ -249,6 +249,9 @@ 
 /* HINTs */
 #define A64_HINT(x) aarch64_insn_gen_hint(x)
 
+#define A64_PACIASP A64_HINT(AARCH64_INSN_HINT_PACIASP)
+#define A64_AUTIASP A64_HINT(AARCH64_INSN_HINT_AUTIASP)
+
 /* BTI */
 #define A64_BTI_C  A64_HINT(AARCH64_INSN_HINT_BTIC)
 #define A64_BTI_J  A64_HINT(AARCH64_INSN_HINT_BTIJ)
diff --git a/arch/arm64/net/bpf_jit_comp.c b/arch/arm64/net/bpf_jit_comp.c
index e850c69e128c..5dcf45e5944e 100644
--- a/arch/arm64/net/bpf_jit_comp.c
+++ b/arch/arm64/net/bpf_jit_comp.c
@@ -192,7 +192,7 @@  static bool is_addsub_imm(u32 imm)
 }
 
 /* Tail call offset to jump into */
-#if IS_ENABLED(CONFIG_ARM64_BTI_KERNEL)
+#if IS_ENABLED(CONFIG_ARM64_BTI_KERNEL) || IS_ENABLED(CONFIG_ARM64_PTR_AUTH_KERNEL)
 #define PROLOGUE_OFFSET 8
 #else
 #define PROLOGUE_OFFSET 7
@@ -233,8 +233,11 @@  static int build_prologue(struct jit_ctx *ctx, bool ebpf_from_cbpf)
 	 *
 	 */
 
+	/* Sign lr */
+	if (IS_ENABLED(CONFIG_ARM64_PTR_AUTH_KERNEL))
+		emit(A64_PACIASP, ctx);
 	/* BTI landing pad */
-	if (IS_ENABLED(CONFIG_ARM64_BTI_KERNEL))
+	else if (IS_ENABLED(CONFIG_ARM64_BTI_KERNEL))
 		emit(A64_BTI_C, ctx);
 
 	/* Save FP and LR registers to stay align with ARM64 AAPCS */
@@ -529,6 +532,10 @@  static void build_epilogue(struct jit_ctx *ctx)
 	/* Set return value */
 	emit(A64_MOV(1, A64_R(0), r0), ctx);
 
+	/* Authenticate lr */
+	if (IS_ENABLED(CONFIG_ARM64_PTR_AUTH_KERNEL))
+		emit(A64_AUTIASP, ctx);
+
 	emit(A64_RET(A64_LR), ctx);
 }