Received: by 2002:a05:7412:8d10:b0:f3:1519:9f41 with SMTP id bj16csp1060640rdb; Wed, 6 Dec 2023 07:36:34 -0800 (PST) X-Google-Smtp-Source: AGHT+IGjSofLRTbJXxmoUqYejVC39ul5jTNuzEQPeNEUUuApBqoKxAb9ru4Xab81ybqiFiIZSKnk X-Received: by 2002:a05:6a00:1894:b0:6cb:4361:773c with SMTP id x20-20020a056a00189400b006cb4361773cmr1533733pfh.5.1701876993616; Wed, 06 Dec 2023 07:36:33 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701876993; cv=none; d=google.com; s=arc-20160816; b=RRdBXbbDpMNjElDAS0RB5yjsCKM9IgLuDuiuL+0tg8nVZGlfG3wSJWjHS0btlQuvhY eWLVudmv8Epu3xFwOouvmhM3dqLjj67tdUD5yrG6vWCeWNMiEnpBfSGMAqP7GNhSJHPN P1urEV7iIfX5a4Mzo/8ETWDRpizceGDObTWJUH13gYp13L8MHiBqt7HRpYIKvD0saoSB ZJ1M6zrddb0xEl+EugWkx6BvWGim9nJM0lXLnV9xu2I5kY3hgfb0v8qA9sb5vQzhEBXj mUvnhd6G8WqIZaKlFbUuclv0NRZR68ZQMpApXzXSgacZlUoEaAbXq2YcIcVlP/17qdfn pyxw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=34JGkeDw2fzo5aYJ5fytyFCmmA2EAJ4M9xy4pwn6wrM=; fh=31pHNESfIDSRXSirSss2cSA7Q2Y3tA2WaWyHSS2Dgno=; b=icE0cXLJ4WpMHHTb1kWLz+zyx6MMJx2434XOG/wzW4ALdcLDv0wibF2k+j4jCOZCy2 g92f+3oM4bUcO4UoTARAuVagLx+wEIXxPOveuo4/ViT7HIn9B3FJPtaT1qJTHmN6zPph VkqNGqQ1dIdp+nQ5mpAQ5RkCoo/maaIsqAmx8lwaEQ72oGtUTCz85oBiT6JLjme8WuOi YYghFO5SjvbWUUCSamolteaHkz38r6WLsyaFvN9clALWHzlAgQoGiW19UHgUIxDW3XCa 0giyi4fs619VQI9aTJ5CfaqpkV20RunRwJYDOi4Znwy8RKumgoLR2SF+brv++EM4Tu5G YSSA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@infradead.org header.s=casper.20170209 header.b=gTruqnlu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from fry.vger.email (fry.vger.email. [2620:137:e000::3:8]) by mx.google.com with ESMTPS id l24-20020a656818000000b005c635a9d1f2si78896pgt.156.2023.12.06.07.36.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Dec 2023 07:36:33 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) client-ip=2620:137:e000::3:8; Authentication-Results: mx.google.com; dkim=pass header.i=@infradead.org header.s=casper.20170209 header.b=gTruqnlu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id D29258032389; Wed, 6 Dec 2023 07:36:30 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1379209AbjLFPgR (ORCPT + 99 others); Wed, 6 Dec 2023 10:36:17 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54766 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1379142AbjLFPgQ (ORCPT ); Wed, 6 Dec 2023 10:36:16 -0500 Received: from casper.infradead.org (casper.infradead.org [IPv6:2001:8b0:10b:1236::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D39B4112; Wed, 6 Dec 2023 07:36:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=34JGkeDw2fzo5aYJ5fytyFCmmA2EAJ4M9xy4pwn6wrM=; b=gTruqnlu8eDmXa3L0iyeSD2Nnn ePXXo7+GcN32qytdrXaWYSLANmme4ALZxhg0JQlNFwM/MH4cviy77G8UNNHVpyThWd9OSqLjvfyjH n+hvMI4zCb/iJgc+nB2YqllaE+P53evNS/9fuIg8TOPrU7vxPv0Z2HgxAq+kGffHXcdGVjW87Znxc j4vkPvTk0bS8qgVSzZs8fcJ4jZGSyPTxTSPz0Q2sEpN7Cn7GkfA4d44EOHD4gLC5FjiKQEaNcynfB DtD725Qv+e8+0LnA0+qRxiZ5Qcjpt7or8VjiV6p28m3HroSjoRF0w57Lro7i//DTiB2B6gCrZJ6mU cXJtqFlQ==; Received: from j130084.upc-j.chello.nl ([24.132.130.84] helo=noisy.programming.kicks-ass.net) by casper.infradead.org with esmtpsa (Exim 4.94.2 #2 (Red Hat Linux)) id 1rAtw5-0031PW-8d; Wed, 06 Dec 2023 15:35:41 +0000 Received: by noisy.programming.kicks-ass.net (Postfix, from userid 1000) id 36B6E300451; Wed, 6 Dec 2023 16:35:40 +0100 (CET) Date: Wed, 6 Dec 2023 16:35:40 +0100 From: Peter Zijlstra To: Alexei Starovoitov Cc: Jiri Olsa , Song Liu , Song Liu , Paul Walmsley , Palmer Dabbelt , Albert Ou , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , X86 ML , "H. Peter Anvin" , "David S. Miller" , David Ahern , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Arnd Bergmann , Sami Tolvanen , Kees Cook , Nathan Chancellor , Nick Desaulniers , linux-riscv , LKML , Network Development , bpf , linux-arch , clang-built-linux , Josh Poimboeuf , Joao Moreira , Mark Rutland Subject: Re: [PATCH v2 2/2] x86/cfi,bpf: Fix BPF JIT call Message-ID: <20231206153540.GA36423@noisy.programming.kicks-ass.net> References: <20231130133630.192490507@infradead.org> <20231130134204.136058029@infradead.org> <20231204091334.GM3818@noisy.programming.kicks-ass.net> <20231204111128.GV8262@noisy.programming.kicks-ass.net> <20231204125239.GA1319@noisy.programming.kicks-ass.net> <20231204181614.GA7299@noisy.programming.kicks-ass.net> <20231204183354.GC7299@noisy.programming.kicks-ass.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Wed, 06 Dec 2023 07:36:31 -0800 (PST) On Mon, Dec 04, 2023 at 05:18:31PM -0800, Alexei Starovoitov wrote: > How about > +int get_cfi_offset(void) > +{ > + switch (cfi_mode) { > + case CFI_FINEIBT: > + return 16; > + case CFI_KCFI: > +#ifdef CONFIG_CALL_PADDING > + return 16; > +#else > + return 5; > +#endif > + default: > + return 0; > + } > +} Yeah, that works. I'll go make it happen. > Separately we need to deal with bpf_for_each_array_elem() > which doesn't look easy. > And fix tcp_set_ca_state() as well (which is even harder). > > Just to see where places like these are I did: > +__nocfi > BPF_CALL_4(bpf_loop, u32, nr_loops, void *, callback_fn, void *, callback_ctx, > +__nocfi > static long bpf_for_each_hash_elem(struct bpf_map *map, > bpf_callback_t callback_fn, > +__nocfi > static enum hrtimer_restart bpf_timer_cb(struct hrtimer *hrtimer) > +__nocfi > static int __bpf_rbtree_add(struct bpf_rb_root *root, > +__nocfi > BPF_CALL_4(bpf_user_ringbuf_drain, struct bpf_map *, map, > +__nocfi > void tcp_set_ca_state(struct sock *sk, const u8 ca_state) > +__nocfi > void tcp_init_congestion_control(struct sock *sk) > +__nocfi > void tcp_enter_loss(struct sock *sk) > +__nocfi > static void tcp_cong_avoid(struct sock *sk, u32 ack, u32 acked) > +__nocfi > static inline void tcp_in_ack_event(struct sock *sk, u32 flags) > > and more... Which is clearly not a direction to go. > > Instead of annotating callers is there a way to say that > all bpf_callback_t calls are nocfi? Well, ideally they would all actually use CFI, I'll go figure out how all this works and think about it. Thanks! > I feel the patches scratched the iceberg. Yeah, clearly :/ I'll go stare at it all.