Re: [PATCH bpf-next v5 4/5] bpf, x86: Emit ENDBR for indirect jump targets

Next message: Christian Schoenebeck: "Re: [PATCH v3 4/4] 9p: Enable symlink caching in page cache"
Previous message: Christian Brauner: "Re: Possible newline injection into fdinfo"
In reply to: Eduard Zingerman: "Re: [PATCH bpf-next v5 4/5] bpf, x86: Emit ENDBR for indirect jump targets"
Next in thread: kernel test robot: "Re: [PATCH bpf-next v5 4/5] bpf, x86: Emit ENDBR for indirect jump targets"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Xu Kuohai

Date: Wed Mar 04 2026 - 08:03:57 EST

On 3/4/2026 2:23 PM, Eduard Zingerman wrote:

On Mon, 2026-03-02 at 18:27 +0800, Xu Kuohai wrote:

[...]

@@ -2449,7 +2452,7 @@ st: if (is_imm8(insn->off))
/* call */
case BPF_JMP | BPF_CALL: {
- u8 *ip = image + addrs[i - 1];
+ u8 *ip = image + addrs[i - 1] + (prog - temp);

^^^^^^^^^^^^^
Could you please comment a bit why this addend is needed?

The temp buffer holds the JITed x86 instruction for each BPF instruction, and
prog variable points to the position in temp buffer where the next JITed x86
instruction will be written.

Since there may already be an ENDBR instruction in the temp buffer, which is
written when the current BPF instruction is an indirect jump target, we need to
add addend when computing the actual address of the JITed x86 instruction.

func = (u8 *) __bpf_call_base + imm32;
if (src_reg == BPF_PSEUDO_CALL && tail_call_reachable) {

[...]