Re: [PATCH bpf-next] bpf, arm64: sign return address for jited code
From: Daniel Borkmann
Date: Fri Apr 01 2022 - 16:24:50 EST
On 3/18/22 11:29 AM, Xu Kuohai wrote:
Sign return address for jited code when the kernel is built with pointer
authentication enabled.
1. Sign lr with paciasp instruction before lr is pushed to stack. Since
paciasp acts like landing pads for function entry, no need to insert
bti instruction before paciasp.
2. Authenticate lr with autiasp instruction after lr is poped from stack.
Signed-off-by: Xu Kuohai <xukuohai@xxxxxxxxxx>
This would need a rebase, but please also use the commit description to provide
some more details how this inter-operates wrt BPF infra such as tail calls and
BPF-2-BPF calls when we look back into this in few months from now.
Thanks,
Daniel