Re: [PATCH bpf 2/7] bpf/x86: prevent trampoline attachment when args... | netdev

[PATCH bpf 0/7] bpf: deny trampoline attachment if args can not be located exactly on stack · Alexis Lothoré (eBPF Foundation) <hidden> · 2025-06-13
[PATCH bpf 2/7] bpf/x86: prevent trampoline attachment when args location on stack is uncertain · Alexis Lothoré (eBPF Foundation) <hidden> · 2025-06-13
Re: [PATCH bpf 2/7] bpf/x86: prevent trampoline attachment when args location on stack is uncertain · Peter Zijlstra <peterz@infradead.org> · 2025-06-13
Re: [PATCH bpf 2/7] bpf/x86: prevent trampoline attachment when args location on stack is uncertain · Alexis Lothoré <hidden> · 2025-06-13
Re: [PATCH bpf 2/7] bpf/x86: prevent trampoline attachment when args location on stack is uncertain · Peter Zijlstra <peterz@infradead.org> · 2025-06-13
Re: [PATCH bpf 2/7] bpf/x86: prevent trampoline attachment when args location on stack is uncertain · Alexis Lothoré <hidden> · 2025-06-13
Re: [PATCH bpf 2/7] bpf/x86: prevent trampoline attachment when args location on stack is uncertain · Alexei Starovoitov <hidden> · 2025-06-13
Re: [PATCH bpf 2/7] bpf/x86: prevent trampoline attachment when args location on stack is uncertain · Alexis Lothoré <hidden> · 2025-06-15
Re: [PATCH bpf 2/7] bpf/x86: prevent trampoline attachment when args location on stack is uncertain · Alexei Starovoitov <hidden> · 2025-06-15
[PATCH bpf 1/7] bpf/x86: use define for max regs count used for arguments · Alexis Lothoré (eBPF Foundation) <hidden> · 2025-06-13
[PATCH bpf 3/7] bpf/riscv: prevent trampoline attachment when args location on stack is uncertain · Alexis Lothoré (eBPF Foundation) <hidden> · 2025-06-13
[PATCH bpf 4/7] bpf/s390: prevent trampoline attachment when args location on stack is uncertain · Alexis Lothoré (eBPF Foundation) <hidden> · 2025-06-13
[PATCH bpf 5/7] bpf/powerpc64: use define for max regs count used for arguments · Alexis Lothoré (eBPF Foundation) <hidden> · 2025-06-13
[PATCH bpf 6/7] bpf/powerpc64: prevent trampoline attachment when args location on stack is uncertain · Alexis Lothoré (eBPF Foundation) <hidden> · 2025-06-13
[PATCH bpf 7/7] selftests/bpf: ensure that functions passing structs on stack can not be hooked · Alexis Lothoré (eBPF Foundation) <hidden> · 2025-06-13

Re: [PATCH bpf 2/7] bpf/x86: prevent trampoline attachment when args location on stack is uncertain

From: Peter Zijlstra <peterz@infradead.org>
Date: 2025-06-13 08:11:58
Also in: bpf, linux-kselftest, linux-riscv, linux-s390, linuxppc-dev, lkml

On Fri, Jun 13, 2025 at 09:37:11AM +0200, Alexis Lothoré (eBPF Foundation) wrote:

When the target function receives more arguments than available
registers, the additional arguments are passed on stack, and so the
generated trampoline needs to read those to prepare the bpf context,
but also to prepare the target function stack when it is in charge of
calling it. This works well for scalar types, but if the value is a
struct, we can not know for sure the exact struct location, as it may
have been packed or manually aligned to a greater value.

https://refspecs.linuxbase.org/elf/x86_64-abi-0.99.pdf

Has fairly clear rules on how arguments are encoded. Broadly speaking
for the kernel, if the structure exceeds 2 registers in size, it is
passed as a reference, otherwise it is passed as two registers.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help