[PATCH bpf-next v10 0/3] Support kCFI + BPF on arm64

Sami Tolvanen samitolvanen at google.com
Tue Jul 15 15:57:34 PDT 2025 

Hi folks,

These patches add KCFI types to arm64 BPF JIT output. Puranjay and
Maxwell have been working on this for some time now, but I haven't
seen any progress since June 2024, so I decided to pick up the latest
version[1] posted by Maxwell and fix the few remaining issues I
noticed. I confirmed that with these patches applied, I no longer see
CFI failures in jitted code when running BPF self-tests on arm64.

[1] https://lore.kernel.org/linux-arm-kernel/ptrugmna4xb5o5lo4xislf4rlz7avdmd4pfho5fjwtjj7v422u@iqrwfrbwuxrq/

Note that in order to enable CFI for jitted code, we need to define
__bpfcall in a file included by include/linux/bpf.h. In v10, I'm still
adding an include/asm/cfi.h header file for consistency with other
architectures, even though the file no longer contains anything else.
If you'd prefer to move this to another header file, I'm certainly
open to suggestions.

Sami

---
v10:
- Rebased to bpf-next/master again.
- Added a patch to moved duplicate type hash variables and helper
  functions to common CFI code.

v9: https://lore.kernel.org/bpf/20250505223437.3722164-4-samitolvanen@google.com/
- Rebased to bpf-next/master to fix merge x86 merge conflicts.
- Fixed checkpatch warnings about Co-developed-by tags and including
  <asm/cfi.h>.
- Picked up Tested-by tags.

v8: https://lore.kernel.org/bpf/20250310222942.1988975-4-samitolvanen@google.com/
- Changed DEFINE_CFI_TYPE to use .4byte to match __CFI_TYPE.
- Changed cfi_get_func_hash() to again use get_kernel_nofault().
- Fixed a panic in bpf_jit_free() by resetting prog->bpf_func before
  calling bpf_jit_binary_pack_hdr().

---
Mark Rutland (1):
  cfi: add C CFI type macro

Puranjay Mohan (1):
  arm64/cfi,bpf: Support kCFI + BPF on arm64

Sami Tolvanen (1):
  cfi: Move BPF CFI types and helpers to generic code

 arch/arm64/include/asm/cfi.h  |  7 +++++
 arch/arm64/net/bpf_jit_comp.c | 22 +++++++++++++--
 arch/riscv/include/asm/cfi.h  | 16 -----------
 arch/riscv/kernel/cfi.c       | 53 -----------------------------------
 arch/x86/include/asm/cfi.h    |  9 ------
 arch/x86/kernel/alternative.c | 37 ------------------------
 include/linux/cfi.h           | 37 ++++++++++++++++++------
 include/linux/cfi_types.h     | 23 +++++++++++++++
 kernel/cfi.c                  | 25 +++++++++++++++++
 9 files changed, 103 insertions(+), 126 deletions(-)
 create mode 100644 arch/arm64/include/asm/cfi.h


base-commit: e860a98c8aebd8de82c0ee901acf5a759acd4570
-- 
2.50.0.727.gbf7dc18ff4-goog

More information about the linux-arm-kernel mailing list