[PATCH bpf-next v5 4/5] bpf, x86: Emit ENDBR for indirect jump targets
Xu Kuohai
xukuohai at huaweicloud.com
Wed Mar 4 05:03:28 PST 2026
On 3/4/2026 2:23 PM, Eduard Zingerman wrote:
> On Mon, 2026-03-02 at 18:27 +0800, Xu Kuohai wrote:
>
> [...]
>
>> @@ -2449,7 +2452,7 @@ st: if (is_imm8(insn->off))
>>
>> /* call */
>> case BPF_JMP | BPF_CALL: {
>> - u8 *ip = image + addrs[i - 1];
>> + u8 *ip = image + addrs[i - 1] + (prog - temp);
> ^^^^^^^^^^^^^
> Could you please comment a bit why this addend is needed?
>>
The temp buffer holds the JITed x86 instruction for each BPF instruction, and
prog variable points to the position in temp buffer where the next JITed x86
instruction will be written.
Since there may already be an ENDBR instruction in the temp buffer, which is
written when the current BPF instruction is an indirect jump target, we need to
add addend when computing the actual address of the JITed x86 instruction.
>> func = (u8 *) __bpf_call_base + imm32;
>> if (src_reg == BPF_PSEUDO_CALL && tail_call_reachable) {
>
> [...]
>
>
More information about the linux-arm-kernel
mailing list