[bpf-next v6 1/5] bpf: Move constants blinding from JIT to verifier

Xu Kuohai xukuohai at huaweicloud.com
Fri Mar 6 19:10:22 PST 2026 

On 3/7/2026 2:30 AM, Alexei Starovoitov wrote:
> On Fri, Mar 6, 2026 at 1:56 AM Xu Kuohai <xukuohai at huaweicloud.com> wrote:
>>
>> From: Xu Kuohai <xukuohai at huawei.com>
>>
>> During the JIT stage, constants blinding rewrites instructions but only
>> rewrites the private instruction copy of the JITed subprog, leaving the
>> global instructions and insn_aux_data unchanged. This causes a mismatch
>> between subprog instructions and the global state, making it difficult
>> to look up the global insn_aux_data in the JIT.
>>
>> To avoid this mismatch, and given that all arch-specific JITs already
>> support constants blinding, move it to the generic verifier code, and
>> switch to rewrite the global env->insnsi with the global states
>> adjusted, as other rewrites in the verifier do.
>>
>> This removes the constant blinding calls in each JIT, which are largely
>> duplicated code across architectures.
>>
>> And the prog clone functions and insn_array adjustment for the JIT
>> constant blinding are no longer needed, remove them too.
>>
>> Signed-off-by: Xu Kuohai <xukuohai at huawei.com>
>> ---
>>   arch/arc/net/bpf_jit_core.c      |  20 +--
>>   arch/arm/net/bpf_jit_32.c        |  41 +----
>>   arch/arm64/net/bpf_jit_comp.c    |  59 ++-----
>>   arch/loongarch/net/bpf_jit.c     |  50 ++----
>>   arch/mips/net/bpf_jit_comp.c     |  20 +--
>>   arch/parisc/net/bpf_jit_core.c   |  38 +----
>>   arch/powerpc/net/bpf_jit_comp.c  |  45 ++----
>>   arch/riscv/net/bpf_jit_core.c    |  45 ++----
>>   arch/s390/net/bpf_jit_comp.c     |  41 +----
>>   arch/sparc/net/bpf_jit_comp_64.c |  41 +----
>>   arch/x86/net/bpf_jit_comp.c      |  40 +----
>>   arch/x86/net/bpf_jit_comp32.c    |  33 +---
>>   include/linux/filter.h           |   3 -
>>   kernel/bpf/core.c                | 263 -------------------------------
>>   kernel/bpf/verifier.c            | 215 +++++++++++++++++++++++--
>>   15 files changed, 288 insertions(+), 666 deletions(-)
> 
> JIT changes are fine, but pls don't move main
> bpf_jit_blind* logic from core.c.
> It makes the diff unnecessary big.
>

ok, will leave it there

> pw-bot: cr

More information about the linux-arm-kernel mailing list