[PATCH v6 2/2] arm64: implement support for static call trampolines
Ard Biesheuvel
ardb at kernel.org
Thu Mar 12 11:35:34 PDT 2026
Hi Carlos,
On Thu, 12 Mar 2026, at 19:02, Carlos Llamas wrote:
> On Fri, Nov 05, 2021 at 03:59:17PM +0100, Ard Biesheuvel wrote:
>> Implement arm64 support for the 'unoptimized' static call variety, which
>> routes all calls through a single trampoline that is patched to perform a
>> tail call to the selected function.
>>
>> It is expected that the direct branch instruction will be able to cover
>> the common case. However, given that static call targets may be located
>> in modules loaded out of direct branching range, we need a fallback path
>> that loads the address into R16 and uses a branch-to-register (BR)
>> instruction to perform an indirect call.
>>
>> Unlike on x86, there is no pressing need on arm64 to avoid indirect
>> calls at all cost, but hiding it from the compiler as is done here does
>> have some benefits:
>> - the literal is located in .text, which gives us the same robustness
>> advantage that code patching does;
>> - no performance hit on CFI enabled Clang builds that decorate compiler
>> emitted indirect calls with branch target validity checks.
>>
>> Acked-by: Peter Zijlstra <peterz at infradead.org>
>> Signed-off-by: Ard Biesheuvel <ardb at kernel.org>
>> ---
>
> I'm starting to testing this out on top of 7.0-rc3...
>
Please use the v3 I referred to on the thread. The code patching is a bit hairy, and so we should only consider that if there is a real use case for it.
Same goes for the special handling of the ret0 case - AFAIR, the v3 handles that transparently as it will just use the generic RET0 handler as the target.
...
>
> A CFI crash was reported in [1]. Also, I was able to reproduce a CFI
> failure with just a simple "linux-perf" command. With this patchset I no
> longer see these issues. Awesome!
>
> [1] https://lore.kernel.org/all/YfrQzoIWyv9lNljh@google.com/
>
Awesome!
More information about the linux-arm-kernel
mailing list