Re: [PATCH bpf-next v10 4/5] bpf, x86: Emit ENDBR for indirect jump targets

Next message: Sheetal: "[PATCH v3 13/14] ASoC: tegra: Use dev_err_probe() in tegra_asoc_machine probe"
Previous message: Sheetal: "[PATCH v3 08/14] ASoC: tegra: Add error logging in tegra210_i2s driver"
In reply to: Xu Kuohai: "[PATCH bpf-next v10 4/5] bpf, x86: Emit ENDBR for indirect jump targets"
Next in thread: Xu Kuohai: "[PATCH bpf-next v10 1/5] bpf: Move constants blinding out of arch-specific JITs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Leon Hwang

Date: Wed Mar 25 2026 - 06:19:58 EST

On Tue, Mar 24, 2026 at 08:20:51PM +0800, Xu Kuohai wrote:
>From: Xu Kuohai <xukuohai@xxxxxxxxxx>
>
>On CPUs that support CET/IBT, the indirect jump selftest triggers
>a kernel panic because the indirect jump targets lack ENDBR
>instructions.
>
>To fix it, emit an ENDBR instruction to each indirect jump target. Since
>the ENDBR instruction shifts the position of original jited instructions,
>fix the instruction address calculation wherever the addresses are used.
>
>For reference, below is a sample panic log.
>
> Missing ENDBR: bpf_prog_2e5f1c71c13ac3e0_big_jump_table+0x97/0xe1
> ------------[ cut here ]------------
> kernel BUG at arch/x86/kernel/cet.c:133!
> Oops: invalid opcode: 0000 [#1] SMP NOPTI
>
> ...
>
> ? 0xffffffffc00fb258
> ? bpf_prog_2e5f1c71c13ac3e0_big_jump_table+0x97/0xe1
> bpf_prog_test_run_syscall+0x110/0x2f0
> ? fdget+0xba/0xe0
> __sys_bpf+0xe4b/0x2590
> ? __kmalloc_node_track_caller_noprof+0x1c7/0x680
> ? bpf_prog_test_run_syscall+0x215/0x2f0
> __x64_sys_bpf+0x21/0x30
> do_syscall_64+0x85/0x620
> ? bpf_prog_test_run_syscall+0x1e2/0x2f0
>
>Fixes: 493d9e0d6083 ("bpf, x86: add support for indirect jumps")
>Reviewed-by: Anton Protopopov <a.s.protopopov@xxxxxxxxx>
>Signed-off-by: Xu Kuohai <xukuohai@xxxxxxxxxx>

Acked-by: Leon Hwang <leon.hwang@xxxxxxxxx>

[...]