From: Greg Kroah-Hartman Date: Wed, 12 Nov 2025 11:03:17 +0000 (-0500) Subject: drop bpftool patch X-Git-Tag: v6.12.58~2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=0ac1c81a2fd41cfca366d4cd943af1beafe57e83;p=thirdparty%2Fkernel%2Fstable-queue.git drop bpftool patch --- diff --git a/queue-6.12/bpftool-add-cet-aware-symbol-matching-for-x86_64-arc.patch b/queue-6.12/bpftool-add-cet-aware-symbol-matching-for-x86_64-arc.patch deleted file mode 100644 index 60fc8afca4..0000000000 --- a/queue-6.12/bpftool-add-cet-aware-symbol-matching-for-x86_64-arc.patch +++ /dev/null @@ -1,126 +0,0 @@ -From 86078ae3096fc090675d53d2c9462a0720c797fa Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Fri, 29 Aug 2025 07:11:07 +0100 -Subject: bpftool: Add CET-aware symbol matching for x86_64 architectures - -From: Yuan Chen - -[ Upstream commit 6417ca85305ecaffef13cf9063ac35da8fba8500 ] - -Adjust symbol matching logic to account for Control-flow Enforcement -Technology (CET) on x86_64 systems. CET prefixes functions with -a 4-byte 'endbr' instruction, shifting the actual hook entry point to -symbol + 4. - -Signed-off-by: Yuan Chen -Signed-off-by: Daniel Borkmann -Acked-by: Quentin Monnet -Acked-by: Yonghong Song -Acked-by: Jiri Olsa -Link: https://lore.kernel.org/bpf/20250829061107.23905-3-chenyuan_fl@163.com -Signed-off-by: Sasha Levin ---- - tools/bpf/bpftool/link.c | 54 +++++++++++++++++++++++++++++++++++++--- - 1 file changed, 50 insertions(+), 4 deletions(-) - -diff --git a/tools/bpf/bpftool/link.c b/tools/bpf/bpftool/link.c -index 5cd503b763d72..9ce15febc6f25 100644 ---- a/tools/bpf/bpftool/link.c -+++ b/tools/bpf/bpftool/link.c -@@ -282,11 +282,52 @@ get_addr_cookie_array(__u64 *addrs, __u64 *cookies, __u32 count) - return data; - } - -+static bool is_x86_ibt_enabled(void) -+{ -+#if defined(__x86_64__) -+ struct kernel_config_option options[] = { -+ { "CONFIG_X86_KERNEL_IBT", }, -+ }; -+ char *values[ARRAY_SIZE(options)] = { }; -+ bool ret; -+ -+ if (read_kernel_config(options, ARRAY_SIZE(options), values, NULL)) -+ return false; -+ -+ ret = !!values[0]; -+ free(values[0]); -+ return ret; -+#else -+ return false; -+#endif -+} -+ -+static bool -+symbol_matches_target(__u64 sym_addr, __u64 target_addr, bool is_ibt_enabled) -+{ -+ if (sym_addr == target_addr) -+ return true; -+ -+ /* -+ * On x86_64 architectures with CET (Control-flow Enforcement Technology), -+ * function entry points have a 4-byte 'endbr' instruction prefix. -+ * This causes kprobe hooks to target the address *after* 'endbr' -+ * (symbol address + 4), preserving the CET instruction. -+ * Here we check if the symbol address matches the hook target address -+ * minus 4, indicating a CET-enabled function entry point. -+ */ -+ if (is_ibt_enabled && sym_addr == target_addr - 4) -+ return true; -+ -+ return false; -+} -+ - static void - show_kprobe_multi_json(struct bpf_link_info *info, json_writer_t *wtr) - { - struct addr_cookie *data; - __u32 i, j = 0; -+ bool is_ibt_enabled; - - jsonw_bool_field(json_wtr, "retprobe", - info->kprobe_multi.flags & BPF_F_KPROBE_MULTI_RETURN); -@@ -306,11 +347,13 @@ show_kprobe_multi_json(struct bpf_link_info *info, json_writer_t *wtr) - if (!dd.sym_count) - goto error; - -+ is_ibt_enabled = is_x86_ibt_enabled(); - for (i = 0; i < dd.sym_count; i++) { -- if (dd.sym_mapping[i].address != data[j].addr) -+ if (!symbol_matches_target(dd.sym_mapping[i].address, -+ data[j].addr, is_ibt_enabled)) - continue; - jsonw_start_object(json_wtr); -- jsonw_uint_field(json_wtr, "addr", dd.sym_mapping[i].address); -+ jsonw_uint_field(json_wtr, "addr", (unsigned long)data[j].addr); - jsonw_string_field(json_wtr, "func", dd.sym_mapping[i].name); - /* Print null if it is vmlinux */ - if (dd.sym_mapping[i].module[0] == '\0') { -@@ -716,6 +759,7 @@ static void show_kprobe_multi_plain(struct bpf_link_info *info) - { - struct addr_cookie *data; - __u32 i, j = 0; -+ bool is_ibt_enabled; - - if (!info->kprobe_multi.count) - return; -@@ -739,12 +783,14 @@ static void show_kprobe_multi_plain(struct bpf_link_info *info) - if (!dd.sym_count) - goto error; - -+ is_ibt_enabled = is_x86_ibt_enabled(); - printf("\n\t%-16s %-16s %s", "addr", "cookie", "func [module]"); - for (i = 0; i < dd.sym_count; i++) { -- if (dd.sym_mapping[i].address != data[j].addr) -+ if (!symbol_matches_target(dd.sym_mapping[i].address, -+ data[j].addr, is_ibt_enabled)) - continue; - printf("\n\t%016lx %-16llx %s", -- dd.sym_mapping[i].address, data[j].cookie, dd.sym_mapping[i].name); -+ (unsigned long)data[j].addr, data[j].cookie, dd.sym_mapping[i].name); - if (dd.sym_mapping[i].module[0] != '\0') - printf(" [%s] ", dd.sym_mapping[i].module); - else --- -2.51.0 - diff --git a/queue-6.12/series b/queue-6.12/series index 05dc8a8e0f..d3d84e0a59 100644 --- a/queue-6.12/series +++ b/queue-6.12/series @@ -103,7 +103,6 @@ libbpf-fix-usdt-sib-argument-handling-causing-unreco.patch selftests-bpf-fix-bpf_prog_detach2-usage-in-test_lir.patch cpufreq-longhaul-handle-null-policy-in-longhaul_exit.patch arc-fix-__fls-const-foldability-via-__builtin_clzl.patch -bpftool-add-cet-aware-symbol-matching-for-x86_64-arc.patch selftests-bpf-upon-failures-exit-with-code-1-in-test.patch irqchip-gic-v2m-handle-multiple-msi-base-irq-alignme.patch acpi-prm-skip-handlers-with-null-handler_address-or-.patch diff --git a/queue-6.17/bpftool-add-cet-aware-symbol-matching-for-x86_64-arc.patch b/queue-6.17/bpftool-add-cet-aware-symbol-matching-for-x86_64-arc.patch deleted file mode 100644 index dfe01eb2a7..0000000000 --- a/queue-6.17/bpftool-add-cet-aware-symbol-matching-for-x86_64-arc.patch +++ /dev/null @@ -1,126 +0,0 @@ -From 38363fa867fbe7e039ca75eda7cc651bbcef15aa Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Fri, 29 Aug 2025 07:11:07 +0100 -Subject: bpftool: Add CET-aware symbol matching for x86_64 architectures - -From: Yuan Chen - -[ Upstream commit 6417ca85305ecaffef13cf9063ac35da8fba8500 ] - -Adjust symbol matching logic to account for Control-flow Enforcement -Technology (CET) on x86_64 systems. CET prefixes functions with -a 4-byte 'endbr' instruction, shifting the actual hook entry point to -symbol + 4. - -Signed-off-by: Yuan Chen -Signed-off-by: Daniel Borkmann -Acked-by: Quentin Monnet -Acked-by: Yonghong Song -Acked-by: Jiri Olsa -Link: https://lore.kernel.org/bpf/20250829061107.23905-3-chenyuan_fl@163.com -Signed-off-by: Sasha Levin ---- - tools/bpf/bpftool/link.c | 54 +++++++++++++++++++++++++++++++++++++--- - 1 file changed, 50 insertions(+), 4 deletions(-) - -diff --git a/tools/bpf/bpftool/link.c b/tools/bpf/bpftool/link.c -index a773e05d5ade4..bdcd717b0348f 100644 ---- a/tools/bpf/bpftool/link.c -+++ b/tools/bpf/bpftool/link.c -@@ -282,11 +282,52 @@ get_addr_cookie_array(__u64 *addrs, __u64 *cookies, __u32 count) - return data; - } - -+static bool is_x86_ibt_enabled(void) -+{ -+#if defined(__x86_64__) -+ struct kernel_config_option options[] = { -+ { "CONFIG_X86_KERNEL_IBT", }, -+ }; -+ char *values[ARRAY_SIZE(options)] = { }; -+ bool ret; -+ -+ if (read_kernel_config(options, ARRAY_SIZE(options), values, NULL)) -+ return false; -+ -+ ret = !!values[0]; -+ free(values[0]); -+ return ret; -+#else -+ return false; -+#endif -+} -+ -+static bool -+symbol_matches_target(__u64 sym_addr, __u64 target_addr, bool is_ibt_enabled) -+{ -+ if (sym_addr == target_addr) -+ return true; -+ -+ /* -+ * On x86_64 architectures with CET (Control-flow Enforcement Technology), -+ * function entry points have a 4-byte 'endbr' instruction prefix. -+ * This causes kprobe hooks to target the address *after* 'endbr' -+ * (symbol address + 4), preserving the CET instruction. -+ * Here we check if the symbol address matches the hook target address -+ * minus 4, indicating a CET-enabled function entry point. -+ */ -+ if (is_ibt_enabled && sym_addr == target_addr - 4) -+ return true; -+ -+ return false; -+} -+ - static void - show_kprobe_multi_json(struct bpf_link_info *info, json_writer_t *wtr) - { - struct addr_cookie *data; - __u32 i, j = 0; -+ bool is_ibt_enabled; - - jsonw_bool_field(json_wtr, "retprobe", - info->kprobe_multi.flags & BPF_F_KPROBE_MULTI_RETURN); -@@ -306,11 +347,13 @@ show_kprobe_multi_json(struct bpf_link_info *info, json_writer_t *wtr) - if (!dd.sym_count) - goto error; - -+ is_ibt_enabled = is_x86_ibt_enabled(); - for (i = 0; i < dd.sym_count; i++) { -- if (dd.sym_mapping[i].address != data[j].addr) -+ if (!symbol_matches_target(dd.sym_mapping[i].address, -+ data[j].addr, is_ibt_enabled)) - continue; - jsonw_start_object(json_wtr); -- jsonw_uint_field(json_wtr, "addr", dd.sym_mapping[i].address); -+ jsonw_uint_field(json_wtr, "addr", (unsigned long)data[j].addr); - jsonw_string_field(json_wtr, "func", dd.sym_mapping[i].name); - /* Print null if it is vmlinux */ - if (dd.sym_mapping[i].module[0] == '\0') { -@@ -719,6 +762,7 @@ static void show_kprobe_multi_plain(struct bpf_link_info *info) - { - struct addr_cookie *data; - __u32 i, j = 0; -+ bool is_ibt_enabled; - - if (!info->kprobe_multi.count) - return; -@@ -742,12 +786,14 @@ static void show_kprobe_multi_plain(struct bpf_link_info *info) - if (!dd.sym_count) - goto error; - -+ is_ibt_enabled = is_x86_ibt_enabled(); - printf("\n\t%-16s %-16s %s", "addr", "cookie", "func [module]"); - for (i = 0; i < dd.sym_count; i++) { -- if (dd.sym_mapping[i].address != data[j].addr) -+ if (!symbol_matches_target(dd.sym_mapping[i].address, -+ data[j].addr, is_ibt_enabled)) - continue; - printf("\n\t%016lx %-16llx %s", -- dd.sym_mapping[i].address, data[j].cookie, dd.sym_mapping[i].name); -+ (unsigned long)data[j].addr, data[j].cookie, dd.sym_mapping[i].name); - if (dd.sym_mapping[i].module[0] != '\0') - printf(" [%s] ", dd.sym_mapping[i].module); - else --- -2.51.0 - diff --git a/queue-6.17/series b/queue-6.17/series index 870cfda81a..0ceac2fbeb 100644 --- a/queue-6.17/series +++ b/queue-6.17/series @@ -142,7 +142,6 @@ cpufreq-longhaul-handle-null-policy-in-longhaul_exit.patch firmware-qcom-scm-allow-qseecom-on-dell-inspiron-744.patch kselftest-arm64-tpidr2-switch-to-waitpid-over-wait4.patch arc-fix-__fls-const-foldability-via-__builtin_clzl.patch -bpftool-add-cet-aware-symbol-matching-for-x86_64-arc.patch selftests-bpf-upon-failures-exit-with-code-1-in-test.patch irqchip-gic-v2m-handle-multiple-msi-base-irq-alignme.patch acpi-prm-skip-handlers-with-null-handler_address-or-.patch