x86/ibt: Optimize the FineIBT instruction sequence

Scott notes that non-taken branches are faster. Abuse overlapping code that traps instead of explicit UD2 instructions. And LEA does not modify flags and will have less dependencies. Suggested-by: Scott Constable <scott.d.constable@intel.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Signed-off-by: Ingo Molnar <mingo@kernel.org> Reviewed-by: Kees Cook <kees@kernel.org> Link: https://lore.kernel.org/r/20250224124200.371942555@infradead.org
author: Peter Zijlstra <peterz@infradead.org> 2025-02-24 13:37:08 +0100
committer: Ingo Molnar <mingo@kernel.org> 2025-02-26 12:24:09 +0100
commit: 06926c6cdb955bf24521d4e13af95b4d062d02d0 (patch)
tree: ba8f9d9d2c26983f3b3968d8e7ff22776e3057cd /arch/x86/net/bpf_jit_comp.c
parent: x86/traps: Allow custom fixups in handle_bug() (diff)
download: linux-06926c6cdb955bf24521d4e13af95b4d062d02d0.tar.gz
linux-06926c6cdb955bf24521d4e13af95b4d062d02d0.zip
1 files changed, 2 insertions, 3 deletions
diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c
index f36508b67278..ce033e63bc27 100644
--- a/arch/x86/net/bpf_jit_comp.c
+++ b/arch/x86/net/bpf_jit_comp.c
@@ -417,9 +417,8 @@ static void emit_fineibt(u8 **pprog, u32 hash)
 
 	EMIT_ENDBR();
 	EMIT3_off32(0x41, 0x81, 0xea, hash);		/* subl $hash, %r10d	*/
-	EMIT2(0x74, 0x07);				/* jz.d8 +7		*/
-	EMIT2(0x0f, 0x0b);				/* ud2			*/
-	EMIT1(0x90);					/* nop			*/
+	EMIT2(0x75, 0xf9);				/* jne.d8 .-7		*/
+	EMIT3(0x0f, 0x1f, 0x00);			/* nop3			*/
 	EMIT_ENDBR_POISON();
 
 	*pprog = prog;
author	Peter Zijlstra <peterz@infradead.org>	2025-02-24 13:37:08 +0100
committer	Ingo Molnar <mingo@kernel.org>	2025-02-26 12:24:09 +0100
commit	06926c6cdb955bf24521d4e13af95b4d062d02d0 (patch)
tree	ba8f9d9d2c26983f3b3968d8e7ff22776e3057cd /arch/x86/net/bpf_jit_comp.c
parent	x86/traps: Allow custom fixups in handle_bug() (diff)
download	linux-06926c6cdb955bf24521d4e13af95b4d062d02d0.tar.gz linux-06926c6cdb955bf24521d4e13af95b4d062d02d0.zip