Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp1106728imm; Fri, 22 Jun 2018 10:25:20 -0700 (PDT) X-Google-Smtp-Source: ADUXVKLT2cqNEESLQYF3tB35ARe2UlqL+KwjFO9aIswipufPIJ4FC2mmi3xNya6dOqifWs5Et1sH X-Received: by 2002:a17:902:8bc6:: with SMTP id r6-v6mr2528684plo.257.1529688320291; Fri, 22 Jun 2018 10:25:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1529688320; cv=none; d=google.com; s=arc-20160816; b=y1AoHNjZM1jAxI6P5VsX75k+RA6++JQrLzNa6SEx5duHLAxsd8fbzmS72dm5h7blew R6uboJTb+xnBIfylevUuGvHgMtOUJMKrJyEGuj+HJC0tyDl+57E8a1QfQ7/mi8WmNhUU 0sIEiAJj419C6mnUDJk16rrk0KcbBlYxL48QdlhlbbJuKVH0n2oeCwIuT8ClOyIwGZPP sJz5w+0X0pBbH5AG3ZBJkBYuiFFSS2X6XFiZwNlPxXFr5rIaJMJMSvPM5TGEy92utdkH Oom7Z/kgeKfpsHvFPE/izEtMenRqHRFPOEwCx9EiGIkNNsINUo5gKJA+h13zHTHimJRF c2HA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:arc-authentication-results; bh=toGS6ZFS7zYJ0m7I/Q0J1qFLejytXd1DXYLf27fGVlA=; b=egbML+c622GVDWKJGoyfP8Pd1AkywySo1E8pJFJeF5fzvFfXP5H2oVa7j5auYwC27+ hC3P4XtmFwMxVhlf6EYZ6GwrWn/nl2Jw1CBJAuOf3at1aOx2o4t32Kcn4P+mx143Pw9W yGDc0Ae0i33rl2EQnobY6rmEw5VQxm8zUYhzuHXTVMTRS8w+fpQTFdg0+PcCd9+hllOk EUXSGZt0SPHyAVZvs/PfKvccZLG5w0JA4ca4FWds9sGGXeVVaCnSSTG0V4WNfwOHa492 2nQvKExZDPdxTJ/xpuGLBd6rjGzJcthKkCh0ufsM00UqmVboc2TBYt2M5RZQkS9fBVjM DdGQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=vmware.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u21-v6si8181212plj.130.2018.06.22.10.25.05; Fri, 22 Jun 2018 10:25:20 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=vmware.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933976AbeFVRWq (ORCPT + 99 others); Fri, 22 Jun 2018 13:22:46 -0400 Received: from ex13-edg-ou-002.vmware.com ([208.91.0.190]:11295 "EHLO EX13-EDG-OU-002.vmware.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932981AbeFVRWm (ORCPT ); Fri, 22 Jun 2018 13:22:42 -0400 Received: from sc9-mailhost3.vmware.com (10.113.161.73) by EX13-EDG-OU-002.vmware.com (10.113.208.156) with Microsoft SMTP Server id 15.0.1156.6; Fri, 22 Jun 2018 10:22:34 -0700 Received: from sc2-haas01-esx0118.eng.vmware.com (sc2-haas01-esx0118.eng.vmware.com [10.172.44.118]) by sc9-mailhost3.vmware.com (Postfix) with ESMTP id E07394062D; Fri, 22 Jun 2018 10:22:41 -0700 (PDT) From: Nadav Amit To: , CC: Nadav Amit , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Kees Cook , Jan Beulich , Josh Poimboeuf Subject: [PATCH v6 3/9] x86: refcount: prevent gcc distortions Date: Fri, 22 Jun 2018 10:22:06 -0700 Message-ID: <20180622172212.199633-4-namit@vmware.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180622172212.199633-1-namit@vmware.com> References: <20180622172212.199633-1-namit@vmware.com> MIME-Version: 1.0 Content-Type: text/plain Received-SPF: None (EX13-EDG-OU-002.vmware.com: namit@vmware.com does not designate permitted sender hosts) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org GCC considers the number of statements in inlined assembly blocks, according to new-lines and semicolons, as an indication to the cost of the block in time and space. This data is distorted by the kernel code, which puts information in alternative sections. As a result, the compiler may perform incorrect inlining and branch optimizations. The solution is to set an assembly macro and call it from the inlined assembly block. As a result GCC considers the inline assembly block as a single instruction. This patch allows to inline functions such as __get_seccomp_filter(). Interestingly, this allows more aggressive inlining while reducing the kernel size. text data bss dec hex filename 18140970 10225412 2957312 31323694 1ddf62e ./vmlinux before 18140140 10225284 2957312 31322736 1ddf270 ./vmlinux after (-958) Static text symbols: Before: 40302 After: 40286 (-16) Functions such as kref_get(), free_user(), fuse_file_get() now get inlined. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: x86@kernel.org Cc: Kees Cook Cc: Jan Beulich Cc: Josh Poimboeuf Acked-by: Peter Zijlstra (Intel) Signed-off-by: Nadav Amit --- arch/x86/include/asm/refcount.h | 74 ++++++++++++++++++++------------- arch/x86/kernel/macros.S | 1 + 2 files changed, 46 insertions(+), 29 deletions(-) diff --git a/arch/x86/include/asm/refcount.h b/arch/x86/include/asm/refcount.h index 4cf11d88d3b3..6b2809a4d8e9 100644 --- a/arch/x86/include/asm/refcount.h +++ b/arch/x86/include/asm/refcount.h @@ -4,6 +4,41 @@ * x86-specific implementation of refcount_t. Based on PAX_REFCOUNT from * PaX/grsecurity. */ + +#ifdef __ASSEMBLY__ + +#include +#include + +.macro REFCOUNT_EXCEPTION counter:req + .pushsection .text..refcount +111: lea \counter, %_ASM_CX +112: ud2 + ASM_UNREACHABLE + .popsection +113: _ASM_EXTABLE_REFCOUNT(112b, 113b) +.endm + +/* Trigger refcount exception if refcount result is negative. */ +.macro REFCOUNT_CHECK_LT_ZERO counter:req + js 111f + REFCOUNT_EXCEPTION counter="\counter" +.endm + +/* Trigger refcount exception if refcount result is zero or negative. */ +.macro REFCOUNT_CHECK_LE_ZERO counter:req + jz 111f + REFCOUNT_CHECK_LT_ZERO counter="\counter" +.endm + +/* Trigger refcount exception unconditionally. */ +.macro REFCOUNT_ERROR counter:req + jmp 111f + REFCOUNT_EXCEPTION counter="\counter" +.endm + +#else /* __ASSEMBLY__ */ + #include /* @@ -14,34 +49,11 @@ * central refcount exception. The fixup address for the exception points * back to the regular execution flow in .text. */ -#define _REFCOUNT_EXCEPTION \ - ".pushsection .text..refcount\n" \ - "111:\tlea %[counter], %%" _ASM_CX "\n" \ - "112:\t" ASM_UD2 "\n" \ - ASM_UNREACHABLE \ - ".popsection\n" \ - "113:\n" \ - _ASM_EXTABLE_REFCOUNT(112b, 113b) - -/* Trigger refcount exception if refcount result is negative. */ -#define REFCOUNT_CHECK_LT_ZERO \ - "js 111f\n\t" \ - _REFCOUNT_EXCEPTION - -/* Trigger refcount exception if refcount result is zero or negative. */ -#define REFCOUNT_CHECK_LE_ZERO \ - "jz 111f\n\t" \ - REFCOUNT_CHECK_LT_ZERO - -/* Trigger refcount exception unconditionally. */ -#define REFCOUNT_ERROR \ - "jmp 111f\n\t" \ - _REFCOUNT_EXCEPTION static __always_inline void refcount_add(unsigned int i, refcount_t *r) { asm volatile(LOCK_PREFIX "addl %1,%0\n\t" - REFCOUNT_CHECK_LT_ZERO + "REFCOUNT_CHECK_LT_ZERO counter=\"%[counter]\"" : [counter] "+m" (r->refs.counter) : "ir" (i) : "cc", "cx"); @@ -50,7 +62,7 @@ static __always_inline void refcount_add(unsigned int i, refcount_t *r) static __always_inline void refcount_inc(refcount_t *r) { asm volatile(LOCK_PREFIX "incl %0\n\t" - REFCOUNT_CHECK_LT_ZERO + "REFCOUNT_CHECK_LT_ZERO counter=\"%[counter]\"" : [counter] "+m" (r->refs.counter) : : "cc", "cx"); } @@ -58,7 +70,7 @@ static __always_inline void refcount_inc(refcount_t *r) static __always_inline void refcount_dec(refcount_t *r) { asm volatile(LOCK_PREFIX "decl %0\n\t" - REFCOUNT_CHECK_LE_ZERO + "REFCOUNT_CHECK_LE_ZERO counter=\"%[counter]\"" : [counter] "+m" (r->refs.counter) : : "cc", "cx"); } @@ -66,13 +78,15 @@ static __always_inline void refcount_dec(refcount_t *r) static __always_inline __must_check bool refcount_sub_and_test(unsigned int i, refcount_t *r) { - GEN_BINARY_SUFFIXED_RMWcc(LOCK_PREFIX "subl", REFCOUNT_CHECK_LT_ZERO, + GEN_BINARY_SUFFIXED_RMWcc(LOCK_PREFIX "subl", + "REFCOUNT_CHECK_LT_ZERO counter=\"%0\"", r->refs.counter, "er", i, "%0", e, "cx"); } static __always_inline __must_check bool refcount_dec_and_test(refcount_t *r) { - GEN_UNARY_SUFFIXED_RMWcc(LOCK_PREFIX "decl", REFCOUNT_CHECK_LT_ZERO, + GEN_UNARY_SUFFIXED_RMWcc(LOCK_PREFIX "decl", + "REFCOUNT_CHECK_LT_ZERO counter=\"%0\"", r->refs.counter, "%0", e, "cx"); } @@ -90,7 +104,7 @@ bool refcount_add_not_zero(unsigned int i, refcount_t *r) /* Did we try to increment from/to an undesirable state? */ if (unlikely(c < 0 || c == INT_MAX || result < c)) { - asm volatile(REFCOUNT_ERROR + asm volatile("REFCOUNT_ERROR counter=\"%[counter]\"" : : [counter] "m" (r->refs.counter) : "cc", "cx"); break; @@ -106,4 +120,6 @@ static __always_inline __must_check bool refcount_inc_not_zero(refcount_t *r) return refcount_add_not_zero(1, r); } +#endif /* __ASSEMBLY__ */ + #endif diff --git a/arch/x86/kernel/macros.S b/arch/x86/kernel/macros.S index cee28c3246dc..f1fe1d570365 100644 --- a/arch/x86/kernel/macros.S +++ b/arch/x86/kernel/macros.S @@ -7,3 +7,4 @@ */ #include +#include -- 2.17.1