Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp1028375imu; Fri, 9 Nov 2018 09:46:56 -0800 (PST) X-Google-Smtp-Source: AJdET5dlV6+aUnoSwiNW+j2bY6zv34mDwOx+WVFvuOG62dhyBf0jLII3j7C0LCOjwLKej19W6SWi X-Received: by 2002:a63:ff62:: with SMTP id s34mr8290774pgk.325.1541785616185; Fri, 09 Nov 2018 09:46:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541785616; cv=none; d=google.com; s=arc-20160816; b=TpTHVIO+TkTIWUHLm8kRRQRajQsmSRaYw9PO5YzekvKN/+7YmIDGmUC3u6E5YkjWnD PT8pavxYAHIC9WnxHbwy84vN/omgKLZ1QrsIejUgBT+k97TbrwNTiryK9O9sY0+eGLB6 O/L3x9BBnyHyPdPyOoY+BBRPSL/ghm4KYiAyZD3sSEzjajIW0NnZ7zVjXg90Wzi5o+g9 tQwoKeQG6NLv7Gld5xp4q2NR62ElRfZzhhunxZOydA0sZk/YHmnRoAIL9OZX6dW3Flhu L81z8KEarrh+u7/iem13V5sIMDwV8jSoXRB/MJIhFpACbszl4QKLRwIcgvSNxTC7jKDP Z5gQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=WoLZXa0svD6LZXm4KL55nRj8+8BPEIpSblUDyRr5UeI=; b=Bptfe5WM4ehaia6FCFoTocx3tdD5ERnR+xP0+ExWqm6Ywnm+z/hVne6wHSMTveYa+1 OREfPAfwKyClA1cyQZpk10Rv7CLLMbBb1IRu7dU3azXwemtC9IyeABIIdjtHkp7q4zHZ wK4+o995+DaapQC19wun7Mkgi45F5XTkYAEBI5rXD1g6kuWR8Hpiq7zGpIONylTR65Af sVJ7uDKMkjBxPd2swlOiXljv79P4sBXjScQ7cBtts4+BPsQ+M2GXTBAydlJK0XA6CD0l CoTnUABTbkZQBEYfvgf/h9x8q2TQjaOm7aGaG73nIJZUt6BMcY9NmHrao/bauY15Kcxl eZ8A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u21si6776877pgm.21.2018.11.09.09.46.39; Fri, 09 Nov 2018 09:46:56 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728394AbeKJD1u (ORCPT + 99 others); Fri, 9 Nov 2018 22:27:50 -0500 Received: from mx1.redhat.com ([209.132.183.28]:40158 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728162AbeKJD1t (ORCPT ); Fri, 9 Nov 2018 22:27:49 -0500 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 4F059307C940; Fri, 9 Nov 2018 17:46:12 +0000 (UTC) Received: from treble (ovpn-124-61.rdu2.redhat.com [10.10.124.61]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 9A0975C229; Fri, 9 Nov 2018 17:46:10 +0000 (UTC) Date: Fri, 9 Nov 2018 11:46:08 -0600 From: Josh Poimboeuf To: Ard Biesheuvel Cc: Linux Kernel Mailing List , the arch/x86 maintainers , Andy Lutomirski , Steven Rostedt , Peter Zijlstra , Ingo Molnar , Thomas Gleixner , Linus Torvalds , Masami Hiramatsu , Jason Baron , Jiri Kosina , David Laight , Borislav Petkov Subject: Re: [RFC PATCH 1/3] static_call: Add static call infrastructure Message-ID: <20181109174608.eahqh4fkyl3k2gvs@treble> References: <3cf04e113d71c9f8e4be95fb84a510f085aa4afa.1541711457.git.jpoimboe@redhat.com> <20181109151028.faifw66enzye32gg@treble> <20181109173106.kbghzsdsu7oachl6@treble> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20180716 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.46]); Fri, 09 Nov 2018 17:46:12 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Nov 09, 2018 at 06:33:03PM +0100, Ard Biesheuvel wrote: > On 9 November 2018 at 18:31, Josh Poimboeuf wrote: > > On Fri, Nov 09, 2018 at 06:25:24PM +0100, Ard Biesheuvel wrote: > >> On 9 November 2018 at 16:14, Ard Biesheuvel wrote: > >> > On 9 November 2018 at 16:10, Josh Poimboeuf wrote: > >> >> On Fri, Nov 09, 2018 at 02:39:17PM +0100, Ard Biesheuvel wrote: > >> >>> > + for (site = start; site < stop; site++) { > >> >>> > + struct static_call_key *key = static_call_key(site); > >> >>> > + unsigned long addr = static_call_addr(site); > >> >>> > + > >> >>> > + if (list_empty(&key->site_mods)) { > >> >>> > + struct static_call_mod *mod; > >> >>> > + > >> >>> > + mod = kzalloc(sizeof(*mod), GFP_KERNEL); > >> >>> > + if (!mod) { > >> >>> > + WARN(1, "Failed to allocate memory for static calls"); > >> >>> > + return; > >> >>> > + } > >> >>> > + > >> >>> > + mod->sites = site; > >> >>> > + list_add_tail(&mod->list, &key->site_mods); > >> >>> > + > >> >>> > + /* > >> >>> > + * The trampoline should no longer be used. Poison it > >> >>> > + * it with a BUG() to catch any stray callers. > >> >>> > + */ > >> >>> > + arch_static_call_poison_tramp(addr); > >> >>> > >> >>> This patches the wrong thing: the trampoline is at key->func not addr. > >> >> > >> >> If you look at the x86 implementation, it actually does poison the > >> >> trampoline. > >> >> > >> >> The address of the trampoline isn't actually known here. key->func > >> >> isn't the trampoline address; it's the destination func address. > >> >> > >> >> So instead I passed the address of the call instruction. The arch code > >> >> then reads the instruction to find the callee (the trampoline). > >> >> > >> >> The code is a bit confusing. To make it more obvious, maybe we should > >> >> add another arch function to read the call destination. Then this code > >> >> can pass that into arch_static_call_poison_tramp(). > >> >> > >> > > >> > Ah right, so I am basically missing a dereference in my > >> > arch_static_call_poison_tramp() code if this breaks. > >> > > >> > >> Could we call it 'defuse' rather than 'poision'? On arm64, we will > >> need to keep it around to bounce function calls that are out of range, > >> and replace it with a PLT sequence. > > > > Ok, but doesn't that defeat the purpose of the inline approach? > > > > It does. But this only occurs when a module is loaded far away, and > this will only happen if you have 2 GB range KASLR enabled, or your > 128 MB module region gets exhausted for some reason, so the majority > of calls should use a single relative branch. Makes sense. Do you also account for the possibility that the original call emitted by GCC was far away and thus used the PLT? -- Josh