Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp683071imu; Fri, 11 Jan 2019 07:18:40 -0800 (PST) X-Google-Smtp-Source: ALg8bN7xipOHzHrw8hjQAsrYcz7mGn8gvimiOx1Uxg2d+2SFDlzzY1K61ZjmqM5n1JPokY62K8YU X-Received: by 2002:aa7:84d3:: with SMTP id x19mr14864169pfn.220.1547219920834; Fri, 11 Jan 2019 07:18:40 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547219920; cv=none; d=google.com; s=arc-20160816; b=PEgCpVlCNSxXmXZDgXcCANDF/LlzRe8f0U+r8B6aViPOD9L1bzjYP4b1KjzhVZ/hSq eHQhjiOTR3HGdAz7NWt8GXnmyh/VaS1cCjLgIa8uGYduwzOq6duBmoXiqNu+OruRsONF MxO3cxCnGm/0JxWMDXyFPqGpfuVdFjHPdFB5lIyrzfT5fb2HyFjoqn6guZDwz7QkMr7i y0WSf6+xhMGXEEepCEdJyuNH1fNumIIZnmO0eXUzZdyFOMUBA+HwWMmVS4N3LtYWObqh 47/hQscTnU83jErfA5NK3/tEM7wRF3xvkqNKfDfjOJI3Nj6paXXsKOLGODST2l7B4CLd +oTg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-transfer-encoding:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=6TEjt6257GHI/OTJR5TPD/i/SRJuIpcQ1b51neolEpk=; b=YYC3MpBDOTNUzxSpXYRkcCx0gZxjaE9VGD+hFpdiSsti7hJ135DHHKPclaNegJE9F/ KsYRPmWc02PSl6lRrxnztSxZsqWt0eLOH80elint+UBtrZnPxbacQEm9W5Ex2yjHSbQb Qx9UUFxvCSPvYUlo8XsBFxi+LfrQdOWk3slG3MtcMBidCXh3JGABSsOFhZxt/SF9nz/3 g22tR4RAOr1jmzsquPktnXrftX7MR0bFdtBRo6TqI4jds5/L45jATKrqEGoxyonXG1YZ D8bk8Nytw5vEH4VqVTl2zhvEPsvkHzhIEEelgtIheMLkqy9f6eb6Ell5l0G02/j/qEj3 FI3A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c10si31432295pla.173.2019.01.11.07.18.25; Fri, 11 Jan 2019 07:18:40 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1733252AbfAKPPc (ORCPT + 99 others); Fri, 11 Jan 2019 10:15:32 -0500 Received: from mx1.redhat.com ([209.132.183.28]:54650 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731231AbfAKPPc (ORCPT ); Fri, 11 Jan 2019 10:15:32 -0500 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 09FAFC0B2007; Fri, 11 Jan 2019 15:15:31 +0000 (UTC) Received: from treble (ovpn-122-231.rdu2.redhat.com [10.10.122.231]) by smtp.corp.redhat.com (Postfix) with ESMTPS id DACFE101962B; Fri, 11 Jan 2019 15:15:27 +0000 (UTC) Date: Fri, 11 Jan 2019 09:15:25 -0600 From: Josh Poimboeuf To: Nadav Amit Cc: Andy Lutomirski , Linus Torvalds , Peter Zijlstra , the arch/x86 maintainers , Linux List Kernel Mailing , Ard Biesheuvel , Steven Rostedt , Ingo Molnar , Thomas Gleixner , Masami Hiramatsu , Jason Baron , Jiri Kosina , David Laight , Borislav Petkov , Julia Cartwright , Jessica Yu , "H. Peter Anvin" , Rasmus Villemoes , Edward Cree , Daniel Bristot de Oliveira Subject: Re: [PATCH v3 0/6] Static calls Message-ID: <20190111151525.tf7lhuycyyvjjxez@treble> References: <20190110203023.GL2861@worktop.programming.kicks-ass.net> <20190110205226.iburt6mrddsxnjpk@treble> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: NeoMutt/20180716 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Fri, 11 Jan 2019 15:15:31 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jan 11, 2019 at 01:47:01AM +0000, Nadav Amit wrote: > Here is an alternative idea (although similar to Steven’s and my code). > > Assume that we always clobber R10, R11 on static-calls explicitly, as anyhow > should be done by the calling convention (and gcc plugin should allow us to > enforce). Also assume that we hold a table with all source RIP and the > matching target. > > Now, in the int3 handler can you take the faulting RIP and search for it in > the “static-calls” table, writing the RIP+5 (offset) into R10 (return > address) and the target into R11. You make the int3 handler to divert the > code execution by changing pt_regs->rip to point to a new function that does: > > push R10 > jmp __x86_indirect_thunk_r11 > > And then you are done. No? IIUC, that sounds pretty much like what Steven proposed: https://lkml.kernel.org/r/20181129122000.7fb4fb04@gandalf.local.home I liked the idea, BUT, how would it work for callee-saved PV ops? In that case there's only one clobbered register to work with (rax). -- Josh