Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp2663707ybt; Fri, 3 Jul 2020 15:28:02 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxyQ01rVk3BHkGCsQanh4kcvenxX1JLfJOywGzFumSqXdKOEmtEK2SuHQg8CB/g2aaYNJWl X-Received: by 2002:a17:906:d784:: with SMTP id pj4mr33230081ejb.405.1593815282082; Fri, 03 Jul 2020 15:28:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1593815282; cv=none; d=google.com; s=arc-20160816; b=yLjIZjFLD+Zjsx+NFHj5iYqT57WDis3YHs9rDyYxP5t2Xq/FuNX1M2aMOtFF9mzQG5 sdpqrhNuIBvxxmhZyGcwiyZVZT5yzRI5UyudhMmK2ose4ZQNCmNrUdR23Uo8nVudf0+7 8ONoFB6p6xmvayp4+tVQd261h3UbNmJREL+UqpKH98C4eXXDN0cz9Ye21U8pjwRlUw8+ 4SeY1T8tPZGQ37u4Oocyl7Ah1ykFIPshgQRFwDCQb/hRUNDF5p0h1d+U1QbCfHmazbRt P3Ds+7+77vst2OKwlTeDRSPAF5FQfOk/fVGwaEaqF6ckIxj/nAkRNf9toF6mnDwL7b5z 3v3g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=qb+fUHlDkjJACimv9+TJtzahP/KAscgZQiIrCsYkN4s=; b=HS50DQLgFIIfBOAqKx99TsqRQkoxkigdwKqh2Yr1Fo0u0oKQDJEpYY+bECwXtkTkaB g8DsW+QmkrRDO5elyYGQtgGRGb7z3RjiEyiarP75vCnmMkGWXDclhn49kIvpRy2aeBZa pDzBmUZ5xMcEyQpag4yTdQpLsHt51O41zuw+DtD9wJts+lWupeK7MLPVMLyC46h2KAnq 6Nyb28hH3WKxPwQOt/7WXr2TrTaSHSrlF1UuVZtcaOye0ilPyH7xam1KH/mOXPEwtM8S +vYpCED6JnGd4xZ0YC/j37VVf0XfG6xz7aQqO4barKVLmghTpHbmTGmPJ6pukTd5m8kY c2bg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l5si8450313ejr.75.2020.07.03.15.27.39; Fri, 03 Jul 2020 15:28:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726509AbgGCWZZ (ORCPT + 99 others); Fri, 3 Jul 2020 18:25:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59838 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726148AbgGCWZZ (ORCPT ); Fri, 3 Jul 2020 18:25:25 -0400 Received: from ZenIV.linux.org.uk (zeniv.linux.org.uk [IPv6:2002:c35c:fd02::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6471DC061794 for ; Fri, 3 Jul 2020 15:25:25 -0700 (PDT) Received: from viro by ZenIV.linux.org.uk with local (Exim 4.92.3 #3 (Red Hat Linux)) id 1jrU7Q-004rRg-6j; Fri, 03 Jul 2020 22:25:16 +0000 Date: Fri, 3 Jul 2020 23:25:16 +0100 From: Al Viro To: Andy Lutomirski Cc: Linus Torvalds , Michael Ellerman , Christophe Leroy , Josh Poimboeuf , Peter Zijlstra , the arch/x86 maintainers , Linux Kernel Mailing List Subject: Re: objtool clac/stac handling change.. Message-ID: <20200703222516.GW2786714@ZenIV.linux.org.uk> References: <87lfk26nx4.fsf@mpe.ellerman.id.au> <20200702201755.GO2786714@ZenIV.linux.org.uk> <20200702205902.GP2786714@ZenIV.linux.org.uk> <20200703013328.GQ2786714@ZenIV.linux.org.uk> <20200703210237.GS2786714@ZenIV.linux.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jul 03, 2020 at 02:41:43PM -0700, Andy Lutomirski wrote: > I still feel like the ex_handler-automatically-does-CLAC thing is an > optimization that isn't worth it. Once we pull our heads out of the > giant pile of macros and inlined functions, we're talking about > changing: > clac; jmp. But on the flip side, the jump folding pattern looks > better like this: > > unsafe_uaccess_begin(); > if (unsafe_get_user(...)) > goto fail; > if (unsafe_get_user(...)) > goto fail; > unsafe_uaccess_end(); > > fail: > unsafe_uaccess_end(); > > than like: > > unsafe_uaccess_begin(); > if (unsafe_get_user(...)) > goto fail; > if (unsafe_get_user(...)) > goto fail; > unsafe_uaccess_end(); > > fail: > /* not unsafe_uaccess_end(); because unsafe_get_user() has > conditional-CLAC semantics */ First of all, user_access_begin() itself can bloody well fail. So you need to handle that as well. And then it becomes nowhere near as pretty. We can pretend that it's normal C; however, that's not true at all - there are shitloads of things you can't do in such areas, starting with "call anything other than a very small list of functions". It's not a normal C environment at all. My problem is not with having AC turned off in exception handler - it leads to saner patterns, no arguments here. I'm not happy with doing doing that on *every* exception, with no way to specify whether it should or should not be done. It's not like it would've cost us anything to be able to specify that - we have the third argument of _ASM_EXTABLE_HANDLE(), after all.