Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp1098216pxu;
        Wed, 2 Dec 2020 10:59:20 -0800 (PST)
X-Google-Smtp-Source: ABdhPJzbtZFzyvrRmwBTCd1Yk3z97wKVdfSlsNhEC77xo632DOzC+rZaS7F3+YFLSYK2x+fyoSXC
X-Received: by 2002:aa7:d6c9:: with SMTP id x9mr1370620edr.96.1606935559800;
        Wed, 02 Dec 2020 10:59:19 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1606935559; cv=none;
        d=google.com; s=arc-20160816;
        b=EGs/McrU1JrtrFmtweqkhdoJGOqD1n28n/z1FadSjKJECXLqAKcem3XLNoMvynXyhg
         GTQdJ+Jx+71618gUOp3G/4j/sJ9B73atn4S/nlLgSJmR8/SPT4hoegmPDepOe1F91YKu
         fIr1ClT6AMln7gyoPpxhtLzjeGY0ABZruRgCgidFg1VAUVnYykQ6h4y0gzZZLi31totI
         uNjyWtYWdejQL7lTcGzub3UIU0mNvUEQFm6SKRFASD7b+ViiQ73sLbGBV50dig77Opr0
         ySq6GJDpV2FDYHM9nXHtwhks6etORQh7UMSCrGxqBvNhJ7VDLFKIIUU65yUCMtiMhGJo
         qvmw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=b0+bgE4T7KwQd0o1rvb3kJK3SimQlgs22CmXZhVLCKg=;
        b=C1LPSlezC6n07SAqXxhOQy4A+uu4lMuKn7tu/7q/maa4A7J1fPX/n4QK+PIAIyfqFL
         s2ikecExsKuT5rgl58K4mHNenRnJeFzLYwWSFnY/lV9f/yiNZwgCaPb80xZg2djSXn4t
         L4Te0mgbo4VnQmplEFm8HZ2vHZF4Wcz4jig8vIweihBPiSgFEzMQXKDJjcdx+mgaT+qd
         CP73+DTMOqRIOaqjqmoD66TGl9yqTCImB4W5wPBVgsw5SNiG3a2VhjiaxsApxVA35gkJ
         3onK8cLIpVEDOXYJM1mfwTjZeHzOQ4TQsBid9P4f9CW9z5EitjjkeigFG/OYeifLTbN4
         Zs4Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=QROM0g6h;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id u26si475652ejx.267.2020.12.02.10.58.56;
        Wed, 02 Dec 2020 10:59:19 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=QROM0g6h;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2388020AbgLBSyw (ORCPT <rfc822;sunnyliangjy@gmail.com>
        + 99 others); Wed, 2 Dec 2020 13:54:52 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55884 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S2387903AbgLBSyw (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 2 Dec 2020 13:54:52 -0500
Received: from mail-pj1-x1041.google.com (mail-pj1-x1041.google.com [IPv6:2607:f8b0:4864:20::1041])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 327FEC0613CF
        for <linux-kernel@vger.kernel.org>; Wed,  2 Dec 2020 10:54:12 -0800 (PST)
Received: by mail-pj1-x1041.google.com with SMTP id j13so1471856pjz.3
        for <linux-kernel@vger.kernel.org>; Wed, 02 Dec 2020 10:54:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:in-reply-to;
        bh=b0+bgE4T7KwQd0o1rvb3kJK3SimQlgs22CmXZhVLCKg=;
        b=QROM0g6hLow6GZ7V4UDEra8QnuXAyNQydFYd8tPdysSPgI/afRnHzMYcjQDJs2MPB5
         4FHG2f99kdxwjDywXRoVakgANSW9WNU9vfancQ5ol/JYM0ZhkZcqC6lujqrqP2v+MmPf
         J2cFUpIzUbXWhObQk0kvkRk5lgSkJmlLPa0ho=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to;
        bh=b0+bgE4T7KwQd0o1rvb3kJK3SimQlgs22CmXZhVLCKg=;
        b=kNbczXUSscM6Y1IhhG/AQMBgZIbw7GGkpQAGqNZfX0icxYfluqhch3lYPkbE5gEq8w
         JXW4Kqz6o8ct4KpJR7aRMM5UUWzMiLrsVocdYRXW3ts/2F8j13HRc4Donb4/hoL2rdOu
         H/O+eRIhlUxPMd1mcyRjjhEoXe9iAklZgsKFbhklVwBfQqiTyWYyB1ap6Fz6d6aJ/A5g
         X6YMP624bXqh/wEidD1oI0exLQLScnPs/jfs7IPse6CTaoIbmikWPRRsB5LQs5ibPnLT
         SgvxnyaL7sWMSgjvp9yyV8PSHs1YNbhin9CfEowjXJs3s4QwgauTVBevVkmb/mFh51yR
         Nk0Q==
X-Gm-Message-State: AOAM531MByKp0DCsj3cMp8doxX+2c17YV4vj0NaC5/yS8wxQYDq6t4jG
        1O9U5tSf/y6MF1jFgl1CpVI+Bg==
X-Received: by 2002:a17:902:b207:b029:d8:fdf3:af30 with SMTP id t7-20020a170902b207b02900d8fdf3af30mr3838177plr.31.1606935251732;
        Wed, 02 Dec 2020 10:54:11 -0800 (PST)
Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163])
        by smtp.gmail.com with ESMTPSA id z17sm346946pjn.46.2020.12.02.10.54.10
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 02 Dec 2020 10:54:10 -0800 (PST)
Date:   Wed, 2 Dec 2020 10:54:09 -0800
From:   Kees Cook <keescook@chromium.org>
To:     Masahiro Yamada <masahiroy@kernel.org>
Cc:     Will Deacon <will@kernel.org>,
        Sami Tolvanen <samitolvanen@google.com>,
        Steven Rostedt <rostedt@goodmis.org>,
        Josh Poimboeuf <jpoimboe@redhat.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        "Paul E. McKenney" <paulmck@kernel.org>,
        Nick Desaulniers <ndesaulniers@google.com>,
        clang-built-linux <clang-built-linux@googlegroups.com>,
        Kernel Hardening <kernel-hardening@lists.openwall.com>,
        linux-arch <linux-arch@vger.kernel.org>,
        linux-arm-kernel <linux-arm-kernel@lists.infradead.org>,
        Linux Kbuild mailing list <linux-kbuild@vger.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        linux-pci@vger.kernel.org
Subject: Re: [PATCH v7 00/17] Add support for Clang LTO
Message-ID: <202012021042.A76E8F06@keescook>
References: <20201118220731.925424-1-samitolvanen@google.com>
 <20201130120130.GF24563@willie-the-truck>
 <202012010929.3788AF5@keescook>
 <CAK7LNASQPOGohtUyzBM6n54pzpLN35kDXC7VbvWzX8QWUmqq9g@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAK7LNASQPOGohtUyzBM6n54pzpLN35kDXC7VbvWzX8QWUmqq9g@mail.gmail.com>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Dec 02, 2020 at 11:42:21AM +0900, Masahiro Yamada wrote:
> On Wed, Dec 2, 2020 at 2:31 AM Kees Cook <keescook@chromium.org> wrote:
> >
> > On Mon, Nov 30, 2020 at 12:01:31PM +0000, Will Deacon wrote:
> > > Hi Sami,
> > >
> > > On Wed, Nov 18, 2020 at 02:07:14PM -0800, Sami Tolvanen wrote:
> > > > This patch series adds support for building the kernel with Clang's
> > > > Link Time Optimization (LTO). In addition to performance, the primary
> > > > motivation for LTO is to allow Clang's Control-Flow Integrity (CFI) to
> > > > be used in the kernel. Google has shipped millions of Pixel devices
> > > > running three major kernel versions with LTO+CFI since 2018.
> > > >
> > > > Most of the patches are build system changes for handling LLVM bitcode,
> > > > which Clang produces with LTO instead of ELF object files, postponing
> > > > ELF processing until a later stage, and ensuring initcall ordering.
> > > >
> > > > Note that v7 brings back arm64 support as Will has now staged the
> > > > prerequisite memory ordering patches [1], and drops x86_64 while we work
> > > > on fixing the remaining objtool warnings [2].
> > >
> > > Sounds like you're going to post a v8, but that's the plan for merging
> > > that? The arm64 parts look pretty good to me now.
> >
> > I haven't seen Masahiro comment on this in a while, so given the review
> > history and its use (for years now) in Android, I will carry v8 (assuming
> > all is fine with it) it in -next unless there are objections.
> 
> 
> What I dislike about this implementation is
> it cannot drop any unreachable function/data.
> (and it is completely different from GCC LTO)

This seems to be an orthogonal concern: the kernel doesn't have GCC LTO
support either (though much of Sami's work is required for GCC LTO too).

> This is not real LTO.

I don't know what you're defining as "real LTO", but this is, very much,
Link Time Optimization: the compiler has access to the entire code at
once, and it is therefore in a position to perform many manipulations to
the code. As Sami mentioned, perhaps you're thinking specifically of
dead code elimination? That's a specific optimization.

> [thread[1] merging]
> This help document is misleading.
> People who read the document would misunderstand how great this feature would.
> 
> This should be added in the commit log and Kconfig help:
> 
>            In contrast to the example in the documentation, Clang LTO
>            for the kernel cannot remove any unreachable function or data.
>            In fact, this results in even bigger vmlinux and modules.

Which LTO passes are happening, how optimization are being performed,
etc, are endlessly tunable, but we can't work on that tuning without
the infrastructure to perform an LTO build in the first place. We need
to land the support, and go from there. As written, it works very well
for arm64 (which is what v8 targets specifically) and the results have
been running on millions of Android phones for years now. If further
tuning needs to happen for other architectures, config combinations, etc,
those can and will be developed. (For example, x86 is around the corner,
once some false positive warnings from objtool get hammered out, etc.)

I still want this in -next so we can build on it and improve it -- it
has been stuck in limbo for too long.

-Kees

[1] https://lore.kernel.org/kernel-hardening/CAK7LNASMh1KysAB4+gU7_iuTW+5GT2_yMDevwpLwx0iqjxwmWw@mail.gmail.com/

-- 
Kees Cook