Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp2340851pxb; Fri, 5 Feb 2021 15:42:37 -0800 (PST) X-Google-Smtp-Source: ABdhPJyveTbjSbI0FNQtfqBV4KzYymWUcffyPXeTMIvyp/Mw6GppugKrlTcF+Gp21MfirKfwZR+r X-Received: by 2002:a17:906:364b:: with SMTP id r11mr6310210ejb.447.1612568557299; Fri, 05 Feb 2021 15:42:37 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1612568557; cv=none; d=google.com; s=arc-20160816; b=vcingClzGFJyfquBPpAfXW+jcIwoBgUnkovnJ5EEY9W/kDuI6q/iMb9rv1evgLQp3C bseSrO2vF/txeawXytTYZs3QLDpWIK6bb8LqFLAcoQKPUVU2VWFIJrJm9gr5eOgi9hg/ LT7QOZGjbmQpsnit//XuLJ6MIHUsMFo0FKNC2IZf5lAVSRf+e+PHIlM6vMPQDPLroIm5 olrvdnYSdTi0K9Qren6FSMY7BmnOemL39pNPWhVzoBhG/MdbBHKa7fCI9mFUjjesdTfD QIjVbyIV72n99x8W6kIQLbEPXuk1B1oAbRT97b0Jhtlw1+2T5hoxnDD7+LIHYGESu3CR pNRA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:thread-index:thread-topic :content-transfer-encoding:mime-version:subject:references :in-reply-to:message-id:cc:to:from:date:dkim-signature:dkim-filter; bh=ZXtGfhUUpSW4u0bX1WooGA5Q3gzcpG1PUwkvcXyaLTU=; b=of4ymXdYaa+2m+xOInqETAY5OZywPJ/5xLDPXkYtBRZ/h86Bi/SgTrCr2Kn9LckdfB TBKmLbUdugMhyGODv2yn3E/A+q5vX9VXYSmTCm3ZhQBav+3+oYIZTDVEKDSFdZp0mi91 d96fTV+OD0VepuzwqLTecJL9cBkqQS5rOHQjCmnWxzTQ3htZfafd21mZOZUTEWLRtsN+ Rq/T2NsvxIXQ09IcgtTYBaOGv5Lgj4nMJ+wC+C70elG65hptCkbxr8sFbZiRksTub5Zg AUzKCejD3+87OnRstjJwrZjI+OtLGMxf5bWl7Q03giTzIGWUvh1bjAdt63zw52d1p7Ax w+7A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@efficios.com header.s=default header.b=p+4bYaWC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=efficios.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z7si3473976ejj.261.2021.02.05.15.42.12; Fri, 05 Feb 2021 15:42:37 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@efficios.com header.s=default header.b=p+4bYaWC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=efficios.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230013AbhBEXix (ORCPT + 99 others); Fri, 5 Feb 2021 18:38:53 -0500 Received: from mail.efficios.com ([167.114.26.124]:35742 "EHLO mail.efficios.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232530AbhBEOUL (ORCPT ); Fri, 5 Feb 2021 09:20:11 -0500 Received: from localhost (localhost [127.0.0.1]) by mail.efficios.com (Postfix) with ESMTP id 741BA2F5596; Fri, 5 Feb 2021 10:47:24 -0500 (EST) Received: from mail.efficios.com ([127.0.0.1]) by localhost (mail03.efficios.com [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id 3ZcViJeHTbM7; Fri, 5 Feb 2021 10:47:24 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by mail.efficios.com (Postfix) with ESMTP id 2F9D82F525A; Fri, 5 Feb 2021 10:47:24 -0500 (EST) DKIM-Filter: OpenDKIM Filter v2.10.3 mail.efficios.com 2F9D82F525A DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=efficios.com; s=default; t=1612540044; bh=ZXtGfhUUpSW4u0bX1WooGA5Q3gzcpG1PUwkvcXyaLTU=; h=Date:From:To:Message-ID:MIME-Version; b=p+4bYaWCdwfak1HNYVCsqSpeNWi5ovhrvVkrlQteUQRPMq/26Q77BnCjX2vOcLX7r tg35CZviuorDXS+TgFx54FbO1+81gltqXsoEx9sRLGKX1xbxdXBU+cixGHtu1/ZGGk YyKuANv10Eye4N4yHttkG0eMvF9zBOk+abfMwMQNoXUB4Oi03+A1+vuSt/Ki+e72JF zNd0KAxwHStPXfP1FEfE2b1OVnL//uE9wjOERQOHVM4dyHqDzBgJ2LeFHBQ473hpeI SBRRAslWj1gF/0TpKnv1uPTKoHWQp7J3W92SW279rzxUHu84HicwEV8b1sf/XfQDsJ rPu0YtPdhaS7A== X-Virus-Scanned: amavisd-new at efficios.com Received: from mail.efficios.com ([127.0.0.1]) by localhost (mail03.efficios.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id kfv6S17tFsoc; Fri, 5 Feb 2021 10:47:24 -0500 (EST) Received: from mail03.efficios.com (mail03.efficios.com [167.114.26.124]) by mail.efficios.com (Postfix) with ESMTP id 1B1DD2F5252; Fri, 5 Feb 2021 10:47:24 -0500 (EST) Date: Fri, 5 Feb 2021 10:47:23 -0500 (EST) From: Mathieu Desnoyers To: Peter Zijlstra Cc: Brendan Jackman , linux-kernel , bpf , linux-security-module , Paul Renauld , Alexei Starovoitov , Daniel Borkmann , James Morris , Paul Turner , Jann Horn , "Rafael J. Wysocki" , Kees Cook , thgarnie@chromium.org, kpsingh@google.com, paul renauld epfl , Brendan Jackman , rostedt Message-ID: <47845502.8614.1612540043986.JavaMail.zimbra@efficios.com> In-Reply-To: References: <20200820164753.3256899-1-jackmanb@chromium.org> <20210205150926.GA12608@localhost> Subject: Re: [RFC] security: replace indirect calls with static calls MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Originating-IP: [167.114.26.124] X-Mailer: Zimbra 8.8.15_GA_3996 (ZimbraWebClient - FF84 (Linux)/8.8.15_GA_3996) Thread-Topic: security: replace indirect calls with static calls Thread-Index: RuVbmUup0iOFmIVlAbpninCycfmfRw== Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org ----- On Feb 5, 2021, at 10:40 AM, Peter Zijlstra peterz@infradead.org wrote: > On Fri, Feb 05, 2021 at 10:09:26AM -0500, Mathieu Desnoyers wrote: >> Then we should be able to generate the following using static keys as a >> jump table and N static calls: >> >> jump >> label_N: >> stack setup >> call >> label_N-1: >> stack setup >> call >> label_N-2: >> stack setup >> call >> ... >> label_0: >> jump end >> label_fallback: >> >> end: >> >> So the static keys would be used to jump to the appropriate label (using >> a static branch, which has pretty much 0 overhead). Static calls would >> be used to implement each of the calls. >> >> Thoughts ? > > At some point I tried to extend the static_branch infra to do multiple > targets and while the low level plumbing is trivial, I ran into trouble > trying to get a sane C level API for it. Did you try doing an API for a variable number of targets, or was it for a specific number of targets ? It might be easier to just duplicate some of the API code for number of targets between 2 and 12, and let the users code choose the maximum number of targets they want to accelerate. Thanks, Mathieu -- Mathieu Desnoyers EfficiOS Inc. http://www.efficios.com