Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp797544pxb; Wed, 3 Nov 2021 12:33:37 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx4zy2cJU0Qj59L/LrbOqtcUJB6Virr6AJ9XkNroHxZD9zkwSs05R9oFKQmFgvN664DBsiu X-Received: by 2002:a6b:5b17:: with SMTP id v23mr492367ioh.54.1635968017149; Wed, 03 Nov 2021 12:33:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1635968017; cv=none; d=google.com; s=arc-20160816; b=ZKZmXNY9/fuKCXOKx+TjwuAlXli5MQcUL3Y8AadqNEcEGFpOHHUOF6u3hwCHDjhUlO JMzh+MY4/YObUxAfU1ZEqyQlQHuFBvaKIG3w2VQ4ikgjA5h6GePfAgWceW9jqRgxuBsC nvwpaKiYT8vUFJLbKAO0UVwkLLy3H9wKqA+8OLKU1zhKHZxziSuIaFzuyythrEVHtdmP k++FzNpUazWbZwp5lHCt5K13GZ83WFSwF2kMgWDKTqTAv4Q+wnHKH0GMzg1EUDhw7weH Y2RtYNwI7SlQibzC1Do4cMnKk29E7q46AsaeAKSLvt4xjgJWk06uNunpTDQFePvBgDCt Sy5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=JmfTXlxasJuSzUriQ5AIk6zflPLT8SAgVsys24xlzRU=; b=v50Dxj871iZInMk1dg6jkVEAaCbb2m+0Qc+34zkKI3t3HUPfVXp07z4TNonMH41Mw+ I4aiGWWMvFvUG8cPFh8SQzed4jcjACIADtiOUOy3OWpnyDY1gq+QSSAu0DKb0/TfsFH9 O0jwbynNl123d79YsKuSjfa6VIPBUVRqhfVfsFZl+iGk4IK9po99zFrBebtyLiRh+hZF jblG9mP/k43R1JCi/0i/sQxRdLq4eiuEDe77so86ZNeswPtIbWd4GoxlryetWrfNQsQT HSO0AET6K6qhZY3qvBa1Cp2qIa6MZ/QSinE8ZpL6HSrhBy2W7OKosT0yFb3nAUbqm5l4 RmmQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=EKzUbtoG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f15si3500296ilk.171.2021.11.03.12.33.24; Wed, 03 Nov 2021 12:33:37 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=EKzUbtoG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230270AbhKCTfA (ORCPT + 99 others); Wed, 3 Nov 2021 15:35:00 -0400 Received: from mail.kernel.org ([198.145.29.99]:34218 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229697AbhKCTe7 (ORCPT ); Wed, 3 Nov 2021 15:34:59 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 0119D60E98; Wed, 3 Nov 2021 19:32:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1635967942; bh=4qyxgIZ8GahpT4Sx5VxjvY6yAitch4aqfKANRfXfzMI=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=EKzUbtoGqYXQueNAw9ZofMWdyM20C6hoDsDrIihAbSiPwPBiAixcBRRgEW+61eaVs eDLg9Bnxx08k5drs1IIe6VTgd16lttUteHvP1KTcQz6AevIViqmgpqsd1VAkOhZVvh XMMPP1gjStSmb3Gn2GL9nnEIVNUMDF/qH4q9kYm+eq43WmaNB4fVS0yNtVyz2VmHud aPI1adU/N6rIUQhNP6WQUt9cZpbyX156mJDG7vlBM8qbQa0movjufKGwSLuNpz8oqk S7aoSwSj3Lf70aPD7Rd62uIqhDZuZ8ldy468agzN0Ree8DVkZy0rMxj3xsZJ9vv44x 96etEcHyZSo3w== Message-ID: Date: Wed, 3 Nov 2021 12:32:20 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.2.0 Subject: Re: [PATCH] static_call,x86: Robustify trampoline patching Content-Language: en-US To: Peter Zijlstra Cc: Kees Cook , Ard Biesheuvel , Sami Tolvanen , Mark Rutland , the arch/x86 maintainers , Josh Poimboeuf , Nathan Chancellor , Nick Desaulniers , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, Linux Kernel Mailing List , llvm@lists.linux.dev References: <20211101090155.GW174703@worktop.programming.kicks-ass.net> <202111021040.6570189A5@keescook> <90a14299-ce56-41d5-9df9-f625aae1ac70@www.fastmail.com> <202111021603.EDE5780FE@keescook> <20211103083559.GB174703@worktop.programming.kicks-ass.net> From: Andy Lutomirski In-Reply-To: <20211103083559.GB174703@worktop.programming.kicks-ass.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 11/3/21 01:35, Peter Zijlstra wrote: > On Tue, Nov 02, 2021 at 05:20:05PM -0700, Andy Lutomirski wrote: >> I think that's a big mistake -- any sane ENDBR-using scheme would >> really prefer that ENDBR to be right next to the actual function body, >> and really any scheme would benefit due to better cache locality. > > Agreed, IBT/BTI want the landing pad in front of the actual function. > >> But, more importantly, IMO any sane ENDBR-using scheme wants to >> generate the indirect stub as part of code gen for the actual >> function. > > Sorta, I really want to be able to not have a landing pad for functions > whose address is never taken. At that point it doesn't matter if it gets > generated along with the function and then stripped/poisoned later, or > generated later. Stripping is conceptually straightforward even without LTO. foo.indirect: ENDBR foo: ... and the linker learns (using magic function sections?) that, if foo.indirect is not referenced, then it should not be generated. Or a very straightforward walk over all the relocations in an object to poison the unused .indirect entries could be done. Making this work with DSOs, EXPORT_SYMBOL, etc will be somewhat nontrivial, but not impossible. --Andy