Received: by 2002:a05:6a10:8395:0:0:0:0 with SMTP id n21csp613250pxh; Tue, 9 Nov 2021 16:11:21 -0800 (PST) X-Google-Smtp-Source: ABdhPJwl8gXmRtDJJlIoHKUB+LKG8gINuSwmhkR7v6ThP2yVGtwXDj1bn5SNCjBAFNm2gVV+5fyt X-Received: by 2002:a05:6e02:1a2c:: with SMTP id g12mr8608008ile.62.1636503081792; Tue, 09 Nov 2021 16:11:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1636503081; cv=none; d=google.com; s=arc-20160816; b=qTxnRJjwZMafsmfnsjCYRut6u7tB/uqi/U+k31I80aA7waVgcmThudOfYgFmARtSPQ bpb8jQhBNllXOADRY6J9OZz6PQt+58qVx3Vjrmal7YIHXBjMUM2xtCCpIuvvZZbX4Rcv SWfj7PLRAxFggLbSyBpB39UwgY7Cm2rjhyEgz2WLYKlgG/B0lCwv8HYb+iwT+RtpqVCm 2qjQ/mP7p3r+jkBBlHARN4GmOdKs33a76yyAWdTDh0pGt2NWfwgZvFTxZwhuC+6ZAFwk +DlBY3Nwa/N9pV1FB4nbVd3B36o5XauL/DLgA9pC17FCRsqcOE9TJs/kXArC3OyQ7sr0 cbjg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=8fUWdYQxwzruZitHLZoM/rk4wCDxKit78O1iA/wsYnM=; b=rwNAMErbDSDTnHPTmGRGtpfQoe88/MYQyj7f2ble43ENNbjbKFA1xavwt6/U9w/7X5 mjWJgnaGITBo+7eT84QZ7lts6nZziwuYsrqckeFK2C+BN/kF3qucj/Wt/hCBkBfrMB6f Eq508SfGok08n/l/v3lDyTYf6U5aV1QcFcAaA/4PeMHpLyoa5yRdMeVt7sUGXtkXc7ZN zlLD4M/JTds9aFoodirr2KAGp7KA1Mg3R/0LsI+7gyPHMZX2xWsX4E+pII+oKaSoCHa/ aWRy0rPKETUN9+e1ppv5z2PGKc4ylUKkT2cnx25vhIApa7s25GK/YqkpKMj+3Hx7ZIxR W0Bw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="SV/ItxRM"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z4si7591521jat.116.2021.11.09.16.11.09; Tue, 09 Nov 2021 16:11:21 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="SV/ItxRM"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241746AbhKISMV (ORCPT + 97 others); Tue, 9 Nov 2021 13:12:21 -0500 Received: from mail.kernel.org ([198.145.29.99]:53286 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230383AbhKISMU (ORCPT ); Tue, 9 Nov 2021 13:12:20 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id 165BE61078 for ; Tue, 9 Nov 2021 18:09:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1636481374; bh=fwZ+9DFgYhOz9JloIi5von5LP751Xa06A2vPFeZb8wg=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=SV/ItxRMN137UwwPpg1gNqwsHTr7p244S4sVhP5T7eNi+5Jg5jAB8odNUmWOocLm2 8ryr0JSFKK20+8V/INhpiVSgWadoEocdc3em9eAfCXSQmxWyRfPSDju7HvbBnrxAED H3ba2eqloWpa8VKEHvmSuBekYesww7RnKa+dQftWvud+xdeD5uFN+FDbFAjS9J1Sc7 CG6DwVQP3qtK5E2hW0wi6V1/08IUmzJXLgZZgBqSE0XseOpo8IyuPYlCUd7jTJ4SSn 6AQP/edyXVPb8gzNFjXW/6nd1oZPvlYi9OE2g5LpmlhoBPRKn6SqEeNAkX5MxB3EEC C6eUJ7ceUSZFw== Received: by mail-oi1-f174.google.com with SMTP id bk14so171550oib.7 for ; Tue, 09 Nov 2021 10:09:34 -0800 (PST) X-Gm-Message-State: AOAM532YDYSnVowN21StLXpPP7dqGfqyd7Gt0Gezw73Q0EbIpgq6PVT+ yaAY4J/OXKlvf9rWH1R3b/h6mfnen1zGafWRuT4= X-Received: by 2002:aca:ad95:: with SMTP id w143mr6434770oie.47.1636481373229; Tue, 09 Nov 2021 10:09:33 -0800 (PST) MIME-Version: 1.0 References: <20211105145917.2828911-1-ardb@kernel.org> <20211105145917.2828911-3-ardb@kernel.org> In-Reply-To: From: Ard Biesheuvel Date: Tue, 9 Nov 2021 19:09:21 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v6 2/2] arm64: implement support for static call trampolines To: Mark Rutland Cc: Linux ARM , Linux Kernel Mailing List , Quentin Perret , Catalin Marinas , James Morse , Will Deacon , Frederic Weisbecker , Peter Zijlstra , Kees Cook , Sami Tolvanen , Andy Lutomirski , Josh Poimboeuf , Steven Rostedt Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 9 Nov 2021 at 18:55, Mark Rutland wrote: > > Hi Ard, > > On Fri, Nov 05, 2021 at 03:59:17PM +0100, Ard Biesheuvel wrote: > > +static void *strip_cfi_jt(void *addr) > > +{ > > + if (IS_ENABLED(CONFIG_CFI_CLANG)) { > > + void *p = addr; > > + u32 insn; > > + > > + /* > > + * Taking the address of a function produces the address of the > > + * jump table entry when Clang CFI is enabled. Such entries are > > + * ordinary jump instructions, preceded by a BTI C instruction > > + * if BTI is enabled for the kernel. > > + */ > > + if (IS_ENABLED(CONFIG_ARM64_BTI_KERNEL)) > > + p += 4; > > + > > + insn = le32_to_cpup(p); > > + if (aarch64_insn_is_b(insn)) > > + return p + aarch64_get_branch_offset(insn); > > + > > + WARN_ON(1); > > + } > > + return addr; > > +} > > I'm somewhat uncomfortable with this, because it seems like the compiler could > easily violate our expectations in future, and then we're in for a massive > headache. I assume clang doesn't provide any guarnatee as to the format of the > jump table entries (and e.g. I can see scope for branch padding breaking this). > > In trying to sidestep that I ended up with: > > https://lore.kernel.org/linux-arm-kernel/20211109172408.49641-1-mark.rutland@arm.com/ > > ... which I think is a good option for PREEMPT_DYNAMIC, but I don't know if > there were other places where we believe static calls would be critical for > performance rather than a nice-to-have, and whether we truly need static calls > on arm64. My mind is leaning towards "avoid if reasonable" at the moment (or at > least make that mutually exclusive with CFI so we can avoid that specific fun). > > I see you had at least one other user in: > > https://lore.kernel.org/r/20211109120336.3561463-1-ardb@kernel.org > > ... what were your thoughts on the criticality of that? > That particular use case does not rely on static calls being fast at all, so there it doesn't really matter which variety we implement. The reason I sent it out today is because it gives some test coverage for static calls used in a way that the API as designed should support, but which turned out to be slightly broken in practice. > FWIW other than the above this looks good to me. My major concern here is > fragility/maintenance, and secondly whether we're gaining much in practice. So > if you think we really need this, I'm not going to stand in the way. > Android relies heavily on tracepoints for vendor hooks, and given the performance impact of CFI on indirect calls, there has been interest in enabling static calls to replace them. Quentin, anything to add here?