Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp3377685pxb; Mon, 17 Jan 2022 19:02:57 -0800 (PST) X-Google-Smtp-Source: ABdhPJwp4IQL2bzsXbB5HcCxgWHxjGrWB5hR07Syw0uwXTAy3fRji3JQMRNbIrX/mBHHTdFpo2AY X-Received: by 2002:a17:902:ab85:b0:149:ca14:4a15 with SMTP id f5-20020a170902ab8500b00149ca144a15mr25569632plr.169.1642474977366; Mon, 17 Jan 2022 19:02:57 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1642474977; cv=none; d=google.com; s=arc-20160816; b=DGR3wVnsFM7MXWj+P5HJdacyjdlkHVbAWpGcMyYb2EZ0x4FNR4/rbzWq+qJIucM1xd rjMKQUeMtvUsNuDJ1iaPjRSKJxavz0hS2xikJKh6x5To0u86S32DoYNJja/+leIEyCUc CL4uIE2YVes5MtulLKfmrZxYM2fob7UhPGgbwMUv7ZNGm5YHX3Hhle24yfw6wZyhsD/Y aLxHvi/r9tfHHR1FthzQNCYgmo15nyntQe8wpvfS53TBD31Wn15iWTfjMOE6tjG9cLJq kp0pwotLNKEkG1QEP57eIR4as/rAdRYP8FCxuJH6b+70Qj3O+U1IKv2BkEKbEaJipAVW lBiw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=x9mhOj3OPp7/NgS1SucK0b8bM2kZIWpEaBWAuEEfK7Q=; b=pHbLP9Qy2JSZpMwmvOTTnTly/YZEBW6qSwB12k7J+qj4fcPwe5i3A+QjO/sgZmEXuq axgWL9+dKdSEY6M3+q8t69J+uPQ9nsED/AhznULHA6QM46y30dKODKCZW4+oLOMInVnq 9p6l14uPYWX/lyDTUsoW4RW/AnuMqIXXkBOsLdECMDTp3HoDt1pErarWTC5Z6VciLpJ6 Z6JqgbErNcubJIxPjh0at4iPOTUnTuWRTtPPIAbzAtjdt27Q5ndaEh2ixnLSoDhdfUv0 076JpoLseg2XJEllh9ewrQk1TXXqQvIYJDrxllefShsR8zAKOJxTokLxYPsLNIxKukbJ 3aRA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b="OX/VTbG+"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id e21si16238972plj.92.2022.01.17.19.02.45; Mon, 17 Jan 2022 19:02:57 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b="OX/VTbG+"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243242AbiAQVIF (ORCPT + 99 others); Mon, 17 Jan 2022 16:08:05 -0500 Received: from mail.skyhub.de ([5.9.137.197]:39160 "EHLO mail.skyhub.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229641AbiAQVID (ORCPT ); Mon, 17 Jan 2022 16:08:03 -0500 Received: from zn.tnic (dslb-088-067-202-008.088.067.pools.vodafone-ip.de [88.67.202.8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 8A55D1EC02DD; Mon, 17 Jan 2022 22:07:57 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1642453677; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references; bh=x9mhOj3OPp7/NgS1SucK0b8bM2kZIWpEaBWAuEEfK7Q=; b=OX/VTbG+FiU93UTSILFiausMlqvvqzxTUgh0Kj76IqmgR/Wy6aYQcr0wD46a1hc5INwd5V 4eg/6JP4DWLADsHqp4CoaG38ua8jQ/Jeq2Bju6aML1420SCC2A5w8uPfG2aUq9zTV2eSj3 QqqJKJ3A5ygnp2E3zCvzN+GKaLD23N8= Date: Mon, 17 Jan 2022 22:08:00 +0100 From: Borislav Petkov To: Alexander Lobakin Cc: linux-hardening@vger.kernel.org, x86@kernel.org, Jesse Brandeburg , Kristen Carlson Accardi , Kees Cook , Miklos Szeredi , Ard Biesheuvel , Tony Luck , Bruce Schlobohm , Jessica Yu , kernel test robot , Miroslav Benes , Evgenii Shatokhin , Jonathan Corbet , Masahiro Yamada , Michal Marek , Nick Desaulniers , Herbert Xu , "David S. Miller" , Thomas Gleixner , Will Deacon , Ingo Molnar , Dave Hansen , "H. Peter Anvin" , Andy Lutomirski , Peter Zijlstra , Arnd Bergmann , Josh Poimboeuf , Nathan Chancellor , Masami Hiramatsu , Marios Pomonis , Sami Tolvanen , "H.J. Lu" , Nicolas Pitre , linux-kernel@vger.kernel.org, linux-kbuild@vger.kernel.org, linux-arch@vger.kernel.org, live-patching@vger.kernel.org, llvm@lists.linux.dev Subject: Re: [PATCH v9 04/15] arch: introduce ASM function sections Message-ID: References: <20211223002209.1092165-1-alexandr.lobakin@intel.com> <20211223002209.1092165-5-alexandr.lobakin@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20211223002209.1092165-5-alexandr.lobakin@intel.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Dec 23, 2021 at 01:21:58AM +0100, Alexander Lobakin wrote: > Sometimes it is useful to create a separate section for every > function (symbol in general) to be able then to selectively merge > them back into on or several others. This is how DCE and a part of ^^ "one" DCE == Dead Code Elimination? In any case, write it out first please and then use the abbreviation. > LTO work. I would've said that too but that one at least has a Kconfig entry which explains what it is so no need. /me looks further Aha there is LD_DEAD_CODE_DATA_ELIMINATION. So connect the two pls. > Currently, only C functions are in scope You mean, currently this is done only for C functions? The "in scope" formulation sounds weird. > and the compilers are able to do this automatically when > `-ffunction-section` is specified. -ffunction-sections, plural. > Add a basic infra for supporting ASM function sections. If any of yah s/ASM/asm/g. It's not like it is an acronym or so. and also, you should explain that "asm function sections" means "put a function symbol defined in asm, into a separate section". > the required build options (DCE, LTO, FG-KASLR later) is on and > the target architecture claims it supports them, all ASM functions > and "code" will be placed into separate named sections by default. > This is achieved using --sectname-subst GAS flag which will then > substitute "%S" in a .pushsection or .section directive with the Thanks for explaining this. The gas manpage is very, hm, verbose ;-\: " --sectname-subst Honor substitution sequences in section names. " ... > diff --git a/include/linux/linkage.h b/include/linux/linkage.h > index dbf8506decca..0c0ddf4429dc 100644 > --- a/include/linux/linkage.h > +++ b/include/linux/linkage.h > @@ -73,6 +73,37 @@ > #define __ALIGN_STR ".align 4,0x90" > #endif > > +/* > + * Allow ASM symbols to have their own unique sections if they are being > + * generated by the compiler for C functions (DCE, LTO). > + */ > +#if defined(CONFIG_HAVE_ASM_FUNCTION_SECTIONS) && \ > + ((defined(CONFIG_LD_DEAD_CODE_DATA_ELIMINATION) && !defined(MODULE)) || \ > + (defined(CONFIG_LTO_CLANG))) > + > +#define SYM_PUSH_SECTION(name) \ > + .pushsection %S.name, "ax" > + > +#define SYM_POP_SECTION() \ > + .popsection > + > +#define __ASM_PUSH_SECTION(name) \ > + ".pushsection %S." name ", \"ax\"" > + > +#else /* Just .text */ Just .text? > + > +#define SYM_PUSH_SECTION(name) > +#define SYM_POP_SECTION() > +#define __ASM_PUSH_SECTION(name) > + > +#endif /* Just .text */ > + > +#define ASM_PUSH_SECTION(name) \ > + __ASM_PUSH_SECTION(__stringify(name)) > + > +#define ASM_POP_SECTION() \ > + __stringify(SYM_POP_SECTION()) > + > #ifdef __ASSEMBLY__ > > /* SYM_T_FUNC -- type used by assembler to mark functions */ > @@ -209,6 +240,15 @@ > SYM_START(name, SYM_L_LOCAL, SYM_A_ALIGN) > #endif > > +/* > + * SYM_FUNC_START_WEAK -- use where there are two global names for one SYM_FUNC_START_WEAK_ALIAS > + * function, and one of them is weak > + */ > +#ifndef SYM_FUNC_START_WEAK_ALIAS > +#define SYM_FUNC_START_WEAK_ALIAS(name) \ > + SYM_START(name, SYM_L_WEAK, SYM_A_ALIGN) > +#endif > + > /* > * SYM_FUNC_START_ALIAS -- use where there are two global names for one > * function > @@ -225,12 +265,24 @@ > * later. > */ > #define SYM_FUNC_START(name) \ > + SYM_PUSH_SECTION(name) ASM_NL \ > + SYM_START(name, SYM_L_GLOBAL, SYM_A_ALIGN) > +#endif > + > +/* > + * SYM_FUNC_START_SECT -- use for global functions, will be conditionally > + * placed into a section specified in the second argument > + */ > +#ifndef SYM_FUNC_START_SECT > +#define SYM_FUNC_START_SECT(name, to) \ (name, sect) "to" reads kinda unclear what it is supposed to mean. > + SYM_PUSH_SECTION(to) ASM_NL \ > SYM_START(name, SYM_L_GLOBAL, SYM_A_ALIGN) > #endif > > /* SYM_FUNC_START_NOALIGN -- use for global functions, w/o alignment */ > #ifndef SYM_FUNC_START_NOALIGN > #define SYM_FUNC_START_NOALIGN(name) \ > + SYM_PUSH_SECTION(name) ASM_NL \ > SYM_START(name, SYM_L_GLOBAL, SYM_A_NONE) > #endif > > @@ -238,24 +290,38 @@ > #ifndef SYM_FUNC_START_LOCAL > /* the same as SYM_FUNC_START_LOCAL_ALIAS, see comment near SYM_FUNC_START */ > #define SYM_FUNC_START_LOCAL(name) \ > + SYM_PUSH_SECTION(name) ASM_NL \ > SYM_START(name, SYM_L_LOCAL, SYM_A_ALIGN) > #endif > > /* SYM_FUNC_START_LOCAL_NOALIGN -- use for local functions, w/o alignment */ > #ifndef SYM_FUNC_START_LOCAL_NOALIGN > #define SYM_FUNC_START_LOCAL_NOALIGN(name) \ > + SYM_PUSH_SECTION(name) ASM_NL \ > + SYM_START(name, SYM_L_LOCAL, SYM_A_NONE) > +#endif > + > +/* > + * SYM_FUNC_START_LOCAL_NOALIGN_SECT -- use for local functions, w/o alignment, > + * will be conditionally placed into a section specified in the second argument > + */ > +#ifndef SYM_FUNC_START_LOCAL_NOALIGN_SECT > +#define SYM_FUNC_START_LOCAL_NOALIGN_SECT(name, to) \ Ditto. And so on below. ... > diff --git a/init/Kconfig b/init/Kconfig > index 37926d19a74a..3babc0aeac61 100644 > --- a/init/Kconfig > +++ b/init/Kconfig > @@ -1386,6 +1386,17 @@ config CC_OPTIMIZE_FOR_SIZE > > endchoice > > +config HAVE_ASM_FUNCTION_SECTIONS > + depends on ARCH_SUPPORTS_ASM_FUNCTION_SECTIONS > + depends on $(cc-option,-Wa$(comma)--sectname-subst) > + def_bool y > + help > + This enables ASM function sections if both architecture > + and toolchain supports that. It allows creating a separate "... support it." > + .text section for each ASM function in order to improve s/.text // - the section name is specified by the macro arg. > + DCE and LTO (works the same way as -ffunction-sections for > + C code). > + Thx. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette