Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp2274808pxp; Mon, 21 Mar 2022 15:36:16 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwo5P5u58uEUlX0gGC9vmPwaNckQlDRxvUEHF290GavBlG90mIAqFam98TVusg5iNsRMip9 X-Received: by 2002:a17:903:248:b0:153:85d5:fba5 with SMTP id j8-20020a170903024800b0015385d5fba5mr15166917plh.47.1647902176486; Mon, 21 Mar 2022 15:36:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1647902176; cv=none; d=google.com; s=arc-20160816; b=dvOjeqcD2xpJnKTA5Qjqzskz0PJM4ZnzmDeK32K6fscl9JREjqGrM+IsVLgBxPYZaP oshmdPKelkNeO+KI4j5hMzcJBxBm481Ui1ZV48d7KfkpAkG3HcCHN45vVC25ZXI+rsPc qWl06Bf3tbd9eC3cxbWa7BxT2LBe2nxDzb5f8hy6kT0WMlJAvclumwhDoZtUhDOP+M5N +2cP6w+SXGDBb8rzn+TfNngwovySRzW8h8VK2VTnIcFlhVNz16TX8M1Y9+uHatsP5dNB 64BUj9qAtpLcJb/mzXUtGwL3HXpQG4bLGmUxU9GvEenRyYhHbaFjW8i1jy+1lkn9kaTI ZfSA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=4C53Cbo7qZzJorcUCFdQAdCxqsK47LU2fs0yTSTAeFA=; b=HkIabAlcya3dKrp7D28Qo8ZDlAPLognWtALJOtE1l3XM1lxvqwkSH45neYmtuFPGxk wyPRdCE+LVjip5Z9m8u7G8HabbUtQfP8I9LuCX2vYLJ3POIM9dxQ7SCGYDsKciszMPi/ BckG1QxLB1T3uqD1gFKWu7dSW1hZ3TMZF4sa0xtzy0myzVBN1t/uLum6HPQGV+Q5GuK+ WF9CUGY/xlLt03UBI6x316DJr8cch3z9x5RT8fE8RxqAUqnwSRsS1ilXRT1ptftGYFgk a52HuuV3tk2wn24Bdk2mzRTEHoqCgWIoQuEot8xSvUz0eAib4VFRHgypnG4+B8DRmZuy xFiA== ARC-Authentication-Results: i=1; mx.google.com; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id h29-20020a63121d000000b003822fe6105esi10567329pgl.33.2022.03.21.15.36.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 21 Mar 2022 15:36:16 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 2D19E3B7F43; Mon, 21 Mar 2022 14:48:51 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241267AbiCRWRJ (ORCPT + 99 others); Fri, 18 Mar 2022 18:17:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45468 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233444AbiCRWRH (ORCPT ); Fri, 18 Mar 2022 18:17:07 -0400 Received: from gate.crashing.org (gate.crashing.org [63.228.1.57]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id DDEA42DF3FB; Fri, 18 Mar 2022 15:15:46 -0700 (PDT) Received: from gate.crashing.org (localhost.localdomain [127.0.0.1]) by gate.crashing.org (8.14.1/8.14.1) with ESMTP id 22IM93Hc011038; Fri, 18 Mar 2022 17:09:03 -0500 Received: (from segher@localhost) by gate.crashing.org (8.14.1/8.14.1/Submit) id 22IM91UT011037; Fri, 18 Mar 2022 17:09:01 -0500 X-Authentication-Warning: gate.crashing.org: segher set sender to segher@kernel.crashing.org using -f Date: Fri, 18 Mar 2022 17:09:01 -0500 From: Segher Boessenkool To: Linus Torvalds Cc: Andy Lutomirski , Andrew Cooper , Nick Desaulniers , "H. Peter Anvin" , Bill Wendling , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)" , Nathan Chancellor , Juergen Gross , Peter Zijlstra , "llvm@lists.linux.dev" , LKML , linux-toolchains Subject: Re: [PATCH v5] x86: use builtins to read eflags Message-ID: <20220318220901.GS614@gate.crashing.org> References: <83b33afc-8502-0065-60bc-3a91528632d8@kernel.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.3i X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RDNS_NONE, SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Mar 18, 2022 at 11:19:28AM -0700, Linus Torvalds wrote: > Or rather, it's not the redzoning itself, but the fact that the > compiler might use the word under the stack for random other things, > and the pushf will then corrupt some local variable storage. > > I think it would be lovely to solve that in inline asm itself some way > - by marking the stack pointer clobbered or something. Inline assembler does not allow you to change the stack pointer, in principle. You have to return everything to its original state before you return control from the asm code, and you have to deal with what happens if am interrupt comes in halfway through the asm, and all other ABI things that may happen on your platform. > Because you have the same issue if an inline asm might need to do a > function call - think magic calling conventions etc, but also possibly > slow-path cases. Yes. The compiler itself can deal with all the red zone restrictions -- precisely *because* it is in full control of the stack frame -- but those restrictions are very real. It generally is a very good idea to have a redzone though, without it you pay much more than necessary for frame setup and teardown in leaf functions (similar to some of what the misnamed "shrink-wrapping" optimisation does, but the two are mostly independent, the benefits add up). > As mentioned, it's not an issue for the kernel proper due to > -mno-red-zone which we need for entirely unrelated reasons. It might help to have some special clobber syntax that says "this asm clobbers the red zone", so the compiler can arrange for the red zone to contain nothing during the asm (it already does the same for function calls, for example). How bad is it to do the fail-safe general solution here though? I.e., write actual assembler code: # u16 getflags(void); getflags: pushf pop %ax ret (or whatever the syntax is, my x86 is rusty). > Side note and kind of related: we do have this in the kernel: > > register unsigned long current_stack_pointer asm(_ASM_SP); > #define ASM_CALL_CONSTRAINT "+r" (current_stack_pointer) > > which *might* also solve the redzoning issue. The GCC documentation of inline asm says Another restriction is that the clobber list should not contain the stack pointer register. This is because the compiler requires the value of the stack pointer to be the same after an 'asm' statement as it was on entry to the statement. However, previous versions of GCC did not enforce this rule and allowed the stack pointer to appear in the list, with unclear semantics. This behavior is deprecated and listing the stack pointer may become an error in future versions of GCC. > In the kernel we need it not because of redzoned stack use, but > because we need the stack frame to be set up properly or objtool > complains. If the kernel has special rules for the stack, it had better teach the compiler about this special ABI, or there will be tears eventually. If the kernel requires only what the standard ABIs provide, it can trust the compiler to do that correctly, this is one of the core jobs of a compiler! Segher