Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp1234568rwb; Wed, 28 Sep 2022 15:27:28 -0700 (PDT) X-Google-Smtp-Source: AMsMyM76JwQHvEYGt8Aed9/VJEdHjFpxEoU2Fd0Lw8Yo2hQIgZx11oTu9HIwPZSdjnW/fX3XmFEI X-Received: by 2002:a17:906:db0a:b0:781:f24:a782 with SMTP id xj10-20020a170906db0a00b007810f24a782mr88879ejb.399.1664404048021; Wed, 28 Sep 2022 15:27:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1664404048; cv=none; d=google.com; s=arc-20160816; b=erwhOc7NrpFOFDkF2Gdx4Zm98uFbP4vlaMdrZ7nJxKaUwQZBerKVyCh4N/fjKRxTjy iZeFoReLJziKZabuKNNVe+qjaz1auDQv6f1j9eunTnOtQ8q81kHv6EMp31TkSpLK5jbc oVmVTwdmh7rX1TnPtykjyf7Vk2VKDhxN+XFVpTCPyLpuahqBOzt5HEoB/VvHiIj3iDmZ muiBtUzbtdx2tu81OPhZq2T+FoIXZPzO/voa389OhBa4TtwHbSOMhynEP3j9f8ohcr5a +9XtQdCrkXKCU5isVDwX82jMzGtf4dHIpSxarpeX+u5zCHlZxYu6Y+C9dyo3W+xNIIJ6 DzBA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=ERLuTlisgIR2n9tXC1fe0GP37JKycUgxAwJd1Ig7q9Q=; b=X8hqr9oP+7bWCBLJawzwIJlc6S8l3yfbQWJu77yvnZ0smmYewt/7FY1mLg4NPDnrqg uCafzQXzOyWDZrXCxe34JviBiluAQupiNPRgeVTP2excBNSCMI4KGG5PUlYPri/tT0at c3E+Lzh5dSztr5SmWcNyMwVocdiZW6XGIADvAB7QpuHmXGvvihHYJUQuZzFyGD18EM5V DetbAm844q8+rUYDmIRCj7nBg4zzaqSbfj4jlBzZWamIsdz7hXJX152ao4DX6u/XAYw7 lbBd+I7tgQApeSgi2vYqbzXmbJz+54ub/BPl/vHwg8AnuOhB/bCv/mzQr3AvYE9UUR3H ZPTA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=DxAWIhOW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id tl2-20020a170907c30200b00779b815b8d9si4195109ejc.497.2022.09.28.15.27.02; Wed, 28 Sep 2022 15:27:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=DxAWIhOW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233544AbiI1WDu (ORCPT + 99 others); Wed, 28 Sep 2022 18:03:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34000 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229486AbiI1WDs (ORCPT ); Wed, 28 Sep 2022 18:03:48 -0400 Received: from mail-pg1-x52c.google.com (mail-pg1-x52c.google.com [IPv6:2607:f8b0:4864:20::52c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8CA2E659DA for ; Wed, 28 Sep 2022 15:03:45 -0700 (PDT) Received: by mail-pg1-x52c.google.com with SMTP id q9so13406328pgq.8 for ; Wed, 28 Sep 2022 15:03:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date; bh=ERLuTlisgIR2n9tXC1fe0GP37JKycUgxAwJd1Ig7q9Q=; b=DxAWIhOWGcHpcmmOwlPYx3KHgn35bBdjd63eqQb/+4KWhI74WgEDeYIWrdXpGU0bj5 hRhgnnLilYW3EAaA5y3NOPl4/XRJP9c72OiZVjNRml5lpRx3+jQcBi0aSfwOhLi9e/HX l8oY4DBT7jivOUW62K516ODwZI2vEfEC8kI8c= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date; bh=ERLuTlisgIR2n9tXC1fe0GP37JKycUgxAwJd1Ig7q9Q=; b=6vsebedlhDMzndtza/9k2ovMl6JNWWXMS5HoG3I97+Dy/TzNiWKJNb8p00tA0OumeS BeCKdI5KftF0PZ7vb+ujxZ0jIULyLzd4xucQ9ZUCjBy7cQjkwo8OqPYT5vQ9ZYxVKlrc tCNqlqX5qYylVDAtGckJZfPNkCnVTILZBgteYLvncy/MQmrwo+Lt6SGGW5F2jr0lQQ67 MAu5wS1hcVGOIM6bmzjBJERuogFEOjkdsdSs5NIUoEem1qycn8MJFPm1VEdz+f00z5fg lZ0H+cNhmCCqOQmlOq9O6QMwFf6f5sfeMGRHMVAirQlApUoilmRoBFpzfVvYaeVcRBuq wHZw== X-Gm-Message-State: ACrzQf1R2nFilBqNXZrYhemzmRAN1lJWYIhKaK4NrkYvg1Z459uObfEp 33Lvs2zHMlyc2XAIVbKP1WZP2w== X-Received: by 2002:a65:5886:0:b0:439:8dd3:18d4 with SMTP id d6-20020a655886000000b004398dd318d4mr30891351pgu.430.1664402625067; Wed, 28 Sep 2022 15:03:45 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id f22-20020a63f116000000b0042a713dd68csm4194606pgi.53.2022.09.28.15.03.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 28 Sep 2022 15:03:44 -0700 (PDT) Date: Wed, 28 Sep 2022 15:03:43 -0700 From: Kees Cook To: Nick Desaulniers Cc: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H . Peter Anvin" , Peter Zijlstra , linux-kernel@vger.kernel.org, Linus Torvalds , llvm@lists.linux.dev, Andy Lutomirski , Rasmus Villemoes Subject: Re: [PATCH v4] x86, mem: move memmove to out of line assembler Message-ID: <202209281431.C5EF6C32A@keescook> References: <20220928210512.642594-1-ndesaulniers@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220928210512.642594-1-ndesaulniers@google.com> X-Spam-Status: No, score=-2.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Sep 28, 2022 at 02:05:12PM -0700, Nick Desaulniers wrote: > When building ARCH=i386 with CONFIG_LTO_CLANG_FULL=y, it's possible > (depending on additional configs which I have not been able to isolate) > to observe a failure during register allocation: > > error: inline assembly requires more registers than available > > when memmove is inlined into tcp_v4_fill_cb() or tcp_v6_fill_cb(). > > memmove is quite large and probably shouldn't be inlined due to size > alone. A noinline function attribute would be the simplest fix, but > there's a few things that stand out with the current definition: > > In addition to having complex constraints that can't always be resolved, > the clobber list seems to be missing %bx and %dx, and possibly %cl. By > using numbered operands rather than symbolic operands, the constraints > are quite obnoxious to refactor. > > Having a large function be 99% inline asm is a code smell that this > function should simply be written in stand-alone out-of-line assembler. > That gives the opportunity for other cleanups like fixing the > inconsistent use of tabs vs spaces and instruction suffixes, and the > label 3 appearing twice. Symbolic operands and local labels would > provide this code with a fresh coat of paint. > > Moving this to out of line assembler guarantees that the > compiler cannot inline calls to memmove. > > This has been done previously for 64b: > commit 9599ec0471de ("x86-64, mem: Convert memmove() to assembly file > and fix return value bug") > > Also, add a test that tickles the `rep movsl` implementation to test it > for correctness, since it has implicit operands. Yeah, thanks for poking this in particular. I was bothered that the side-effect test caught a corner case and was planning to expand the memcpy tests even more; thank you for doing that! I've got some more coming and can confirm they tickled the same bug. > Signed-off-by: Nick Desaulniers This time I've looked at the binary differences between the functions generated by both GCC[1] and Clang[2]. GCC is a little more difficult to compare, since it does some register swaps, but the Clang output is same excepting the order of push/pop, and different nops. Reviewed-by: Kees Cook Nick's tests pass, and my newly written tests also pass; I'll send those as a follow-up. Tested-by: Kees Cook -Kees [1] https://paste.debian.net/hidden/b6298e62/ [2] https://paste.debian.net/hidden/d8343143/ -- Kees Cook