Received: by 2002:a05:6358:1087:b0:cb:c9d3:cd90 with SMTP id j7csp6690465rwi;
        Mon, 24 Oct 2022 05:03:00 -0700 (PDT)
X-Google-Smtp-Source: AMsMyM7EfE9ElhDzBZWlxk+P3ylNranBXvJdbYx1eckzoNVJyEciinYMaTVq6Ds6vWg5IQ/+nCNY
X-Received: by 2002:a65:6cc4:0:b0:412:35fa:5bce with SMTP id g4-20020a656cc4000000b0041235fa5bcemr27325425pgw.466.1666612980214;
        Mon, 24 Oct 2022 05:03:00 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1666612980; cv=none;
        d=google.com; s=arc-20160816;
        b=LE5lNS5T5f4sribpCnlro1e5sbdxDXp1CVIaWAkS3XC3ODPwbAakPjGXLRNEporxxN
         JhDaEXKtBHnNMtfZwI7WknekANAN+89rfZoJ8WiQRuYd79ViOK+aMHHoDyxLRLJQY7/R
         icF3cIqA/BT/Ezj93r6CwCFKrut7Ptq1RXeFwvg0HHF1EPki5+VVxZjQ1aKVaexkKz8C
         +0+3hRR+HSH8ThTPzNz+7KmEEMFVhu6qHC8HE4clBXKAVZMmx3vdTDS6Emg6OdReUI8+
         SaPb+umraBBynBZ+LLVzanqK4E0zuyzBdPGfHUayZ6dVu7g/wIuFX5kqHAQOIsBFE7SG
         r42A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date;
        bh=GUbiPkgzMPJ2nuaCSk1DXJBMe55wJyr+b6DXzQHuiJw=;
        b=nATW6H6T8jNkVIuhIaoMwn5fc/vD0i/99vXr9Cn6ekv0r68/SsCSdrg+FTEHPLfzm7
         Nltq13rxoWnmtiUwYDGMOfxNjonDO8DMrpogtP7G1tMV7emmwr4/RMYwT88mzyOmC6Gy
         1va/m0WO5BukX8aG0SEArFYuFi9sbrdgvHzKWIRcC/7Nd0KvUtOVWTjIkPHVb1lv8Ind
         Yzb0idNKc0PV8K6iYBoQeT1G9qQTRC3BT/qGEWwLJoxi7CJQQOFWxGyeEaJsKhZ4Bfn/
         g3yQzRo4jWzoPlZfxz0EPNC7SXq8inrnSF1gU/1n5OGncxARB0A8t2Nx7F8nzUhf5HJ3
         SmIA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id a38-20020a056a001d2600b00544e163575bsi40408428pfx.176.2022.10.24.05.02.42;
        Mon, 24 Oct 2022 05:03:00 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229995AbiJXLYS (ORCPT <rfc822;arunks.linux@gmail.com>
        + 99 others); Mon, 24 Oct 2022 07:24:18 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35122 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229929AbiJXLYR (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 24 Oct 2022 07:24:17 -0400
Received: from foss.arm.com (foss.arm.com [217.140.110.172])
        by lindbergh.monkeyblade.net (Postfix) with ESMTP id 2AC7C38470
        for <linux-kernel@vger.kernel.org>; Mon, 24 Oct 2022 04:24:16 -0700 (PDT)
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14])
        by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 22B21D6E;
        Mon, 24 Oct 2022 04:24:22 -0700 (PDT)
Received: from FVFF77S0Q05N (unknown [10.57.7.186])
        by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 1F3BF3F7B4;
        Mon, 24 Oct 2022 04:24:13 -0700 (PDT)
Date:   Mon, 24 Oct 2022 12:24:11 +0100
From:   Mark Rutland <mark.rutland@arm.com>
To:     Peter Zijlstra <peterz@infradead.org>
Cc:     llvm@lists.linux.dev, linux-kernel@vger.kernel.org,
        linux-arm-kernel@lists.infradead.org,
        Fangrui Song <maskray@google.com>,
        Joao Moreira <joao@overdrivepizza.com>,
        Josh Poimboeuf <jpoimboe@redhat.com>,
        Kees Cook <keescook@chromium.org>,
        Nathan Chancellor <nathan@kernel.org>,
        Nick Desaulniers <ndesaulniers@google.com>,
        Sami Tolvanen <samitolvanen@google.com>
Subject: Re: kCFI && patchable-function-entry=M,N
Message-ID: <Y1Z12xuY9fDaHuCm@FVFF77S0Q05N>
References: <Y1LBGZPMfCZ8A1bl@FVFF77S0Q05N>
 <Y1QEzk/A41PKLEPe@hirez.programming.kicks-ass.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Y1QEzk/A41PKLEPe@hirez.programming.kicks-ass.net>
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
        SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Sat, Oct 22, 2022 at 04:57:18PM +0200, Peter Zijlstra wrote:
> On Fri, Oct 21, 2022 at 04:56:20PM +0100, Mark Rutland wrote:
> > Hi,
> > 
> > For arm64, I'd like to use -fatchable-function-entry=M,N (where N > 0), for our
> > ftrace implementation, which instruments *some* but not all functions.
> > Unfortuntately, this doesn't play nicely with -fsanitize=kcfi, as instrumented
> > and non-instrumented functions don't agree on where the type hash should live
> > relative to the function entry point, making them incompatible with one another.
> > AFAICT, there's no mechanism today to get them to agree.
> > 
> > Today we use -fatchable-function-entry=2, which happens to avoid this.
> 
> > ... but I understand that for x86, folk want the pre-function NOPs to
> > fall-through into the body of the function.
> 
> Yep.
> 
> > Is there any mechanism today that we could use to solve this, or could we
> > extend clang to have some options to control this behaviour?
> 
> So the main pain-point for you is differentiating between function with
> notrace and those without it, right?
> 
> That is; suppose you (like x86) globally do:
> -fpatchable-function-entry=4,2 to get a consistent function signature,
> you're up a creek because you use the __patchable_function_entries
> section to drive ftrace and now every function will have it.
> 
> So perhaps something like:
> 
>  -fpatchable-function-entry=N,M,sectionname
> 
> would help, then you can have notrace be the same layout, except a
> different section. Eg. something like:
> 
>  #define notrace __attribute__((patchable_function_entry(4,2,__notrace_function_entries)))

FWIW, I think that'd work for me, and that was roughly my original proposal on
IRC. My only concern with this approach is code size, since all uninstrumented
functions gain some point less prefix NOPs.

We can make that slghtly better as:

#define notrace __attribute__((patchable_function_entry(2,2,__notrace_function_entries)))

... since we don't care about placing NOPs *within* the function

> It does make the whole: CFLAGS_REMOVE_file.o = $(CC_FLAGS_FTRACE)
> a bit of a pain, but I've long favoured removing all that and having
> explitic notrace attributes on all relevant functions.
> 
> Then again; perhaps it could be made to work by ensuring CFLAGS starts
> with:
> 
>  -fpatchable-function-entry=4,2,__notrace_function_entries
> 
> and have CC_FLAGS_FTRACE include (and hence override with)
> 
>  -fpatchable-function-entry=4,2,__ftrace_function_entries
> 
> assuming that with duplicate argument the last is effective.

TBH, it'd be nice to move ftrace to the `CFLAGS_WHATEVER_obj.o := n` approach
the other instrumentation uses, which IIUC would allow us to define different
flags for the two cases (though I'll need to go check that).

Thanks,
Mark.