Received: by 2002:a05:6358:53a8:b0:117:f937:c515 with SMTP id z40csp1419218rwe; Fri, 14 Apr 2023 22:00:23 -0700 (PDT) X-Google-Smtp-Source: AKy350a/WqHNxsz6kNgbOaZuucYYz0VZioO6xAzvGVLxjv2Gcv/kVxJfCmK38XJAKhfsJIX+6HfB X-Received: by 2002:a05:6a00:10c1:b0:63b:4313:f8c9 with SMTP id d1-20020a056a0010c100b0063b4313f8c9mr10167771pfu.18.1681534823103; Fri, 14 Apr 2023 22:00:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1681534823; cv=none; d=google.com; s=arc-20160816; b=KYE2ktbmfRnMpyqjlcrz1cRZLuURIUJgKunwEv/3p4ZW9MjYLW44sjpa2qgC7S+rkO 7UO5zY6iEzqHnD+T1a8gTyY+6QxMuhD8dqhzJOFkf79/PgXDBPYu0EZMlOArPxsbfmMl WDfMG/UlEu0NnzkaZcECJfS1zGqJz3VX+G6V2Zh3DdCO/oIitb4yW759hH5O/9E/E46n gv6GiAOf56aKdMEe2VS8iyUGp8OFs7es8zfjEbxfR3QrGMfwWhQ68WK8mbeIkHqBw+sB 0NDDXIri8Xms/cd93ULFZ9fRH1oDRVCP8URBWWJhmM8HX0Mw38nemrYs+0iCqe2T7Kij PKKQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature:dkim-filter; bh=OX5xVhjidekkFVQIYzgkoxkH+GLLDJ1xTOt43sVJ2OM=; b=dfhJkaDo78uU+o0eu0xZRx7itscrPYFZ9T2QJMRCSsbPTmljhnnZLcn2gqnILt3NU0 iOJwxDQWvdt8TLNNr+bOCo4T51ZTepOEUV25pSMMdGPtoxHLyFlT/hdydtPmTFJ6WePh BaWQOFOuMJp2ecV+PXoU6oasVkj0dRXQbfJVW+2LBIfgmfwBtMUcvMh9mM5uCScKNNxg ivX/7RWk2HS7jGKo1w1k1Dtk6Fj4HLqviKVk9idAUvFgAH2CVXWwyBQKBcV/TW5JSu8M uCtASwJ3bAS3ByEfzAueF3BLf9TjxSLZLWWvuhaI1HSxRU7aF9V1QRlm9SJsG/5YT0Fk P11A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=rcqOCAaO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y28-20020aa79afc000000b005e1cabb612fsi6331197pfp.67.2023.04.14.21.59.40; Fri, 14 Apr 2023 22:00:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=rcqOCAaO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229591AbjDOE1u (ORCPT + 99 others); Sat, 15 Apr 2023 00:27:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46734 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229450AbjDOE1s (ORCPT ); Sat, 15 Apr 2023 00:27:48 -0400 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 1F6C249F5; Fri, 14 Apr 2023 21:27:47 -0700 (PDT) Received: from [192.168.254.32] (unknown [47.189.246.67]) by linux.microsoft.com (Postfix) with ESMTPSA id B33BB217A94A; Fri, 14 Apr 2023 21:27:45 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com B33BB217A94A DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1681532866; bh=OX5xVhjidekkFVQIYzgkoxkH+GLLDJ1xTOt43sVJ2OM=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=rcqOCAaOyPmeZX4WCMxx0UEeK5ysE/La3n7WSecBaxuv4JwwLzWgozwl3EM0qGWoW E05kjjxvTxooa/OtOYgWCznQyo9ceT5RBenHcP8L69VqnyneQebxiy/FK4dHS42tJB ahAWUw2UZJZC4iR//tLO0q0k8wOStGMw3sZz/xf8= Message-ID: <4e5029f4-be42-ef23-1eab-a6cfff49527c@linux.microsoft.com> Date: Fri, 14 Apr 2023 23:27:44 -0500 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.10.0 Subject: Re: [RFC PATCH v3 00/22] arm64: livepatch: Use ORC for dynamic frame pointer validation Content-Language: en-US To: Josh Poimboeuf Cc: Mark Rutland , jpoimboe@redhat.com, peterz@infradead.org, chenzhongjin@huawei.com, broonie@kernel.org, nobuta.keiya@fujitsu.com, sjitindarsingh@gmail.com, catalin.marinas@arm.com, will@kernel.org, jamorris@linux.microsoft.com, linux-arm-kernel@lists.infradead.org, live-patching@vger.kernel.org, linux-kernel@vger.kernel.org, linux-toolchains@vger.kernel.org References: <20230202074036.507249-1-madvenka@linux.microsoft.com> <054ce0d6-70f0-b834-d4e5-1049c8df7492@linux.microsoft.com> <20230412041752.i4raswvrnacnjjgy@treble> <20230412050106.7v4s3lalg43i6ciw@treble> <20230412155221.2l2mqsyothseymeq@treble> <20230413163035.ttar5uexrpldz3yl@treble> From: "Madhavan T. Venkataraman" In-Reply-To: <20230413163035.ttar5uexrpldz3yl@treble> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-22.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,ENV_AND_HDR_SPF_MATCH,NICE_REPLY_A, RCVD_IN_DNSWL_MED,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 4/13/23 11:30, Josh Poimboeuf wrote: > On Thu, Apr 13, 2023 at 09:59:31AM -0500, Madhavan T. Venkataraman wrote: >> On 4/12/23 10:52, Josh Poimboeuf wrote: >>> On Wed, Apr 12, 2023 at 09:50:23AM -0500, Madhavan T. Venkataraman wrote: >>>>>> I read through the SFrame spec file briefly. It looks like I can easily adapt my >>>>>> version 1 of the livepatch patchset which was based on DWARF to SFrame. If the compiler >>>>>> folks agree to properly support and maintain SFrame, then I could send the next version >>>>>> of the patchset based on SFrame. >>>>>> >>>>>> But I kinda need a clear path forward before I implement anything. I request the arm64 >>>>>> folks to comment on the above approach. Would it be useful to initiate an email discussion >>>>>> with the compiler folks on what they plan to do to support SFrame? Or, should this all >>>>>> happen face to face in some forum like LPC? >>>>> >>>>> SFrame is basically a simplified version of DWARF unwind, using it as an >>>>> input to objtool is going to have the same issues I mentioned below (and >>>>> as was discussed with your v1). >>>>> >>>> >>>> Yes. It is a much simplified version of DWARF. So, I am hoping that the compiler folks >>>> can provide the feature with a reliability guarantee. DWARF is too complex. >>> >>> I don't see what the complexity (or lack thereof) of the unwinding data >>> format has to do with it. The unreliability comes from the underlying >>> data source, not the formatting of the data. >>> >> >> What I meant is - if SFrame is implemented by simply extracting unwind info from >> DWARF data and placing it in a separate section (as it is probably implemented now), >> then what you say is totally true. But if the compiler folks agree to make SFrame reliable, >> then either they have to make DWARF reliable. Or, they have to implement SFrame as a >> separate feature and make it reliable. The former is tough to do as DWARF has a lot of complexity. >> The latter is a lot easier to do. > > [ adding linux-toolchains ] > > I don't think ensuring reliability is an easy task, regardless of the > complexity of the unwinding format. > > Whether it's SFrame or DWARF/eh_frame, the question would be how to > ensure it's always reliable for a compiler "power user" like the kernel > which has many edge cases (including lots of inline asm which the > compiler has no visibility to) and which uses unwinding for more than > just debugging. > > It would need some kind of black-box testing on a complex code base. > (hint: kind of like what objtool already does today) > I could use the ORC data I generate by using the decoder against the SFrame data. A function is reliable only if both data sources agree for the whole function. Also, in my approach, the actual frame pointer is dynamically checked against the frame pointer computed from the unwind data. Any mismatch indicates an unreliable stack trace. IMHO, this is sufficient to provide livepatch. Do you agree? Madhavan