Received: by 2002:a05:7412:419a:b0:f3:1519:9f41 with SMTP id i26csp3676389rdh; Tue, 28 Nov 2023 00:06:38 -0800 (PST) X-Google-Smtp-Source: AGHT+IH8knlp5QNU9vNcievedy/JkJ/LxmbEZ1W0qVZUkjf2SG/RJ+h79tMbGHUkXnVAE0WzwOHE X-Received: by 2002:a05:6870:eca4:b0:1f9:f532:49c6 with SMTP id eo36-20020a056870eca400b001f9f53249c6mr16733343oab.20.1701158798292; Tue, 28 Nov 2023 00:06:38 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701158798; cv=none; d=google.com; s=arc-20160816; b=pskG1IhoBg51tFt+jiAXGc6r8FVhlScBulmmoUAbFobpOpDBUVKK17WysWtY0MtRvE K8nTPe+gQfwQVvJdUPkESje+5tY3IZ4lpcjUl/vjjJTREy5LfaEJQr5437EmaG3lQ/rK W7jyI76C0z93BNz45I67kGuORDrTBqOwmFpG4HXLJD4PF7NnSaQ53ymOGnYgbzcp3+wl ZIZ/dUrD8Av/3faCjsherilSgS7gU1zmgyAMragsHvGK6Fx6S1KHHGlNJn11ZbMzB8v3 CO/CV/WPlcRoIl9iG3DmOGRnGUQkrPz04UQHr2RPO9voOU5WaVXD6zHI56zTtK1uxBPP rgqg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=9n+l6tkgUFTJJXmXeVn5HjQsn8tGLXLM73K+yHnArOk=; fh=gLSCYh25+6tf6lS23bFbt3c3muyZSV2UE9IIKXay2Rc=; b=pceZD1nmeuhcAYZcbOt1FGuHE94uED46GuMtk41xzqpeqBm0R921+T2EPrA1JyQSit ZYYRdfnrV3v6dh83D/5PCEqmjY7WsbzsBt7/dcwCc9xLkissPoWsmpqkyL6FhKczT882 UBa6+Gtr0qAG4F4vpb9XYpyNiDSiZTXdYbmKUwW/7hIvgektxlrx1gDjfba42klxfoUu zp7eKjfkry4Zpj6f1Jepp87sTQ9jIoVJaUDJIltLrq0Lp9yirU3WWtnOIotqg6cn2aX0 ad2uF3QEnQx0oVsG2TXPIU7vq3u13JpUm5jzTrFtxS2X7NqREiStU4uuqKc5RKaGk2gA mmvA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ao6BfKKi; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from morse.vger.email (morse.vger.email. [23.128.96.31]) by mx.google.com with ESMTPS id x190-20020a6263c7000000b006cb997a5f83si10977029pfb.31.2023.11.28.00.06.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 Nov 2023 00:06:38 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) client-ip=23.128.96.31; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ao6BfKKi; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id 6DD0F807E435; Tue, 28 Nov 2023 00:06:34 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234803AbjK1IGR (ORCPT + 99 others); Tue, 28 Nov 2023 03:06:17 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40660 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344040AbjK1IFw (ORCPT ); Tue, 28 Nov 2023 03:05:52 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 994B02697 for ; Tue, 28 Nov 2023 00:05:29 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 66B45C433C8; Tue, 28 Nov 2023 08:05:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1701158729; bh=0Sd6/InjMmJxbg/WRoT45JmnNSyw/cM2gU/plxlLlnI=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=ao6BfKKi7YES83Ny8zylvOjAjoiJj5W4xlyz/eWe85KivPIuytnW57Q55hTSC4b8c kzfTY4UBr8bJ4G80m8V3tdRTArJn2ZhrX4DIALTciWeCmSquOmsBFZumbXBBP1wiOp 3uB72uKQE3l3VGMy29RzF5cAIOr4J9JWf3ca6Oy0= Date: Tue, 28 Nov 2023 08:05:26 +0000 From: Greg KH To: Matthew Maurer Cc: Masahiro Yamada , Nick Desaulniers , Miguel Ojeda , Gary Guo , Luis Chamberlain , Nathan Chancellor , Nicolas Schier , linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, linux-kbuild@vger.kernel.org, rust-for-linux@vger.kernel.org, Laura Abbott Subject: Re: [PATCH v2 0/5] MODVERSIONS + RUST Redux Message-ID: <2023112824-dispatch-wooing-39de@gregkh> References: <20231118025748.2778044-1-mmaurer@google.com> <2023112314-tubby-eligibly-007a@gregkh> <2023112312-certified-substance-007c@gregkh> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Tue, 28 Nov 2023 00:06:34 -0800 (PST) On Mon, Nov 27, 2023 at 11:27:07AM -0800, Matthew Maurer wrote: > > > > > > > > > With regards to future directions that likely won't work for loosening it: > > > > > Unfortunately, the .rmeta format itself is not stable, so I wouldn't want to > > > > > teach genksyms to open it up and split out the pieces for specific functions. > > > > > Extending genksyms to parse Rust would also not solve the situation - > > > > > layouts are allowed to differ across compiler versions or even (in rare > > > > > cases) seemingly unrelated code changes. > > > > > > > > What do you mean by "layout" here? Yes, the crcs can be different > > > > across compiler versions and seemingly unrelated code changes (genksyms > > > > is VERY fragile) but that's ok, that's not what you are checking here. > > > > You want to know if the rust function signature changes or not from the > > > > last time you built the code, with the same compiler and options, that's > > > > all you are verifying. > What I mean by layout here is that if you write in Rust: > struct Foo { > x: i32, > y: i32, > } > it is not guaranteed to have the same layout across different compilations, even > within the same compiler. See > https://doc.rust-lang.org/reference/type-layout.html#the-rust-representation Then you are going to have big problems, sorry. > Specifically, the compiler is allowed to arbitrarily insert padding, > reorder fields, etc. > on the same code as long as the overall alignment of the struct and individual > alignment of the fields remains correct and non-overlapping. > > This means the compiler is *explicitly* allowed to, for example, permute x and y > as an optimization. In the above example this is unlikely, but if you > instead consider > struct Bar { > x: i8, > y: i64, > z: i8, > } > It's easy to see why the compiler might decide to structure this as > y,x,z to reduce the > size of the struct. Those optimization decisions may be affected by > any other part of > the code, PGO, etc. Then you all need to figure out some way to determine how the compiler layed out the structure after it compiled/optimized it and be able to compare it to previous builds (or just generate a crc based on the layout it chose.) > > > > > Future directions that might work for loosening it: > > > > > * Generating crcs from debuginfo + compiler + flags > > > > > * Adding a feature to the rust compiler to dump this information. This > > > > > is likely to > > > > > get pushback because Rust's current stance is that there is no ability to load > > > > > object code built against a different library. > > > > > > > > Why not parse the function signature like we do for C? > Because the function signature is insufficient to check the ABI, see above. > > > > > > > > > Would setting up Rust symbols so that they have a crc built out of .rmeta be > > > > > sufficient for you to consider this useful? If not, can you help me understand > > > > > what level of precision would be required? > > > > > > > > What exactly does .rmeta have to do with the function signature? That's > > > > all you care about here. > The .rmeta file contains the decisions the compiler made about layout > in the crate > you're interfacing with. For example, the choice to encode Bar > with a yxz field order would be written into the .rmeta file. Ok, then yes, can you parse the .rmeta file to get that information? > > > rmeta is generated per crate. > > > > > > CRC is computed per symbol. > > > > > > They have different granularity. > > > It is weird to refuse a module for incompatibility > > > of a symbol that it is not using at all. > > > > I agree, this should be on a per-symbol basis, so the Rust > > infrastructure in the kernel needs to be fixed up to support this > > properly, not just ignored like this patchset does. > I agree there is a divergence here, I tried to point it out so that it > wouldn't be > a surprise later. The .rmeta file itself (which is the only way we > could know that > the ABI actually matches, because layout decisions are in there) is an unstable > format, which is why I would be reluctant to try to parse it and find only the > relevant portions to hash. This isn't just a "technically unstable" > format, but one > in which the compiler essentially just serializes out relevant internal data > structures, so any parser for it will involve significant alterations > on compiler > updates, which doesn't seem like a good plan. > > > > thanks, > > > > greg k-h > Given the above additional information, would you be interested in a patchset > which either: > > A. Computes the CRC off the Rust type signature, knowing the compiler is > allowed to change the ABI based on information not contained in the CRC. No. > B. Uses the CRC of the .rmeta file, knowing, as was pointed out, that this > effectively contains the ABI of every symbol in the compilation unit, as well > as inline functions and polymorphic functions. No. > If neither of these works, we likely can't turn on MODVERSIONS+RUST until > further work is done upstream in the compiler to export some of this data in > an at least semi-stable fashion. Looks like you need something a bit more fine-grained, as pointed out above. why not parse the structure/function information in the .rmeta file? Is the format of that file not stable? thanks, greg k-h