On Fri, Apr 08, 2022 at 01:08:47PM -0700, Nick Desaulniers wrote: > Lore thread start for newly cc'ed ML readers: > https://lore.kernel.org/lkml/7fad83ecde03540e65677959034315f8fbb3755e.1649434832.git.jpoimboe@xxxxxxxxxx/ > > On Fri, Apr 8, 2022 at 12:14 PM Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote: > > > > On Sat, Apr 09, 2022 at 03:29:21AM +0900, Masahiro Yamada wrote: > > > Is [2] caused by dead code that was not optimized out > > > due to the unusual inlining decisions by the compiler ? > > > > The complaint is due to SMAP validation; objtool will scream if there's > > a CALL in between STAC/CLAC. The thinking is that since they open a > > security window, we want tight code between them. We also very much > > don't want tracing and other funnies to happen there. As such, any CALL > > is dis-allowed. > > Just indirect calls, which might be manipulated, or static calls, too? Any CALL instruction is a no-no. Only 'simple' code is allowed between STAC and CLAC. > > This weird option is having us upgrade quite a few 'inline' to > > '__always_inline'. > > As is, the assumption that __init functions only call other __init > functions or __always_inline is a brittle house of cards that leads to > a "what color is your function" [0] scenario, and leads to code that > happens to not emit warnings for compiler X (or compiler X version Y). > There's also curious exceptions in modpost that look like memory leaks > to me. > > We already have such toolchain portability issues for different > toolchains and different configs; warnings from section mismatches, > and objtool STAC/CLAC checks. I feel that Josh's patch would sweep > more of those under the rug, so I'm not in favor of it, but could be > convinced otherwise. > > TBH, I kind of think that we could use a C extension to permit > __attribute__((always_inline)) to additionally be a statement > attribute, rather than just a function attribute because of cases like > this; we need the flexibility to make one call site __always_inline > without necessarily forcing ALL callsites to be __always_inline'd. > > void y (void); > void x (void) { __attribute__((always_inline)) y(); }; > > (This is already expressable in LLVM IR; not (yet) in C. I'm not sure > yet _why_ this was added to LLVM; whether a different language front > end can express this, if C can and I'm mistaken, or whether it's only > used for optimizations). > > I think that would give developers maximal flexibility to defer as > much to the compiler's inlining decisions when they don't care, and > express precisely what they need when they do [care]. > > [0] https://journal.stuffwithstuff.com/2015/02/01/what-color-is-your-function/ So in the case of that latest __always_inline patch, there was only a single caller. New syntax would buy us absolutely nothing there. If we're talking extentions, I'd much rather have function spaces. That is, being able to tag functions *AND* function pointers with an address space qualifier. I want to be able to create a function pointer that can only be assigned functions from the noinstr space for example. Ideally calling such a functino pointer would only be possible from within that space. Anyway, let me go read that blog you linked.
