On Fri, Apr 14, 2023 at 09:30:13PM +0200, Peter Zijlstra wrote: > On Fri, Apr 14, 2023 at 10:12:55AM -0700, Josh Poimboeuf wrote: > > > > * How to avoid/minimize the need to reverse-engineer control flow for things > > > like ORC generation. > > > > > > On the arm64 side we're pretty averse to doing this to generate metadata for > > > unwinding (and we might not need to), but there are things objtool does today > > > that requires awareness of control-flow (e.g. forward-edge checks for noinstr > > > safety). > > > > > > Hopefully without a flamewar about DWARF... > > > > If objtool is going to be doing control-flow anyway then it could just > > validate DWARF/SFrame. Then everybody's happy? > > Right; so per another recent thread somewhere; you can't rely on > DWARF/Sframe or any other compiler generated thing simply because it > doesn't cover .S files and inline asm -- and this being a kernel, we've > got quite a bit of that. > > At best it could use DWARF to help reconstruct code flow and then > validate Sframe for the bits that got sframe. I wasn't (necessarily) suggesting that objtool use DWARF as an input to help it construct the control-flow graph (CFG). Instead, the idea is for objtool to continue to reverse-engineer the CFG as it does today (albeit with a little help from the compiler in specific problematic areas, e.g. noreturns and jump tables). Then, it could use that independently-developed CFG to read the compiler-generated metadata (DWARF/SFrame/whatever), and report any warnings if the DWARF doesn't match objtool's CFG. In other words, DWARF validation becomes just another optional objtool feature, similar to its other unwinding-related features like frame pointer validation and ORC generation. That way, regardless of which philosophy [1] you subscribe to, if something is amiss with reliable unwinding, the end result is the same: a warning. Then a human can look at the warning and investigate whether it's objtool or DWARF/whatever that needs to be fixed. [1] "reverse engineering is risky" vs "reverse engineering is reliable" -- Josh
