From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wm1-f53.google.com (mail-wm1-f53.google.com [209.85.128.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2D9973BE632 for ; Wed, 17 Jun 2026 09:26:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.53 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781688409; cv=none; b=of2MnCdz48/Ys2mvIFJZbwKhZRi3jw2L63yJ5+OEt42OEvsOjLODMBdlbJFIY2EQCHdH9oav8D1lm6OhGTzJpSe7RqTwCBG5NxAcIlvTi0jnS4D9AjC83oTR2UiTtU/ZRZF/3z2Ni5vqFUgP1KPGMeVlWm9c02ASWH8k8zRtX90= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781688409; c=relaxed/simple; bh=3cQ42nywwcxp1FXama+XUMRsVkDSgcwqpQ28ZE8CX4Q=; h=Date:From:To:Cc:Subject:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=FBveGLast7qYEP01Iq8S1yDNN4c89yduxcuW4Q10AUoeOltrIJBYRenFygVAwYE9Sk9bkw93ezPLsQjHKO19TWv4ZDHFxSpiP4Oy+GiKkPDLuScCukMICeZdnVkvLvLuyeteCYWRVxns1MQ8jAUVhH3tbCAw59i22YtsgISjUG4= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=fpRMfoIR; arc=none smtp.client-ip=209.85.128.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="fpRMfoIR" Received: by mail-wm1-f53.google.com with SMTP id 5b1f17b1804b1-490ace40f4bso52899145e9.3 for ; Wed, 17 Jun 2026 02:26:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1781688405; x=1782293205; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:from:to:cc:subject:date :message-id:reply-to; bh=Wd3y/loL+09cIWZSzv0iH3zWi6CHrfXGP5GEMWLs7FU=; b=fpRMfoIRJcY0N8DRtrKpeQpUiUFmH8nzBy0HiHAQ7kxNVeQRiSHxHA1xXaaCrThPOI q8T6S6WV5GDg32QdsYXM4Av5AV5Rl18gN7FND+ieR/UiQ8lClQNgDTeJ1j+btMY1qumG lZgdHXhD6yDagPgIQSYXgxGYG+ZcQ9+YQkEI3rfL05dbSDeac9pRDc+lH4/98OrlARR4 NWW4klIgpXYlzkP71eOupWyu3HrKUVHyvm9ZRD3x2HfDwy1cC8GF9mmvW/fVq4kByveW b3FwIHDhSn/s0fBdPD5/xaHrGShH8L9kNh0oCZmSHMtIxcagK/8Z1L0GzAIEp4cLqtFy L43w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781688405; x=1782293205; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=Wd3y/loL+09cIWZSzv0iH3zWi6CHrfXGP5GEMWLs7FU=; b=rCOr18gzQpFLBq8REmv3zwD/Kstcj1wrrapFJpMmnqz36JjwT/rkk8NjgdbPg1fhHE xZUNHbAxDjcyTyFSQ5eEjyoyzcqdTXE0zG07U7KoyJMiQdORAlYVJsAsXpU3ZwpTj6ex 1DeAqWup4/29R6Iw5GqOjrMADd0s7PKpTBHBe73z0ofryQK5SXATbXuCQ3BRa/yJ5vfX k2cwK58OxPvMaynAAVJlQPVsDXYcPKzqqkPl5T4Q6WC676mX+XL8wKtaiHA1DYlChvPW Cctt1ouT72NTFsBJ5YvEWZXTQ7/SDVOiD3i9oNOTyY+aePjGNnwOe/1hI/YROH6Vmwr0 14aw== X-Forwarded-Encrypted: i=1; AFNElJ8zulG01eCwFkW6zsPO8KaRRj49Eu54AlhsjaXx9DiD4Y5x0c3bTL401NuBlI0lPQeRvd8YKh8gxMpQWpg=@vger.kernel.org X-Gm-Message-State: AOJu0Yxa2Cd0sqGCN+Amc1x4FLQLGARjyvdAC8bstAPawfIjej8wK5PM IVMzYJU8dDuXNxzcDaiLWidILM/GnxqnpeXuEDdH9f+71F0II4Nd2WcE X-Gm-Gg: Acq92OG/tPU9YhW3auQ6P0kn/ENc5w9nqXl2T/Ys1JD9jG72IRkjOyBUb/GOs+mDd1i uoGLR4yyLh+GwC45W/3iksl6/ufg7OgxiJ3wFlN733ujR2L2s1+SPJUElkNl8viqWRAL+dRVnpT SpoYSbAO8ObjJ3WDQ6rBPNKkMyQunb+ltV5YvZw/KyL3zRnRbFE+aZ7WHv4jJTA3JtFYsToytQS 9sNExW05uPuzxyaf9vaDCmp5UThwFp5P3QJaol5ne/JItpZLmzD2yneKUGMoS0NQ0lqXbWrfvqu BrzPJeIofPoevs5MivlN8Q7mduT0coDcYqgqyP/cFlEczHMWkKZYfTX4mDa6jfHatamgP+spHvh Vx+dLvuGv+qbRRSbcBlLc9IYdoRld/v5k1xBzRGiFz1RIMRVOFKYOW321I+8mztJiIU3Mk0dQDh XX0FyOcA1Fd7FYVkqjzsFDqqXFZcMd3x+WGl10aRTpoAgOYhCg1A== X-Received: by 2002:a05:600c:c08a:b0:490:bbc1:d508 with SMTP id 5b1f17b1804b1-492333a16f7mr40568775e9.1.1781688405127; Wed, 17 Jun 2026 02:26:45 -0700 (PDT) Received: from pumpkin (82-69-66-36.dsl.in-addr.zen.co.uk. [82.69.66.36]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-49234daafc7sm26450495e9.10.2026.06.17.02.26.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Jun 2026 02:26:44 -0700 (PDT) Date: Wed, 17 Jun 2026 10:26:43 +0100 From: David Laight To: Peter Zijlstra Cc: x86@kernel.org, linux-kernel@vger.kernel.org, hpa@zystor.com, samitolvanen@google.com, kees@kernel.org, nathan@kernel.org, scott.d.constable@intel.com Subject: Re: [PATCH] x86/kcfi: Optimize call sequence Message-ID: <20260617102643.5b343e64@pumpkin> In-Reply-To: <20260617070813.GI49951@noisy.programming.kicks-ass.net> References: <20260612071506.GQ187714@noisy.programming.kicks-ass.net> <20260616214722.7742e394@pumpkin> <20260617070813.GI49951@noisy.programming.kicks-ass.net> X-Mailer: Claws Mail 4.1.1 (GTK 3.24.38; arm-unknown-linux-gnueabihf) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Wed, 17 Jun 2026 09:08:13 +0200 Peter Zijlstra wrote: > On Tue, Jun 16, 2026 at 09:47:22PM +0100, David Laight wrote: > > > > --- a/arch/x86/kernel/alternative.c > > > +++ b/arch/x86/kernel/alternative.c > > > @@ -1356,6 +1356,10 @@ early_param("cfi", cfi_parse_cmdline); > > > * "Make conditional jumps most often not taken: The efficiency and throughput > > > * for not-taken branches is better than for taken branches on most > > > * processors. Therefore, it is good to place the most frequent branch first" > > > + * > > > + * NOTE: Update the kCFI caller sequence to make use of this observation. > > > + * Replace the "je 1f; ud2" sequence with "jne +1; test $0xd6, %al". This > > > + * clobbers flags, but those are clobbered by the hash test anyway. > > > > I think it would be better to give the byte sequences for both pairs of > > instructions - it takes a bit of sleuthing to check they are the same size. > > You mean, expand the comment like a few lines above, where we have the > kCFI/FineIBT contrast? Sure, I suppose I can make this comment longer > still. More detail and less waffle :-) I had to read the earlier comment several times because it mentions using udb and then gives a code snippet that contains ud2. I then had to check the instruction encodings for both (and neither in is the 286 and 386 books on my desk). Just adding (0f,0b) after one of the ud2 and (d6) after a udb would help. > > I think it would also be better it the code doing the patching checked > > what it was overwriting. > > Ye of little faith :-) I wouldn't want to have to debug the consequences of getting it wrong. (The same goes for patching into function preamble.) My 'little faith' comes from patching live kernel code with echo | dd :-) > > > Also, what actually generates the list of cfi locations in the first place? > > If it is objtool, then maybe it could do the rewrite instead. > > The list with UD2 locations is compiler generated. I've never trusted compilers not to change their minds on how code will be compiled. > Also, objtool > typically avoids actually modifying code and generally prefers to just > ship additional sections such that the kernel can modify itself. There > is an exception to this, but there was definite grumbling about that. At least this one is an optimisation. The advantage of getting objtool to do the change is that objdump will then show the code that is being executed. David