On Thu, Nov 29, 2018 at 10:47 AM Steven Rostedt <rost...@goodmis.org> wrote:
>
> Note, we do have a bit of control at what is getting called. The patch
> set requires that the callers are wrapped in macros. We should not
> allow just any random callers (like from asm).
Actually, I'd argue that asm is often more controlled than C code.
Right now you can do odd things if you really want to, and have the
compiler generate indirect calls to those wrapper functions.
For example, I can easily imagine a pre-retpoline compiler turning
if (cond)
fn1(a,b)
else
fn2(a,b);
into a function pointer conditional
(cond ? fn1 : fn2)(a,b);
and honestly, the way "static_call()" works now, can you guarantee
that the call-site doesn't end up doing that, and calling the
trampoline function for two different static calls from one indirect
call?
See what I'm talking about? Saying "callers are wrapped in macros"
doesn't actually protect you from the compiler doing things like that.
In contrast, if the call was wrapped in an inline asm, we'd *know* the
compiler couldn't turn a "call wrapper(%rip)" into anything else.
Linus
