[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20201118194837.GO2672@gate.crashing.org>
Date: Wed, 18 Nov 2020 13:48:37 -0600
From: Segher Boessenkool <segher@...nel.crashing.org>
To: Steven Rostedt <rostedt@...dmis.org>
Cc: Florian Weimer <fw@...eb.enyo.de>,
Nick Desaulniers <ndesaulniers@...gle.com>,
Peter Zijlstra <peterz@...radead.org>,
Sami Tolvanen <samitolvanen@...gle.com>,
Mathieu Desnoyers <mathieu.desnoyers@...icios.com>,
linux-kernel <linux-kernel@...r.kernel.org>,
Matt Mullins <mmullins@...x.us>,
Ingo Molnar <mingo@...hat.com>,
Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Dmitry Vyukov <dvyukov@...gle.com>,
Martin KaFai Lau <kafai@...com>,
Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
Andrii Nakryiko <andriin@...com>,
John Fastabend <john.fastabend@...il.com>,
KP Singh <kpsingh@...omium.org>,
netdev <netdev@...r.kernel.org>, bpf <bpf@...r.kernel.org>,
Kees Cook <keescook@...omium.org>,
Josh Poimboeuf <jpoimboe@...hat.com>,
linux-toolchains@...r.kernel.org
Subject: Re: violating function pointer signature
On Wed, Nov 18, 2020 at 02:33:43PM -0500, Steven Rostedt wrote:
> On Wed, 18 Nov 2020 13:11:27 -0600
> Segher Boessenkool <segher@...nel.crashing.org> wrote:
>
> > Calling this via a different declared function type is undefined
> > behaviour, but that is independent of how the function is *defined*.
> > Your program can make ducks appear from your nose even if that function
> > is never called, if you do that. Just don't do UB, not even once!
>
> But that's the whole point of this conversation. We are going to call this
> from functions that are going to have some random set of parameters.
<snip great summary>
> And you see the above, the macro does:
>
> ((void(*)(void *, proto))(it_func))(__data, args);
Yup.
> With it_func being the func from the struct tracepoint_func, which is a
> void pointer, it is typecast to the function that is defined by the
> tracepoint. args is defined as the arguments that match the proto.
If you have at most four or so args, what you wnat to do will work on
all systems the kernel currently supports, as far as I can tell. It
is not valid C, and none of the compilers have an extension for this
either. But it will likely work.
> The problem we are solving is on the removal case, if the memory is tight,
> it is possible that the new array can not be allocated. But we must still
> remove the called function. The idea in this case is to replace the
> function saved with a stub. The above loop will call the stub and not the
> removed function until another update happens.
>
> This thread is about how safe is it to call:
>
> void tp_stub_func(void) { return ; }
>
> instead of the function that was removed?
Exactly as safe as calling a stub defined in asm. The undefined
behaviour happens if your program has such a call, it doesn't matter
how the called function is defined, it doesn't have to be C.
> Thus, we are indeed calling that stub function from a call site that is not
> using the same parameters.
>
> The question is, will this break?
It is unlikely to break if you use just a few arguments, all of simple
scalar types. Just hope you will never encounter a crazy ABI :-)
Segher
Powered by blists - more mailing lists