* [PATCH] gcov,x86: Mark GCOV broken for x86 @ 2021-06-14 10:17 Peter Zijlstra 2021-06-14 10:31 ` Marco Elver ` (2 more replies) 0 siblings, 3 replies; 13+ messages in thread From: Peter Zijlstra @ 2021-06-14 10:17 UTC (permalink / raw) To: x86, oberpar, linux-kernel Cc: johannes.berg, ndesaulniers, nathan, keescook, elver, mark.rutland As recently discovered, there is no function attribute to disable the -fprofile-generate instrumentation. As such, GCOV is fundamentally incompatible with architectures that rely on 'noinstr' for correctness. Until such time as that compilers have added a function attribute to disable this instrumentation, mark GCOV as broken. Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> --- arch/x86/Kconfig | 2 +- kernel/gcov/Kconfig | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 86dae426798b..c0f8c9d4c31a 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -75,7 +75,7 @@ config X86 select ARCH_HAS_FAST_MULTIPLIER select ARCH_HAS_FILTER_PGPROT select ARCH_HAS_FORTIFY_SOURCE - select ARCH_HAS_GCOV_PROFILE_ALL + select ARCH_HAS_GCOV_BROKEN select ARCH_HAS_KCOV if X86_64 && STACK_VALIDATION select ARCH_HAS_MEM_ENCRYPT select ARCH_HAS_MEMBARRIER_SYNC_CORE diff --git a/kernel/gcov/Kconfig b/kernel/gcov/Kconfig index 58f87a3092f3..74b028a66ebe 100644 --- a/kernel/gcov/Kconfig +++ b/kernel/gcov/Kconfig @@ -1,10 +1,14 @@ # SPDX-License-Identifier: GPL-2.0-only menu "GCOV-based kernel profiling" +config ARCH_HAS_GCOV_BROKEN + def_bool n + config GCOV_KERNEL bool "Enable gcov-based kernel profiling" depends on DEBUG_FS depends on !CC_IS_CLANG || CLANG_VERSION >= 110000 + depends on !ARCH_HAS_GCOV_BROKEN select CONSTRUCTORS default n help ^ permalink raw reply related [flat|nested] 13+ messages in thread
* Re: [PATCH] gcov,x86: Mark GCOV broken for x86 2021-06-14 10:17 [PATCH] gcov,x86: Mark GCOV broken for x86 Peter Zijlstra @ 2021-06-14 10:31 ` Marco Elver 2021-06-14 14:43 ` Peter Oberparleiter 2021-06-14 16:05 ` Nick Desaulniers 2 siblings, 0 replies; 13+ messages in thread From: Marco Elver @ 2021-06-14 10:31 UTC (permalink / raw) To: Peter Zijlstra Cc: the arch/x86 maintainers, Peter Oberparleiter, LKML, johannes.berg, Nick Desaulniers, Nathan Chancellor, Kees Cook, Mark Rutland On Mon, 14 Jun 2021 at 12:17, Peter Zijlstra <peterz@infradead.org> wrote: > As recently discovered, there is no function attribute to disable the > -fprofile-generate instrumentation. As such, GCOV is fundamentally > incompatible with architectures that rely on 'noinstr' for correctness. GCOV today uses only -fprofile-arcs -ftest-coverage. But the problem is the same: https://godbolt.org/z/fr9cs4sar > Until such time as that compilers have added a function attribute to > disable this instrumentation, mark GCOV as broken. > > Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> > --- > arch/x86/Kconfig | 2 +- > kernel/gcov/Kconfig | 4 ++++ > 2 files changed, 5 insertions(+), 1 deletion(-) > > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig > index 86dae426798b..c0f8c9d4c31a 100644 > --- a/arch/x86/Kconfig > +++ b/arch/x86/Kconfig > @@ -75,7 +75,7 @@ config X86 > select ARCH_HAS_FAST_MULTIPLIER > select ARCH_HAS_FILTER_PGPROT > select ARCH_HAS_FORTIFY_SOURCE > - select ARCH_HAS_GCOV_PROFILE_ALL > + select ARCH_HAS_GCOV_BROKEN > select ARCH_HAS_KCOV if X86_64 && STACK_VALIDATION > select ARCH_HAS_MEM_ENCRYPT > select ARCH_HAS_MEMBARRIER_SYNC_CORE > diff --git a/kernel/gcov/Kconfig b/kernel/gcov/Kconfig > index 58f87a3092f3..74b028a66ebe 100644 > --- a/kernel/gcov/Kconfig > +++ b/kernel/gcov/Kconfig > @@ -1,10 +1,14 @@ > # SPDX-License-Identifier: GPL-2.0-only > menu "GCOV-based kernel profiling" > > +config ARCH_HAS_GCOV_BROKEN > + def_bool n > + > config GCOV_KERNEL > bool "Enable gcov-based kernel profiling" > depends on DEBUG_FS > depends on !CC_IS_CLANG || CLANG_VERSION >= 110000 > + depends on !ARCH_HAS_GCOV_BROKEN > select CONSTRUCTORS > default n > help ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH] gcov,x86: Mark GCOV broken for x86 2021-06-14 10:17 [PATCH] gcov,x86: Mark GCOV broken for x86 Peter Zijlstra 2021-06-14 10:31 ` Marco Elver @ 2021-06-14 14:43 ` Peter Oberparleiter 2021-06-18 11:13 ` Peter Zijlstra 2021-06-14 16:05 ` Nick Desaulniers 2 siblings, 1 reply; 13+ messages in thread From: Peter Oberparleiter @ 2021-06-14 14:43 UTC (permalink / raw) To: Peter Zijlstra, x86, linux-kernel Cc: johannes.berg, ndesaulniers, nathan, keescook, elver, mark.rutland On 14.06.2021 12:17, Peter Zijlstra wrote: > As recently discovered, there is no function attribute to disable the > -fprofile-generate instrumentation. As such, GCOV is fundamentally > incompatible with architectures that rely on 'noinstr' for correctness. Does this problem affect all code or just those pieces that use 'noinstr'? Doing a quick grep over kernel source shows me ~40 source files containing 'noinstr' vs. ~30000 that don't. It seems to me like an extreme measure to disable gcov-based profiling for all files on an architecture when only a small fraction of code would actually be affected. I'll gladly admit that I haven't followed the full discussion that lead to your patch, so maybe some of the following suggestions may already have been proposed. What about marking source files that contain 'noinstr' using the GCOV_PROFILE_<filename.o> := n directive that gcov-kernel profiling provides to exclude those files from being compiled with the corresponding profiling flags? If that's too much effort there's also a directive for excluding all files in a directory. If there was a way to automatically identify 'noinstr'-afflicted source files (e.g. by grepping the pre-processed source files), one could also automate this process by adjusting the kbuild-code that adds profiling flags to automatically exclude such files. > > Until such time as that compilers have added a function attribute to > disable this instrumentation, mark GCOV as broken. > > Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> > --- > arch/x86/Kconfig | 2 +- > kernel/gcov/Kconfig | 4 ++++ > 2 files changed, 5 insertions(+), 1 deletion(-) > > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig > index 86dae426798b..c0f8c9d4c31a 100644 > --- a/arch/x86/Kconfig > +++ b/arch/x86/Kconfig > @@ -75,7 +75,7 @@ config X86 > select ARCH_HAS_FAST_MULTIPLIER > select ARCH_HAS_FILTER_PGPROT > select ARCH_HAS_FORTIFY_SOURCE > - select ARCH_HAS_GCOV_PROFILE_ALL > + select ARCH_HAS_GCOV_BROKEN Assuming none of the above mentioned alternatives are viable, removing ARCH_HAS_GCOV_PROFILE_ALL should be enough for your purpose. This way you are already excluding all source files from automatic profiling on x86. Users that are absolutely sure that their code can work with gcov-profiling can manually edit their sub-Makefiles to list those files that should be instrumented. In my opinion your introduction of ARCH_HAS_GCOV_BROKEN unnecessarily takes away this capability. Regards, Peter Oberparleiter -- Peter Oberparleiter Linux on Z Development - IBM Germany ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH] gcov,x86: Mark GCOV broken for x86 2021-06-14 14:43 ` Peter Oberparleiter @ 2021-06-18 11:13 ` Peter Zijlstra 2021-06-21 13:53 ` Peter Oberparleiter 0 siblings, 1 reply; 13+ messages in thread From: Peter Zijlstra @ 2021-06-18 11:13 UTC (permalink / raw) To: Peter Oberparleiter Cc: x86, linux-kernel, johannes.berg, ndesaulniers, nathan, keescook, elver, mark.rutland On Mon, Jun 14, 2021 at 04:43:27PM +0200, Peter Oberparleiter wrote: > On 14.06.2021 12:17, Peter Zijlstra wrote: > > As recently discovered, there is no function attribute to disable the > > -fprofile-generate instrumentation. As such, GCOV is fundamentally > > incompatible with architectures that rely on 'noinstr' for correctness. > > Does this problem affect all code or just those pieces that use > 'noinstr'? Doing a quick grep over kernel source shows me ~40 source > files containing 'noinstr' vs. ~30000 that don't. I count 82, but yeah. > It seems to me like an extreme measure to disable gcov-based profiling > for all files on an architecture when only a small fraction of code > would actually be affected. > > I'll gladly admit that I haven't followed the full discussion that lead > to your patch, so maybe some of the following suggestions may already > have been proposed. > > What about marking source files that contain 'noinstr' using the > > GCOV_PROFILE_<filename.o> := n > > directive that gcov-kernel profiling provides to exclude those files > from being compiled with the corresponding profiling flags? If that's > too much effort there's also a directive for excluding all files in a > directory. It's just not scalable and super fragile. Forget one and you have a potentially dead kernel. At the same time, we'll end up excluding significant chunks of the core kernel that way, also limit the use of GCOV. > If there was a way to automatically identify 'noinstr'-afflicted source > files (e.g. by grepping the pre-processed source files), one could also > automate this process by adjusting the kbuild-code that adds profiling > flags to automatically exclude such files. Or we just wait for the compilers to implement the required function attribute and then make the whole thing depend on having a recent enough compiler, which is what I'm hoping for. Developers should use recent compilers anyway... > > Until such time as that compilers have added a function attribute to > > disable this instrumentation, mark GCOV as broken. > > > > Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> > > --- > > arch/x86/Kconfig | 2 +- > > kernel/gcov/Kconfig | 4 ++++ > > 2 files changed, 5 insertions(+), 1 deletion(-) > > > > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig > > index 86dae426798b..c0f8c9d4c31a 100644 > > --- a/arch/x86/Kconfig > > +++ b/arch/x86/Kconfig > > @@ -75,7 +75,7 @@ config X86 > > select ARCH_HAS_FAST_MULTIPLIER > > select ARCH_HAS_FILTER_PGPROT > > select ARCH_HAS_FORTIFY_SOURCE > > - select ARCH_HAS_GCOV_PROFILE_ALL > > + select ARCH_HAS_GCOV_BROKEN > > Assuming none of the above mentioned alternatives are viable, removing > ARCH_HAS_GCOV_PROFILE_ALL should be enough for your purpose. This way > you are already excluding all source files from automatic profiling on x86. But you can still select one manually, which is not safe. > Users that are absolutely sure that their code can work with > gcov-profiling can manually edit their sub-Makefiles to list those files > that should be instrumented. In my opinion your introduction of > ARCH_HAS_GCOV_BROKEN unnecessarily takes away this capability. Are there any users? Who uses this GCOV stuff, and should we migrate them to KCOV? The thing is, I got dead kernel reports from KCOV users really quickly after all this landed, I've never even heard of a GCOV user, let alone had a problem report from one. Given all this seems mostly unused, I suppose we can wait for the compilers to implement the attribute and simply ignore any and all problems stemming from the use of GCOV -- telling them to go use KCOV instead. At the same time; since there are no users (that I know of), I don't see the problem with killing the entire thing for x86 either. ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH] gcov,x86: Mark GCOV broken for x86 2021-06-18 11:13 ` Peter Zijlstra @ 2021-06-21 13:53 ` Peter Oberparleiter 0 siblings, 0 replies; 13+ messages in thread From: Peter Oberparleiter @ 2021-06-21 13:53 UTC (permalink / raw) To: Peter Zijlstra Cc: x86, linux-kernel, johannes.berg, ndesaulniers, nathan, keescook, elver, mark.rutland On 18.06.2021 13:13, Peter Zijlstra wrote: > On Mon, Jun 14, 2021 at 04:43:27PM +0200, Peter Oberparleiter wrote: >> On 14.06.2021 12:17, Peter Zijlstra wrote: >> If there was a way to automatically identify 'noinstr'-afflicted source >> files (e.g. by grepping the pre-processed source files), one could also >> automate this process by adjusting the kbuild-code that adds profiling >> flags to automatically exclude such files. > > Or we just wait for the compilers to implement the required function > attribute and then make the whole thing depend on having a recent enough > compiler, which is what I'm hoping for. Sounds like the best approach given the current situation. > Developers should use recent compilers anyway... > >>> Until such time as that compilers have added a function attribute to >>> disable this instrumentation, mark GCOV as broken. >>> >>> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> [...] >> Users that are absolutely sure that their code can work with >> gcov-profiling can manually edit their sub-Makefiles to list those files >> that should be instrumented. In my opinion your introduction of >> ARCH_HAS_GCOV_BROKEN unnecessarily takes away this capability. > > Are there any users? I honestly cannot tell how many people are using the gcov-kernel facility, but I guess that is true for most kernel functions. I do get regular bug reports if things break due to GCC changes though, so there are definitely some users. > Who uses this GCOV stuff, and should we migrate them to KCOV? I have not used KCOV myself, but based on the documentation available about the mechanism itself and some of its users it appears that GCOV and KCOV are not feature-equivalent: KCOV provides an opt-in capability for user-space processes to record a history of kernel code executed on their behalf. Opt-in means the process must include code to start recording. There's also some limited support for collecting data for kernel background tasks. The output is a sequence of kernel addresses relating to executed basic blocks - great for consumption in automated mechanisms like fuzzers and the like, but tooling for post-processing the data into human-readable format for general purpose review seems to be scarce. GCOV provides a build-time configurable option to instrument almost all kernel code or, if requested, only specific parts. There's no need to opt-in at run-time, all execution of instrumented code running since boot will be recorded, including interrupt handlers, background tasks, etc. Of course this also means there's no means to filter by the process causing the kernel code execution. The output is GCC's .gcda data format. Using GCC's gcov tool this can be directly converted into annotated source code containing statement, function, and branch coverage data. Also there are tools building on gcov output to create overview pages for the thousands of kernel source files and detailed graphical output based on this information. This kind of representation is great for manual review to answer questions like "all my tests ran, why is there still an uncovered piece of kernel code?" So to summarize: KCOV => Great for automated processing (e.g. fuzzing) GCOV => Great for manual review (e.g. improving test coverage) > The thing is, I got dead kernel reports from KCOV users really quickly > after all this landed, I've never even heard of a GCOV user, let alone > had a problem report from one. KCOV is used 24/7 by automated fuzzing code - I would assume that those catch fatal errors rather quickly. GCOV is used when a developer/tester has a need to review their test coverage. And even then they may only instrument portions of the kernel that may not affected by the noinstr problem. > Given all this seems mostly unused, I suppose we can wait for the > compilers to implement the attribute and simply ignore any and all > problems stemming from the use of GCOV -- telling them to go use KCOV > instead. It seems this might be resolved for GCC rather quickly... https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80223#c11 > At the same time; since there are no users (that I know of), I don't see > the problem with killing the entire thing for x86 either. If there really were no more GCOV users and KCOV would provide the same functionality and level of tool support I would not object. But IMO none of these requirements are met today. Regards, Peter -- Peter Oberparleiter Linux on Z Development - IBM Germany ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH] gcov,x86: Mark GCOV broken for x86 2021-06-14 10:17 [PATCH] gcov,x86: Mark GCOV broken for x86 Peter Zijlstra 2021-06-14 10:31 ` Marco Elver 2021-06-14 14:43 ` Peter Oberparleiter @ 2021-06-14 16:05 ` Nick Desaulniers 2021-06-14 16:20 ` Peter Zijlstra 2 siblings, 1 reply; 13+ messages in thread From: Nick Desaulniers @ 2021-06-14 16:05 UTC (permalink / raw) To: Peter Zijlstra Cc: maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT), Peter Oberparleiter, LKML, Johannes Berg, Nathan Chancellor, Kees Cook, Marco Elver, Mark Rutland On Mon, Jun 14, 2021 at 3:17 AM Peter Zijlstra <peterz@infradead.org> wrote: > > > As recently discovered, there is no function attribute to disable the > -fprofile-generate instrumentation. As such, GCOV is fundamentally > incompatible with architectures that rely on 'noinstr' for correctness. Is there context for comment, or is this patch meant as a joke? > > Until such time as that compilers have added a function attribute to > disable this instrumentation, mark GCOV as broken. > > Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> > --- > arch/x86/Kconfig | 2 +- > kernel/gcov/Kconfig | 4 ++++ > 2 files changed, 5 insertions(+), 1 deletion(-) > > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig > index 86dae426798b..c0f8c9d4c31a 100644 > --- a/arch/x86/Kconfig > +++ b/arch/x86/Kconfig > @@ -75,7 +75,7 @@ config X86 > select ARCH_HAS_FAST_MULTIPLIER > select ARCH_HAS_FILTER_PGPROT > select ARCH_HAS_FORTIFY_SOURCE > - select ARCH_HAS_GCOV_PROFILE_ALL > + select ARCH_HAS_GCOV_BROKEN > select ARCH_HAS_KCOV if X86_64 && STACK_VALIDATION > select ARCH_HAS_MEM_ENCRYPT > select ARCH_HAS_MEMBARRIER_SYNC_CORE > diff --git a/kernel/gcov/Kconfig b/kernel/gcov/Kconfig > index 58f87a3092f3..74b028a66ebe 100644 > --- a/kernel/gcov/Kconfig > +++ b/kernel/gcov/Kconfig > @@ -1,10 +1,14 @@ > # SPDX-License-Identifier: GPL-2.0-only > menu "GCOV-based kernel profiling" > > +config ARCH_HAS_GCOV_BROKEN > + def_bool n > + > config GCOV_KERNEL > bool "Enable gcov-based kernel profiling" > depends on DEBUG_FS > depends on !CC_IS_CLANG || CLANG_VERSION >= 110000 > + depends on !ARCH_HAS_GCOV_BROKEN > select CONSTRUCTORS > default n > help -- Thanks, ~Nick Desaulniers ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH] gcov,x86: Mark GCOV broken for x86 2021-06-14 16:05 ` Nick Desaulniers @ 2021-06-14 16:20 ` Peter Zijlstra 2021-06-14 18:05 ` Nick Desaulniers 0 siblings, 1 reply; 13+ messages in thread From: Peter Zijlstra @ 2021-06-14 16:20 UTC (permalink / raw) To: Nick Desaulniers Cc: maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT), Peter Oberparleiter, LKML, Johannes Berg, Nathan Chancellor, Kees Cook, Marco Elver, Mark Rutland On Mon, Jun 14, 2021 at 09:05:04AM -0700, Nick Desaulniers wrote: > On Mon, Jun 14, 2021 at 3:17 AM Peter Zijlstra <peterz@infradead.org> wrote: > > > > > > As recently discovered, there is no function attribute to disable the > > -fprofile-generate instrumentation. As such, GCOV is fundamentally > > incompatible with architectures that rely on 'noinstr' for correctness. > > Is there context for comment, or is this patch meant as a joke? Only if you think recursion in exception entry code is funny. noinstr *MUST* disable any and all compiler generated instrumentation, currently it that isn't the case for -fprofile-gnerate, nor -fprofile-arc. Look for all the fun we had with KCOV back then. Luckily KCOV instrumentation was trivial to patch out using objtool, so that's what x86 is currently doing. Luckily both compilers grew a __no_sanitize_coverage recently and we no longer have to rely on objtool fixing up the compiler output for much longer. https://lkml.kernel.org/r/20210527194448.3470080-1-elver@google.com Now all we need is one more such attribute to kill -fprofile-* stuff. ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH] gcov,x86: Mark GCOV broken for x86 2021-06-14 16:20 ` Peter Zijlstra @ 2021-06-14 18:05 ` Nick Desaulniers 2021-06-14 18:20 ` Borislav Petkov 2021-06-14 18:31 ` Fangrui Song 0 siblings, 2 replies; 13+ messages in thread From: Nick Desaulniers @ 2021-06-14 18:05 UTC (permalink / raw) To: Peter Zijlstra Cc: maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT), Peter Oberparleiter, LKML, Johannes Berg, Nathan Chancellor, Kees Cook, Marco Elver, Mark Rutland On Mon, Jun 14, 2021 at 9:20 AM Peter Zijlstra <peterz@infradead.org> wrote: > > On Mon, Jun 14, 2021 at 09:05:04AM -0700, Nick Desaulniers wrote: > > On Mon, Jun 14, 2021 at 3:17 AM Peter Zijlstra <peterz@infradead.org> wrote: > > > > > > > > > As recently discovered, there is no function attribute to disable the > > > -fprofile-generate instrumentation. As such, GCOV is fundamentally > > > incompatible with architectures that rely on 'noinstr' for correctness. > > > > Is there context for comment, or is this patch meant as a joke? > > Only if you think recursion in exception entry code is funny. > > noinstr *MUST* disable any and all compiler generated instrumentation, > currently it that isn't the case for -fprofile-gnerate, nor > -fprofile-arc. > > Look for all the fun we had with KCOV back then. Luckily KCOV > instrumentation was trivial to patch out using objtool, so that's what > x86 is currently doing. > > Luckily both compilers grew a __no_sanitize_coverage recently and we no > longer have to rely on objtool fixing up the compiler output for much > longer. > > https://lkml.kernel.org/r/20210527194448.3470080-1-elver@google.com > > Now all we need is one more such attribute to kill -fprofile-* stuff. __attribute__((no_instrument_function)) is already wired to not emit calls to mcount()/fentry(). I think extending it to also apply to coverage (-fprofile-arcs) and instrumentation based profiling (-fprofile-generate) is reasonable. -- Thanks, ~Nick Desaulniers ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH] gcov,x86: Mark GCOV broken for x86 2021-06-14 18:05 ` Nick Desaulniers @ 2021-06-14 18:20 ` Borislav Petkov 2021-06-14 19:03 ` Nick Desaulniers 2021-06-14 18:31 ` Fangrui Song 1 sibling, 1 reply; 13+ messages in thread From: Borislav Petkov @ 2021-06-14 18:20 UTC (permalink / raw) To: Nick Desaulniers Cc: Peter Zijlstra, maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT), Peter Oberparleiter, LKML, Johannes Berg, Nathan Chancellor, Kees Cook, Marco Elver, Mark Rutland On Mon, Jun 14, 2021 at 11:05:35AM -0700, Nick Desaulniers wrote: > __attribute__((no_instrument_function)) is already wired to not emit > calls to mcount()/fentry(). I think extending it to also apply to > coverage (-fprofile-arcs) and instrumentation based profiling > (-fprofile-generate) is reasonable. Is anyone going to ping the gcc folks so that they do it too or should we open a bug over there simply? Thx. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH] gcov,x86: Mark GCOV broken for x86 2021-06-14 18:20 ` Borislav Petkov @ 2021-06-14 19:03 ` Nick Desaulniers 2021-06-14 19:28 ` Borislav Petkov 0 siblings, 1 reply; 13+ messages in thread From: Nick Desaulniers @ 2021-06-14 19:03 UTC (permalink / raw) To: Borislav Petkov Cc: Peter Zijlstra, maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT), Peter Oberparleiter, LKML, Johannes Berg, Nathan Chancellor, Kees Cook, Marco Elver, Mark Rutland On Mon, Jun 14, 2021 at 11:21 AM Borislav Petkov <bp@alien8.de> wrote: > > On Mon, Jun 14, 2021 at 11:05:35AM -0700, Nick Desaulniers wrote: > > __attribute__((no_instrument_function)) is already wired to not emit > > calls to mcount()/fentry(). I think extending it to also apply to > > coverage (-fprofile-arcs) and instrumentation based profiling > > (-fprofile-generate) is reasonable. > > Is anyone going to ping the gcc folks so that they do it too or should > we open a bug over there simply? Yes, I will file a bug (or two) against GCC and then post the links on the other thread (re: pgo) since that already has the toolchains mailing list cc'ed. -- Thanks, ~Nick Desaulniers ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH] gcov,x86: Mark GCOV broken for x86 2021-06-14 19:03 ` Nick Desaulniers @ 2021-06-14 19:28 ` Borislav Petkov 0 siblings, 0 replies; 13+ messages in thread From: Borislav Petkov @ 2021-06-14 19:28 UTC (permalink / raw) To: Nick Desaulniers Cc: Peter Zijlstra, maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT), Peter Oberparleiter, LKML, Johannes Berg, Nathan Chancellor, Kees Cook, Marco Elver, Mark Rutland On Mon, Jun 14, 2021 at 12:03:15PM -0700, Nick Desaulniers wrote: > Yes, I will file a bug (or two) against GCC and then post the links on > the other thread (re: pgo) since that already has the toolchains > mailing list cc'ed. Thanks! -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH] gcov,x86: Mark GCOV broken for x86 2021-06-14 18:05 ` Nick Desaulniers 2021-06-14 18:20 ` Borislav Petkov @ 2021-06-14 18:31 ` Fangrui Song 2021-06-14 19:07 ` Peter Zijlstra 1 sibling, 1 reply; 13+ messages in thread From: Fangrui Song @ 2021-06-14 18:31 UTC (permalink / raw) To: Peter Zijlstra, ndesaulniers Cc: x86, oberpar, linux-kernel, johannes.berg, nathan, keescook, elver, mark.rutland > On Mon, Jun 14, 2021 at 9:20 AM Peter Zijlstra <peterz@infradead.org> wrote: > > > > On Mon, Jun 14, 2021 at 09:05:04AM -0700, Nick Desaulniers wrote: > > > On Mon, Jun 14, 2021 at 3:17 AM Peter Zijlstra <peterz@infradead.org> wrote: > > > > > > > > > > > > As recently discovered, there is no function attribute to disable the > > > > -fprofile-generate instrumentation. As such, GCOV is fundamentally > > > > incompatible with architectures that rely on 'noinstr' for correctness. > > > > > > Is there context for comment, or is this patch meant as a joke? > > > > Only if you think recursion in exception entry code is funny. > > > > noinstr *MUST* disable any and all compiler generated instrumentation, > > currently it that isn't the case for -fprofile-gnerate, nor > > -fprofile-arc. > > > > Look for all the fun we had with KCOV back then. Luckily KCOV > > instrumentation was trivial to patch out using objtool, so that's what > > x86 is currently doing. > > > > Luckily both compilers grew a __no_sanitize_coverage recently and we no > > longer have to rely on objtool fixing up the compiler output for much > > longer. > > > > https://lkml.kernel.org/r/20210527194448.3470080-1-elver@google.com > > > > Now all we need is one more such attribute to kill -fprofile-* stuff. > > __attribute__((no_instrument_function)) is already wired to not emit > calls to mcount()/fentry(). I think extending it to also apply to > coverage (-fprofile-arcs) and instrumentation based profiling > (-fprofile-generate) is reasonable. __attribute__((no_instrument_function)) seems specific to -finstrument-functions. Somehow -pg uses it as well. The name may not be generic, so it may be odd to exclude various instrumentations (there are a ton) under this generic attribute. I'd like to understand the definition of notrace and noinstr. With value profiling disabled, clang -fprofile-generate/gcc -fprofile-arcs don't add function calls. They just increment a counter in a writable section. Why isn't that allowed for noinstr functions? I can understand why -fpatchable-function-entry= is excluded: -fpatchable-function-entry= causes the section __patchable_function_entries and the kernel may change the nops into call instructions. And a function call may not be suitable for certain functions. But I don't understand why incrementing a counter should be disallowed. ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH] gcov,x86: Mark GCOV broken for x86 2021-06-14 18:31 ` Fangrui Song @ 2021-06-14 19:07 ` Peter Zijlstra 0 siblings, 0 replies; 13+ messages in thread From: Peter Zijlstra @ 2021-06-14 19:07 UTC (permalink / raw) To: Fangrui Song Cc: ndesaulniers, x86, oberpar, linux-kernel, johannes.berg, nathan, keescook, elver, mark.rutland On Mon, Jun 14, 2021 at 11:31:35AM -0700, Fangrui Song wrote: > __attribute__((no_instrument_function)) seems specific to > -finstrument-functions. Somehow -pg uses it as well. The name may not be > generic, so it may be odd to exclude various instrumentations (there are a ton) > under this generic attribute. > > I'd like to understand the definition of notrace and noinstr. notrace came first; it disallows tracing (fentry/mcount) on specific functions where tracing is unsafe, like inside the tracer itself. noinstr is fairly recent, we lifted a whole bunch of code from asm to C (because it's something that every arch ends up having to do and pretty much every arch did it wrong, so we're slowly lifting it into arch neutral code). We now call into C before the full (kernel) C runtime is properly setup. Consider it crt0 if you will. But it's sprinkled throughout arch code and not nicely isolated to a few .c files. For this we require that noinstr avoids any and all compiler instrumentation; this really is C as C was intended, portable assembler style usage (/me runs). > With value profiling disabled, clang -fprofile-generate/gcc > -fprofile-arcs don't add function calls. They just increment a counter > in a writable section. Why isn't that allowed for noinstr functions? Because you can get exceptions from memory accesses just fine, which, if you're inside an exception handler and haven't dealt with recursion conditions yet, can be fatal. > I can understand why -fpatchable-function-entry= is excluded: > -fpatchable-function-entry= causes the section > __patchable_function_entries and the kernel may change the nops into > call instructions. And a function call may not be suitable for certain > functions. But I don't understand why incrementing a counter should > be disallowed. A memory access can generate #PF, #DB, #VE, #VC, #MC from the top of my head. Also that's what you do today, GCC emits calls, and those can cause even more 'fun'. ^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2021-06-21 13:54 UTC | newest] Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2021-06-14 10:17 [PATCH] gcov,x86: Mark GCOV broken for x86 Peter Zijlstra 2021-06-14 10:31 ` Marco Elver 2021-06-14 14:43 ` Peter Oberparleiter 2021-06-18 11:13 ` Peter Zijlstra 2021-06-21 13:53 ` Peter Oberparleiter 2021-06-14 16:05 ` Nick Desaulniers 2021-06-14 16:20 ` Peter Zijlstra 2021-06-14 18:05 ` Nick Desaulniers 2021-06-14 18:20 ` Borislav Petkov 2021-06-14 19:03 ` Nick Desaulniers 2021-06-14 19:28 ` Borislav Petkov 2021-06-14 18:31 ` Fangrui Song 2021-06-14 19:07 ` Peter Zijlstra
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).