[PATCH v3 2/9] ARM: tlbflush: Make TLB flushes into static inlines

Mon Mar 11 03:03:39 PDT 2024

On Mon, 11 Mar 2024 at 10:39, Russell King (Oracle)
<linux at armlinux.org.uk> wrote:
>
> On Mon, Mar 11, 2024 at 10:15:39AM +0100, Linus Walleij wrote:
> > Instead of just using defines to define the TLB flush functions,
> > use static inlines.
> >
> > This has the upside that we can tag those as __nocfi so we can
> > execute a CFI-enabled kernel.
>
> Why? This seems to be brain dead.
>
> Why can't CLANG cope with directly calling e.g.
> cpu_tlb.flush_user_range? Why does it need a static function to do
> exactly the same as the macro does?
>

I had the same question, so I played around a bit with the code.

What I think would be better is if we could add the __nocfi annotation
to the type, i.e.,

--- a/arch/arm/include/asm/tlbflush.h
+++ b/arch/arm/include/asm/tlbflush.h
@@ -205,8 +205,8 @@
 #include <linux/sched.h>

 struct cpu_tlb_fns {
-       void (*flush_user_range)(unsigned long, unsigned long, ...);
-       void (*flush_kern_range)(unsigned long, unsigned long);
+       void (__nocfi *flush_user_range)(unsigned long, unsigned long, ...);
+       void (__nocfi *flush_kern_range)(unsigned long, unsigned long);
        unsigned long tlb_flags;
 };

This works for some function attributes (e.g., __efiapi is used like
this), but the attribute specifier to which __nocfi resolves does not
appear to be usable in the same manner.

Best would be to annotate the asm code using
SYM_TYPED_FUNC_START/_END, so that the CFI machinery is invoked at the
call site to validate the function type of the destination.

