Re: [PATCH] static_call,x86: Robustify trampoline patching

[Andy Lutomirski]

On 11/3/21 01:35, Peter Zijlstra wrote:
> On Tue, Nov 02, 2021 at 05:20:05PM -0700, Andy Lutomirski wrote:
> > I think that's a big mistake -- any sane ENDBR-using scheme would
> > really prefer that ENDBR to be right next to the actual function body,
> > and really any scheme would benefit due to better cache locality.
>
> Agreed, IBT/BTI want the landing pad in front of the actual function.
>
> > But, more importantly, IMO any sane ENDBR-using scheme wants to
> > generate the indirect stub as part of code gen for the actual
> > function.
>
> Sorta, I really want to be able to not have a landing pad for functions
> whose address is never taken. At that point it doesn't matter if it gets
> generated along with the function and then stripped/poisoned later, or
> generated later.

Stripping is conceptually straightforward even without LTO.

foo.indirect:
 ENDBR
foo:
 ...

and the linker learns (using magic function sections?) that, if 
foo.indirect is not referenced, then it should not be generated.  Or a 
very straightforward walk over all the relocations in an object to 
poison the unused .indirect entries could be done.  Making this work 
with DSOs, EXPORT_SYMBOL, etc will be somewhat nontrivial, but not 
impossible.

--Andy