All of lore.kernel.org
 help / color / mirror / Atom feed
From: Ingo Molnar <mingo@kernel.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
	Thomas Gleixner <tglx@linutronix.de>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	Peter Anvin <hpa@zytor.com>, Dave Hansen <dave@sr71.net>,
	Andrew Morton <akpm@linux-foundation.org>,
	Helge Deller <deller@gmx.de>,
	Stephen Rothwell <sfr@canb.auug.org.au>,
	"linux-tip-commits@vger.kernel.org" 
	<linux-tip-commits@vger.kernel.org>
Subject: Re: [tip:mm/pkeys] mm/pkeys: Fix siginfo ABI breakage caused by new u64 field
Date: Mon, 7 Mar 2016 09:49:54 +0100	[thread overview]
Message-ID: <20160307084954.GA19613@gmail.com> (raw)
In-Reply-To: <CA+55aFztVgS-GQQ=vqZU9eq9X+AprnNim-twbitwjQ_d797j+w@mail.gmail.com>


* Linus Torvalds <torvalds@linux-foundation.org> wrote:

> On Sat, Mar 5, 2016 at 8:52 AM, Peter Zijlstra <peterz@infradead.org> wrote:
> > On Sat, Mar 05, 2016 at 02:50:06PM +0100, Ingo Molnar wrote:
> >> A more workable method would be to have a test .c file that includes all UAPI
> >> structures in existence and defines a variable out of every single one, and then
> >> generates a list of sizeof() values or so. But even that isn't perfect: a
> >> structure might shift some fields forward, into a pre-existing hole, without
> >> changing the sizeof? We'd need a list of all field offsets in all structures to be
> >> really sure, and that's nasty.
> >
> > pahole has such logic, right?
> 
> sparse could be taught to warn about unaligned u64's, but there are
> still config issues and issues across other architectures, and if some
> case gets missed it can be really quite painful.

So I think what might work is to define bitness and alignment-independent ABI 
structures, and add (tooling) infrastructure to enforce that invariance.

For example every ABI detail in include/uapi/linux/perf_event.h is supposed to be 
alignment-independent: it should be the same structure and same fields on all 
32-bit and 64-bit platforms, regardless of the natural alignment of u64.

It's as close to an 'architecture independent' ABI as we can get IMHO. (With the 
notable exception of endianness: making endianness an invariant via dynamic 
endianness flags or so would be a mistake IMHO - structures that can be 
transmitted between different machines via network or via disk should pick one 
particular endianness statically and stick with that.)

If we can build tooling that checks _that_ kind of struct/ABI invariance, it would 
be a lot easier to ensure that future changes don't break the ABI.

New structures could be annotated to be arch-invariant, via something like:

	struct foo __arch_invariant_ABI {
		...
	};

and tooling could pick it up from there.

We do have a healthy body of 'messy' ABIs, which make liberal use of longs, 
unaligned u64's and other non-invariant constructs - those would have to be 
cleaned up and in the worst case they would have to be split into several explicit 
variants.

I tried to do something like that with a particularly messy x86 header lately, see 
arch/x86/include/uapi/asm/sigcontext.h, but it's a pretty slow and painful process 
altogether...

Thanks,

	Ingo

  reply	other threads:[~2016-03-07  8:50 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-03-01 12:54 [PATCH] [v4] x86, pkeys: fix siginfo ABI breakage from new field Dave Hansen
2016-03-03 15:41 ` Ingo Molnar
2016-03-03 16:53 ` [tip:mm/pkeys] mm/pkeys: Fix siginfo ABI breakage caused by new u64 field tip-bot for Dave Hansen
2016-03-03 17:28   ` Linus Torvalds
2016-03-05 13:50     ` Ingo Molnar
2016-03-05 16:52       ` Peter Zijlstra
2016-03-06 18:45         ` Linus Torvalds
2016-03-07  8:49           ` Ingo Molnar [this message]
2016-03-05 14:03 ` tip-bot for Dave Hansen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160307084954.GA19613@gmail.com \
    --to=mingo@kernel.org \
    --cc=akpm@linux-foundation.org \
    --cc=dave.hansen@linux.intel.com \
    --cc=dave@sr71.net \
    --cc=deller@gmx.de \
    --cc=hpa@zytor.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-tip-commits@vger.kernel.org \
    --cc=peterz@infradead.org \
    --cc=sfr@canb.auug.org.au \
    --cc=tglx@linutronix.de \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.