From: Segher Boessenkool <segher@kernel.crashing.org>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: Andy Lutomirski <luto@kernel.org>,
Linux API <linux-api@vger.kernel.org>,
Peter Oskolkov <posk@google.com>,
Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
Peter Zijlstra <peterz@infradead.org>,
linux-toolchains@vger.kernel.org
Subject: Re: Is adding an argument to an existing syscall okay?
Date: Tue, 17 Nov 2020 12:36:52 -0600 [thread overview]
Message-ID: <20201117183652.GD2672@gate.crashing.org> (raw)
In-Reply-To: <87k0uj6h03.fsf@mid.deneb.enyo.de>
On Tue, Nov 17, 2020 at 06:16:28PM +0100, Florian Weimer wrote:
> * Andy Lutomirski:
>
> > Linux 5.10 contains this patch:
> >
> > commit 2a36ab717e8fe678d98f81c14a0b124712719840
> > Author: Peter Oskolkov <posk@google.com>
> > Date: Wed Sep 23 16:36:16 2020 -0700
> >
> > rseq/membarrier: Add MEMBARRIER_CMD_PRIVATE_EXPEDITED_RSEQ
> >
> > This adds an argument to an existing syscall. Before the patch,
> > membarrier had 2 parameters; now it has 3. Is this really okay? At
> > least the patch is careful and ignores the third parameter unless a
> > previously unused flag bit is set.
>
> It's really iffy. It's hard to break this in system call wrappers on
> x86-64, where we just load %eax and call into the kernel. But on
> architectures which require argument shuffling, it will break.
>
> If there were a system call wrapper in glibc (my patch was rejected
> due to lack of documentation fo the semantics, so we got lucky there),
> we'd have to add a new symbol version for this. It happened before in
> the dark ages, repeatedly, but it's a bit disappointing to be in this
> situation again.
>
> In general the main problem I see is the poor source code
> compatibility. We really, really don't want variadic system call
> wrappers, and we specifically do not want to introduce them
> retroactively. (Changing an implementation from non-variadic to
> variadic is not an ABI-safe change on POWER and probably other
> targets.)
But this isn't variadic in the sense of "..." -- on Power that always
passes the unspecified arguments in memory, while in this case it just
passes in either two or three registers. I don't know any arg where
that would not work, given the Linux system call restrictions.
This is similar to the "open" system call.
> So we'd require that from now on, the programmer has to
> pass the zero argument explicitly. Porting is simpler than the recent
> futex_time64 breakage, but the downside is that immediately impacts
> all targets.
>
> Cc: linux-toolchains for ABI impact.
It certainly would simplify matters if this was simply not done ;-)
Segher
next prev parent reply other threads:[~2020-11-17 18:41 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-16 23:57 Is adding an argument to an existing syscall okay? Andy Lutomirski
2020-11-17 14:28 ` Mathieu Desnoyers
2020-11-17 17:05 ` Theodore Y. Ts'o
2020-11-17 17:16 ` Florian Weimer
2020-11-17 18:36 ` Segher Boessenkool [this message]
2020-11-17 18:44 ` Florian Weimer
2020-11-17 18:58 ` Peter Oskolkov
2020-11-17 19:21 ` Mathieu Desnoyers
2020-11-17 19:32 ` Peter Oskolkov
2020-11-17 19:45 ` Florian Weimer
2020-11-19 3:08 ` Aleksa Sarai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201117183652.GD2672@gate.crashing.org \
--to=segher@kernel.crashing.org \
--cc=fw@deneb.enyo.de \
--cc=linux-api@vger.kernel.org \
--cc=linux-toolchains@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mathieu.desnoyers@efficios.com \
--cc=peterz@infradead.org \
--cc=posk@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.