From: Arnd Bergmann <arnd@arndb.de>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: pang.xunlei@linaro.org, peterz@infradead.org,
heiko.carstens@de.ibm.com, paulus@samba.org, cl@linux.com,
heenasirwani@gmail.com, linux-arch@vger.kernel.org,
linux-s390@vger.kernel.org, y2038@lists.linaro.org,
rafael.j.wysocki@intel.com, ahh@google.com, fweisbec@gmail.com,
pjt@google.com, riel@redhat.com, richardcochran@gmail.com,
tj@kernel.org, john.stultz@linaro.org, rth@twiddle.net,
Baolin Wang <baolin.wang@linaro.org>,
gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org,
netdev@vger.kernel.org, schwidefsky@de.ibm.com,
linux390@de.ibm.com, linuxppc-dev@lists.ozlabs.org
Subject: Re: [Y2038] [PATCH 04/11] posix timers:Introduce the 64bit methods with timespec64 type for k_clock structure
Date: Tue, 21 Apr 2015 17:40:32 +0200 [thread overview]
Message-ID: <2819798.f0KhjY3UAe@wuerfel> (raw)
In-Reply-To: <alpine.DEB.2.11.1504211701140.13914@nanos>
On Tuesday 21 April 2015 17:13:32 Thomas Gleixner wrote:
> On Tue, 21 Apr 2015, Arnd Bergmann wrote:
> > On Tuesday 21 April 2015 16:14:26 Thomas Gleixner wrote:
> > > > Note the use of a separate __kernel_itimerspec64 for the user interface
> > > > here, which I think will be needed to hide the differences between the
> > > > normal itimerspec on 64-bit machines, and the new itimerspec on 32-bit
> > > > platforms that will be defined differently (using 'long long').
> > >
> > > Confused.
> > >
> > > timespec64 / itimerspec64 should be the same independent of 64bit and
> > > 32bit. So why do we need another variant ?
> >
> > There are multiple reasons:
> >
> > * On 64-bit systems, timespec64 would always be defined in the same way
> > as struct timespec { __kernel_time_t tv_sec; long tv_nsec; }, with
> > __kernel_time_t being 'long'. On 32-bit, we probably need to make both
> > members 'long long' for the user space side, in order to share the
> > syscall implementation with the kernel side, but we may also want to
> > keep the internal timespec64 using a 'long' for tv_nsec, as we do
> > today. This means that both the binary layout (padding or no padding)
> > and the basic types (long or long long) are different between 32-bit
> > and 64-bit, and between kernel and user space
>
> So you want to avoid a compat syscall for 32bit applications on a
> 64bit kernel, right?
That is the idea at the moment, yes. At least for the kernel-user
interface.
> That burdens 32bit with the extra 'long long' in user space. Not sure
> whether user space folks will be happy about it.
I know there are concerns about this, in particular because C11 and
POSIX both require tv_nsec to be 'long', unlike timeval->tv_usec,
which is a 'suseconds_t' and can be defined as 'long long'.
There are four possible ways that 32-bit user space could define
timespec based on the uncontroversial (I hope) 'typedef long long
time_t;'.
a)
struct timespec {
time_t tv_sec;
long long tv_nsec; /* or typedef long long snseconds_t */
};
This is not directly compatible with C11 or POSIX.1-2008, but it
matches what we do inside of 64-bit kernels, so probably has the
highest chance of working correctly in practice
b)
struct timespec {
time_t tv_sec;
long tv_nsec;
};
This is the definition according to C11 and POSIX, and the main problem
here is the padding, which may cause a 4-byte data leak and has the tv_nsec
in the wrong place when used together with the timespec we have in the kernel
on big-endian 64-bit machines.
c)
struct timespec {
time_t tv_sec;
#if __BITS_PER_LONG == 32 && __BYTE_ORDER == __BIG_ENDIAN
long __pad;
#endif
long tv_nsec; /* or typedef long long snseconds_t */
#if __BITS_PER_LONG == 32 && __BYTE_ORDER == __LITTLE_ENDIAN
long __pad;
#endif
};
This version could be used transparently by user space, but has
the potential to cause problems with existing user space doing
things like
struct timespec ts = { 0, 1000 }; /* one microsecond */
even though it is probably compliant.
d)
struct timespec {
time_t tv_sec;
#if __BITS_PER_LONG == 32 && __BYTE_ORDER == __BIG_ENDIAN
long :32;
#endif
long tv_nsec; /* or typedef long long snseconds_t */
#if __BITS_PER_LONG == 32 && __BYTE_ORDER == __LITTLE_ENDIAN
long :32;
#endif
};
This is very similar to c, but trades the problem I described
above for a dependency on a gcc extension that is not part of
C11 or any earlier standard.
>From the kernel's point of view, b), c) and d) can all be
treated the same for output data, as we only ever pass back
normalized timespec structures that have zeroes in the upper
bits of timespec. However, for input to the kernel, we would
require an extra conditional on 64-bit kernels to decide whether
we ignore the upper bits (doing tv->tv_nsec &= 0xffffffff) or
a structure that has the upper bits set needs to cause EINVAL.
We could still do that in get_timespec() if we decide to not to
go with a).
See also https://lwn.net/Articles/457089/ for an earlier discussion
on the topic when debating the x32 ABI.
Arnd
next prev parent reply other threads:[~2015-04-21 15:41 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-20 5:57 [PATCH 00/11] Convert the posix_clock_operations and k_clock structure to ready for 2038 Baolin Wang
2015-04-20 5:57 ` [PATCH 01/11] linux/time64.h:Introduce the 'struct itimerspec64' for 64bit Baolin Wang
2015-04-20 9:49 ` Sergei Shtylyov
2015-04-20 10:55 ` Baolin Wang
2015-04-20 19:14 ` Thomas Gleixner
2015-04-20 19:59 ` Thomas Gleixner
2015-04-21 8:19 ` Baolin Wang
2015-04-20 5:57 ` [PATCH 02/11] timekeeping:Introduce the current_kernel_time64() function with timespec64 type Baolin Wang
2015-04-20 5:57 ` [PATCH 03/11] time/hrtimer:Introduce hrtimer_get_res64() with timespec64 type for getting the timer resolution Baolin Wang
2015-04-20 19:15 ` Thomas Gleixner
2015-04-20 5:57 ` [PATCH 04/11] posix timers:Introduce the 64bit methods with timespec64 type for k_clock structure Baolin Wang
2015-04-20 20:40 ` Thomas Gleixner
2015-04-21 8:59 ` [Y2038] " Arnd Bergmann
2015-04-21 14:14 ` Thomas Gleixner
2015-04-21 14:57 ` Arnd Bergmann
2015-04-21 15:13 ` Thomas Gleixner
2015-04-21 15:40 ` Arnd Bergmann [this message]
2015-04-21 20:13 ` Thomas Gleixner
2015-04-22 8:45 ` Thomas Gleixner
2015-04-22 10:11 ` Richard Cochran
2015-04-22 10:44 ` David Laight
2015-04-22 11:07 ` Arnd Bergmann
2015-04-22 13:37 ` Thomas Gleixner
2015-04-22 13:50 ` Arnd Bergmann
2015-04-22 14:54 ` Richard Cochran
2015-04-22 15:37 ` Arnd Bergmann
2015-04-22 15:14 ` Luc Van Oostenryck
2015-04-22 15:38 ` Arnd Bergmann
2015-04-20 5:57 ` [PATCH 05/11] time/posix-timers:Convert to the 64bit methods for k_clock callback functions Baolin Wang
2015-04-20 20:48 ` Thomas Gleixner
2015-04-21 8:36 ` Baolin Wang
2015-04-21 8:45 ` [Y2038] " Arnd Bergmann
2015-04-21 8:55 ` Baolin Wang
2015-04-20 5:57 ` [PATCH 06/11] char/mmtimer:Convert to the 64bit methods for k_clock callback function Baolin Wang
2015-04-20 5:57 ` [PATCH 07/11] time/alarmtimer:Convert to the new methods for k_clock structure Baolin Wang
2015-04-20 5:57 ` [PATCH 08/11] time/posix-clock:Convert to the 64bit methods for k_clock and posix_clock_operations structure Baolin Wang
2015-04-20 5:57 ` [PATCH 09/11] cputime:Introduce the cputime_to_timespec64/timespec64_to_cputime function Baolin Wang
2015-04-20 21:09 ` Thomas Gleixner
2015-04-20 5:57 ` [PATCH 10/11] time/posix-cpu-timers:Convert to the 64bit methods for k_clock structure Baolin Wang
2015-04-20 5:57 ` [PATCH 11/11] k_clock:Remove the 32bit methods with timespec type Baolin Wang
2015-04-20 8:42 ` Richard Cochran
2015-04-20 9:00 ` Baolin Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2819798.f0KhjY3UAe@wuerfel \
--to=arnd@arndb.de \
--cc=ahh@google.com \
--cc=baolin.wang@linaro.org \
--cc=cl@linux.com \
--cc=fweisbec@gmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=heenasirwani@gmail.com \
--cc=heiko.carstens@de.ibm.com \
--cc=john.stultz@linaro.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=linux390@de.ibm.com \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=netdev@vger.kernel.org \
--cc=pang.xunlei@linaro.org \
--cc=paulus@samba.org \
--cc=peterz@infradead.org \
--cc=pjt@google.com \
--cc=rafael.j.wysocki@intel.com \
--cc=richardcochran@gmail.com \
--cc=riel@redhat.com \
--cc=rth@twiddle.net \
--cc=schwidefsky@de.ibm.com \
--cc=tglx@linutronix.de \
--cc=tj@kernel.org \
--cc=y2038@lists.linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).