From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
To: Joseph Myers <joseph@codesourcery.com>
Cc: carlos <carlos@redhat.com>, Florian Weimer <fweimer@redhat.com>,
Szabolcs Nagy <szabolcs.nagy@arm.com>,
libc-alpha <libc-alpha@sourceware.org>,
Thomas Gleixner <tglx@linutronix.de>, Ben Maurer <bmaurer@fb.com>,
Peter Zijlstra <peterz@infradead.org>,
"Paul E. McKenney" <paulmck@linux.vnet.ibm.com>,
Boqun Feng <boqun.feng@gmail.com>,
Will Deacon <will.deacon@arm.com>,
Dave Watson <davejwatson@fb.com>, Paul Turner <pjt@google.com>,
Rich Felker <dalias@libc.org>,
linux-kernel <linux-kernel@vger.kernel.org>,
linux-api <linux-api@vger.kernel.org>
Subject: Re: [RFC PATCH glibc 1/4] glibc: Perform rseq(2) registration at C startup and thread creation (v6)
Date: Tue, 29 Jan 2019 20:39:19 -0500 (EST) [thread overview]
Message-ID: <596949707.3888.1548812359874.JavaMail.zimbra@efficios.com> (raw)
In-Reply-To: <alpine.DEB.2.21.1901292153190.24454@digraph.polyomino.org.uk>
----- On Jan 29, 2019, at 4:56 PM, Joseph Myers joseph@codesourcery.com wrote:
> On Tue, 29 Jan 2019, Mathieu Desnoyers wrote:
>
>> I recalled that aarch64 defines RSEQ_SIG to a different value which maps to
>> a valid trap instruction. So I plan to move the RSEQ_SIG define to per-arch
>> headers like this:
>>
>> sysdeps/unix/sysv/linux/aarch64/bits/rseq.h | 24 ++
>> sysdeps/unix/sysv/linux/arm/bits/rseq.h | 24 ++
>> sysdeps/unix/sysv/linux/bits/rseq.h | 23 ++
>> sysdeps/unix/sysv/linux/mips/bits/rseq.h | 24 ++
>> sysdeps/unix/sysv/linux/powerpc/bits/rseq.h | 24 ++
>> sysdeps/unix/sysv/linux/s390/bits/rseq.h | 24 ++
>> sysdeps/unix/sysv/linux/x86/bits/rseq.h | 24 ++
>>
>> where "bits/rseq.h" contains a #error:
>>
>> # error "Architecture does not define RSEQ_SIG.
>>
>> sys/rseq.h will now include <bits/rseq.h>.
>
> We're trying to reduce the number of cases where most or all new glibc
> architecture ports need to provide a bits/ header, by making the generic
> headers handle the common case. So a generic header with a #error, and
> lots of architecture-specific headers mostly with the same value for
> RSEQ_SIG, seems unfortunate. I'd hope the generic header could use a
> generic value, with architecture-specific variants only for architectures
> with some reason for a different value.
The issue here is that it would require us to decide right away what RSEQ_SIG
is appropriate for all other Linux architectures supported by glibc. There are
a few reasons for which an architecture can be required to specify its own
RSEQ_SIG. For instance, it may need to map to an instruction defined in the
instruction set, thus ensuring objdump does not get confused, and in other
cases that the processor speculative execution happening just before the
RSEQ_SIG really stops at the signature (hence the trap instruction on aarch64).
I'm worried that if we introduce a "default" RSEQ_SIG value for architectures
currently not supported by RSEQ and we then introduce an architecture-specific
signature value in the future, some applications will try to build with
wrong signatures, and when the rseq system call gets eventually implemented for
those architecture and a end-user upgrades his kernel, those signatures won't
match between glibc rseq registration and the application rseq abort handlers,
thus leading to hard-to-reproduce segmentation faults delivered by the kernel
checking those signatures upon rseq abort.
This upgrade story is far from ideal.
My thinking was to put the #error in the generic header, so architectures that
are not supported yet cannot build against rseq.h at all, so we don't end up
in a broken upgrade scenario. I'm open to alternative ways to do it though, as
long as we don't let not-yet-supported architectures build broken code.
Thoughts ?
Thanks,
Mathieu
--
Mathieu Desnoyers
EfficiOS Inc.
http://www.efficios.com
next prev parent reply other threads:[~2019-01-30 1:39 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-21 21:35 [RFC PATCH glibc 1/4] glibc: Perform rseq(2) registration at C startup and thread creation (v6) Mathieu Desnoyers
2019-01-21 21:35 ` [RFC PATCH glibc 2/4] glibc: sched_getcpu(): use rseq cpu_id TLS on Linux Mathieu Desnoyers
2019-01-29 16:57 ` [RFC PATCH glibc 1/4] glibc: Perform rseq(2) registration at C startup and thread creation (v6) Mathieu Desnoyers
2019-01-29 21:56 ` Joseph Myers
2019-01-30 1:39 ` Mathieu Desnoyers [this message]
2019-01-30 2:40 ` Joseph Myers
2019-01-30 18:03 ` Mathieu Desnoyers
2019-01-30 21:10 ` Joseph Myers
2019-01-31 16:37 ` Mathieu Desnoyers
2019-01-31 16:53 ` Mathieu Desnoyers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=596949707.3888.1548812359874.JavaMail.zimbra@efficios.com \
--to=mathieu.desnoyers@efficios.com \
--cc=bmaurer@fb.com \
--cc=boqun.feng@gmail.com \
--cc=carlos@redhat.com \
--cc=dalias@libc.org \
--cc=davejwatson@fb.com \
--cc=fweimer@redhat.com \
--cc=joseph@codesourcery.com \
--cc=libc-alpha@sourceware.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=paulmck@linux.vnet.ibm.com \
--cc=peterz@infradead.org \
--cc=pjt@google.com \
--cc=szabolcs.nagy@arm.com \
--cc=tglx@linutronix.de \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox