From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
To: Rich Felker <dalias@libc.org>
Cc: Florian Weimer <fweimer@redhat.com>, carlos <carlos@redhat.com>,
Joseph Myers <joseph@codesourcery.com>,
Szabolcs Nagy <szabolcs.nagy@arm.com>,
libc-alpha <libc-alpha@sourceware.org>,
Thomas Gleixner <tglx@linutronix.de>, Ben Maurer <bmaurer@fb.com>,
Peter Zijlstra <peterz@infradead.org>,
"Paul E. McKenney" <paulmck@linux.vnet.ibm.com>,
Boqun Feng <boqun.feng@gmail.com>,
Will Deacon <will.deacon@arm.com>,
Dave Watson <davejwatson@fb.com>, Paul Turner <pjt@google.com>,
linux-kernel <linux-kernel@vger.kernel.org>,
linux-api <linux-api@vger.kernel.org>
Subject: Re: [RFC PATCH v4 1/5] glibc: Perform rseq(2) registration at nptl init and thread creation
Date: Fri, 23 Nov 2018 12:52:21 -0500 (EST) [thread overview]
Message-ID: <865273158.11687.1542995541389.JavaMail.zimbra@efficios.com> (raw)
In-Reply-To: <20181123173019.GK23599@brightrain.aerifal.cx>
----- On Nov 23, 2018, at 12:30 PM, Rich Felker dalias@libc.org wrote:
> On Fri, Nov 23, 2018 at 12:05:20PM -0500, Mathieu Desnoyers wrote:
>> ----- On Nov 23, 2018, at 9:28 AM, Rich Felker dalias@libc.org wrote:
>> [...]
>> >
>> > Absolutely. As long as it's in libc, implicit destruction will happen.
>> > Actually I think the glibc code shound unconditionally unregister the
>> > rseq address at exit (after blocking signals, so no application code
>> > can run) in case a third-party rseq library was linked and failed to
>> > do so before thread exit (e.g. due to mismatched ref counts) rather
>> > than respecting the reference count, since it knows it's the last
>> > user. This would make potentially-buggy code safer.
>>
>> OK, let me go ahead with a few ideas/questions along that path.
> ^^^^^^^^^^^^^^^
>>
>> Let's say our stated goal is to let the "exit" system call from the
>> glibc thread exit path perform rseq unregistration (without explicit
>> unregistration beforehand). Let's look at what we need.
>
> This is not "along that path". The above-quoted text is not about
> assuming it's safe to make SYS_exit without unregistering the rseq
> object, but rather about glibc being able to perform the
> rseq-unregister syscall without caring about reference counts, since
> it knows no other code that might depend on rseq can run after it.
When saying "along that path", what I mean is: if we go in that direction,
then we should look into going all the way there, and rely on thread
exit to implicitly unregister the TLS area.
Do you see any reason for doing an explicit unregistration at thread
exit rather than simply rely on the exit system call ?
>
>> First, we need the TLS area to be valid until the exit system call
>> is invoked by the thread. If glibc defines __rseq_abi as a weak symbol,
>> I'm not entirely sure we can guarantee the IE model if another library
>> gets its own global-dynamic weak symbol elected at execution time. Would
>> it be better to switch to a "strong" symbol for the glibc __rseq_abi
>> rather than weak ?
>
> This doesn't help; still whichever comes first in link order would
> override. Either way __rseq_abi would be in static TLS, though,
> because any dynamically-loaded library is necessarily loaded after
> libc, which is loaded at initial exec time.
OK, AFAIU so you argue for leaving the __rseq_abi symbol "weak". Just making
sure I correctly understand your position.
Something can be technically correct based on the current implementation,
but fragile with respect to future changes. We need to carefully distinguish
between the two when exposing ABIs.
>
>> There has been presumptions about signals being blocked when the thread
>> exits throughout this email thread. Out of curiosity, what code is
>> responsible for disabling signals in this situation ?
This question is still open.
> Related to this,
>> is it valid to access a IE model TLS variable from a signal handler at
>> _any_ point where the signal handler nests over thread's execution ?
>> This includes early start and just before invoking the exit system call.
>
> It should be valid to access *any* TLS object like this, but the
> standards don't cover it well. Right now access to dynamic TLS from
> signal handlers is unsafe in glibc, but static is safe.
Which is a shame for the lttng-ust tracer, which needs global-dynamic
TLS variables so it can be dlopen'd, but aims at allowing tracing from
signal handlers. It looks like due to limitations of global-dynamic
TLS, tracing from instrumented signal handlers with lttng-ust tracepoints
could crash the process if the signal handler nests early at thread start
or late before thread exit. One way out of this would be to ensure signals
are blocked at thread start/exit, but I can't find the code responsible for
doing this within glibc.
Thanks,
Mathieu
--
Mathieu Desnoyers
EfficiOS Inc.
http://www.efficios.com
next prev parent reply other threads:[~2018-11-23 17:52 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-21 18:39 [RFC PATCH v4 1/5] glibc: Perform rseq(2) registration at nptl init and thread creation Mathieu Desnoyers
2018-11-21 18:39 ` [RFC PATCH v4 2/5] glibc: sched_getcpu(): use rseq cpu_id TLS on Linux Mathieu Desnoyers
2018-11-22 14:36 ` [RFC PATCH v4 1/5] glibc: Perform rseq(2) registration at nptl init and thread creation Rich Felker
2018-11-22 15:04 ` Mathieu Desnoyers
2018-11-22 15:11 ` Florian Weimer
2018-11-22 15:17 ` Rich Felker
2018-11-22 15:21 ` Florian Weimer
2018-11-22 15:33 ` Mathieu Desnoyers
2018-11-22 15:44 ` Rich Felker
2018-11-22 16:24 ` Szabolcs Nagy
2018-11-22 18:35 ` Mathieu Desnoyers
2018-11-22 19:01 ` Rich Felker
2018-11-22 19:36 ` Mathieu Desnoyers
2018-11-22 15:14 ` Rich Felker
2018-11-22 15:47 ` Mathieu Desnoyers
2018-11-22 16:28 ` Florian Weimer
2018-11-22 16:47 ` Mathieu Desnoyers
2018-11-22 16:59 ` Florian Weimer
2018-11-22 17:10 ` Rich Felker
2018-11-23 13:10 ` Florian Weimer
2018-11-23 14:28 ` Rich Felker
2018-11-23 17:05 ` Mathieu Desnoyers
2018-11-23 17:30 ` Rich Felker
2018-11-23 17:39 ` Florian Weimer
2018-11-23 17:44 ` Rich Felker
2018-11-23 18:01 ` Florian Weimer
2018-11-23 17:52 ` Mathieu Desnoyers [this message]
2018-11-23 18:35 ` Rich Felker
2018-11-23 21:09 ` Mathieu Desnoyers
2018-11-26 8:28 ` Florian Weimer
2018-11-26 15:51 ` Mathieu Desnoyers
2018-11-26 16:03 ` Florian Weimer
2018-11-26 17:10 ` Rich Felker
2018-11-26 19:22 ` Mathieu Desnoyers
2018-12-03 21:30 ` Mathieu Desnoyers
2018-11-26 16:30 ` Mathieu Desnoyers
2018-11-26 17:07 ` Rich Felker
2018-12-05 17:24 ` Mathieu Desnoyers
2018-11-26 11:56 ` Szabolcs Nagy
2018-11-22 17:29 ` Mathieu Desnoyers
2018-11-23 13:29 ` Florian Weimer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=865273158.11687.1542995541389.JavaMail.zimbra@efficios.com \
--to=mathieu.desnoyers@efficios.com \
--cc=bmaurer@fb.com \
--cc=boqun.feng@gmail.com \
--cc=carlos@redhat.com \
--cc=dalias@libc.org \
--cc=davejwatson@fb.com \
--cc=fweimer@redhat.com \
--cc=joseph@codesourcery.com \
--cc=libc-alpha@sourceware.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=paulmck@linux.vnet.ibm.com \
--cc=peterz@infradead.org \
--cc=pjt@google.com \
--cc=szabolcs.nagy@arm.com \
--cc=tglx@linutronix.de \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox