| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <108939265.33525.1590428184533.JavaMail.zimbra@efficios.com>
Date: Mon, 25 May 2020 13:36:24 -0400 (EDT)
From: Mathieu Desnoyers <mathieu.desnoyers@...icios.com>
To: Florian Weimer <fweimer@...hat.com>
Cc: libc-alpha <libc-alpha@...rceware.org>,
Rich Felker <dalias@...c.org>,
linux-api <linux-api@...r.kernel.org>,
Boqun Feng <boqun.feng@...il.com>,
Will Deacon <will.deacon@....com>,
linux-kernel <linux-kernel@...r.kernel.org>,
Peter Zijlstra <peterz@...radead.org>,
Ben Maurer <bmaurer@...com>, Dave Watson <davejwatson@...com>,
Thomas Gleixner <tglx@...utronix.de>,
Paul <paulmck@...ux.vnet.ibm.com>, Paul Turner <pjt@...gle.com>,
Joseph Myers <joseph@...esourcery.com>
Subject: Re: [PATCH glibc 1/3] glibc: Perform rseq registration at C startup
and thread creation (v19)
----- On May 25, 2020, at 11:20 AM, Florian Weimer fweimer@...hat.com wrote:
> * Mathieu Desnoyers:
>
>> The larger question here is: considering that we re-implement the entire
>> uapi header within glibc (which includes the uptr addition), do we still
>> care about using the header provided by the Linux kernel ?
>
> We don't care, but our users do. Eventually, they want to include
> <sys/rseq.h> and <linux/rseq.h> to get new constants that are not yet
> known to glibc.
Good point!
>
>> Having different definitions depending on whether a kernel header is
>> installed or not when including a glibc header seems rather unexpected.
>
> Indeed.
>
>> *If* we want to use the uapi header, I think something is semantically
>> missing. Here is the scheme I envision. We could rely on the kernel header
>> version.h to figure out which of glibc or kernel uapi header is more
>> recent. Any new concept we try to integrate into glibc (e.g. uptr)
>> should go into the upstream Linux uapi header first.
>
> I think we should always prefer the uapi header. The Linux version
> check does not tell you anything about backports.
Fair enough.
>
>> For the coming glibc e.g. 2.32, we use the kernel uapi header if
>> kernel version is >= 4.18.0. Within glibc, the fallback implements
>> exactly the API exposed by the kernel rseq.h header.
>
> Agreed.
>
>> As we eventually introduce the uptr change into the Linux kernel, and
>> say it gets merged for Linux 5.9.0, we mirror this change into glibc
>> (e.g. release 2.33), and bump the Linux kernel version cutoff to 5.9.0.
>> So starting from that version, we use the Linux kernel header only if
>> version >= 5.9.0, else we fallback on glibc's own implementation.
>
> Fortunately, we don't need to settle this today. 8-)
>
> Let's stick to the 4.18 definitions for the fallback for now, and
> discuss the incorporation of future changes later.
OK
>
>>>> +/* Ensure the compiler supports __attribute__ ((aligned)). */
>>>> +_Static_assert (__alignof__ (struct rseq_cs) >= 32, "alignment");
>>>> +_Static_assert (__alignof__ (struct rseq) >= 32, "alignment");
>>>
>>> This needs #ifndef __cplusplus or something like that. I'm surprised
>>> that this passes the installed header tests.
>>
>> Would the following be ok ?
>>
>> #ifdef __cplusplus
>> #define rseq_static_assert static_assert
>> #else
>> #define rseq_static_assert _Static_assert
>> #endif
>>
>> /* Ensure the compiler supports __attribute__ ((aligned)). */
>> rseq_static_assert (__alignof__ (struct rseq_cs) >= 32, "alignment");
>> rseq_static_assert (__alignof__ (struct rseq) >= 32, "alignment");
>
> Seems reasonable, yes. __alignof__ is still a GCC extension. C++11 has
> alignof, C11 has _Alignof. So you could use something like this
> (perhaps without indentation for the kernel header version):
>
> #ifdef __cplusplus
> # if __cplusplus >= 201103L
> # define rseq_static_assert(x) static_assert x;
> # define rseq_alignof alignof
> # endif
> #elif __STDC_VERSION__ >= 201112L
> # define rseq_static_assert(x) _Static_assert x;
> # define rseq_alignof _Alignof
> #endif
> #ifndef rseq_static_assert
> # define rseq_static_assert /* nothing */
> #endif
> rseq_static_assert ((rseq_alignof__ (struct rseq_cs) >= 32, "alignment"))
> rseq_static_assert ((rseq_alignof (struct rseq) >= 32, "alignment"))
Something like this ?
#ifdef __cplusplus
# if __cplusplus >= 201103L
# define rseq_static_assert (expr, diagnostic) static_assert (expr, diagnostic)
# define rseq_alignof alignof
# endif
#elif __STDC_VERSION__ >= 201112L
# define rseq_static_assert (expr, diagnostic) _Static_assert (expr, diagnostic)
# define rseq_alignof _Alignof
#endif
#ifndef rseq_static_assert
# define rseq_static_assert (expr, diagnostic) /* nothing */
#endif
/* Ensure the compiler supports __attribute__ ((aligned)). */
rseq_static_assert ((rseq_alignof (struct rseq_cs) >= 32, "alignment"));
rseq_static_assert ((rseq_alignof (struct rseq) >= 32, "alignment"));
> And something similar for _Alignas/attribute aligned,
I don't see where _Alignas is needed here ?
For attribute aligned, what would be the oldest supported C and C++
standards ?
> with an error for
> older standards and !__GNUC__ compilers (because neither the type nor
> __thread can be represented there).
By "type" you mean "struct rseq" here ? What does it contain that requires
a __GNUC__ compiler ?
About __thread, I recall other compilers have other means to declare it.
In liburcu, I end up with the following:
#if defined (__cplusplus) && (__cplusplus >= 201103L)
# define URCU_TLS_STORAGE_CLASS thread_local
#elif defined (__STDC_VERSION__) && (__STDC_VERSION__ >= 201112L)
# define URCU_TLS_STORAGE_CLASS _Thread_local
#elif defined (_MSC_VER)
# define URCU_TLS_STORAGE_CLASS __declspec(thread)
#else
# define URCU_TLS_STORAGE_CLASS __thread
#endif
Would something along those lines be OK for libc ?
Thanks,
Mathieu
--
Mathieu Desnoyers
EfficiOS Inc.
http://www.efficios.com
Powered by blists - more mailing lists