Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2826411imu; Fri, 23 Nov 2018 15:35:18 -0800 (PST) X-Google-Smtp-Source: AJdET5frID6XrLQ9JaVm0rUg95XvKFM2EvpEWOYAKj0xuCgkkKlKBM6TaZdEJrnw7Q3dq5Vro8wq X-Received: by 2002:a62:380e:: with SMTP id f14-v6mr17881789pfa.203.1543016118199; Fri, 23 Nov 2018 15:35:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543016118; cv=none; d=google.com; s=arc-20160816; b=UCz6+ffwcYTz++ktvy4l7QLjwoG8G2seNd/4wNwqCwyJ7SAb8FYH3CqzrJ1qFCNbiL m8jXBj1ZUsr2MIlPuIIBJR08sehGctlzBlqsxigyOSIN3DtJSsNv3DwtowYygPVE78hd Fpr9CitXYXdVFOSqZNZp2tNEV0uqSzk9iarYZ9QC/J8ujcsmpcbmU267KSBlnkVilGuj eft5PQCIzHDrTNWypXIOx/IiokmnJppKIxx7wiDDU+0JCgA5TDjeyVC8XoooFhZfYRl9 WOrt+2/5mkxHp/VKWW2f58W8MhHJ3ZYoIZ/lPey8P5l8R12EATouiKG8jgq0tM5KZbDD QKEw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=TLXO3pKBH315TigsAdtawCqw11J3uzaTdNOLk87JIrQ=; b=TNRiT1ct7YybA4ExoONkJR2jFhc5oNngHJkHjdpdccFNCqQHaqSfa15GLWSX3Nnro6 ZYhWDKbmBSq1+jU4x2TinsWNmO70Xrty9V7fTeelt1qx7m5brBb5fxx2E2RZ+Bn7JaA8 mDDWYkvKd5Qu4YSPys98AYL6/ra7TRmIidyA75Nj/1h2wStpLwgtAv8q1E1v3TEaDtm1 b9hGEGP7AAzLTSAEKsvSdAiu1DrCjWRB4kNFbYW859B4Nhrk+bbI39gdl8lbOz31wsG+ XwzAMJoBHDIgBU3NMOLFuff8mjcNOaJuZZ6910lpTn7j0/+7eDCLc8u5zY0s/PiARgkS ZZoA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y27si50728971pga.459.2018.11.23.15.35.03; Fri, 23 Nov 2018 15:35:18 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2405844AbeKWCZr (ORCPT + 99 others); Thu, 22 Nov 2018 21:25:47 -0500 Received: from 216-12-86-13.cv.mvl.ntelos.net ([216.12.86.13]:58418 "EHLO brightrain.aerifal.cx" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728825AbeKWCZq (ORCPT ); Thu, 22 Nov 2018 21:25:46 -0500 Received: from dalias by brightrain.aerifal.cx with local (Exim 3.15 #2) id 1gPrA1-0004wo-00; Thu, 22 Nov 2018 15:44:57 +0000 Date: Thu, 22 Nov 2018 10:44:57 -0500 From: Rich Felker To: Mathieu Desnoyers Cc: Florian Weimer , carlos , Joseph Myers , Szabolcs Nagy , libc-alpha , Thomas Gleixner , Ben Maurer , Peter Zijlstra , "Paul E. McKenney" , Boqun Feng , Will Deacon , Dave Watson , Paul Turner , linux-kernel , linux-api Subject: Re: [RFC PATCH v4 1/5] glibc: Perform rseq(2) registration at nptl init and thread creation Message-ID: <20181122154457.GG23599@brightrain.aerifal.cx> References: <20181121183936.8176-1-mathieu.desnoyers@efficios.com> <20181122143603.GD23599@brightrain.aerifal.cx> <782067422.9852.1542899056778.JavaMail.zimbra@efficios.com> <87a7m1ywni.fsf@oldenburg.str.redhat.com> <20181122151710.GF23599@brightrain.aerifal.cx> <875zwpyw81.fsf@oldenburg.str.redhat.com> <1306224240.10055.1542900799576.JavaMail.zimbra@efficios.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1306224240.10055.1542900799576.JavaMail.zimbra@efficios.com> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Nov 22, 2018 at 10:33:19AM -0500, Mathieu Desnoyers wrote: > ----- On Nov 22, 2018, at 10:21 AM, Florian Weimer fweimer@redhat.com wrote: > > > * Rich Felker: > > > >> On Thu, Nov 22, 2018 at 04:11:45PM +0100, Florian Weimer wrote: > >>> * Mathieu Desnoyers: > >>> > >>> > Thoughts ? > >>> > > >>> > /* Unregister rseq TLS from kernel. */ > >>> > if (has_rseq && __rseq_unregister_current_thread ()) > >>> > abort(); > >>> > > >>> > advise_stack_range (pd->stackblock, pd->stackblock_size, (uintptr_t) pd, > >>> > pd->guardsize); > >>> > > >>> > /* If the thread is detached free the TCB. */ > >>> > if (IS_DETACHED (pd)) > >>> > /* Free the TCB. */ > >>> > __free_tcb (pd); > >>> > >>> Considering that we proceed to free the TCB, I really hope that all > >>> signals are blocked at this point. (I have not checked this, though.) > >>> > >>> Wouldn't this address your concern about access to the rseq area? > >> > >> I'm not familiar with glibc's logic here, but for other reasons, I > >> don't think freeing it is safe until the kernel task exit futex (set > >> via clone or set_tid_address) has fired. I would guess __free_tcb just > >> sets up for it to be reclaimable when this happens rather than > >> immediately freeing it for reuse. > > > > Right, but in case of user-supplied stacks, we actually free TLS memory > > at this point, so signals need to be blocked because the TCB is > > (partially) gone after that. > > Unfortuntately, disabling signals is not enough. > > With rseq registered, the kernel accesses the rseq TLS area when returning to > user-space after _preemption_ of user-space, which can be triggered at any > point by an interrupt or a fault, even if signals are blocked. > > So if there are cases where the TLS memory is freed while the thread is still > running, we _need_ to explicitly unregister rseq beforehand. OK, that makes sense. I was wrongly under the impression that the TLS memory could not be reused until the task exit futex fired, but in glibc that's not the case with caller-provided stacks. I still don't understand the need for a reference count though. Rich