Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3156536imu; Fri, 23 Nov 2018 22:55:42 -0800 (PST) X-Google-Smtp-Source: AFSGD/XL0WreNQSRsydq7iO4vcPpM68n/gKGO1HVcO7hhQYfieCn77Z6MPpqBboURTFw2vPRJzrn X-Received: by 2002:a17:902:9a42:: with SMTP id x2-v6mr18724872plv.126.1543042542341; Fri, 23 Nov 2018 22:55:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543042542; cv=none; d=google.com; s=arc-20160816; b=vcsMCIZBIyFLOuTwYJxYCpUqA6ha/6u2yaErhpwM5fsAyL04wfVl7GaH3h62rHLZVz H85wK1zS5BBojguEv4SyQde3coCYNd2zemUcnYV2Lk5mnqQ1xQ+IhEAuHEsRJcAZwRRe zdcTY2UA1J8c1nUyyuEOqxwkIqhmRmG+zp+Xykt1rtHnpHEwGvernScgIHzrLGQy9jnX F/69yytCSLxqhubaAtBkPX7T126w1FJ+Ukcb2g7FkVYeNC8SWa/b4ueuluPj5FG8VbWz gZHxHwb7axLkvNC1UG4vW9BLIpHDCkpKxcTnRYQOFTTNvMPK6u+QmEcmMqmXzx8Wcqcd xNgA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:message-id :in-reply-to:date:references:subject:cc:to:from; bh=i+nMnx3qE3dM4Ovh39xVsfFyKQX8zvd2+0oXmCWTx2Q=; b=XUFEGtYisB3VO67hKAgpbiWfCWpA/075pAKk00MH7YbrRI8+9UnA5eU9A2/FJVg4iK fp6UdDjoTtuEOZw+N+5cFLkdaHhXo7TrMaUAc7jqw6FzkF+euJPPc09Cecd6FEGYu55N SwB9OXIrEkAWgD/3LUeS2KCvSSN+fIyzwoNiTsbgC1LaLzw88/M7dsPspU6EZQ+Is16m kicvlwy46kKThIe28NCmzHaCLrZX/pKCe5F5T+Wm9JmOgQsy/E1Nmmyl75hE7xAGARTl u4VPX6vWpWI2cyG0jnpXEqcmG8X2dUFIyKlkpyPXOeLfuYmpSuam2QeXRQPCH8JtTuaU aXoQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a59-v6si54539211plc.48.2018.11.23.22.55.27; Fri, 23 Nov 2018 22:55:42 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2406069AbeKWDkM (ORCPT + 99 others); Thu, 22 Nov 2018 22:40:12 -0500 Received: from mx1.redhat.com ([209.132.183.28]:57796 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388150AbeKWDkM (ORCPT ); Thu, 22 Nov 2018 22:40:12 -0500 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 0455361D07; Thu, 22 Nov 2018 16:59:58 +0000 (UTC) Received: from oldenburg.str.redhat.com (ovpn-116-170.ams2.redhat.com [10.36.116.170]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 172D4103BAB8; Thu, 22 Nov 2018 16:59:51 +0000 (UTC) From: Florian Weimer To: Mathieu Desnoyers Cc: Rich Felker , carlos , Joseph Myers , Szabolcs Nagy , libc-alpha , Thomas Gleixner , Ben Maurer , Peter Zijlstra , "Paul E. McKenney" , Boqun Feng , Will Deacon , Dave Watson , Paul Turner , linux-kernel , linux-api Subject: Re: [RFC PATCH v4 1/5] glibc: Perform rseq(2) registration at nptl init and thread creation References: <20181121183936.8176-1-mathieu.desnoyers@efficios.com> <20181122143603.GD23599@brightrain.aerifal.cx> <782067422.9852.1542899056778.JavaMail.zimbra@efficios.com> <20181122151444.GE23599@brightrain.aerifal.cx> <686626451.10113.1542901620250.JavaMail.zimbra@efficios.com> <87wop5xeit.fsf@oldenburg.str.redhat.com> <1045257294.10291.1542905262086.JavaMail.zimbra@efficios.com> Date: Thu, 22 Nov 2018 17:59:44 +0100 In-Reply-To: <1045257294.10291.1542905262086.JavaMail.zimbra@efficios.com> (Mathieu Desnoyers's message of "Thu, 22 Nov 2018 11:47:42 -0500 (EST)") Message-ID: <87k1l5xd33.fsf@oldenburg.str.redhat.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Thu, 22 Nov 2018 16:59:58 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org * Mathieu Desnoyers: > ----- On Nov 22, 2018, at 11:28 AM, Florian Weimer fweimer@redhat.com wrote: > >> * Mathieu Desnoyers: >> >>> Here is one scenario: we have 2 early adopter libraries using rseq which >>> are deployed in an environment with an older glibc (which does not >>> support rseq). >>> >>> Of course, none of those libraries can be dlclose'd unless they somehow >>> track all registered threads. >> >> Well, you can always make them NODELETE so that dlclose is not an issue. >> If the library is small enough, that shouldn't be a problem. > > That's indeed what I do with lttng-ust, mainly due to use of pthread_key. > >> >>> But let's focus on how exactly those libraries can handle lazily >>> registering rseq. They can use pthread_key, and pthread_setspecific on >>> first use by the thread to setup a destructor function to be invoked >>> at thread exit. But each early adopter library is unaware of the >>> other, so if we just use a "is_initialized" flag, the first destructor >>> to run will unregister rseq while the second library may still be >>> using it. >> >> I don't think you need unregistering if the memory is initial-exec TLS >> memory. Initial-exec TLS memory is tied directly to the TCB and cannot >> be freed while the thread is running, so it should be safe to put the >> rseq area there even if glibc knows nothing about it. > > Is it true for user-supplied stacks as well ? I'm not entirely sure because the glibc terminology is confusing, but I think it places intial-exec TLS into the static TLS area (so that it has a fixed offset from the TCB). The static TLS area is placed on the user-supplied stack. >> Then you'll only need a mechanism to find the address of the actually >> active rseq area (which you probably have to store in a TLS variable >> for performance reasons). And that part you need whether you have >> reference counter or not. > > I'm not sure I follow your thoughts here. Currently, the __rseq_abi > TLS symbol identifies a structure registered to the kernel. The > "currently active" rseq critical section is identified by the field > "rseq_cs" within the __rseq_abi structure. > > So here when you say "actually active rseq area", do you mean the > currently registered struct rseq (__rseq_abi) or the currently running > rseq critical section ? (pointed to by __rseq_abi.rseq_cs) __rseq_abi. > One issue here is that early adopter libraries cannot always use > the IE model. I tried using it for other TLS variables in lttng-ust, and > it ended up hanging our CI tests when tracing a sample application with > lttng-ust under a Java virtual machine: being dlopen'd in a process that > possibly already exhausts the number of available backup TLS IE entries > seems to have odd effects. This is why I'm worried about using the IE model > within lttng-ust. You can work around this by preloading the library. I'm not sure if this is a compelling reason not to use initial-exec TLS memory. >>> The same problem arises if we have an application early adopter which >>> explicitly deal with rseq, with a library early adopter. The issue is >>> similar, except that the application will explicitly want to unregister >>> rseq before exiting the thread, which leaves a race window where rseq >>> is unregistered, but the library may still need to use it. >>> >>> The reference counter solves this: only the last rseq user for a thread >>> performs unregistration. >> >> If you do explicit unregistration, you will run into issues related to >> destructor ordering. You should really find a way to avoid that. > > The per-thread reference counter is a way to avoid issues that arise from > lack of destructor ordering. Is it an acceptable approach for you, or > you have something else in mind ? Only for the involved libraries. It will not help if other TLS destructors run and use these libraries. Thanks, Florian