Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3235475imu;
        Sat, 24 Nov 2018 00:45:13 -0800 (PST)
X-Google-Smtp-Source: AFSGD/UPudhzKXx5x71Ht0naoSUqKNj3Bge6yaUhIOLnXnxNuRwWI/oSOJML+AXu//Mi4GncfNTk
X-Received: by 2002:a63:1766:: with SMTP id 38mr16821135pgx.299.1543049113672;
        Sat, 24 Nov 2018 00:45:13 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1543049113; cv=none;
        d=google.com; s=arc-20160816;
        b=FJcbpkxST1VOMxy+f3m84njg6Jo9hsXWmITgKDIZDqWK+o5nqQnh/g0Cqk9cMhTJWp
         ACzT7fXcvw6bniyOK1JQW6rzNcSpCFBBOUwJH6WAi0Xh+csWba8ubCMZTjSXx+3FHN0B
         rqF+68N0UV36Rsq1LERu7jJ5QGFZf2bdJ8Ku444+9YnDTgVg0U71XtjzX2XW7pzklFcq
         U1Adk4m1/Q1I6bRXkUJ/OjJz9d68yKzu04YFMXjVKe4vADPbOah4dXR8LJ9fTsH9CB2n
         ufXHd8L5TUwDqHhtyk1bMV+8VkWN7BY5swRP9h2xSG2ccynuQdwTBPKxBm+DiYKEFh9Q
         Wujg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=yVrYRf0BHBLFrD6nBV5jb/6Uf9kCTc1t910pLyuPdmc=;
        b=W3z2G28VgKQ/DDTovTA/1sFL4iLqpAOihToqJSXzIqca8Gea+tGo/lvRWlLpXcGGcM
         tahQSH4nI5fO1/q37EPJsCc0JC409/Eqat4NYDEX6+2XuCCAPV5fyhq30p9LpiE4ff06
         xyHbD5r7dz6jqLcefVaeG9nD2iHAKWiAiv8rtFrRlMv/QL9JiuVFiIO0Mg0xo0KFrbWF
         2z09/bpjIFaG9Ze2npp/8SiZpMUhZH8ANst4W8jcWx2Ui/aLUbCVzHEMnhIYuwy56gd3
         GP80vj5vm4TCbCHmEWXC40rW6YMml/yxDxaL/UvKurUGQFhDDrSbe6+Y+MNdUXHmGGRX
         sZkg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 92si29658672pld.84.2018.11.24.00.44.59;
        Sat, 24 Nov 2018 00:45:13 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2440880AbeKXEQe (ORCPT <rfc822;arandomawesomegeek@gmail.com>
        + 99 others); Fri, 23 Nov 2018 23:16:34 -0500
Received: from 216-12-86-13.cv.mvl.ntelos.net ([216.12.86.13]:58514 "EHLO
        brightrain.aerifal.cx" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S2436998AbeKXEQe (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 23 Nov 2018 23:16:34 -0500
Received: from dalias by brightrain.aerifal.cx with local (Exim 3.15 #2)
        id 1gQFHX-0000px-00; Fri, 23 Nov 2018 17:30:19 +0000
Date:   Fri, 23 Nov 2018 12:30:19 -0500
From:   Rich Felker <dalias@libc.org>
To:     Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc:     Florian Weimer <fweimer@redhat.com>, carlos <carlos@redhat.com>,
        Joseph Myers <joseph@codesourcery.com>,
        Szabolcs Nagy <szabolcs.nagy@arm.com>,
        libc-alpha <libc-alpha@sourceware.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ben Maurer <bmaurer@fb.com>,
        Peter Zijlstra <peterz@infradead.org>,
        "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>,
        Boqun Feng <boqun.feng@gmail.com>,
        Will Deacon <will.deacon@arm.com>,
        Dave Watson <davejwatson@fb.com>, Paul Turner <pjt@google.com>,
        linux-kernel <linux-kernel@vger.kernel.org>,
        linux-api <linux-api@vger.kernel.org>
Subject: Re: [RFC PATCH v4 1/5] glibc: Perform rseq(2) registration at nptl
 init and thread creation
Message-ID: <20181123173019.GK23599@brightrain.aerifal.cx>
References: <20181121183936.8176-1-mathieu.desnoyers@efficios.com>
 <686626451.10113.1542901620250.JavaMail.zimbra@efficios.com>
 <87wop5xeit.fsf@oldenburg.str.redhat.com>
 <1045257294.10291.1542905262086.JavaMail.zimbra@efficios.com>
 <87k1l5xd33.fsf@oldenburg.str.redhat.com>
 <20181122171010.GH23599@brightrain.aerifal.cx>
 <871s7cvt1l.fsf@oldenburg.str.redhat.com>
 <20181123142843.GJ23599@brightrain.aerifal.cx>
 <1150466925.11664.1542992720871.JavaMail.zimbra@efficios.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1150466925.11664.1542992720871.JavaMail.zimbra@efficios.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, Nov 23, 2018 at 12:05:20PM -0500, Mathieu Desnoyers wrote:
> ----- On Nov 23, 2018, at 9:28 AM, Rich Felker dalias@libc.org wrote:
> [...]
> > 
> > Absolutely. As long as it's in libc, implicit destruction will happen.
> > Actually I think the glibc code shound unconditionally unregister the
> > rseq address at exit (after blocking signals, so no application code
> > can run) in case a third-party rseq library was linked and failed to
> > do so before thread exit (e.g. due to mismatched ref counts) rather
> > than respecting the reference count, since it knows it's the last
> > user. This would make potentially-buggy code safer.
> 
> OK, let me go ahead with a few ideas/questions along that path.
                                                 ^^^^^^^^^^^^^^^
> 
> Let's say our stated goal is to let the "exit" system call from the
> glibc thread exit path perform rseq unregistration (without explicit
> unregistration beforehand). Let's look at what we need.

This is not "along that path". The above-quoted text is not about
assuming it's safe to make SYS_exit without unregistering the rseq
object, but rather about glibc being able to perform the
rseq-unregister syscall without caring about reference counts, since
it knows no other code that might depend on rseq can run after it.

> First, we need the TLS area to be valid until the exit system call
> is invoked by the thread. If glibc defines __rseq_abi as a weak symbol,
> I'm not entirely sure we can guarantee the IE model if another library
> gets its own global-dynamic weak symbol elected at execution time. Would
> it be better to switch to a "strong" symbol for the glibc __rseq_abi
> rather than weak ?

This doesn't help; still whichever comes first in link order would
override. Either way __rseq_abi would be in static TLS, though,
because any dynamically-loaded library is necessarily loaded after
libc, which is loaded at initial exec time.

> There has been presumptions about signals being blocked when the thread
> exits throughout this email thread. Out of curiosity, what code is
> responsible for disabling signals in this situation ? Related to this,
> is it valid to access a IE model TLS variable from a signal handler at
> _any_ point where the signal handler nests over thread's execution ?
> This includes early start and just before invoking the exit system call.

It should be valid to access *any* TLS object like this, but the
standards don't cover it well. Right now access to dynamic TLS from
signal handlers is unsafe in glibc, but static is safe.

Rich