Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp5335975imu;
        Tue, 29 Jan 2019 17:39:48 -0800 (PST)
X-Google-Smtp-Source: ALg8bN646Wdmb6jjiJDgHqpPLvwf6KdRkQ7jgZU20RyFvrUiFKBNW2CDqwMEW4SHyQKUEWdU7Y0G
X-Received: by 2002:a63:9501:: with SMTP id p1mr25841608pgd.149.1548812388150;
        Tue, 29 Jan 2019 17:39:48 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1548812388; cv=none;
        d=google.com; s=arc-20160816;
        b=i3vK8AYDoB+c/M7pCU6bzBhk3iIDkXUlLg/nfF6mQ7O/A0wVyAyWOx3KseNHrKIvTE
         HFC6BxuweAMlRIusz0B72kwMfAPwX+Y/J1EEHx6LkjpC7IuaxeBWpO1xrUY8sM6SPLIB
         nnXaJ/4l4JJbjlDeNRcB5huk3Ts2ZqBaNmcW8DqLXRHJ4I1zz6BP6x5omb6HVL+uPfJD
         dSfxpIyb37jINPhnD+hXn3VwmO8U1JpU2MZFhf8eeL7NU6RmNc+0xxW44o1kcStl2l9y
         PZI6G9phUPCwKj6asjFCk+4niRbFulk94qCSn7tQe9t/3fYC6h78K4mhBiHDh0ODrDqV
         Wl1g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:thread-index:thread-topic
         :content-transfer-encoding:mime-version:subject:references
         :in-reply-to:message-id:cc:to:from:date:dkim-signature:dkim-filter;
        bh=I/++G+q197RJlGE/Cz5ygFnPD1AcWebX468LQ6HvJhE=;
        b=GUcOHnCXWzKyDtZiI5mH0YD+NH0hUNLLchW/c/on4r5lZXaY2PHJFjXi6YZHFn/Y1m
         NeIe4UiJnjTTaEvGxsVhZKa3PuRhHY5vg1dDMB2OVGCOOFLlCacRUhJHI4pxIWj0fCwn
         pRXaLVVzna7WwP52sVV4qx7KeBu0A0JPns/GGhOaz/qVEd4mpKZY3QU9sebGSywSbHnb
         x1I1Joh1uwrJ/Pget5AtyWWoD0usD49UjO+/9l2X9BiKK48QAuje1gBWRgwDycefvsJy
         U/F85OVPGTUFD9eFzhAd64tKuvqke+eSc5mH4hi3cnIacLqV5NVTFK/llJT+VQdwZzMC
         Oizw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@efficios.com header.s=default header.b=cRfiObYi;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=efficios.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id m7si52735pfc.118.2019.01.29.17.39.32;
        Tue, 29 Jan 2019 17:39:48 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@efficios.com header.s=default header.b=cRfiObYi;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=efficios.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728176AbfA3BjX (ORCPT <rfc822;mailist1go@gmail.com>
        + 99 others); Tue, 29 Jan 2019 20:39:23 -0500
Received: from mail.efficios.com ([167.114.142.138]:46924 "EHLO
        mail.efficios.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1727634AbfA3BjW (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 29 Jan 2019 20:39:22 -0500
Received: from localhost (ip6-localhost [IPv6:::1])
        by mail.efficios.com (Postfix) with ESMTP id 01E391337E8;
        Tue, 29 Jan 2019 20:39:21 -0500 (EST)
Received: from mail.efficios.com ([IPv6:::1])
        by localhost (mail02.efficios.com [IPv6:::1]) (amavisd-new, port 10032)
        with ESMTP id V9dOi7CdkeQr; Tue, 29 Jan 2019 20:39:20 -0500 (EST)
Received: from localhost (ip6-localhost [IPv6:::1])
        by mail.efficios.com (Postfix) with ESMTP id 111061337E1;
        Tue, 29 Jan 2019 20:39:20 -0500 (EST)
DKIM-Filter: OpenDKIM Filter v2.10.3 mail.efficios.com 111061337E1
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=efficios.com;
        s=default; t=1548812360;
        bh=I/++G+q197RJlGE/Cz5ygFnPD1AcWebX468LQ6HvJhE=;
        h=Date:From:To:Message-ID:MIME-Version;
        b=cRfiObYi2+pPQL+B7lm3NAMxX3x+R8UH0hIDgI03JLbCBc8SDYvAPXWbokTtXH9Sc
         vuYTeFjIvwxblBR1WW341WV/IRyL0eqC99OxqrDcXdpXuVRV2WHhauozrcpqM4YsGQ
         e0aKhg/dlMvsbgqwr54HDFVHFhJVWgMqoJHJ3e09UPudcBvPNzdTyL7Pa6R+CwIeGP
         0tI3lknjzdCgaH5t40zu5BUz4ecVhMIGJTvvM+66Xpy9lYBDnt/2oHQeONO+VZEwzd
         wIRpRZxw7hvyVkYzkvjiSVWQk27eZAZqyyVh/VWxsJ7aRunUTGz2WnMc2H66xbFvfX
         kAvq4kP059Row==
X-Virus-Scanned: amavisd-new at efficios.com
Received: from mail.efficios.com ([IPv6:::1])
        by localhost (mail02.efficios.com [IPv6:::1]) (amavisd-new, port 10026)
        with ESMTP id o8q8gvLYSUdQ; Tue, 29 Jan 2019 20:39:19 -0500 (EST)
Received: from mail02.efficios.com (mail02.efficios.com [167.114.142.138])
        by mail.efficios.com (Postfix) with ESMTP id E6FBA1337D6;
        Tue, 29 Jan 2019 20:39:19 -0500 (EST)
Date:   Tue, 29 Jan 2019 20:39:19 -0500 (EST)
From:   Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
To:     Joseph Myers <joseph@codesourcery.com>
Cc:     carlos <carlos@redhat.com>, Florian Weimer <fweimer@redhat.com>,
        Szabolcs Nagy <szabolcs.nagy@arm.com>,
        libc-alpha <libc-alpha@sourceware.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ben Maurer <bmaurer@fb.com>,
        Peter Zijlstra <peterz@infradead.org>,
        "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>,
        Boqun Feng <boqun.feng@gmail.com>,
        Will Deacon <will.deacon@arm.com>,
        Dave Watson <davejwatson@fb.com>, Paul Turner <pjt@google.com>,
        Rich Felker <dalias@libc.org>,
        linux-kernel <linux-kernel@vger.kernel.org>,
        linux-api <linux-api@vger.kernel.org>
Message-ID: <596949707.3888.1548812359874.JavaMail.zimbra@efficios.com>
In-Reply-To: <alpine.DEB.2.21.1901292153190.24454@digraph.polyomino.org.uk>
References: <20190121213530.23803-1-mathieu.desnoyers@efficios.com> <632671842.3079.1548781059601.JavaMail.zimbra@efficios.com> <alpine.DEB.2.21.1901292153190.24454@digraph.polyomino.org.uk>
Subject: Re: [RFC PATCH glibc 1/4] glibc: Perform rseq(2) registration at C
 startup and thread creation (v6)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Originating-IP: [167.114.142.138]
X-Mailer: Zimbra 8.8.10_GA_3716 (ZimbraWebClient - FF65 (Linux)/8.8.10_GA_3745)
Thread-Topic: glibc: Perform rseq(2) registration at C startup and thread creation (v6)
Thread-Index: 5DMoXo/hM2dRK1xrzqbpeCcPJF27ag==
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

----- On Jan 29, 2019, at 4:56 PM, Joseph Myers joseph@codesourcery.com wrote:

> On Tue, 29 Jan 2019, Mathieu Desnoyers wrote:
> 
>> I recalled that aarch64 defines RSEQ_SIG to a different value which maps to
>> a valid trap instruction. So I plan to move the RSEQ_SIG define to per-arch
>> headers like this:
>> 
>>  sysdeps/unix/sysv/linux/aarch64/bits/rseq.h                  |   24 ++
>>  sysdeps/unix/sysv/linux/arm/bits/rseq.h                      |   24 ++
>>  sysdeps/unix/sysv/linux/bits/rseq.h                          |   23 ++
>>  sysdeps/unix/sysv/linux/mips/bits/rseq.h                     |   24 ++
>>  sysdeps/unix/sysv/linux/powerpc/bits/rseq.h                  |   24 ++
>>  sysdeps/unix/sysv/linux/s390/bits/rseq.h                     |   24 ++
>>  sysdeps/unix/sysv/linux/x86/bits/rseq.h                      |   24 ++
>> 
>> where "bits/rseq.h" contains a #error:
>> 
>> # error "Architecture does not define RSEQ_SIG.
>> 
>> sys/rseq.h will now include <bits/rseq.h>.
> 
> We're trying to reduce the number of cases where most or all new glibc
> architecture ports need to provide a bits/ header, by making the generic
> headers handle the common case.  So a generic header with a #error, and
> lots of architecture-specific headers mostly with the same value for
> RSEQ_SIG, seems unfortunate.  I'd hope the generic header could use a
> generic value, with architecture-specific variants only for architectures
> with some reason for a different value.

The issue here is that it would require us to decide right away what RSEQ_SIG
is appropriate for all other Linux architectures supported by glibc. There are
a few reasons for which an architecture can be required to specify its own
RSEQ_SIG. For instance, it may need to map to an instruction defined in the
instruction set, thus ensuring objdump does not get confused, and in other
cases that the processor speculative execution happening just before the
RSEQ_SIG really stops at the signature (hence the trap instruction on aarch64).

I'm worried that if we introduce a "default" RSEQ_SIG value for architectures
currently not supported by RSEQ and we then introduce an architecture-specific
signature value in the future, some applications will try to build with
wrong signatures, and when the rseq system call gets eventually implemented for
those architecture and a end-user upgrades his kernel, those signatures won't
match between glibc rseq registration and the application rseq abort handlers,
thus leading to hard-to-reproduce segmentation faults delivered by the kernel
checking those signatures upon rseq abort.

This upgrade story is far from ideal.

My thinking was to put the #error in the generic header, so architectures that
are not supported yet cannot build against rseq.h at all, so we don't end up
in a broken upgrade scenario. I'm open to alternative ways to do it though, as
long as we don't let not-yet-supported architectures build broken code.

Thoughts ?

Thanks,

Mathieu

-- 
Mathieu Desnoyers
EfficiOS Inc.
http://www.efficios.com