Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp581052yba; Thu, 18 Apr 2019 06:20:39 -0700 (PDT) X-Google-Smtp-Source: APXvYqzUem/qAzCPnrJng6OAFupP5fkL5p8Plg++PETRCwobgziP1/01yTUg3fLtBX4LM1LicXcG X-Received: by 2002:a63:2c4a:: with SMTP id s71mr83390196pgs.373.1555593639616; Thu, 18 Apr 2019 06:20:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1555593639; cv=none; d=google.com; s=arc-20160816; b=wTD1AIPp3XPK3XsSOprrUebcBgiF5yMdBhd9SrEJ0DUsXBOvx132g9I37mgazDXaY5 bZclePu/KcG2HluhMEBjN5Sg/i4uqhFfPcaqEWEt4ce9M/eysl8iZZAGkjAikABoP/bt A4spXbGvB1QmsG3n9fNvAYg8dr/zLxjjEcUbKljravzE8LJO5UJmMTQKKHBVZRNXxSs+ AdeIWHAoqBDLz82cByRWEi1q4ZxOc3GoyibuXYt4BBxM1MYL35bOZQWnDLpGIOksGwSK OIz/MvuAF/FkcYcIOZIz1j4fGs2jlWGcR6W7VoV0oKl9BPdxYGR1AopxdBWeNGIpsUyP FC6g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:thread-index:thread-topic :content-transfer-encoding:mime-version:subject:references :in-reply-to:message-id:cc:to:from:date:dkim-signature:dkim-filter; bh=daQRIz/GzW0nifT6WuMGpD1kzSG3Ak1hQ59bUiNIxkU=; b=h/tuq9MaSI9beVEgCVmzy7veoE8f7T2cuD1fkcmC5tFxZhWowIMovgAHucwTUC+kMn fMxmpLlXpCVLW/DmGgBmjeWa4yJ/wdWuJ7iVjYGC75/+6TwXWJD5mvqX5BWZpH/2uaYV /dxXDlgzqan7pGSMn02KpeHphQ1YgfyYh9dLoNbPuOZt89sueA+Hk6cVaQxNjNo76MD1 8JGXG039EyGTWKMmGY7dCS0XaFoDDFRPT6bQzybmDuP8+gtv487YClNpsxofrM2OzWvs Agz6daEgfa5S+5B3l6xcW1BACC+GIgYGuioKgu8Z/1bYP1KvjmPa88Y9Cmu4KFv2G93K 70ZA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@efficios.com header.s=default header.b=MErEXGov; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=efficios.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k12si2026472plt.28.2019.04.18.06.20.24; Thu, 18 Apr 2019 06:20:39 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@efficios.com header.s=default header.b=MErEXGov; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=efficios.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389071AbfDRNRz (ORCPT + 99 others); Thu, 18 Apr 2019 09:17:55 -0400 Received: from mail.efficios.com ([167.114.142.138]:49820 "EHLO mail.efficios.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388685AbfDRNRy (ORCPT ); Thu, 18 Apr 2019 09:17:54 -0400 Received: from localhost (ip6-localhost [IPv6:::1]) by mail.efficios.com (Postfix) with ESMTP id 3C5171D8529; Thu, 18 Apr 2019 09:17:52 -0400 (EDT) Received: from mail.efficios.com ([IPv6:::1]) by localhost (mail02.efficios.com [IPv6:::1]) (amavisd-new, port 10032) with ESMTP id fxHENaeXTtJc; Thu, 18 Apr 2019 09:17:51 -0400 (EDT) Received: from localhost (ip6-localhost [IPv6:::1]) by mail.efficios.com (Postfix) with ESMTP id 757801D8523; Thu, 18 Apr 2019 09:17:51 -0400 (EDT) DKIM-Filter: OpenDKIM Filter v2.10.3 mail.efficios.com 757801D8523 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=efficios.com; s=default; t=1555593471; bh=daQRIz/GzW0nifT6WuMGpD1kzSG3Ak1hQ59bUiNIxkU=; h=Date:From:To:Message-ID:MIME-Version; b=MErEXGovJB1p/YvnWbMGm4TgEIwTmcrceDoEIAFWz43qscgGdeuCAcGiLwCJqcEIj mFT4xnNgHimvFUoZMUVOCAuDUG4MFWw77+Ji9mcVhV1pmoq17kEhFoIOlpzVv8bPKe V8G3R+GCYYh1tsoilWfVOc1+QyGKVMFOeeo9tlfQWhvLorcV4EITlqmtyLJ3ybgCcY UJHiMMorklsTPxWEWysVFiNTeThFYfm0v3ZBWmCCbDZHnakw6Qefc0s4TTkJ7+lPGs 4KAKSXnL0lsLkTp4JKzGJcqEUe8YsGxNLnlRNO6tTvOn6hv0mzY8bUHqDR5pj71zep zqABuIFa84rlA== X-Virus-Scanned: amavisd-new at efficios.com Received: from mail.efficios.com ([IPv6:::1]) by localhost (mail02.efficios.com [IPv6:::1]) (amavisd-new, port 10026) with ESMTP id 4A4zMfLTEaIW; Thu, 18 Apr 2019 09:17:51 -0400 (EDT) Received: from mail02.efficios.com (mail02.efficios.com [167.114.142.138]) by mail.efficios.com (Postfix) with ESMTP id 556B31D8517; Thu, 18 Apr 2019 09:17:51 -0400 (EDT) Date: Thu, 18 Apr 2019 09:17:51 -0400 (EDT) From: Mathieu Desnoyers To: Joseph Myers , Will Deacon Cc: carlos , Florian Weimer , Szabolcs Nagy , libc-alpha , Thomas Gleixner , Ben Maurer , Peter Zijlstra , "Paul E. McKenney" , Boqun Feng , Dave Watson , Paul Turner , Rich Felker , linux-kernel , linux-api Message-ID: <1066731871.915.1555593471194.JavaMail.zimbra@efficios.com> In-Reply-To: <1770787324.668.1555530989646.JavaMail.zimbra@efficios.com> References: <20190416173216.9028-1-mathieu.desnoyers@efficios.com> <20190416173216.9028-2-mathieu.desnoyers@efficios.com> <364803063.586.1555516769056.JavaMail.zimbra@efficios.com> <1770787324.668.1555530989646.JavaMail.zimbra@efficios.com> Subject: Re: [PATCH 1/5] glibc: Perform rseq(2) registration at C startup and thread creation (v8) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Originating-IP: [167.114.142.138] X-Mailer: Zimbra 8.8.12_GA_3794 (ZimbraWebClient - FF66 (Linux)/8.8.12_GA_3794) Thread-Topic: glibc: Perform rseq(2) registration at C startup and thread creation (v8) Thread-Index: INCuEl4HoV36+9kj4Py2i1v2aaL1in9pdVtq Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org ----- On Apr 17, 2019, at 3:56 PM, Mathieu Desnoyers mathieu.desnoyers@efficios.com wrote: > ----- On Apr 17, 2019, at 12:17 PM, Joseph Myers joseph@codesourcery.com wrote: > >> On Wed, 17 Apr 2019, Mathieu Desnoyers wrote: >> >>> > +/* RSEQ_SIG is a signature required before each abort handler code. >>> > + >>> > + It is a 32-bit value that maps to actual architecture code compiled >>> > + into applications and libraries. It needs to be defined for each >>> > + architecture. When choosing this value, it needs to be taken into >>> > + account that generating invalid instructions may have ill effects on >>> > + tools like objdump, and may also have impact on the CPU speculative >>> > + execution efficiency in some cases. */ >>> > + >>> > +#define RSEQ_SIG 0xd428bc00 /* BRK #0x45E0. */ >>> >>> After further investigation, we should probably do the following >>> to handle compiling with -mbig-endian on aarch64, which generates >>> binaries with mixed code vs data endianness (little endian code, >>> big endian data): >> >> First, the comment on RSEQ_SIG should specify whether it is to be >> interpreted in the code or the data endianness. > > Right. The signature passed as argument to the rseq registration > system call needs to be in data endianness (currently exposed kernel > ABI). > > Ideally for userspace, we want to define a signature in code endianness > that happens to nicely match specific code patterns. > >> >>> For ARM32, the situation is a bit more complex. Only armv6+ >>> generates mixed-endianness code vs data with -mbig-endian. >>> Prior to armv6, the code and data endianness matches. Therefore, >>> I plan to #ifdef the reversed endianness handling with: >>> >>> #if __ARM_ARCH >= 6 && __ARM_BIG_ENDIAN >>> >>> on arm32. >> >> That doesn't work well because BE code (.o files) can be built for v5te >> (for example) and used on a range of different architecture variants with >> both BE32 and BE8 - the choice between BE32 and BE8 is a link-time choice, >> not a compile-time choice. So if the value for Arm is a compile-time >> constant, it should also work for both BE32 and BE8. > > Good to know! Then we need to be even more careful. > >> >> In turn, that suggests to me that RSEQ_SIG should be defined to be a value >> that is always in the code endianness (and whatever corresponding kernel >> code handles RSEQ_SIG values should act accordingly on architectures where >> the two endiannesses can differ). If the kernel ABI is already fixed in a >> way that prevents such a definition of RSEQ_SIG semantics as using code >> endianness, a value should be chosen for Arm that works for both >> endiannesses. > > It might be tricky to pick up a trap instruction that is a palindrome > endianness-wise. > >> >> (Also, installed glibc headers are supposed to work with older compilers, >> and support for __ARM_ARCH was only added in GCC 4.8. Before that you >> need to test lots of separate macros for different architecture variants >> to determine a version number.) > > Good point! > > Here is an alternative to the palindrome approach. I'm taking arm32 > as an example: > > * We define RSEQ_SIG_CODE in code endianness, meant to be used with > .inst in rseq assembly: > > #define RSEQ_SIG_CODE 0xe7f5def3 > > * We define RSEQ_SIG_DATA in data endianness: > > #define RSEQ_SIG_DATA \ > ({ \ > int sig; \ > asm volatile ( "b 2f\n\t" \ > ".arm\n\t" \ > "1: .inst 0xe7f5def3\n\t" \ > "2:\n\t" \ > "ldr %[sig], 1b\n\t" \ > : [sig] "=r" (sig)); \ > sig; \ > }) > > Technically, only glibc and early-adopter libraries wishing to > register rseq need to use RSEQ_SIG_DATA. The RSEQ_SIG_CODE needs > to be used from inline assembly to create the signatures before > each abort handler. The approach above should work for arm32 be8 vs be32 linker weirdness. For aarch64, I think we can simply do: /* * aarch64 -mbig-endian generates mixed endianness code vs data: * little-endian code and big-endian data. Ensure the RSEQ_SIG signature * matches code endianness. */ #define RSEQ_SIG_CODE 0xd428bc00 /* BRK #0x45E0. */ #ifdef __ARM_BIG_ENDIAN #define RSEQ_SIG_DATA 0x00bc28d4 /* BRK #0x45E0. */ #else #define RSEQ_SIG_DATA RSEQ_SIG_CODE #endif #define RSEQ_SIG RSEQ_SIG_DATA Feedback is most welcome, Thanks! Mathieu -- Mathieu Desnoyers EfficiOS Inc. http://www.efficios.com