Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp2032007ybz; Thu, 30 Apr 2020 09:38:53 -0700 (PDT) X-Google-Smtp-Source: APiQypJonMblv3ckZ34witmL+bU1tWD2XjnvUsDWHm3o1vAeso/TI3njjQfQXzwtd6iDMGqMmKSB X-Received: by 2002:a05:6402:2208:: with SMTP id cq8mr3588564edb.293.1588264732870; Thu, 30 Apr 2020 09:38:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1588264732; cv=none; d=google.com; s=arc-20160816; b=TbQ8aaOv5kFt9zHJ6k0luMKhDIF9zAGnCURgShMt4hCMdCxcu9sErY6Mu1Vaeh0RpB SEm1qOm/puzAly/WRmrLKhvY/285SRwmk0rcIWNlzoGbeAWKzDFyXUMRShwawJDpVNxI 8glpD0ZUnmWO6rBdW99JU4z4jffmpydYuxPLxqyj2cu9Niyc7L7wuZvK6pgkfvNpO4iB ZuqxTg4oTG7Er8yjzohENX9cN/EcPx2SLFTF3kHqn5Or5VC/QNyQTZ0qhcMe9FCw2Iaq RJWH9yUqNqjQ+eWMppe0dT+VGxeCi7/kYI5XnGBULeX2YBZEZP89TC64rvpJfl8F8VIe YZwg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:message-id :in-reply-to:date:references:subject:cc:to:from:dkim-signature; bh=N1kujXhR0DAj22ohzNF4EmVUFABeAdXNfPVcnWuHRxo=; b=aB39XWcVScx3LCpSLi4p+W8gpyxGmNnjrwVvEbI0hLe5BlFqK19I3YT955ZIo+rhWy jrjkdK9eBY0dwchShexyuwhlQ5FUYtz3mKvARC6x19p+pHGedtasdttVh9v7E4QFzPAo uExxPnO1Av0TMG3VXLOrdins+wU0kC6Pg5Kd7R7Hg23Ax7TjNamgnp9rLEIX6Ee/lJdc ppQPahcmLJQ8/r6uCku3C/pgiHmdSdagWMjRLBImN8Q2CywdKyy6FY230yaLn+cTVsRN Fr1ZW43rRpGDjF2ld42W5usz5FpWbCQuIFpl6PygMBPcySkK4mlzIuH3PmMfTEoxNphs B8sw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=KFDY+ase; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i14si48296ejh.494.2020.04.30.09.38.28; Thu, 30 Apr 2020 09:38:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=KFDY+ase; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726620AbgD3QhB (ORCPT + 99 others); Thu, 30 Apr 2020 12:37:01 -0400 Received: from us-smtp-2.mimecast.com ([207.211.31.81]:55442 "EHLO us-smtp-delivery-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726377AbgD3QhB (ORCPT ); Thu, 30 Apr 2020 12:37:01 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1588264619; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=N1kujXhR0DAj22ohzNF4EmVUFABeAdXNfPVcnWuHRxo=; b=KFDY+ase3naK51WgBRbCjBlmNZYfCdBzYBm51jEk3Rxhk9vEoLZd7w1vJ4cSE8jORDWT+O /OotW0baUaJFps68dGevuP2MU1buGHRZY0X9x2O736t3sbLISiq6+aUhN7PIES1BCLhQtA +slKPjdGIVTO2d6QMLvRpbM1nNVCb0M= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-413-629V3yTBP9erMAd_WkCRDQ-1; Thu, 30 Apr 2020 12:36:55 -0400 X-MC-Unique: 629V3yTBP9erMAd_WkCRDQ-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 5BEDC107ACF9; Thu, 30 Apr 2020 16:36:53 +0000 (UTC) Received: from oldenburg2.str.redhat.com (ovpn-113-72.ams2.redhat.com [10.36.113.72]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 3B6F76061B; Thu, 30 Apr 2020 16:36:46 +0000 (UTC) From: Florian Weimer To: Mathieu Desnoyers Cc: carlos , Joseph Myers , Szabolcs Nagy , libc-alpha , Thomas Gleixner , Ben Maurer , Peter Zijlstra , Paul , Boqun Feng , Will Deacon , Dave Watson , Paul Turner , Rich Felker , linux-kernel , linux-api Subject: Re: [RFC PATCH glibc 1/3] glibc: Perform rseq(2) registration at C startup and thread creation (v18) References: <20200428171513.22926-1-mathieu.desnoyers@efficios.com> <875zdhmaft.fsf@oldenburg2.str.redhat.com> <1287616647.77866.1588263099045.JavaMail.zimbra@efficios.com> Date: Thu, 30 Apr 2020 18:36:44 +0200 In-Reply-To: <1287616647.77866.1588263099045.JavaMail.zimbra@efficios.com> (Mathieu Desnoyers's message of "Thu, 30 Apr 2020 12:11:39 -0400 (EDT)") Message-ID: <878sidkk0z.fsf@oldenburg2.str.redhat.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org * Mathieu Desnoyers: > @deftypevar {struct rseq} __rseq_abi > @standards{Linux, sys/rseq.h} > @Theglibc{} implements a @code{__rseq_abi} TLS symbol to interact with the > Restartable Sequences system call (Linux-specific). The layout of this > structure is defined by the @file{sys/rseq.h} header. Registration of each > thread's @code{__rseq_abi} is performed by @theglibc{} at libc library > initialization and thread creation. s/libc library/library/ > The main executable and shared libraries may either have an undefined > @code{__rseq_abi} TLS symbol, or define their own, with the same > declaration as the one present in @file{sys/rseq.h}. The dynamic linker > will ensure that only one of those available symbols will be used at > runtime across the process. > > If the main executable or shared libraries observe an uninitialized > @code{__rseq_abi.cpu_id} field (value @code{RSEQ_CPU_ID_UNINITIALIZED}), they > may perform rseq registration to the kernel: this means either glibc was > prevented from doing the registration, or an older glibc version, which does > not include rseq support, is in use. When the main executable or a library > thus takes ownership of the registration, the memory used to hold the > @code{__rseq_abi} TLS variable must stay allocated, and is not re-used, until > the very end of the thread lifetime or until an explicit rseq unregistration > for that thread is performed. It is not recommended to dlclose() libraries > owning the @code{__rseq_abi} TLS variable. s/dlclose()/@code{dlclose}/ (no parentheses) Rest looks okay. >>> + if (__rseq_abi.cpu_id == RSEQ_CPU_ID_REGISTRATION_FAILED) >>> + return; >>> + ret = INTERNAL_SYSCALL_CALL (rseq, &__rseq_abi, sizeof (struct rseq), >>> + 0, RSEQ_SIG); >>> + if (INTERNAL_SYSCALL_ERROR_P (ret) && >>> + INTERNAL_SYSCALL_ERRNO (ret) != EBUSY) >>> + __rseq_abi.cpu_id = RSEQ_CPU_ID_REGISTRATION_FAILED; >> >> Sorry, I forgot: Please add a comment that the EBUSY error is ignored >> because registration may have already happened in a legacy library. > > Considering that we now disable signals across thread creation, and that > glibc's initialization happens before other libraries' constructors > (as far as I remember even before LD_PRELOADed library constructors), > in which scenario can we expect to have EBUSY here ? That's a good point. > Not setting __rseq_abi.cpu_id to RSEQ_CPU_ID_REGISTRATION_FAILED in case > of EBUSY is more a way to handle "unforeseen" scenarios where somehow the > registration would already be done. But I cannot find an "expected" > scenario which would lead to this now. > > So if EBUSY really is unexpected, how should we treat that ? I don't think > setting REGISTRATION_FAILED would be appropriate, because then it would > break assumption of the prior successful registration that have already > been done by this thread. You could call __libc_fatal with an error message. ENOSYS is definitely an expected error code here, and EPERM (and perhaps EACCES) can happen with seccomp filters. Thanks, Florian