From: Rich Felker <dalias@libc.org>
To: musl@lists.openwall.com
Cc: Andy Lutomirski <luto@amacapital.net>,
linux-arm-kernel@lists.infradead.org,
Kees Cook <keescook@chromium.org>
Subject: Re: Re: Thread pointer changes
Date: Fri, 27 Jun 2014 20:38:56 -0400 [thread overview]
Message-ID: <20140628003856.GC19165@brightrain.aerifal.cx> (raw)
In-Reply-To: <20140627232056.GZ32514@n2100.arm.linux.org.uk>
On Sat, Jun 28, 2014 at 12:20:57AM +0100, Russell King - ARM Linux wrote:
> I've shown that this isn't as big a problem as first thought, because
> there's ways that a libc can trivially detect the CPU that it is running
> on, and from that know what instructions are available to it.
I'd really rather be able to detect "Is kuser helper page available?"
than "Are the instructions to get by without it available?" The big
reason is that, when you want a binary that works "anywhere" on an ISA
like ARM where the vendor keeps deprecating instructions and replacing
them with new ones, it's safer to rely on the kernel to tell you which
instructions work than having hard-coded ones that might start failing
somewhere down the line. The other reason is that the pre-v6 kuser
compare-and-swap is actually faster on non-SMP machines since it
doesn't have to do any locking or barrier.
I do actually have a solution for this: using process_vm_readv, the
existence of the kuser helper page can be probed to determine if it's
safe to access, and the kuser version number can be read. But this is
somewhat hackish and might have other downsides.
> I've indicated that the kuser helpers are always provided when there
> is no hardware TLS support, which corresponds with a minimum ARM
> architecture of version 6K, and v6k has the atomic instructions.
Thanks. I wasn't aware that !(hwcap & HWCAP_TLS) was a sufficient
condition to ensure that the kuser helper page is available. In theory
SYS_get_thread_area or trap-emulated TLS access could have been
required in this case but I'm glad to hear that they're not.
> I've said that we're not going to move kuser helpers to a randomised
> address, and given strong reasons why not.
Understood.
> I've indicated where the CPU architecture can be retrieved from, and
> used to determine the availability of other instructions.
This is another area where I feel there is some deficiency: deducing
from a cpu string the availability or non-availability of features
sounds fragile. I think it can be done efficiently via AT_PLATFORM,
and like you said SYS_uname is probably safe/reliable too, but I'd
much rather have something in the form of explicit capabilities rather
than having to infer them from a cpu model string.
> I've indicated that the ELF HWCAPs can be used to further refine the
> available instruction information.
With the exception of knowing whether to use DMB for barriers.
Rich
prev parent reply other threads:[~2014-06-28 0:38 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-10 7:28 Rich Felker
2014-06-11 14:55 ` Rich Felker
2014-06-27 19:27 ` Andy Lutomirski
2014-06-27 20:09 ` Russell King - ARM Linux
2014-06-27 21:09 ` Szabolcs Nagy
2014-06-27 21:30 ` Russell King - ARM Linux
2014-06-27 21:47 ` Andy Lutomirski
2014-06-27 21:58 ` Rich Felker
2014-06-27 21:55 ` Rich Felker
2014-06-27 22:17 ` Russell King - ARM Linux
2014-06-27 22:25 ` Andy Lutomirski
2014-06-27 22:54 ` Russell King - ARM Linux
2014-06-28 0:11 ` Rich Felker
2014-06-27 22:33 ` Rich Felker
2014-06-27 23:07 ` Russell King - ARM Linux
2014-06-27 23:17 ` Andy Lutomirski
2014-06-27 23:35 ` Russell King - ARM Linux
2014-06-27 23:40 ` Andy Lutomirski
2014-06-30 15:38 ` [musl] " Christopher Covington
2014-07-02 21:16 ` Rich Felker
2014-06-28 0:20 ` Rich Felker
2014-06-27 22:40 ` Szabolcs Nagy
2014-06-27 22:51 ` Andy Lutomirski
2014-06-27 23:12 ` Russell King - ARM Linux
2014-06-28 16:37 ` Szabolcs Nagy
2014-06-27 21:37 ` Rich Felker
2014-06-27 22:04 ` Russell King - ARM Linux
2014-06-27 22:26 ` Rich Felker
2014-06-27 23:03 ` Russell King - ARM Linux
2014-06-28 7:09 ` u-igbb
2014-06-27 23:20 ` Russell King - ARM Linux
2014-06-28 0:38 ` Rich Felker [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140628003856.GC19165@brightrain.aerifal.cx \
--to=dalias@libc.org \
--cc=keescook@chromium.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=luto@amacapital.net \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).