Re: [PATCH glibc 1/3] glibc: Perform rseq registration at C startup and thread creation (v19)

From: Florian Weimer
Date: Mon May 25 2020 - 11:20:34 EST


* Mathieu Desnoyers:

> The larger question here is: considering that we re-implement the entire
> uapi header within glibc (which includes the uptr addition), do we still
> care about using the header provided by the Linux kernel ?

We don't care, but our users do. Eventually, they want to include
<sys/rseq.h> and <linux/rseq.h> to get new constants that are not yet
known to glibc.

> Having different definitions depending on whether a kernel header is
> installed or not when including a glibc header seems rather unexpected.

Indeed.

> *If* we want to use the uapi header, I think something is semantically
> missing. Here is the scheme I envision. We could rely on the kernel header
> version.h to figure out which of glibc or kernel uapi header is more
> recent. Any new concept we try to integrate into glibc (e.g. uptr)
> should go into the upstream Linux uapi header first.

I think we should always prefer the uapi header. The Linux version
check does not tell you anything about backports.

> For the coming glibc e.g. 2.32, we use the kernel uapi header if
> kernel version is >= 4.18.0. Within glibc, the fallback implements
> exactly the API exposed by the kernel rseq.h header.

Agreed.

> As we eventually introduce the uptr change into the Linux kernel, and
> say it gets merged for Linux 5.9.0, we mirror this change into glibc
> (e.g. release 2.33), and bump the Linux kernel version cutoff to 5.9.0.
> So starting from that version, we use the Linux kernel header only if
> version >= 5.9.0, else we fallback on glibc's own implementation.

Fortunately, we don't need to settle this today. 8-)

Let's stick to the 4.18 definitions for the fallback for now, and
discuss the incorporation of future changes later.

>>> +/* Ensure the compiler supports __attribute__ ((aligned)). */
>>> +_Static_assert (__alignof__ (struct rseq_cs) >= 32, "alignment");
>>> +_Static_assert (__alignof__ (struct rseq) >= 32, "alignment");
>>
>> This needs #ifndef __cplusplus or something like that. I'm surprised
>> that this passes the installed header tests.
>
> Would the following be ok ?
>
> #ifdef __cplusplus
> #define rseq_static_assert static_assert
> #else
> #define rseq_static_assert _Static_assert
> #endif
>
> /* Ensure the compiler supports __attribute__ ((aligned)). */
> rseq_static_assert (__alignof__ (struct rseq_cs) >= 32, "alignment");
> rseq_static_assert (__alignof__ (struct rseq) >= 32, "alignment");

Seems reasonable, yes. __alignof__ is still a GCC extension. C++11 has
alignof, C11 has _Alignof. So you could use something like this
(perhaps without indentation for the kernel header version):

#ifdef __cplusplus
# if __cplusplus >= 201103L
# define rseq_static_assert(x) static_assert x;
# define rseq_alignof alignof
# endif
#elif __STDC_VERSION__ >= 201112L
# define rseq_static_assert(x) _Static_assert x;
# define rseq_alignof _Alignof
#endif
#ifndef rseq_static_assert
# define rseq_static_assert /* nothing */
#endif
rseq_static_assert ((rseq_alignof__ (struct rseq_cs) >= 32, "alignment"))
rseq_static_assert ((rseq_alignof (struct rseq) >= 32, "alignment"))

And something similar for _Alignas/attribute aligned, with an error for
older standards and !__GNUC__ compilers (because neither the type nor
__thread can be represented there).

Thanks,
Florian