Re: [PATCH glibc 1/3] glibc: Perform rseq registration at C startup and thread creation (v19)

From: Mathieu Desnoyers
Date: Mon May 25 2020 - 13:36:29 EST


----- On May 25, 2020, at 11:20 AM, Florian Weimer fweimer@xxxxxxxxxx wrote:

> * Mathieu Desnoyers:
>
>> The larger question here is: considering that we re-implement the entire
>> uapi header within glibc (which includes the uptr addition), do we still
>> care about using the header provided by the Linux kernel ?
>
> We don't care, but our users do. Eventually, they want to include
> <sys/rseq.h> and <linux/rseq.h> to get new constants that are not yet
> known to glibc.

Good point!

>
>> Having different definitions depending on whether a kernel header is
>> installed or not when including a glibc header seems rather unexpected.
>
> Indeed.
>
>> *If* we want to use the uapi header, I think something is semantically
>> missing. Here is the scheme I envision. We could rely on the kernel header
>> version.h to figure out which of glibc or kernel uapi header is more
>> recent. Any new concept we try to integrate into glibc (e.g. uptr)
>> should go into the upstream Linux uapi header first.
>
> I think we should always prefer the uapi header. The Linux version
> check does not tell you anything about backports.

Fair enough.

>
>> For the coming glibc e.g. 2.32, we use the kernel uapi header if
>> kernel version is >= 4.18.0. Within glibc, the fallback implements
>> exactly the API exposed by the kernel rseq.h header.
>
> Agreed.
>
>> As we eventually introduce the uptr change into the Linux kernel, and
>> say it gets merged for Linux 5.9.0, we mirror this change into glibc
>> (e.g. release 2.33), and bump the Linux kernel version cutoff to 5.9.0.
>> So starting from that version, we use the Linux kernel header only if
>> version >= 5.9.0, else we fallback on glibc's own implementation.
>
> Fortunately, we don't need to settle this today. 8-)
>
> Let's stick to the 4.18 definitions for the fallback for now, and
> discuss the incorporation of future changes later.

OK

>
>>>> +/* Ensure the compiler supports __attribute__ ((aligned)). */
>>>> +_Static_assert (__alignof__ (struct rseq_cs) >= 32, "alignment");
>>>> +_Static_assert (__alignof__ (struct rseq) >= 32, "alignment");
>>>
>>> This needs #ifndef __cplusplus or something like that. I'm surprised
>>> that this passes the installed header tests.
>>
>> Would the following be ok ?
>>
>> #ifdef __cplusplus
>> #define rseq_static_assert static_assert
>> #else
>> #define rseq_static_assert _Static_assert
>> #endif
>>
>> /* Ensure the compiler supports __attribute__ ((aligned)). */
>> rseq_static_assert (__alignof__ (struct rseq_cs) >= 32, "alignment");
>> rseq_static_assert (__alignof__ (struct rseq) >= 32, "alignment");
>
> Seems reasonable, yes. __alignof__ is still a GCC extension. C++11 has
> alignof, C11 has _Alignof. So you could use something like this
> (perhaps without indentation for the kernel header version):
>
> #ifdef __cplusplus
> # if __cplusplus >= 201103L
> # define rseq_static_assert(x) static_assert x;
> # define rseq_alignof alignof
> # endif
> #elif __STDC_VERSION__ >= 201112L
> # define rseq_static_assert(x) _Static_assert x;
> # define rseq_alignof _Alignof
> #endif
> #ifndef rseq_static_assert
> # define rseq_static_assert /* nothing */
> #endif
> rseq_static_assert ((rseq_alignof__ (struct rseq_cs) >= 32, "alignment"))
> rseq_static_assert ((rseq_alignof (struct rseq) >= 32, "alignment"))

Something like this ?

#ifdef __cplusplus
# if __cplusplus >= 201103L
# define rseq_static_assert (expr, diagnostic) static_assert (expr, diagnostic)
# define rseq_alignof alignof
# endif
#elif __STDC_VERSION__ >= 201112L
# define rseq_static_assert (expr, diagnostic) _Static_assert (expr, diagnostic)
# define rseq_alignof _Alignof
#endif

#ifndef rseq_static_assert
# define rseq_static_assert (expr, diagnostic) /* nothing */
#endif

/* Ensure the compiler supports __attribute__ ((aligned)). */
rseq_static_assert ((rseq_alignof (struct rseq_cs) >= 32, "alignment"));
rseq_static_assert ((rseq_alignof (struct rseq) >= 32, "alignment"));

> And something similar for _Alignas/attribute aligned,

I don't see where _Alignas is needed here ?

For attribute aligned, what would be the oldest supported C and C++
standards ?

> with an error for
> older standards and !__GNUC__ compilers (because neither the type nor
> __thread can be represented there).

By "type" you mean "struct rseq" here ? What does it contain that requires
a __GNUC__ compiler ?

About __thread, I recall other compilers have other means to declare it.
In liburcu, I end up with the following:

#if defined (__cplusplus) && (__cplusplus >= 201103L)
# define URCU_TLS_STORAGE_CLASS thread_local
#elif defined (__STDC_VERSION__) && (__STDC_VERSION__ >= 201112L)
# define URCU_TLS_STORAGE_CLASS _Thread_local
#elif defined (_MSC_VER)
# define URCU_TLS_STORAGE_CLASS __declspec(thread)
#else
# define URCU_TLS_STORAGE_CLASS __thread
#endif

Would something along those lines be OK for libc ?

Thanks,

Mathieu

--
Mathieu Desnoyers
EfficiOS Inc.
http://www.efficios.com