Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20140421231332.GA7115@brightrain.aerifal.cx>
Date: Mon, 21 Apr 2014 19:13:32 -0400
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: Changes for no-legacy-syscalls archs

Based on reports from the in-progress aarch64 port, at least the
following syscalls musl uses internally in several places are missing
on "new" archs:

- open
- stat
- pipe

I'm actually surprised it way so few, but I think that's indicative
that our test coverage is insufficient; all of the syscalls with "at"
variants or 2/3/4 variants (pipe/dup/accept) should be problems.

Anyway, as far as I can tell, of the above three, "open" is the only
one used as an inline syscall in multiple places across the source.
The others (stat and pipe) are just used via calls to the public
function, so any changes needed can be made in just one place. For
open, of the 8 uses, 3-4 are in places that need to be
namespace-protected (so we can't just call the open function, and
anyway it's a cancellation point which is problematic) and one,
__init_security, is in a place that's size-critical (linked in all
static programs) so we don't want to add a function call there anyway.
The rest of the call points are all largish functions where the inline
syscall is not making a significant difference to size.

So, for all instances except __init_security and open itself, I think
it would make sense to call an external __open function. This would
also be a nice place to tuck away the O_LARGEFILE flag, rather than
having all calling code be aware of it. We could then just add two
additional, mildly-ugly #ifdef SYS_open checks to __init_security.c
and open.c and be done with it (open itself is special because it has
to make a cancellable syscall).

Alternatively, instead of the external function __open, we could
define a macro __open, or sys_open, or similar, in internal/syscall.h
and have it expand to either an inline syscall to SYS_open or
SYS_openat depending on whether SYS_open is defined. This would avoid
any size increase and would also avoid having an #ifdef in
__init_security.

The second solution might be preferable; eventually, we could
transition to having most/all syscalls be made via sys_* function-like
macros in syscall.h, which would facilitate porting to bare-metal
without implementing a huge numeric syscall dispatch function like
what's in the kernel.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.