Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20140422000321.GK26358@brightrain.aerifal.cx>
Date: Mon, 21 Apr 2014 20:03:21 -0400
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: Re: Changes for no-legacy-syscalls archs

On Mon, Apr 21, 2014 at 06:38:12PM -0500, Josiah Worcester wrote:
> On Mon, Apr 21, 2014 at 6:13 PM, Rich Felker <dalias@...c.org> wrote:
> 
> > Based on reports from the in-progress aarch64 port, at least the
> > following syscalls musl uses internally in several places are missing
> > on "new" archs:
> >
> > - open
> > - stat
> > - pipe
> >
> > I'm actually surprised it way so few, but I think that's indicative
> > that our test coverage is insufficient; all of the syscalls with "at"
> > variants or 2/3/4 variants (pipe/dup/accept) should be problems.
> >
> 
> The complete list of variants missing from new ports can be seen in
> include/uapi/asm-generic/unistd.h in the kernel tree, under the
> __ARCH_WANT_SYSCALL_NO_AT, __ARCH_WANT_SYSCALL_NO_FLAGS, and
> __ARCH_WANT_SYSCALL_DEPRECATED #ifdefs. As far as I'm aware this should
> apply to all future Linux archs, as the current Linux development policy is
> to use arch-generic constants for anything new, rather than the crazy
> approach of matching some old API.

Thanks. I'll check these.

> > Anyway, as far as I can tell, of the above three, "open" is the only
> > one used as an inline syscall in multiple places across the source.
> > The others (stat and pipe) are just used via calls to the public
> > function, so any changes needed can be made in just one place. For
> > open, of the 8 uses, 3-4 are in places that need to be
> > namespace-protected (so we can't just call the open function, and
> > anyway it's a cancellation point which is problematic) and one,
> > __init_security, is in a place that's size-critical (linked in all
> > static programs) so we don't want to add a function call there anyway.
> > The rest of the call points are all largish functions where the inline
> > syscall is not making a significant difference to size.
> >
> > So, for all instances except __init_security and open itself, I think
> > it would make sense to call an external __open function. This would
> > also be a nice place to tuck away the O_LARGEFILE flag, rather than
> > having all calling code be aware of it. We could then just add two
> > additional, mildly-ugly #ifdef SYS_open checks to __init_security.c
> > and open.c and be done with it (open itself is special because it has
> > to make a cancellable syscall).
> >
> > Alternatively, instead of the external function __open, we could
> > define a macro __open, or sys_open, or similar, in internal/syscall.h
> > and have it expand to either an inline syscall to SYS_open or
> > SYS_openat depending on whether SYS_open is defined. This would avoid
> > any size increase and would also avoid having an #ifdef in
> > __init_security.
> >
> > The second solution might be preferable; eventually, we could
> > transition to having most/all syscalls be made via sys_* function-like
> > macros in syscall.h, which would facilitate porting to bare-metal
> > without implementing a huge numeric syscall dispatch function like
> > what's in the kernel.
> >
> 
> 
> I rather like this approach to doing the syscalls, as it does make it
> notably easier to port musl to environments where the numeric syscall
> dispatch function is not very nice. However, I would think it'd be
> preferable to switch to this for all the system calls rather than just have
> a single sys_open macro. So, for the minimally-invasive approach, I feel
> that just doing the #ifdef in the two places it's needed is nicer
> (particularly as it doesn't restrict you from switching to the sys_* macros
> in the future).

Indeed; also switching to the "bare-metal-friendly" system would
require a way to make both cancellable and non-cancellable variants of
the syscall.

However the change is not just #ifdef in two places. It's #ifdef in
two places, plus changing all other uses to call an external function
__open or similar, which would require either finding a place to put a
prototype for it, or duplicating the prototype all over the place
(which is error-prone). This is why I kinda like the syscall.h
solution anyway: it provides a nice place to put the prototype or
macro definition, and we can use a macro rather than an external
function and avoid one of the ifdefs (the "__init_security" one that's
now in __init_libc since I flattened some code).

Basically, the syscall.h approach is both easier/simpler and closer to
what we might want to do in the long term. That's why I kinda lean
towards it.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.