Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190330103814.GB18043@voyager>
Date: Sat, 30 Mar 2019 11:38:14 +0100
From: Markus Wichmann <nullplan@....net>
To: musl@...ts.openwall.com
Subject: Does TD point to itself intentionally?

Hi all,

I was looking over my old C experiments and saw an old file, trying to
use clang's address_space attribute to access something like a thread
pointer. That made me wonder how it is implemented in musl.

In most architectures, the thread pointer is just stored in a register,
and __pthread_self() will just grab it out of there. For x86_64,
something slightly similar happens: The thread pointer is stored in
FS.base, which is an MSR the kernel has to set for us, but we can read
it with FS-relative addressing.

Incidentally: Is there any interest in using the "wrfsbase" instruction
for that, where available? From a cursory first glance, it looks like
that would mean that musl would have to do the entire CPUID dance on
AMD64 and i386, and in the latter case the dance would be a bit longer
since the ID bit dance would have to preceed it.

Back to setting the thread pointer: The relevant code is in __init_tp(),
which is always called with the return value from __copy_tls(), which
points to the new thread descriptor. __init_tp() will then call
__set_thread_area() with the adjusted thread pointer, and on AMD64, this
will just call arch_prctl(SET_FS, p). Though I don't know why that
function has to be in assembly.

OK, got it. After this, FS.base will point directly at the TD, so we can
just load FS.base into any register and have a thread pointer, right?
Enter __pthread_self():

static inline struct pthread *__pthread_self()
{
	struct pthread *self;
	__asm__ ("mov %%fs:0,%0" : "=r" (self) );
	return self;
}

But that is not the same thing! This will load FS.base, and then
dereference it and load the qword it is pointing at into a register. So
how did this ever work? Well, the answer is back in __init_tp():

	td->self = td;

And of course, "self" is the first member of struct pthread.

So, now the question I've been building up to: Is that intentional? Is
there a reason for there to be a pointer pointing to itself, other than
the "mov" in __pthread_self()? Could that mov not be replaced with a
"lea" and save one useless memory access?

Ciao,
Markus

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.