Linux: Perform rseq registration at C startup and thread creation

Register rseq TLS for each thread (including main), and unregister for
each thread (excluding main).  "rseq" stands for Restartable Sequences.

See the rseq(2) man page proposed here:
  https://lkml.org/lkml/2018/9/19/647

Those are based on glibc master branch commit 3ee1e0ec5c.
The rseq system call was merged into Linux 4.18.

The TLS_STATIC_SURPLUS define is increased to leave additional room for
dlopen'd initial-exec TLS, which keeps elf/tst-auditmany working.

The increase (76 bytes) is larger than 32 bytes because it has not been
increased in quite a while.  The cost in terms of additional TLS storage
is quite significant, but it will also obscure some initial-exec-related
dlopen failures.
This commit is contained in:
Mathieu Desnoyers 2020-07-06 10:21:16 +02:00 committed by Florian Weimer
parent f9cf873537
commit 0c76fc3c2b
48 changed files with 781 additions and 3 deletions

10
NEWS
View File

@ -31,6 +31,16 @@ Major new features:
pthread_attr_getsigmask_np have been added. They allow applications
to specify the signal mask of a thread created with pthread_create.
* Support for automatically registering threads with the Linux rseq
system call has been added. This system call is implemented starting
from Linux 4.18. The Restartable Sequences ABI accelerates user-space
operations on per-cpu data. It allows user-space to perform updates
on per-cpu data without requiring heavy-weight atomic operations.
Automatically registering threads allows all libraries, including libc,
to make immediate use of the rseq support by using the documented ABI.
The GNU C Library manual has details on integration of Restartable
Sequences.
Deprecated and removed features, and other changes affecting compatibility:
* The deprecated <sys/sysctl.h> header and the sysctl function have been

View File

@ -31,7 +31,7 @@
/* Amount of excess space to allocate in the static TLS area
to allow dynamic loading of modules defining IE-model TLS data. */
#define TLS_STATIC_SURPLUS 64 + DL_NNS * 100
#define TLS_STATIC_SURPLUS 64 + DL_NNS * 176
/* Out-of-memory handler. */
@ -134,6 +134,12 @@ void
_dl_determine_tlsoffset (void)
{
size_t max_align = TLS_TCB_ALIGN;
/* libc.so with rseq has TLS with 32-byte alignment. Since TLS is
initialized before audit modules are loaded and slotinfo
information is available, this is not taken into account below in
the audit case. */
max_align = MAX (max_align, 32U);
size_t freetop = 0;
size_t freebottom = 0;

View File

@ -18,10 +18,14 @@
#include <ctype.h>
#include <libc-early-init.h>
#include <rseq-internal.h>
void
__libc_early_init (_Bool initial)
{
/* Initialize ctype data. */
__ctype_init ();
/* Register rseq ABI to the kernel for the main program's libc. */
if (initial)
rseq_register_current_thread ();
}

View File

@ -628,6 +628,8 @@ the standard.
* Initial Thread Signal Mask:: Setting the initial mask of threads.
* Waiting with Explicit Clocks:: Functions for waiting with an
explicit clock specification.
* Restartable Sequences:: Linux-specific Restartable Sequences
integration.
@end menu
@node Default Thread Attributes
@ -843,6 +845,68 @@ Behaves like @code{pthread_timedjoin_np} except that the absolute time in
@var{abstime} is measured against the clock specified by @var{clockid}.
@end deftypefun
@node Restartable Sequences
@subsubsection Restartable Sequences
This section describes Restartable Sequences integration for
@theglibc{}. This functionality is only available on Linux.
@deftypevar {struct rseq} __rseq_abi
@standards{Linux, sys/rseq.h}
@Theglibc{} implements a @code{__rseq_abi} TLS symbol to interact with
the Restartable Sequences system call. The layout of this structure is
defined by the @file{sys/rseq.h} header. Registration of each thread's
@code{__rseq_abi} is performed by @theglibc{} at library initialization
and thread creation. The manual for the rseq system call can be found
at @uref{https://git.kernel.org/pub/scm/libs/librseq/librseq.git/tree/doc/man/rseq.2}.
The main executable and shared libraries may either have an undefined
@code{__rseq_abi} TLS symbol, or define their own, with the same
declaration as the one present in @file{sys/rseq.h}. The dynamic linker
will ensure that only one of those available symbols will be used at
runtime across the process.
If the main executable or shared libraries observe an uninitialized
@code{__rseq_abi.cpu_id} field (value @code{RSEQ_CPU_ID_UNINITIALIZED}),
they may perform rseq registration to the kernel: this means either
glibc was prevented from doing the registration, or an older glibc
version, which does not include rseq support, is in use. When the main
executable or a library thus takes ownership of the registration, the
memory used to hold the @code{__rseq_abi} TLS variable must stay
allocated, and is not re-used, until the very end of the thread lifetime
or until an explicit rseq unregistration for that thread is performed.
It is not recommended to @code{dlclose} libraries owning the
@code{__rseq_abi} TLS variable.
Users of the @code{__rseq_abi} TLS symbol can store the address of a
@code{struct rseq_cs} to the @code{__rseq_abi.rseq_cs} TLS variable,
thus informing the kernel that it enters a Restartable Sequence critical
section. This pointer and the code areas it itself points to must not
be left pointing to memory areas which are freed or re-used. Several
approaches can guarantee this. If the application or library can
guarantee that the memory used to hold the @code{struct rseq_cs} and the
code areas it refers to are never freed or re-used, no special action
must be taken. Else, before that memory is re-used of freed, the
application is responsible for setting the @code{__rseq_abi.rseq_cs} TLS
variable to @code{NULL} in each thread's TLS to guarantee that it does
not leak dangling references. Because the application does not
typically have knowledge of libraries' use of Restartable Sequences, it
is recommended that libraries using Restartable Sequences which may end
up freeing or re-using their memory set the @code{__rseq_abi.rseq_cs}
TLS variable to @code{NULL} before returning from library functions
which use Restartable Sequences.
@end deftypevar
@deftypevr Macro int RSEQ_SIG
@standards{Linux, sys/rseq.h}
Each supported architecture provides a @code{RSEQ_SIG} macro in
@file{sys/rseq.h} which contains a signature. That signature is
expected to be present in the code before each Restartable Sequences
abort handler. Failure to provide the expected signature may terminate
the process with a segmentation fault.
@end deftypevr
@c FIXME these are undocumented:
@c pthread_atfork
@c pthread_attr_destroy

View File

@ -33,6 +33,7 @@
#include <default-sched.h>
#include <futex-internal.h>
#include <tls-setup.h>
#include <rseq-internal.h>
#include "libioP.h"
#include <shlib-compat.h>
@ -384,6 +385,9 @@ START_THREAD_DEFN
/* Initialize pointers to locale data. */
__ctype_init ();
/* Register rseq TLS to the kernel. */
rseq_register_current_thread ();
#ifndef __ASSUME_SET_ROBUST_LIST
if (__set_robust_list_avail >= 0)
#endif
@ -580,6 +584,15 @@ START_THREAD_DEFN
process is really dead since 'clone' got passed the CLONE_CHILD_CLEARTID
flag. The 'tid' field in the TCB will be set to zero.
rseq TLS is still registered at this point. Rely on implicit
unregistration performed by the kernel on thread teardown. This is not a
problem because the rseq TLS lives on the stack, and the stack outlives
the thread. If TCB allocation is ever changed, additional steps may be
required, such as performing explicit rseq unregistration before
reclaiming the rseq TLS area memory. It is NOT sufficient to block
signals because the kernel may write to the rseq area even without
signals.
The exit code is zero since in case all threads exit by calling
'pthread_exit' the exit status must be 0 (zero). */
__exit_thread ();

View File

@ -0,0 +1,26 @@
/* Restartable Sequences internal API. Stub version.
Copyright (C) 2020 Free Software Foundation, Inc.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, see
<https://www.gnu.org/licenses/>. */
#ifndef RSEQ_INTERNAL_H
#define RSEQ_INTERNAL_H
static inline void
rseq_register_current_thread (void)
{
}
#endif /* rseq-internal.h */

View File

@ -41,7 +41,7 @@ update-syscall-lists: arch-syscall.h
endif
ifeq ($(subdir),csu)
sysdep_routines += errno-loc
sysdep_routines += errno-loc rseq-sym
endif
ifeq ($(subdir),assert)
@ -92,7 +92,8 @@ sysdep_headers += sys/mount.h sys/acct.h \
bits/termios-c_lflag.h bits/termios-tcflow.h \
bits/termios-misc.h \
bits/types/struct_semid_ds.h \
bits/ipc-perm.h
bits/ipc-perm.h \
sys/rseq.h bits/rseq.h
tests += tst-clone tst-clone2 tst-clone3 tst-fanotify tst-personality \
tst-quota tst-sync_file_range tst-sysconf-iov_max tst-ttyname \

View File

@ -178,6 +178,7 @@ libc {
getdents64; gettid; tgkill;
}
GLIBC_2.32 {
__rseq_abi;
}
GLIBC_PRIVATE {
# functions used in other libraries

View File

@ -0,0 +1,43 @@
/* Restartable Sequences Linux aarch64 architecture header.
Copyright (C) 2020 Free Software Foundation, Inc.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, see
<https://www.gnu.org/licenses/>. */
#ifndef _SYS_RSEQ_H
# error "Never use <bits/rseq.h> directly; include <sys/rseq.h> instead."
#endif
/* RSEQ_SIG is a signature required before each abort handler code.
It is a 32-bit value that maps to actual architecture code compiled
into applications and libraries. It needs to be defined for each
architecture. When choosing this value, it needs to be taken into
account that generating invalid instructions may have ill effects on
tools like objdump, and may also have impact on the CPU speculative
execution efficiency in some cases.
aarch64 -mbig-endian generates mixed endianness code vs data:
little-endian code and big-endian data. Ensure the RSEQ_SIG signature
matches code endianness. */
#define RSEQ_SIG_CODE 0xd428bc00 /* BRK #0x45E0. */
#ifdef __AARCH64EB__
# define RSEQ_SIG_DATA 0x00bc28d4 /* BRK #0x45E0. */
#else
# define RSEQ_SIG_DATA RSEQ_SIG_CODE
#endif
#define RSEQ_SIG RSEQ_SIG_DATA

View File

@ -2149,6 +2149,7 @@ GLIBC_2.30 getdents64 F
GLIBC_2.30 gettid F
GLIBC_2.30 tgkill F
GLIBC_2.30 twalk_r F
GLIBC_2.32 __rseq_abi T 0x20
GLIBC_2.32 pthread_attr_getsigmask_np F
GLIBC_2.32 pthread_attr_setaffinity_np F
GLIBC_2.32 pthread_attr_setsigmask_np F

View File

@ -2231,6 +2231,7 @@ GLIBC_2.30 getdents64 F
GLIBC_2.30 gettid F
GLIBC_2.30 tgkill F
GLIBC_2.30 twalk_r F
GLIBC_2.32 __rseq_abi T 0x20
GLIBC_2.32 pthread_attr_getsigmask_np F
GLIBC_2.32 pthread_attr_setaffinity_np F
GLIBC_2.32 pthread_attr_setsigmask_np F

View File

@ -133,6 +133,7 @@ GLIBC_2.30 twalk_r F
GLIBC_2.31 msgctl F
GLIBC_2.31 semctl F
GLIBC_2.31 shmctl F
GLIBC_2.32 __rseq_abi T 0x20
GLIBC_2.32 pthread_attr_getsigmask_np F
GLIBC_2.32 pthread_attr_setaffinity_np F
GLIBC_2.32 pthread_attr_setsigmask_np F

View File

@ -0,0 +1,83 @@
/* Restartable Sequences Linux arm architecture header.
Copyright (C) 2020 Free Software Foundation, Inc.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, see
<https://www.gnu.org/licenses/>. */
#ifndef _SYS_RSEQ_H
# error "Never use <bits/rseq.h> directly; include <sys/rseq.h> instead."
#endif
/*
RSEQ_SIG is a signature required before each abort handler code.
It is a 32-bit value that maps to actual architecture code compiled
into applications and libraries. It needs to be defined for each
architecture. When choosing this value, it needs to be taken into
account that generating invalid instructions may have ill effects on
tools like objdump, and may also have impact on the CPU speculative
execution efficiency in some cases.
- ARM little endian
RSEQ_SIG uses the udf A32 instruction with an uncommon immediate operand
value 0x5de3. This traps if user-space reaches this instruction by mistake,
and the uncommon operand ensures the kernel does not move the instruction
pointer to attacker-controlled code on rseq abort.
The instruction pattern in the A32 instruction set is:
e7f5def3 udf #24035 ; 0x5de3
This translates to the following instruction pattern in the T16 instruction
set:
little endian:
def3 udf #243 ; 0xf3
e7f5 b.n <7f5>
- ARMv6+ big endian (BE8):
ARMv6+ -mbig-endian generates mixed endianness code vs data: little-endian
code and big-endian data. The data value of the signature needs to have its
byte order reversed to generate the trap instruction:
Data: 0xf3def5e7
Translates to this A32 instruction pattern:
e7f5def3 udf #24035 ; 0x5de3
Translates to this T16 instruction pattern:
def3 udf #243 ; 0xf3
e7f5 b.n <7f5>
- Prior to ARMv6 big endian (BE32):
Prior to ARMv6, -mbig-endian generates big-endian code and data
(which match), so the endianness of the data representation of the
signature should not be reversed. However, the choice between BE32
and BE8 is done by the linker, so we cannot know whether code and
data endianness will be mixed before the linker is invoked. So rather
than try to play tricks with the linker, the rseq signature is simply
data (not a trap instruction) prior to ARMv6 on big endian. This is
why the signature is expressed as data (.word) rather than as
instruction (.inst) in assembler. */
#ifdef __ARMEB__
# define RSEQ_SIG 0xf3def5e7 /* udf #24035 ; 0x5de3 (ARMv6+) */
#else
# define RSEQ_SIG 0xe7f5def3 /* udf #24035 ; 0x5de3 */
#endif

View File

@ -130,6 +130,7 @@ GLIBC_2.30 getdents64 F
GLIBC_2.30 gettid F
GLIBC_2.30 tgkill F
GLIBC_2.30 twalk_r F
GLIBC_2.32 __rseq_abi T 0x20
GLIBC_2.32 pthread_attr_getsigmask_np F
GLIBC_2.32 pthread_attr_setaffinity_np F
GLIBC_2.32 pthread_attr_setsigmask_np F

View File

@ -0,0 +1,29 @@
/* Restartable Sequences architecture header. Stub version.
Copyright (C) 2020 Free Software Foundation, Inc.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, see
<https://www.gnu.org/licenses/>. */
#ifndef _SYS_RSEQ_H
# error "Never use <bits/rseq.h> directly; include <sys/rseq.h> instead."
#endif
/* RSEQ_SIG is a signature required before each abort handler code.
It is a 32-bit value that maps to actual architecture code compiled
into applications and libraries. It needs to be defined for each
architecture. When choosing this value, it needs to be taken into
account that generating invalid instructions may have ill effects on
tools like objdump, and may also have impact on the CPU speculative
execution efficiency in some cases. */

View File

@ -2093,6 +2093,7 @@ GLIBC_2.30 getdents64 F
GLIBC_2.30 gettid F
GLIBC_2.30 tgkill F
GLIBC_2.30 twalk_r F
GLIBC_2.32 __rseq_abi T 0x20
GLIBC_2.32 pthread_attr_getsigmask_np F
GLIBC_2.32 pthread_attr_setaffinity_np F
GLIBC_2.32 pthread_attr_setsigmask_np F

View File

@ -2052,6 +2052,7 @@ GLIBC_2.30 getdents64 F
GLIBC_2.30 gettid F
GLIBC_2.30 tgkill F
GLIBC_2.30 twalk_r F
GLIBC_2.32 __rseq_abi T 0x20
GLIBC_2.32 pthread_attr_getsigmask_np F
GLIBC_2.32 pthread_attr_setaffinity_np F
GLIBC_2.32 pthread_attr_setsigmask_np F

View File

@ -2218,6 +2218,7 @@ GLIBC_2.30 getdents64 F
GLIBC_2.30 gettid F
GLIBC_2.30 tgkill F
GLIBC_2.30 twalk_r F
GLIBC_2.32 __rseq_abi T 0x20
GLIBC_2.32 pthread_attr_getsigmask_np F
GLIBC_2.32 pthread_attr_setaffinity_np F
GLIBC_2.32 pthread_attr_setsigmask_np F

View File

@ -2084,6 +2084,7 @@ GLIBC_2.30 getdents64 F
GLIBC_2.30 gettid F
GLIBC_2.30 tgkill F
GLIBC_2.30 twalk_r F
GLIBC_2.32 __rseq_abi T 0x20
GLIBC_2.32 pthread_attr_getsigmask_np F
GLIBC_2.32 pthread_attr_setaffinity_np F
GLIBC_2.32 pthread_attr_setsigmask_np F

View File

@ -134,6 +134,7 @@ GLIBC_2.30 twalk_r F
GLIBC_2.31 msgctl F
GLIBC_2.31 semctl F
GLIBC_2.31 shmctl F
GLIBC_2.32 __rseq_abi T 0x20
GLIBC_2.32 pthread_attr_getsigmask_np F
GLIBC_2.32 pthread_attr_setaffinity_np F
GLIBC_2.32 pthread_attr_setsigmask_np F

View File

@ -2164,6 +2164,7 @@ GLIBC_2.30 twalk_r F
GLIBC_2.31 msgctl F
GLIBC_2.31 semctl F
GLIBC_2.31 shmctl F
GLIBC_2.32 __rseq_abi T 0x20
GLIBC_2.32 pthread_attr_getsigmask_np F
GLIBC_2.32 pthread_attr_setaffinity_np F
GLIBC_2.32 pthread_attr_setsigmask_np F

View File

@ -2144,6 +2144,7 @@ GLIBC_2.30 twalk_r F
GLIBC_2.31 msgctl F
GLIBC_2.31 semctl F
GLIBC_2.31 shmctl F
GLIBC_2.32 __rseq_abi T 0x20
GLIBC_2.32 pthread_attr_getsigmask_np F
GLIBC_2.32 pthread_attr_setaffinity_np F
GLIBC_2.32 pthread_attr_setsigmask_np F

View File

@ -2141,6 +2141,7 @@ GLIBC_2.30 getdents64 F
GLIBC_2.30 gettid F
GLIBC_2.30 tgkill F
GLIBC_2.30 twalk_r F
GLIBC_2.32 __rseq_abi T 0x20
GLIBC_2.32 pthread_attr_getsigmask_np F
GLIBC_2.32 pthread_attr_setaffinity_np F
GLIBC_2.32 pthread_attr_setsigmask_np F

View File

@ -0,0 +1,62 @@
/* Restartable Sequences Linux mips architecture header.
Copyright (C) 2020 Free Software Foundation, Inc.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, see
<https://www.gnu.org/licenses/>. */
#ifndef _SYS_RSEQ_H
# error "Never use <bits/rseq.h> directly; include <sys/rseq.h> instead."
#endif
/* RSEQ_SIG is a signature required before each abort handler code.
It is a 32-bit value that maps to actual architecture code compiled
into applications and libraries. It needs to be defined for each
architecture. When choosing this value, it needs to be taken into
account that generating invalid instructions may have ill effects on
tools like objdump, and may also have impact on the CPU speculative
execution efficiency in some cases.
RSEQ_SIG uses the break instruction. The instruction pattern is:
On MIPS:
0350000d break 0x350
On nanoMIPS:
00100350 break 0x350
On microMIPS:
0000d407 break 0x350
For nanoMIPS32 and microMIPS, the instruction stream is encoded as
16-bit halfwords, so the signature halfwords need to be swapped
accordingly for little-endian. */
#if defined (__nanomips__)
# ifdef __MIPSEL__
# define RSEQ_SIG 0x03500010
# else
# define RSEQ_SIG 0x00100350
# endif
#elif defined (__mips_micromips)
# ifdef __MIPSEL__
# define RSEQ_SIG 0xd4070000
# else
# define RSEQ_SIG 0x0000d407
# endif
#elif defined (__mips__)
# define RSEQ_SIG 0x0350000d
#else
/* Unknown MIPS architecture. */
#endif

View File

@ -2135,6 +2135,7 @@ GLIBC_2.30 getdents64 F
GLIBC_2.30 gettid F
GLIBC_2.30 tgkill F
GLIBC_2.30 twalk_r F
GLIBC_2.32 __rseq_abi T 0x20
GLIBC_2.32 pthread_attr_getsigmask_np F
GLIBC_2.32 pthread_attr_setaffinity_np F
GLIBC_2.32 pthread_attr_setsigmask_np F

View File

@ -2133,6 +2133,7 @@ GLIBC_2.30 getdents64 F
GLIBC_2.30 gettid F
GLIBC_2.30 tgkill F
GLIBC_2.30 twalk_r F
GLIBC_2.32 __rseq_abi T 0x20
GLIBC_2.32 pthread_attr_getsigmask_np F
GLIBC_2.32 pthread_attr_setaffinity_np F
GLIBC_2.32 pthread_attr_setsigmask_np F

View File

@ -2141,6 +2141,7 @@ GLIBC_2.30 getdents64 F
GLIBC_2.30 gettid F
GLIBC_2.30 tgkill F
GLIBC_2.30 twalk_r F
GLIBC_2.32 __rseq_abi T 0x20
GLIBC_2.32 pthread_attr_getsigmask_np F
GLIBC_2.32 pthread_attr_setaffinity_np F
GLIBC_2.32 pthread_attr_setsigmask_np F

View File

@ -2135,6 +2135,7 @@ GLIBC_2.30 getdents64 F
GLIBC_2.30 gettid F
GLIBC_2.30 tgkill F
GLIBC_2.30 twalk_r F
GLIBC_2.32 __rseq_abi T 0x20
GLIBC_2.32 pthread_attr_getsigmask_np F
GLIBC_2.32 pthread_attr_setaffinity_np F
GLIBC_2.32 pthread_attr_setsigmask_np F

View File

@ -2182,6 +2182,7 @@ GLIBC_2.30 getdents64 F
GLIBC_2.30 gettid F
GLIBC_2.30 tgkill F
GLIBC_2.30 twalk_r F
GLIBC_2.32 __rseq_abi T 0x20
GLIBC_2.32 pthread_attr_getsigmask_np F
GLIBC_2.32 pthread_attr_setaffinity_np F
GLIBC_2.32 pthread_attr_setsigmask_np F

View File

@ -0,0 +1,37 @@
/* Restartable Sequences Linux powerpc architecture header.
Copyright (C) 2020 Free Software Foundation, Inc.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, see
<https://www.gnu.org/licenses/>. */
#ifndef _SYS_RSEQ_H
# error "Never use <bits/rseq.h> directly; include <sys/rseq.h> instead."
#endif
/* RSEQ_SIG is a signature required before each abort handler code.
It is a 32-bit value that maps to actual architecture code compiled
into applications and libraries. It needs to be defined for each
architecture. When choosing this value, it needs to be taken into
account that generating invalid instructions may have ill effects on
tools like objdump, and may also have impact on the CPU speculative
execution efficiency in some cases.
RSEQ_SIG uses the following trap instruction:
powerpc-be: 0f e5 00 0b twui r5,11
powerpc64-le: 0b 00 e5 0f twui r5,11
powerpc64-be: 0f e5 00 0b twui r5,11 */
#define RSEQ_SIG 0x0fe5000b

View File

@ -2191,6 +2191,7 @@ GLIBC_2.30 getdents64 F
GLIBC_2.30 gettid F
GLIBC_2.30 tgkill F
GLIBC_2.30 twalk_r F
GLIBC_2.32 __rseq_abi T 0x20
GLIBC_2.32 pthread_attr_getsigmask_np F
GLIBC_2.32 pthread_attr_setaffinity_np F
GLIBC_2.32 pthread_attr_setsigmask_np F

View File

@ -2224,6 +2224,7 @@ GLIBC_2.30 getdents64 F
GLIBC_2.30 gettid F
GLIBC_2.30 tgkill F
GLIBC_2.30 twalk_r F
GLIBC_2.32 __rseq_abi T 0x20
GLIBC_2.32 pthread_attr_getsigmask_np F
GLIBC_2.32 pthread_attr_setaffinity_np F
GLIBC_2.32 pthread_attr_setsigmask_np F

View File

@ -2054,6 +2054,7 @@ GLIBC_2.30 getdents64 F
GLIBC_2.30 gettid F
GLIBC_2.30 tgkill F
GLIBC_2.30 twalk_r F
GLIBC_2.32 __rseq_abi T 0x20
GLIBC_2.32 pthread_attr_getsigmask_np F
GLIBC_2.32 pthread_attr_setaffinity_np F
GLIBC_2.32 pthread_attr_setsigmask_np F

View File

@ -2291,6 +2291,7 @@ GLIBC_2.32 __qecvtieee128_r F
GLIBC_2.32 __qfcvtieee128 F
GLIBC_2.32 __qfcvtieee128_r F
GLIBC_2.32 __qgcvtieee128 F
GLIBC_2.32 __rseq_abi T 0x20
GLIBC_2.32 __scanfieee128 F
GLIBC_2.32 __snprintf_chkieee128 F
GLIBC_2.32 __snprintfieee128 F

View File

@ -2111,6 +2111,7 @@ GLIBC_2.30 getdents64 F
GLIBC_2.30 gettid F
GLIBC_2.30 tgkill F
GLIBC_2.30 twalk_r F
GLIBC_2.32 __rseq_abi T 0x20
GLIBC_2.32 pthread_attr_getsigmask_np F
GLIBC_2.32 pthread_attr_setaffinity_np F
GLIBC_2.32 pthread_attr_setsigmask_np F

View File

@ -0,0 +1,73 @@
/* Restartable Sequences internal API. Linux implementation.
Copyright (C) 2020 Free Software Foundation, Inc.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, see
<https://www.gnu.org/licenses/>. */
#ifndef RSEQ_INTERNAL_H
#define RSEQ_INTERNAL_H
#include <sysdep.h>
#include <errno.h>
#include <kernel-features.h>
#include <stdio.h>
#include <sys/rseq.h>
#ifdef RSEQ_SIG
static inline void
rseq_register_current_thread (void)
{
int ret;
if (__rseq_abi.cpu_id != RSEQ_CPU_ID_UNINITIALIZED)
__libc_fatal ("glibc fatal error: "
"rseq already initialized for this thread\n");
ret = INTERNAL_SYSCALL_CALL (rseq, &__rseq_abi, sizeof (struct rseq),
0, RSEQ_SIG);
if (INTERNAL_SYSCALL_ERROR_P (ret))
{
const char *msg = NULL;
switch (INTERNAL_SYSCALL_ERRNO (ret))
{
case ENOSYS: /* rseq system call not implemented. */
case EPERM: /* rseq system call filtered by seccomp. */
case EACCES: /* rseq system call filtered by seccomp. */
__rseq_abi.cpu_id = RSEQ_CPU_ID_REGISTRATION_FAILED;
break;
case EBUSY:
msg = "glibc fatal error: rseq already registered for this thread\n";
break;
case EFAULT:
msg = "glibc fatal error: rseq parameter is an invalid address\n";
break;
case EINVAL:
msg = "glibc fatal error: rseq parameters are invalid\n";
break;
default:
msg = "glibc fatal error: unexpected rseq errno\n";
break;
}
if (msg != NULL)
__libc_fatal (msg);
}
}
#else /* RSEQ_SIG */
static inline void
rseq_register_current_thread (void)
{
}
#endif /* RSEQ_SIG */
#endif /* rseq-internal.h */

View File

@ -0,0 +1,26 @@
/* Restartable Sequences exported symbols. Linux Implementation.
Copyright (C) 2020 Free Software Foundation, Inc.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, see
<https://www.gnu.org/licenses/>. */
#include <sys/syscall.h>
#include <stdint.h>
#include <kernel-features.h>
#include <sys/rseq.h>
__thread struct rseq __rseq_abi =
{
.cpu_id = RSEQ_CPU_ID_UNINITIALIZED,
};

View File

@ -0,0 +1,37 @@
/* Restartable Sequences Linux s390 architecture header.
Copyright (C) 2020 Free Software Foundation, Inc.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, see
<https://www.gnu.org/licenses/>. */
#ifndef _SYS_RSEQ_H
# error "Never use <bits/rseq.h> directly; include <sys/rseq.h> instead."
#endif
/* RSEQ_SIG is a signature required before each abort handler code.
It is a 32-bit value that maps to actual architecture code compiled
into applications and libraries. It needs to be defined for each
architecture. When choosing this value, it needs to be taken into
account that generating invalid instructions may have ill effects on
tools like objdump, and may also have impact on the CPU speculative
execution efficiency in some cases.
RSEQ_SIG uses the trap4 instruction. As Linux does not make use of the
access-register mode nor the linkage stack this instruction will always
cause a special-operation exception (the trap-enabled bit in the DUCT
is and will stay 0). The instruction pattern is
b2 ff 0f ff trap4 4095(%r0) */
#define RSEQ_SIG 0xB2FF0FFF

View File

@ -2189,6 +2189,7 @@ GLIBC_2.30 twalk_r F
GLIBC_2.31 msgctl F
GLIBC_2.31 semctl F
GLIBC_2.31 shmctl F
GLIBC_2.32 __rseq_abi T 0x20
GLIBC_2.32 pthread_attr_getsigmask_np F
GLIBC_2.32 pthread_attr_setaffinity_np F
GLIBC_2.32 pthread_attr_setsigmask_np F

View File

@ -2090,6 +2090,7 @@ GLIBC_2.30 getdents64 F
GLIBC_2.30 gettid F
GLIBC_2.30 tgkill F
GLIBC_2.30 twalk_r F
GLIBC_2.32 __rseq_abi T 0x20
GLIBC_2.32 pthread_attr_getsigmask_np F
GLIBC_2.32 pthread_attr_setaffinity_np F
GLIBC_2.32 pthread_attr_setsigmask_np F

View File

@ -2059,6 +2059,7 @@ GLIBC_2.30 twalk_r F
GLIBC_2.31 msgctl F
GLIBC_2.31 semctl F
GLIBC_2.31 shmctl F
GLIBC_2.32 __rseq_abi T 0x20
GLIBC_2.32 pthread_attr_getsigmask_np F
GLIBC_2.32 pthread_attr_setaffinity_np F
GLIBC_2.32 pthread_attr_setsigmask_np F

View File

@ -2056,6 +2056,7 @@ GLIBC_2.30 getdents64 F
GLIBC_2.30 gettid F
GLIBC_2.30 tgkill F
GLIBC_2.30 twalk_r F
GLIBC_2.32 __rseq_abi T 0x20
GLIBC_2.32 pthread_attr_getsigmask_np F
GLIBC_2.32 pthread_attr_setaffinity_np F
GLIBC_2.32 pthread_attr_setsigmask_np F

View File

@ -2180,6 +2180,7 @@ GLIBC_2.30 getdents64 F
GLIBC_2.30 gettid F
GLIBC_2.30 tgkill F
GLIBC_2.30 twalk_r F
GLIBC_2.32 __rseq_abi T 0x20
GLIBC_2.32 pthread_attr_getsigmask_np F
GLIBC_2.32 pthread_attr_setaffinity_np F
GLIBC_2.32 pthread_attr_setsigmask_np F

View File

@ -2107,6 +2107,7 @@ GLIBC_2.30 getdents64 F
GLIBC_2.30 gettid F
GLIBC_2.30 tgkill F
GLIBC_2.30 twalk_r F
GLIBC_2.32 __rseq_abi T 0x20
GLIBC_2.32 pthread_attr_getsigmask_np F
GLIBC_2.32 pthread_attr_setaffinity_np F
GLIBC_2.32 pthread_attr_setsigmask_np F

View File

@ -0,0 +1,203 @@
/* Restartable Sequences exported symbols. Linux header.
Copyright (C) 2020 Free Software Foundation, Inc.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, see
<https://www.gnu.org/licenses/>. */
#ifndef _SYS_RSEQ_H
#define _SYS_RSEQ_H 1
/* Architecture-specific rseq signature. */
#include <bits/rseq.h>
#include <stdint.h>
#include <sys/cdefs.h>
#ifdef __has_include
# if __has_include ("linux/rseq.h")
# define __GLIBC_HAVE_KERNEL_RSEQ
# endif
#else
# include <linux/version.h>
# if LINUX_VERSION_CODE >= KERNEL_VERSION (4, 18, 0)
# define __GLIBC_HAVE_KERNEL_RSEQ
# endif
#endif
/* Rely on GNU extensions for older standards and tls model. */
#ifdef __GNUC__
# define __rseq_tls_model_ie __attribute__ ((__tls_model__ ("initial-exec")))
#else
/* Specifying the TLS model on the declaration is optional. */
# define __rseq_tls_model_ie /* Nothing. */
#endif
#ifdef __cplusplus
# if __cplusplus >= 201103L
# define __rseq_tls_storage_class thread_local
# endif
#elif (defined __STDC_VERSION__ ? __STDC_VERSION__ : 0) >= 201112L
# define __rseq_tls_storage_class _Thread_local
#endif
/* Fall back to __thread for TLS storage class. */
#ifndef __rseq_tls_storage_class
# define __rseq_tls_storage_class __thread
#endif
#ifdef __GLIBC_HAVE_KERNEL_RSEQ
/* We use the structures declarations from the kernel headers. */
# include <linux/rseq.h>
#else /* __GLIBC_HAVE_KERNEL_RSEQ */
/* We use a copy of the include/uapi/linux/rseq.h kernel header. */
# include <asm/byteorder.h>
enum rseq_cpu_id_state
{
RSEQ_CPU_ID_UNINITIALIZED = -1,
RSEQ_CPU_ID_REGISTRATION_FAILED = -2,
};
enum rseq_flags
{
RSEQ_FLAG_UNREGISTER = (1 << 0),
};
enum rseq_cs_flags_bit
{
RSEQ_CS_FLAG_NO_RESTART_ON_PREEMPT_BIT = 0,
RSEQ_CS_FLAG_NO_RESTART_ON_SIGNAL_BIT = 1,
RSEQ_CS_FLAG_NO_RESTART_ON_MIGRATE_BIT = 2,
};
enum rseq_cs_flags
{
RSEQ_CS_FLAG_NO_RESTART_ON_PREEMPT =
(1U << RSEQ_CS_FLAG_NO_RESTART_ON_PREEMPT_BIT),
RSEQ_CS_FLAG_NO_RESTART_ON_SIGNAL =
(1U << RSEQ_CS_FLAG_NO_RESTART_ON_SIGNAL_BIT),
RSEQ_CS_FLAG_NO_RESTART_ON_MIGRATE =
(1U << RSEQ_CS_FLAG_NO_RESTART_ON_MIGRATE_BIT),
};
/* struct rseq_cs is aligned on 32 bytes to ensure it is always
contained within a single cache-line. It is usually declared as
link-time constant data. */
struct rseq_cs
{
/* Version of this structure. */
uint32_t version;
/* enum rseq_cs_flags. */
uint32_t flags;
uint64_t start_ip;
/* Offset from start_ip. */
uint64_t post_commit_offset;
uint64_t abort_ip;
} __attribute__ ((__aligned__ (32)));
/* struct rseq is aligned on 32 bytes to ensure it is always
contained within a single cache-line.
A single struct rseq per thread is allowed. */
struct rseq
{
/* Restartable sequences cpu_id_start field. Updated by the
kernel. Read by user-space with single-copy atomicity
semantics. This field should only be read by the thread which
registered this data structure. Aligned on 32-bit. Always
contains a value in the range of possible CPUs, although the
value may not be the actual current CPU (e.g. if rseq is not
initialized). This CPU number value should always be compared
against the value of the cpu_id field before performing a rseq
commit or returning a value read from a data structure indexed
using the cpu_id_start value. */
uint32_t cpu_id_start;
/* Restartable sequences cpu_id field. Updated by the kernel.
Read by user-space with single-copy atomicity semantics. This
field should only be read by the thread which registered this
data structure. Aligned on 32-bit. Values
RSEQ_CPU_ID_UNINITIALIZED and RSEQ_CPU_ID_REGISTRATION_FAILED
have a special semantic: the former means "rseq uninitialized",
and latter means "rseq initialization failed". This value is
meant to be read within rseq critical sections and compared
with the cpu_id_start value previously read, before performing
the commit instruction, or read and compared with the
cpu_id_start value before returning a value loaded from a data
structure indexed using the cpu_id_start value. */
uint32_t cpu_id;
/* Restartable sequences rseq_cs field.
Contains NULL when no critical section is active for the current
thread, or holds a pointer to the currently active struct rseq_cs.
Updated by user-space, which sets the address of the currently
active rseq_cs at the beginning of assembly instruction sequence
block, and set to NULL by the kernel when it restarts an assembly
instruction sequence block, as well as when the kernel detects that
it is preempting or delivering a signal outside of the range
targeted by the rseq_cs. Also needs to be set to NULL by user-space
before reclaiming memory that contains the targeted struct rseq_cs.
Read and set by the kernel. Set by user-space with single-copy
atomicity semantics. This field should only be updated by the
thread which registered this data structure. Aligned on 64-bit. */
union
{
uint64_t ptr64;
# ifdef __LP64__
uint64_t ptr;
# else /* __LP64__ */
struct
{
# if (defined (__BYTE_ORDER) && (__BYTE_ORDER == __BIG_ENDIAN)) || defined (__BIG_ENDIAN)
uint32_t padding; /* Initialized to zero. */
uint32_t ptr32;
# else /* LITTLE */
uint32_t ptr32;
uint32_t padding; /* Initialized to zero. */
# endif /* ENDIAN */
} ptr;
# endif /* __LP64__ */
} rseq_cs;
/* Restartable sequences flags field.
This field should only be updated by the thread which
registered this data structure. Read by the kernel.
Mainly used for single-stepping through rseq critical sections
with debuggers.
- RSEQ_CS_FLAG_NO_RESTART_ON_PREEMPT
Inhibit instruction sequence block restart on preemption
for this thread.
- RSEQ_CS_FLAG_NO_RESTART_ON_SIGNAL
Inhibit instruction sequence block restart on signal
delivery for this thread.
- RSEQ_CS_FLAG_NO_RESTART_ON_MIGRATE
Inhibit instruction sequence block restart on migration for
this thread. */
uint32_t flags;
} __attribute__ ((__aligned__ (32)));
#endif /* __GLIBC_HAVE_KERNEL_RSEQ */
/* Allocations of struct rseq and struct rseq_cs on the heap need to
be aligned on 32 bytes. Therefore, use of malloc is discouraged
because it does not guarantee alignment. posix_memalign should be
used instead. */
extern __rseq_tls_storage_class struct rseq __rseq_abi __rseq_tls_model_ie;
#endif /* sys/rseq.h */

View File

@ -0,0 +1,30 @@
/* Restartable Sequences Linux x86 architecture header.
Copyright (C) 2020 Free Software Foundation, Inc.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, see
<https://www.gnu.org/licenses/>. */
#ifndef _SYS_RSEQ_H
# error "Never use <bits/rseq.h> directly; include <sys/rseq.h> instead."
#endif
/* RSEQ_SIG is a signature required before each abort handler code.
RSEQ_SIG is used with the following reserved undefined instructions, which
trap in user-space:
x86-32: 0f b9 3d 53 30 05 53 ud1 0x53053053,%edi
x86-64: 0f b9 3d 53 30 05 53 ud1 0x53053053(%rip),%edi */
#define RSEQ_SIG 0x53053053

View File

@ -2065,6 +2065,7 @@ GLIBC_2.30 getdents64 F
GLIBC_2.30 gettid F
GLIBC_2.30 tgkill F
GLIBC_2.30 twalk_r F
GLIBC_2.32 __rseq_abi T 0x20
GLIBC_2.32 pthread_attr_getsigmask_np F
GLIBC_2.32 pthread_attr_setaffinity_np F
GLIBC_2.32 pthread_attr_setsigmask_np F

View File

@ -2162,6 +2162,7 @@ GLIBC_2.30 getdents64 F
GLIBC_2.30 gettid F
GLIBC_2.30 tgkill F
GLIBC_2.30 twalk_r F
GLIBC_2.32 __rseq_abi T 0x20
GLIBC_2.32 pthread_attr_getsigmask_np F
GLIBC_2.32 pthread_attr_setaffinity_np F
GLIBC_2.32 pthread_attr_setsigmask_np F