----- On Jul 14, 2020, at 4:55 PM, carlos carlos@xxxxxxxxxx wrote: > On 7/13/20 11:03 PM, Mathieu Desnoyers wrote: >> Recent discussion led to a solution for extending struct rseq. This is >> an implementation of the proposed solution. >> >> Now is a good time to agree on this scheme before the release of glibc >> 2.32, just in case there are small details to fix on the user-space >> side in order to allow extending struct rseq. > > Adding extensibility to the rseq registration process would be great, > but we are out of time for the glibc 2.32 release. Of course, and my goal is not to add this support for extensibility before glibc 2.32, but merely to see if we need to change anything in the way it uses rseq today (before the release) in order to facilitate extensibility in the future. > Should we revert rseq for glibc 2.32 and spend quality time discussing > the implications of an extensible design, something that Google already > says they are doing? Google's approach is limited to contexts simpler than multiple unrelated libraries scenarios. Peter Oskolkov stated as a follow-up that my extension approach would be one way to deal with problems associated with sharing __rseq_abi between unrelated libraries: https://lore.kernel.org/lkml/CAPNVh5fiCCJpyeLj_ciWzFrO4fasVXZNhpfKXJhJWJirXdJOjQ@xxxxxxxxxxxxxx/ The fact that Google already have their own rseq extensions internally confirms that planning for extensibility is needed. > We can, with a clear head, and an agreed upon extension mechanism > include rseq in glibc 2.33 (release scheduled for Feburary 1st 2021). > We release time boxed every 6 months, no deviation, so you know when > your next merge window will be. > > We have already done the hard work of fixing the nesting signal > handler issues, and glibc integration. If we revert today that will > also give time for Firefox and Chrome to adjust their sandboxes. > > Do you wish to go forward with rseq as we have it in glibc 2.32, > or do you wish to revert rseq from glibc 2.32, discuss the extension > mechanism, and put it back into glibc 2.33 with adjustments? So here we have a catch-22 situation. Linus wants to see how rseq is being used before accepting additional features (ref. https://lore.kernel.org/lkml/CAHk-=wjk-2c4XvWjdzc-bs9Hbgvy-p7ASSnKKphggr5qDoXRDQ@xxxxxxxxxxxxxx/). This lack of ability to allow user-space to make any large-scale use of the rseq system call in a coordinated fashion blocks wide use of rseq. This coordination is supposed to be done by glibc, and I told every user-space project maintainer who contacted me to hold off using rseq until it is integrated into glibc. "tcmalloc" from Google is the exception because they do not care about ABI compatibility with other libraries (they are OK with a breakage and requiring upgrade). The process I'm going through right now is checking what are our options for extending rseq starting from the current ABI, just to see if we are painting ourselves in a corner with the current glibc integration. However, if we postpone integration of rseq into glibc because of possible future extensibility features, those may never happen because of the lack of usage feedback, due of lack of users, due to lack of coordinated ABI registration. At this point, the main question I would like answered is whether it would be acceptable to increase the size and alignment of the __rseq_abi symbol (which will be exposed by glibc) between e.g. glibc 2.32 and 2.33. If it's not possible, then we can find other solutions, for instance using an indirection with a pointer to an extended structure, but this appears to be slightly less efficient. Thanks, Mathieu -- Mathieu Desnoyers EfficiOS Inc. http://www.efficios.com