On 2022-10-17 12:09, Mathieu Desnoyers wrote:
On 2022-10-10 08:42, Florian Weimer wrote:
* Mathieu Desnoyers:
Export the rseq feature size supported by the kernel as well as the
required allocation alignment for the rseq per-thread area to user-space
through ELF auxiliary vector entries.
This is part of the extensible rseq ABI.
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@xxxxxxxxxxxx>
---
fs/binfmt_elf.c | 5 +++++
include/uapi/linux/auxvec.h | 2 ++
include/uapi/linux/rseq.h | 5 +++++
3 files changed, 12 insertions(+)
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index 63c7ebb0da89..04fca1e4cbd2 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -46,6 +46,7 @@
#include <linux/cred.h>
#include <linux/dax.h>
#include <linux/uaccess.h>
+#include <linux/rseq.h>
#include <asm/param.h>
#include <asm/page.h>
@@ -288,6 +289,10 @@ create_elf_tables(struct linux_binprm *bprm,
const struct elfhdr *exec,
if (bprm->have_execfd) {
NEW_AUX_ENT(AT_EXECFD, bprm->execfd);
}
+#ifdef CONFIG_RSEQ
+ NEW_AUX_ENT(AT_RSEQ_FEATURE_SIZE, offsetof(struct rseq, end));
+ NEW_AUX_ENT(AT_RSEQ_ALIGN, __alignof__(struct rseq));
+#endif
#undef NEW_AUX_ENT
/* AT_NULL is zero; clear the rest too */
memset(elf_info, 0, (char *)mm->saved_auxv +
diff --git a/include/uapi/linux/auxvec.h b/include/uapi/linux/auxvec.h
index c7e502bf5a6f..6991c4b8ab18 100644
--- a/include/uapi/linux/auxvec.h
+++ b/include/uapi/linux/auxvec.h
@@ -30,6 +30,8 @@
* differ from AT_PLATFORM. */
#define AT_RANDOM 25 /* address of 16 random bytes */
#define AT_HWCAP2 26 /* extension of AT_HWCAP */
+#define AT_RSEQ_FEATURE_SIZE 27 /* rseq supported feature size */
+#define AT_RSEQ_ALIGN 28 /* rseq allocation alignment */
#define AT_EXECFN 31 /* filename of program */
Do we need the alignment? Or can we keep it perpetually at 32? Or we
could steal some bits from AT_RSEQ_FEATURE_SIZE? (Not the lower
bits—they aren't unused due to the way the feature size works.)
I cannot imagine a use-case that would require us to bump the alignment
requirement over 32 bytes, so we may very well leave it at 32. But
perhaps someone else has a better imagination than mine ?
Actually, here is a scenario that warrants exposing the required alignment:
Note that struct rseq is *not* packed.
If we extend struct rseq to a size that makes the compiler use an
alignment larger than 32 bytes in the future, and if the compiler uses
that larger alignment knowledge to issue instructions that require the
larger alignment, then it would be incorrect for user-space to allocate
the struct rseq on an alignment lower than the required alignment.
Indeed, on rseq registration, we have the following check:
if (!IS_ALIGNED((unsigned long)rseq, __alignof__(*rseq))
[...]
return -EINVAL;
Which would break if the size of struct rseq is large enough that the
alignment grows larger than 32 bytes.
You mentioned we could steal some high bits from AT_RSEQ_FEATURE_SIZE to
put the alignment. What is the issue with exposing an explicit
AT_RSEQ_ALIGN ? It's just a auxv entry, so I don't see it as a huge
performance concern to access 2 entries rather than one.
Thanks,
Mathieu
Thanks,
Mathieu
Thanks,
Florian
--
Mathieu Desnoyers
EfficiOS Inc.
https://www.efficios.com