Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 31 Jul 2019 13:45:21 -0400
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: Re: vdso clock_gettime and time64

On Wed, Jul 31, 2019 at 07:11:40PM +0200, Florian Weimer wrote:
> * Rich Felker:
> 
> > On Wed, Jul 31, 2019 at 10:30:26AM +0200, Florian Weimer wrote:
> >> * Rich Felker:
> >> 
> >> > One looming thing that folks probably aren't going to like about
> >> > switching to 64-bit time_t is losing the vdso clock_gettime on old
> >> > kernels. Instead of a function call in userspace, you get *two*
> >> > syscalls, the first (time64) one failing, every time you call
> >> > clock_gettime. Of course the problem goes away immediately if you have
> >> > a time64-capable kernel providing the time64 vdso function.
> >> >
> >> > Is this a problem, and if so, what can be done about it?
> >> 
> >> Some users notice fairly quickly if the vDSO fast path is gone and file
> >> bug reports.  (This can happen for various reasons, e.g. buggy kernels
> >> detecting CPU cycle counter drift when there is actually none.)  I don't
> >> know to what extent this matters to legacy architectures.
> >
> > These are good points. A lot of these archs actually don't even have
> > vdso clock_gettime (only mips, arm, and i386 seem to).
> >
> > I wonder if it would make sense to support use of 32-bit vdso for now,
> > possibly with logic to drop it if it ever returns a negative tv_sec,
> > and consider removing it after the last kernel without time64 is
> > EOL'd, so that it's gone well before 2038.
> 
> In glibc, we perform vDSO lookup early.  I will push for a solution that
> does a probing system call during startup if it cannot find the *_time64
> vDSO entry, to determine if it should use the real *_time64 system call
> or the 32-bit system call (or vDSO).  That should help to keep the
> complexity at bay, at the cost of increased startup time, but which will
> reduce with future completion of the interfaces.
> 
> I do not think resuming a process on a kernel with a different system
> call set is supportable.

Not using vdso, it's definitely supportable; musl's fallbacks for
unsupported syscalls are entirely stateless. Doing it statefully
without data race UB all over the place is painful.

For vdso clock_gettime now, we do it on the first call and use a
relaxed atomic. It wouldn't be a big deal to do it at startup
conditional on linking of clock_gettime (with a weak init symbol) if
that helps.

Note that changing vdso is orthogonal to different syscall set. You
can be resuming on a kernel with the same syscall set, but where vdso
changed due to bugfixes or different hardware or whatever.

Rich

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.