Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 12 Aug 2019 12:29:55 -0400
From: Zack Weinberg <zackw@...ix.com>
To: Rich Felker <dalias@...c.org>
Cc: GNU C Library <libc-alpha@...rceware.org>, musl@...ts.openwall.com
Subject: Re: time64 abi choices for glibc and musl

On Sat, Aug 10, 2019 at 1:58 PM Rich Felker <dalias@...c.org> wrote:
> As far as I can tell, most time64 work/discussion on the glibc side so
> far has been about implementation mechanisms and symbol-binding ABI
> aspects, and one aspect that doesn't seem to have been addressed is
> making good choices about the actual types involved. Some of them have
> been done:
>
> struct timespec (endian-matching padding)
> struct timeval (64-bit suseconds_t)
> struct itimerspec, itimerval, utimbuf, timeb (obvious definitions)
>
> but I haven't seen a clear proposal with rationale for the choices in
> defining:
>
> struct stat
> struct msqid_ds, semid_ds, shmid_ds (sysvipc)
> struct rusage
> struct timex
> struct utmp[x]

The sysvipc structures, struct rusage, and struct timex are passed
directly from and to the kernel, so this ship has already sailed -- I
don't see that we have any choice but to match the kernel's layouts of
these structures in time64 mode, whether or not that is convenient for
the C library or for call compatibility between procedures compiled
with _TIME_BITS=32 and _TIME_BITS=64.

We do have flex for struct utmp[x], which is entirely controlled by
user space, and for struct stat, because the kernel is providing only
statx() in the 64-bit-time ABI.

Regarding struct stat, I tend to agree with Paul that having both 32-
and 64-bit time fields _visible_ at the same time will cause more
problems than it solves.  What I would suggest is that we add the
64-bit 'struct timespec's at the end, as you suggest, and continue to
write (possibly truncated) valid data to the legacy 32-bit 'struct
timespec's, but the public header file _immediately_ converts the
legacy fields to __reservedN fields.  This should work except for when
an existing _TIME_BITS=32 binary caller changes the 32-bit fields of a
struct stat, passes it to a _TIME_BITS=64 callee, and expects it to
notice.  Is there any practical way for us to find out whether any
such combination actually exists?  It also occurs to me that this
might mean we can share stat/fstat/lstat for _TIME_BITS=32 and =64.

struct utmp[x] describes a format for long-lived files on disk, so not
only do we have to keep the time field where it is, we have to make it
possible for new programs to read and understand old records.  And
there is no padding on either side of the ut_tv field, so we would be
stuck ... except that it uses struct timeval, and it's silly to track
login events to sub-second precision.  So I'm going to suggest that we
redefine that field as a bare time64_t:

#define UT_LINESIZE     32
#define UT_NAMESIZE     32
#define UT_HOSTSIZE     256

struct utmp{,x}
{
  uint16_t ut_type;
  uint16_t __reserved1;
  uint32_t ut_pid;
  char ut_line[UT_LINESIZE];
  char ut_id[4];
  char ut_user[UT_NAMESIZE];
  char ut_host[UT_HOSTSIZE];
  struct exit_status {
    int16_t e_termination;
    int16_t e_exit;
  } ut_exit;
#if __32_BIT_UT_SESSION
  int32_t ut_session;
#else
  int64_t ut_session;
#endif
  union {
    _Alignas(__old_time_t) uint64_t ut_time64;
    struct {
      __old_time_t tv_sec; // historic time_t for this ABI, whatever that was
      int32_t tv_usec;
    } ut_tv;
  };
#if __PAD_AFTER_UT_TV
  int32_t __reserved2;
#endif
  int32_t ut_addr_v6[4];
  char __reserved3[20];
};

We could define a new set of ut_type codes to indicate which of ut_tv
and ut_time64 is meaningful.

Unfortunately no such hack appears to be possible for struct lastlog,
and that has the same problem.  Anyone have an idea for that one?

zw

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.