diff options
author | Mathieu Desnoyers <mathieu.desnoyers@efficios.com> | 2020-07-06 10:21:16 +0200 |
---|---|---|
committer | Florian Weimer <fweimer@redhat.com> | 2020-07-06 10:21:16 +0200 |
commit | 0c76fc3c2b346dc5401dc055d97d4279632b0fb3 (patch) | |
tree | 67d7a99ad801c38a137fbb9d08ac54137bb901b9 /manual | |
parent | f9cf87353772ca370b7bb901d86365a564fba49f (diff) | |
download | glibc-0c76fc3c2b346dc5401dc055d97d4279632b0fb3.zip glibc-0c76fc3c2b346dc5401dc055d97d4279632b0fb3.tar.gz glibc-0c76fc3c2b346dc5401dc055d97d4279632b0fb3.tar.bz2 |
Linux: Perform rseq registration at C startup and thread creation
Register rseq TLS for each thread (including main), and unregister for
each thread (excluding main). "rseq" stands for Restartable Sequences.
See the rseq(2) man page proposed here:
https://lkml.org/lkml/2018/9/19/647
Those are based on glibc master branch commit 3ee1e0ec5c.
The rseq system call was merged into Linux 4.18.
The TLS_STATIC_SURPLUS define is increased to leave additional room for
dlopen'd initial-exec TLS, which keeps elf/tst-auditmany working.
The increase (76 bytes) is larger than 32 bytes because it has not been
increased in quite a while. The cost in terms of additional TLS storage
is quite significant, but it will also obscure some initial-exec-related
dlopen failures.
Diffstat (limited to 'manual')
-rw-r--r-- | manual/threads.texi | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/manual/threads.texi b/manual/threads.texi index bb7a42c..bd22e57 100644 --- a/manual/threads.texi +++ b/manual/threads.texi @@ -628,6 +628,8 @@ the standard. * Initial Thread Signal Mask:: Setting the initial mask of threads. * Waiting with Explicit Clocks:: Functions for waiting with an explicit clock specification. +* Restartable Sequences:: Linux-specific Restartable Sequences + integration. @end menu @node Default Thread Attributes @@ -843,6 +845,68 @@ Behaves like @code{pthread_timedjoin_np} except that the absolute time in @var{abstime} is measured against the clock specified by @var{clockid}. @end deftypefun +@node Restartable Sequences +@subsubsection Restartable Sequences + +This section describes Restartable Sequences integration for +@theglibc{}. This functionality is only available on Linux. + +@deftypevar {struct rseq} __rseq_abi +@standards{Linux, sys/rseq.h} +@Theglibc{} implements a @code{__rseq_abi} TLS symbol to interact with +the Restartable Sequences system call. The layout of this structure is +defined by the @file{sys/rseq.h} header. Registration of each thread's +@code{__rseq_abi} is performed by @theglibc{} at library initialization +and thread creation. The manual for the rseq system call can be found +at @uref{https://git.kernel.org/pub/scm/libs/librseq/librseq.git/tree/doc/man/rseq.2}. + +The main executable and shared libraries may either have an undefined +@code{__rseq_abi} TLS symbol, or define their own, with the same +declaration as the one present in @file{sys/rseq.h}. The dynamic linker +will ensure that only one of those available symbols will be used at +runtime across the process. + +If the main executable or shared libraries observe an uninitialized +@code{__rseq_abi.cpu_id} field (value @code{RSEQ_CPU_ID_UNINITIALIZED}), +they may perform rseq registration to the kernel: this means either +glibc was prevented from doing the registration, or an older glibc +version, which does not include rseq support, is in use. When the main +executable or a library thus takes ownership of the registration, the +memory used to hold the @code{__rseq_abi} TLS variable must stay +allocated, and is not re-used, until the very end of the thread lifetime +or until an explicit rseq unregistration for that thread is performed. +It is not recommended to @code{dlclose} libraries owning the +@code{__rseq_abi} TLS variable. + +Users of the @code{__rseq_abi} TLS symbol can store the address of a +@code{struct rseq_cs} to the @code{__rseq_abi.rseq_cs} TLS variable, +thus informing the kernel that it enters a Restartable Sequence critical +section. This pointer and the code areas it itself points to must not +be left pointing to memory areas which are freed or re-used. Several +approaches can guarantee this. If the application or library can +guarantee that the memory used to hold the @code{struct rseq_cs} and the +code areas it refers to are never freed or re-used, no special action +must be taken. Else, before that memory is re-used of freed, the +application is responsible for setting the @code{__rseq_abi.rseq_cs} TLS +variable to @code{NULL} in each thread's TLS to guarantee that it does +not leak dangling references. Because the application does not +typically have knowledge of libraries' use of Restartable Sequences, it +is recommended that libraries using Restartable Sequences which may end +up freeing or re-using their memory set the @code{__rseq_abi.rseq_cs} +TLS variable to @code{NULL} before returning from library functions +which use Restartable Sequences. + +@end deftypevar + +@deftypevr Macro int RSEQ_SIG +@standards{Linux, sys/rseq.h} +Each supported architecture provides a @code{RSEQ_SIG} macro in +@file{sys/rseq.h} which contains a signature. That signature is +expected to be present in the code before each Restartable Sequences +abort handler. Failure to provide the expected signature may terminate +the process with a segmentation fault. +@end deftypevr + @c FIXME these are undocumented: @c pthread_atfork @c pthread_attr_destroy |