subject:"Bug#334119\: Patch to prevent open_not_cancel etc. from being inlined; needed for Plash's modified glibc"

Bug#334119: Patch to prevent open_not_cancel etc. from being inlined; needed for Plash's modified glibc

2005-10-17 Thread Mark Seaborn

Daniel Jacobowitz <[EMAIL PROTECTED]> wrote:

> > Having looked into this, one problem is that it won't work with the
> > "libc" and "nptl" builds of glibc that Debian does, because these use
> > "int $0x80" directly.  It would only work with the "i686" build.  So
> > this won't work with Linux 2.4 or with pre-686 processors.
> 
> Correct.  It wouldn't anyway; Linux 2.4 did not have a vsyscall.

>From my reading of the code, glibc will use a vsyscall entry point if
AT_SYSINFO is defined in the auxv, and this doesn't necessarily
require Linux 2.6.


> > As an alternative, I could build Plash from the NPTL build of glibc:
> > the relevant calls are already not inlined.  That would involve
> > changing the patch to put the NPTL object files into libc6-pic
> > instead.  But it would require Linux 2.6.
> 
> Huh?  Then why did your patch need to modify NPTL?

NPTL inlines some but not all of the not-cancel.h calls.  I didn't
need them all un-inlined, but for completeness I un-inlined all of
them, in case I needed to replace these calls in the future.

Mark


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#334119: Patch to prevent open_not_cancel etc. from being inlined; needed for Plash's modified glibc

2005-10-16 Thread Daniel Jacobowitz

On Sun, Oct 16, 2005 at 05:15:45PM +0100, Mark Seaborn wrote:
> I don't think performance impact should be a real issue with this
> patch.  The NPTL build of glibc doesn't inline these syscalls.  Most
> system calls are not inlined in glibc anyway, and these *_not_cancel
> calls don't seem to be used from functions that are performance
> critical.  They seem to have been inlined as a convenient way of
> getting code linked into libpthread.so for Linuxthreads, rather than
> for performance.
> 
> I appreciate that it would be a maintenance burden.  I'll see if I can
> get the patch accepted upstream.

I would be amazed if upstream took it.  They are not generally tolerant
of this sort of limited-use-large-effect change.

> > What's Plash's CPU versions target?  For x86, you could probably do
> > this by:
> >  - replacing the dynamic linker instead of all of glibc
> >  - mapping a fake vsyscall page which checked the syscall number, and
> >diverted to plash's code if appropriate
> >  - modifying the auxv vector to point at the modified vsyscall dso
> >instead of the original
> >  - chaining to glibc's standard dynamic linker
> > 
> > Then you can do it with pristine binaries.  Should work on any
> > architecture which can indirect syscalls through a VDSO (at least ia64,
> > amd64, possibly soon ppc/ppc64).
> 
> Interesting idea.  Has anyone used the vsyscall mechanism for
> intercepting syscalls?

Unlikely.  Most people need to intercept all syscalls, not just most. 
It's not useful for that.

> Having looked into this, one problem is that it won't work with the
> "libc" and "nptl" builds of glibc that Debian does, because these use
> "int $0x80" directly.  It would only work with the "i686" build.  So
> this won't work with Linux 2.4 or with pre-686 processors.

Correct.  It wouldn't anyway; Linux 2.4 did not have a vsyscall.  I
would have thought it would work with the NPTL build, but I didn't
check.

> > > This patch isn't quite as essential for putting Plash into Debian as
> > > the other one I filed in the BTS.
> > 
> > I am a little dubious about the other Plash bug, but I'll
> > think about it.  It seems marginally within the purview of the
> > libc6-pic package and affects nothing else.
> 
> Is your doubt about which package these files would go into, or about
> these files going into a binary package at all?  ie. Would you prefer
> a new libc6-blah package for putting these files in?

Definitely not a new package.

> > But it seems like it would be randomly crippled without this patch.
> 
> Randomly injured yes, but a lot of programs would work even if the
> glibc functions that call *_not_cancel don't work.  It would be a
> useful starting point.
> 
> As an alternative, I could build Plash from the NPTL build of glibc:
> the relevant calls are already not inlined.  That would involve
> changing the patch to put the NPTL object files into libc6-pic
> instead.  But it would require Linux 2.6.

Huh?  Then why did your patch need to modify NPTL?

-- 
Daniel Jacobowitz
CodeSourcery, LLC


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#334119: Patch to prevent open_not_cancel etc. from being inlined; needed for Plash's modified glibc

2005-10-16 Thread Mark Seaborn

Daniel Jacobowitz <[EMAIL PROTECTED]> wrote:

> On Sat, Oct 15, 2005 at 06:51:19PM +0100, Mark Seaborn wrote:
> > Package: glibc
> > Version: 2.3.5-6
> > Severity: wishlist
> > Tags: patch
> > 
> > Usually, glibc inlines calls to non-cancellable versions of some
> > system calls, such as open_not_cancel.  The macro definitions are in
> > sysdeps/unix/sysv/linux/not-cancel.h.
> > 
> > This patch prevents those definitions from being inlined.  It moves
> > them into separate *.c files.
> 
> No way.  Two problems: this patch would present an ongoing maintenance
> burden for the Debian glibc maintainers, and it would have a
> performance impact on all Debian applications on all architectures.

I don't think performance impact should be a real issue with this
patch.  The NPTL build of glibc doesn't inline these syscalls.  Most
system calls are not inlined in glibc anyway, and these *_not_cancel
calls don't seem to be used from functions that are performance
critical.  They seem to have been inlined as a convenient way of
getting code linked into libpthread.so for Linuxthreads, rather than
for performance.

I appreciate that it would be a maintenance burden.  I'll see if I can
get the patch accepted upstream.

> I fail to see why the core glibc package should be responsible for
> building this rather mauled library.

I created a Plash package that built its own copy of the glibc source.
I posted an RFS on debian-mentors, and people complained about
duplicating glibc.  So I changed it to build from libc6-pic.

> What's Plash's CPU versions target?  For x86, you could probably do
> this by:
>  - replacing the dynamic linker instead of all of glibc
>  - mapping a fake vsyscall page which checked the syscall number, and
>diverted to plash's code if appropriate
>  - modifying the auxv vector to point at the modified vsyscall dso
>instead of the original
>  - chaining to glibc's standard dynamic linker
> 
> Then you can do it with pristine binaries.  Should work on any
> architecture which can indirect syscalls through a VDSO (at least ia64,
> amd64, possibly soon ppc/ppc64).

Interesting idea.  Has anyone used the vsyscall mechanism for
intercepting syscalls?

Having looked into this, one problem is that it won't work with the
"libc" and "nptl" builds of glibc that Debian does, because these use
"int $0x80" directly.  It would only work with the "i686" build.  So
this won't work with Linux 2.4 or with pre-686 processors.

> > This patch isn't quite as essential for putting Plash into Debian as
> > the other one I filed in the BTS.
> 
> I am a little dubious about the other Plash bug, but I'll
> think about it.  It seems marginally within the purview of the
> libc6-pic package and affects nothing else.

Is your doubt about which package these files would go into, or about
these files going into a binary package at all?  ie. Would you prefer
a new libc6-blah package for putting these files in?

> But it seems like it would be randomly crippled without this patch.

Randomly injured yes, but a lot of programs would work even if the
glibc functions that call *_not_cancel don't work.  It would be a
useful starting point.

As an alternative, I could build Plash from the NPTL build of glibc:
the relevant calls are already not inlined.  That would involve
changing the patch to put the NPTL object files into libc6-pic
instead.  But it would require Linux 2.6.

Mark

-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#334119: Patch to prevent open_not_cancel etc. from being inlined; needed for Plash's modified glibc

2005-10-15 Thread Daniel Jacobowitz

On Sat, Oct 15, 2005 at 06:51:19PM +0100, Mark Seaborn wrote:
> Package: glibc
> Version: 2.3.5-6
> Severity: wishlist
> Tags: patch
> 
> Usually, glibc inlines calls to non-cancellable versions of some
> system calls, such as open_not_cancel.  The macro definitions are in
> sysdeps/unix/sysv/linux/not-cancel.h.
> 
> This patch prevents those definitions from being inlined.  It moves
> them into separate *.c files.

No way.  Two problems: this patch would present an ongoing maintenance
burden for the Debian glibc maintainers, and it would have a
performance impact on all Debian applications on all architectures.

I fail to see why the core glibc package should be responsible for
building this rather mauled library.

What's Plash's CPU versions target?  For x86, you could probably do
this by:
 - replacing the dynamic linker instead of all of glibc
 - mapping a fake vsyscall page which checked the syscall number, and
   diverted to plash's code if appropriate
 - modifying the auxv vector to point at the modified vsyscall dso
   instead of the original
 - chaining to glibc's standard dynamic linker

Then you can do it with pristine binaries.  Should work on any
architecture which can indirect syscalls through a VDSO (at least ia64,
amd64, possibly soon ppc/ppc64).

> This patch isn't quite as essential for putting Plash into Debian as
> the other one I filed in the BTS.

I am a little dubious about the other Plash bug, but I'll
think about it.  It seems marginally within the purview of the
libc6-pic package and affects nothing else.

But it seems like it would be randomly crippled without this patch.

-- 
Daniel Jacobowitz
CodeSourcery, LLC

-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#334119: Patch to prevent open_not_cancel etc. from being inlined; needed for Plash's modified glibc

2005-10-15 Thread Mark Seaborn

Package: glibc
Version: 2.3.5-6
Severity: wishlist
Tags: patch

Usually, glibc inlines calls to non-cancellable versions of some
system calls, such as open_not_cancel.  The macro definitions are in
sysdeps/unix/sysv/linux/not-cancel.h.

This patch prevents those definitions from being inlined.  It moves
them into separate *.c files.

This is needed for building Plash's modified version of glibc.

Background: Plash is a secure, restricted execution environment that
provides functionality similar to chroot(), but more flexible and
lightweight.  It works partly by dynamically linking Linux executables
with a modified glibc.  This is not used for taking authority away
from a process, only for giving it back.  This approach is more
complete than using LD_PRELOADed libraries.  There's more information
on what Plash does at .

Plash builds its custom glibc by re-linking the object files produced
by the glibc build process.  It omits the object files for various
system calls and replaces them with its own code.  For this to work
completely, those system calls cannot be inlined.

The attached patch should not break the normal build of glibc.  I have
tested it for building the Debian glibc packages on i386, but not on
other architectures.

This patch isn't quite as essential for putting Plash into Debian as
the other one I filed in the BTS.


One complication in the patch is that Linuxthreads needs to refer to
some of the *_not_cancel functions.  I have left these as inlined,
conditionally, when used by Linuxthreads.  Usually Linuxthreads builds
its own versions of syscall object files (eg. ptw-close.os), but it
can't do this for close-not-cancel.os etc. because these are built
from C files, not from the assembler-based syscall generator.

The same approach is used for NPTL.  However, in this case, the
syscall generating code does generate non-cancelling versions of some
of the syscalls.  (This time they're called "close_nocancel"
etc. rather than "close_not_cancel".)  For those syscalls, NPTL uses,
for example, the ptw-close.os object file, while close-not-cancel.c is
replaced with an empty file.

Mark
diff -urN glibc-2.3.5.orig/nptl/sysdeps/unix/sysv/linux/i386/not-cancel.h 
glibc-2.3.5.new/nptl/sysdeps/unix/sysv/linux/i386/not-cancel.h
--- glibc-2.3.5.orig/nptl/sysdeps/unix/sysv/linux/i386/not-cancel.h Thu Sep 
 4 10:03:28 2003
+++ glibc-2.3.5.new/nptl/sysdeps/unix/sysv/linux/i386/not-cancel.h  Sat Sep 
24 21:19:15 2005
@@ -44,10 +44,19 @@
 /* Uncancelable close.  */
 #define close_not_cancel(fd) \
   __close_nocancel (fd)
+
+#if defined NOT_IN_libc && !defined IS_IN_rtld
+
 #define close_not_cancel_no_status(fd) \
   (void) ({ INTERNAL_SYSCALL_DECL (err); \
INTERNAL_SYSCALL (close, err, 1, (fd)); })
 
+#else
+
+void close_not_cancel_no_status(int fd);
+
+#endif
+
 /* Uncancelable read.  */
 #define read_not_cancel(fd, buf, n) \
   __read_nocancel (fd, buf, n)
@@ -57,9 +66,7 @@
   __write_nocancel (fd, buf, n)
 
 /* Uncancelable writev.  */
-#define writev_not_cancel_no_status(fd, iov, n) \
-  (void) ({ INTERNAL_SYSCALL_DECL (err); \
-   INTERNAL_SYSCALL (writev, err, 3, (fd), (iov), (n)); })
+void writev_not_cancel_no_status(int fd, const struct iovec *iov, int n);
 
 /* Uncancelable fcntl.  */
 #define fcntl_not_cancel(fd, cmd, val) \
@@ -70,6 +77,5 @@
 # define waitpid_not_cancel(pid, stat_loc, options) \
   __waitpid_nocancel (pid, stat_loc, options)
 #else
-# define waitpid_not_cancel(pid, stat_loc, options) \
-  INLINE_SYSCALL (wait4, 4, pid, stat_loc, options, NULL)
+int waitpid_not_cancel(int pid, int *stat_loc, int options);
 #endif
diff -urN glibc-2.3.5.orig/nptl/sysdeps/unix/sysv/linux/not-cancel-close.c 
glibc-2.3.5.new/nptl/sysdeps/unix/sysv/linux/not-cancel-close.c
--- glibc-2.3.5.orig/nptl/sysdeps/unix/sysv/linux/not-cancel-close.cWed Dec 
31 19:00:00 1969
+++ glibc-2.3.5.new/nptl/sysdeps/unix/sysv/linux/not-cancel-close.c Sat Sep 
24 20:10:06 2005
@@ -0,0 +1,2 @@
+
+/* Intentionally empty:  this doesn't need to generate anything. */
diff -urN glibc-2.3.5.orig/nptl/sysdeps/unix/sysv/linux/not-cancel-open.c 
glibc-2.3.5.new/nptl/sysdeps/unix/sysv/linux/not-cancel-open.c
--- glibc-2.3.5.orig/nptl/sysdeps/unix/sysv/linux/not-cancel-open.c Wed Dec 
31 19:00:00 1969
+++ glibc-2.3.5.new/nptl/sysdeps/unix/sysv/linux/not-cancel-open.c  Sat Sep 
24 20:08:54 2005
@@ -0,0 +1,2 @@
+
+/* Intentionally empty:  this doesn't need to generate anything. */
diff -urN glibc-2.3.5.orig/nptl/sysdeps/unix/sysv/linux/not-cancel-read.c 
glibc-2.3.5.new/nptl/sysdeps/unix/sysv/linux/not-cancel-read.c
--- glibc-2.3.5.orig/nptl/sysdeps/unix/sysv/linux/not-cancel-read.c Wed Dec 
31 19:00:00 1969
+++ glibc-2.3.5.new/nptl/sysdeps/unix/sysv/linux/not-cancel-read.c  Sat Sep 
24 20:10:15 2005
@@ -0,0 +1,2 @@
+
+/* Intentionally empty:  this doesn't need to generate anything. */
diff -ur

Bug#334119: Patch to prevent open_not_cancel etc. from being inlined; needed for Plash's modified glibc

Bug#334119: Patch to prevent open_not_cancel etc. from being inlined; needed for Plash's modified glibc

Bug#334119: Patch to prevent open_not_cancel etc. from being inlined; needed for Plash's modified glibc

Bug#334119: Patch to prevent open_not_cancel etc. from being inlined; needed for Plash's modified glibc

Bug#334119: Patch to prevent open_not_cancel etc. from being inlined; needed for Plash's modified glibc

5 matches

Site Navigation

Mail list logo

Footer information