Message ID | 20200413142515.16619-3-hjl.tools@gmail.com |
---|---|
State | Superseded |
Headers |
Return-Path: <hjl.tools@gmail.com> X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pf1-x444.google.com (mail-pf1-x444.google.com [IPv6:2607:f8b0:4864:20::444]) by sourceware.org (Postfix) with ESMTPS id 41EAA3887015 for <libc-alpha@sourceware.org>; Mon, 13 Apr 2020 14:25:20 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 41EAA3887015 Received: by mail-pf1-x444.google.com with SMTP id v23so4569186pfm.1 for <libc-alpha@sourceware.org>; Mon, 13 Apr 2020 07:25:20 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=DnvpHw8Eet9JKPugYoc8Rkv6OeteynTjcCzEJpcjnE4=; b=SbNITkdQfM0uMQIiuhs1siFRo0lUmysW4YKkz/rZi5MXTp3C16t0LxL4Qrrkc6RHid sJaKhHLS7L3fvfCUjWNtaIdc7H6x5zcB//QPtgljTabWemFrxNB6ZgjZPkai0EK2rgg6 jYzz3I+bIE9u3ZoqK6mEqzSSvZIaGdcrrv7AJbjojnNOTBZ7wV5Qsm79cfj5wJ5G8WPh 0GknwZfc9SRaTQjT4jIFNd5spCclLvVCnw1hhEHDvsX3Qd7xRYAATkr2EJjRxbTzWy8n pWzCSKm+wclzksRbF8N8haSoXL1IMN5AVk1t2aqveAFBpu692/ZHlhIsSRReSTODfvbo 4XlA== X-Gm-Message-State: AGi0PubicafZg0Ivt7q8wxtwJbRLIKZ+UAEq8Z56g0DDqVkSgb3AxH2n yRKVDFwibO3TUyxH0Umy1wbHstfF X-Google-Smtp-Source: APiQypJALkmfnSI54hZEjh9W6RbSmaUIS4XPV9PjW6b0b/FenXDLCM2a+u9EZMjZQBnlWAQ7Tpeqcw== X-Received: by 2002:aa7:8e13:: with SMTP id c19mr17627018pfr.260.1586787919355; Mon, 13 Apr 2020 07:25:19 -0700 (PDT) Received: from gnu-cfl-2.localdomain (c-69-181-90-243.hsd1.ca.comcast.net. [69.181.90.243]) by smtp.gmail.com with ESMTPSA id q198sm8864415pfc.187.2020.04.13.07.25.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 13 Apr 2020 07:25:18 -0700 (PDT) Received: from gnu-cfl-2.localdomain (localhost [IPv6:::1]) by gnu-cfl-2.localdomain (Postfix) with ESMTP id A3B0BC045C; Mon, 13 Apr 2020 07:25:16 -0700 (PDT) From: "H.J. Lu" <hjl.tools@gmail.com> To: libc-alpha@sourceware.org Subject: [PATCH 2/3] x32: Properly pass long to syscall [BZ #25810] Date: Mon, 13 Apr 2020 07:25:14 -0700 Message-Id: <20200413142515.16619-3-hjl.tools@gmail.com> X-Mailer: git-send-email 2.25.2 In-Reply-To: <20200413142515.16619-1-hjl.tools@gmail.com> References: <20200413142515.16619-1-hjl.tools@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-24.1 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org> List-Unsubscribe: <http://sourceware.org/mailman/options/libc-alpha>, <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe> List-Archive: <https://sourceware.org/pipermail/libc-alpha/> List-Post: <mailto:libc-alpha@sourceware.org> List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help> List-Subscribe: <http://sourceware.org/mailman/listinfo/libc-alpha>, <mailto:libc-alpha-request@sourceware.org?subject=subscribe> X-List-Received-Date: Mon, 13 Apr 2020 14:25:21 -0000 |
Series |
x32: Properly pass long to syscall [BZ #25810]
|
|
Commit Message
H.J. Lu
April 13, 2020, 2:25 p.m. UTC
X32 has 32-bit long and pointer with 64-bit off_t. Since x32 psABI requires that pointers passed in registers must be zero-extended to 64bit, x32 can share many syscall interfaces with LP64. When a LP64 syscall with long and unsigned long arguments is used for x32, these arguments must be properly extended to 64-bit. Otherwise if the upper 32 bits of the register have undefined value, such a syscall will be rejected by kernel. For x32 INLINE_SYSCALLs, cast 1. pointer to unsigned long (32 bit). 2. 32-bit unsigned integer to unsigned long long (64 bit). 3. 32-bit integer to long long (64 bit). For void *mmap(void *addr, size_t length, int prot, int flags, int fd, off_t offset); we now generate 0: 41 f7 c1 ff 0f 00 00 test $0xfff,%r9d 7: 75 1f jne 28 <__mmap64+0x28> 9: 48 63 d2 movslq %edx,%rdx c: 89 f6 mov %esi,%esi e: 4d 63 c0 movslq %r8d,%r8 11: 4c 63 d1 movslq %ecx,%r10 14: b8 09 00 00 40 mov $0x40000009,%eax 19: 0f 05 syscall That is 1. addr is unchanged. 2. length is zero-extend to 64 bits. 3. prot is sign-extend to 64 bits. 4. flags is sign-extend to 64 bits. 5. fd is sign-extend to 64 bits. 6. offset is unchanged. For int arguments, since kernel uses only the lower 32 bits and ignores the upper 32 bits in 64-bit registers, these work correctly. Tested on x86-64 and x32. There are no code changes on x86-64. --- sysdeps/unix/sysv/linux/x86_64/sysdep.h | 10 ++++++---- sysdeps/unix/sysv/linux/x86_64/x32/sysdep.h | 18 ++++++++++++++++++ 2 files changed, 24 insertions(+), 4 deletions(-)
Comments
* H. J. Lu via Libc-alpha: > diff --git a/sysdeps/unix/sysv/linux/x86_64/sysdep.h b/sysdeps/unix/sysv/linux/x86_64/sysdep.h > index 06e39212ee..93dad97c8f 100644 > --- a/sysdeps/unix/sysv/linux/x86_64/sysdep.h > +++ b/sysdeps/unix/sysv/linux/x86_64/sysdep.h > @@ -219,12 +219,14 @@ > /* Registers clobbered by syscall. */ > # define REGISTERS_CLOBBERED_BY_SYSCALL "cc", "r11", "cx" > > -/* Create a variable 'name' based on type 'X' to avoid explicit types. > - This is mainly used set use 64-bits arguments in x32. */ > -#define TYPEFY(X, name) __typeof__ ((X) - (X)) name > +/* This also works when X is an array. */ > +#define TYPEFY1(X) __typeof__ ((X) - (X)) I think the comment is now misleading. For an array X, (X) - (X) is of type ptrdiff_t, which is signed, so it triggers sign extension, not zero extension, in the x32 case. I think this is the reason why my proposed construct went astray in your experiments. Is it really necessary to support arrays for system call arguments? > diff --git a/sysdeps/unix/sysv/linux/x86_64/x32/sysdep.h b/sysdeps/unix/sysv/linux/x86_64/x32/sysdep.h > index 2b5cf0c0ea..f3bc7e89df 100644 > --- a/sysdeps/unix/sysv/linux/x86_64/x32/sysdep.h > +++ b/sysdeps/unix/sysv/linux/x86_64/x32/sysdep.h > @@ -44,6 +44,24 @@ > # define ZERO_EXTEND_5 movl %r8d, %r8d; > # undef ZERO_EXTEND_6 > # define ZERO_EXTEND_6 movl %r9d, %r9d; > +#else /*! __ASSEMBLER__ */ > +# undef ARGIFY > +/* For x32, cast > + 1. pointer to unsigned long (32 bit). > + 2. 32-bit unsigned integer to unsigned long long (64 bit). > + 3. 32-bit integer to long long (64 bit). > + */ > +# define ARGIFY(X) \ > + ({ \ > + _Pragma ("GCC diagnostic push"); \ > + _Pragma ("GCC diagnostic ignored \"-Wpointer-to-int-cast\""); \ > + (__builtin_classify_type (X) == 5 \ > + ? (unsigned long) (X) \ > + : ((sizeof (X) <= 4 && (TYPEFY1 (X)) 0 < (TYPEFY1 (X)) -1) \ > + ? (unsigned long long) (X) \ > + : (long long) (X))); \ > + _Pragma ("GCC diagnostic pop"); \ > + }) > #endif /* __ASSEMBLER__ */ This should use long int instead long everywhere. __builtin_classify_type is undocumented. I'm not sure if its behavior and the constant 5 is actually stable across GCC versions, but the powerpc uses it as well, for a slightly difference purpose (to recognize array arguments, it seems).
On Mon, Apr 13, 2020 at 7:43 AM Florian Weimer <fw@deneb.enyo.de> wrote: > > * H. J. Lu via Libc-alpha: > > > diff --git a/sysdeps/unix/sysv/linux/x86_64/sysdep.h b/sysdeps/unix/sysv/linux/x86_64/sysdep.h > > index 06e39212ee..93dad97c8f 100644 > > --- a/sysdeps/unix/sysv/linux/x86_64/sysdep.h > > +++ b/sysdeps/unix/sysv/linux/x86_64/sysdep.h > > @@ -219,12 +219,14 @@ > > /* Registers clobbered by syscall. */ > > # define REGISTERS_CLOBBERED_BY_SYSCALL "cc", "r11", "cx" > > > > -/* Create a variable 'name' based on type 'X' to avoid explicit types. > > - This is mainly used set use 64-bits arguments in x32. */ > > -#define TYPEFY(X, name) __typeof__ ((X) - (X)) name > > +/* This also works when X is an array. */ > > +#define TYPEFY1(X) __typeof__ ((X) - (X)) > > I think the comment is now misleading. For an array X, (X) - (X) is > of type ptrdiff_t, which is signed, so it triggers sign extension, not I will update the comments. > zero extension, in the x32 case. I think this is the reason why my > proposed construct went astray in your experiments. > > Is it really necessary to support arrays for system call arguments? int fexecve (int fd, char *const argv[], char *const envp[]) { if (fd < 0 || argv == NULL || envp == NULL) { __set_errno (EINVAL); return -1; } #ifdef __NR_execveat /* Avoid implicit array coercion in syscall macros. */ INLINE_SYSCALL (execveat, 5, fd, "", &argv[0], &envp[0], AT_EMPTY_PATH); "" is an array. > > diff --git a/sysdeps/unix/sysv/linux/x86_64/x32/sysdep.h b/sysdeps/unix/sysv/linux/x86_64/x32/sysdep.h > > index 2b5cf0c0ea..f3bc7e89df 100644 > > --- a/sysdeps/unix/sysv/linux/x86_64/x32/sysdep.h > > +++ b/sysdeps/unix/sysv/linux/x86_64/x32/sysdep.h > > @@ -44,6 +44,24 @@ > > # define ZERO_EXTEND_5 movl %r8d, %r8d; > > # undef ZERO_EXTEND_6 > > # define ZERO_EXTEND_6 movl %r9d, %r9d; > > +#else /*! __ASSEMBLER__ */ > > +# undef ARGIFY > > +/* For x32, cast > > + 1. pointer to unsigned long (32 bit). > > + 2. 32-bit unsigned integer to unsigned long long (64 bit). > > + 3. 32-bit integer to long long (64 bit). > > + */ > > +# define ARGIFY(X) \ > > + ({ \ > > + _Pragma ("GCC diagnostic push"); \ > > + _Pragma ("GCC diagnostic ignored \"-Wpointer-to-int-cast\""); \ > > + (__builtin_classify_type (X) == 5 \ > > + ? (unsigned long) (X) \ > > + : ((sizeof (X) <= 4 && (TYPEFY1 (X)) 0 < (TYPEFY1 (X)) -1) \ > > + ? (unsigned long long) (X) \ > > + : (long long) (X))); \ > > + _Pragma ("GCC diagnostic pop"); \ > > + }) > > #endif /* __ASSEMBLER__ */ > > This should use long int instead long everywhere. I will update. > __builtin_classify_type is undocumented. I'm not sure if its behavior > and the constant 5 is actually stable across GCC versions, but the > powerpc uses it as well, for a slightly difference purpose (to > recognize array arguments, it seems). include/libc-pointer-arith.h has /* 1 if 'type' is a pointer type, 0 otherwise. */ # define __pointer_type(type) (__builtin_classify_type ((type) 0) == 5) If __builtin_classify_type ever changes, glibc won't build correctly.
* H. J. Lu: > On Mon, Apr 13, 2020 at 7:43 AM Florian Weimer <fw@deneb.enyo.de> wrote: >> >> * H. J. Lu via Libc-alpha: >> >> > diff --git a/sysdeps/unix/sysv/linux/x86_64/sysdep.h b/sysdeps/unix/sysv/linux/x86_64/sysdep.h >> > index 06e39212ee..93dad97c8f 100644 >> > --- a/sysdeps/unix/sysv/linux/x86_64/sysdep.h >> > +++ b/sysdeps/unix/sysv/linux/x86_64/sysdep.h >> > @@ -219,12 +219,14 @@ >> > /* Registers clobbered by syscall. */ >> > # define REGISTERS_CLOBBERED_BY_SYSCALL "cc", "r11", "cx" >> > >> > -/* Create a variable 'name' based on type 'X' to avoid explicit types. >> > - This is mainly used set use 64-bits arguments in x32. */ >> > -#define TYPEFY(X, name) __typeof__ ((X) - (X)) name >> > +/* This also works when X is an array. */ >> > +#define TYPEFY1(X) __typeof__ ((X) - (X)) >> >> I think the comment is now misleading. For an array X, (X) - (X) is >> of type ptrdiff_t, which is signed, so it triggers sign extension, not > > I will update the comments. Thanks. >> zero extension, in the x32 case. I think this is the reason why my >> proposed construct went astray in your experiments. >> >> Is it really necessary to support arrays for system call arguments? > > int > fexecve (int fd, char *const argv[], char *const envp[]) > { > if (fd < 0 || argv == NULL || envp == NULL) > { > __set_errno (EINVAL); > return -1; > } > > #ifdef __NR_execveat > /* Avoid implicit array coercion in syscall macros. */ > INLINE_SYSCALL (execveat, 5, fd, "", &argv[0], &envp[0], AT_EMPTY_PATH); > > "" is an array. If that were the only reason for enforcing pointer decay, I'd say we'd change the fexecve implementation. But see below. >> > diff --git a/sysdeps/unix/sysv/linux/x86_64/x32/sysdep.h b/sysdeps/unix/sysv/linux/x86_64/x32/sysdep.h >> > index 2b5cf0c0ea..f3bc7e89df 100644 >> > --- a/sysdeps/unix/sysv/linux/x86_64/x32/sysdep.h >> > +++ b/sysdeps/unix/sysv/linux/x86_64/x32/sysdep.h >> > @@ -44,6 +44,24 @@ >> > # define ZERO_EXTEND_5 movl %r8d, %r8d; >> > # undef ZERO_EXTEND_6 >> > # define ZERO_EXTEND_6 movl %r9d, %r9d; >> > +#else /*! __ASSEMBLER__ */ >> > +# undef ARGIFY >> > +/* For x32, cast >> > + 1. pointer to unsigned long (32 bit). >> > + 2. 32-bit unsigned integer to unsigned long long (64 bit). >> > + 3. 32-bit integer to long long (64 bit). >> > + */ >> > +# define ARGIFY(X) \ >> > + ({ \ >> > + _Pragma ("GCC diagnostic push"); \ >> > + _Pragma ("GCC diagnostic ignored \"-Wpointer-to-int-cast\""); \ >> > + (__builtin_classify_type (X) == 5 \ >> > + ? (unsigned long) (X) \ >> > + : ((sizeof (X) <= 4 && (TYPEFY1 (X)) 0 < (TYPEFY1 (X)) -1) \ >> > + ? (unsigned long long) (X) \ >> > + : (long long) (X))); \ >> > + _Pragma ("GCC diagnostic pop"); \ >> > + }) >> > #endif /* __ASSEMBLER__ */ >> >> This should use long int instead long everywhere. > > I will update. > >> __builtin_classify_type is undocumented. I'm not sure if its behavior >> and the constant 5 is actually stable across GCC versions, but the >> powerpc uses it as well, for a slightly difference purpose (to >> recognize array arguments, it seems). > > include/libc-pointer-arith.h has > > /* 1 if 'type' is a pointer type, 0 otherwise. */ > # define __pointer_type(type) (__builtin_classify_type ((type) 0) == 5) > > If __builtin_classify_type ever changes, glibc won't build correctly. I see. In this case, can we solely rely on __builtin_classify_type? I dont't think the inner ternary operator is necessary. /* Enforce zero-extension for pointers and array system call arguments. For integer types, extend to long long int (the full register) using a regular cast, resulting in zero or sign extension based on the signed-ness of the original type. */ #define ARGIFY(X) \ ({ \ _Pragma ("GCC diagnostic push"); \ _Pragma ("GCC diagnostic ignored \"-Wpointer-to-int-cast\""); \ (__builtin_classify_type (X) == 5 \ ? (long long int) (uintptr_t) (X) \ : (long long int) (X))); \ _Pragma ("GCC diagnostic pop"); \ }) (Untested, sorry.)
diff --git a/sysdeps/unix/sysv/linux/x86_64/sysdep.h b/sysdeps/unix/sysv/linux/x86_64/sysdep.h index 06e39212ee..93dad97c8f 100644 --- a/sysdeps/unix/sysv/linux/x86_64/sysdep.h +++ b/sysdeps/unix/sysv/linux/x86_64/sysdep.h @@ -219,12 +219,14 @@ /* Registers clobbered by syscall. */ # define REGISTERS_CLOBBERED_BY_SYSCALL "cc", "r11", "cx" -/* Create a variable 'name' based on type 'X' to avoid explicit types. - This is mainly used set use 64-bits arguments in x32. */ -#define TYPEFY(X, name) __typeof__ ((X) - (X)) name +/* This also works when X is an array. */ +#define TYPEFY1(X) __typeof__ ((X) - (X)) /* Explicit cast the argument to avoid integer from pointer warning on x32. */ -#define ARGIFY(X) ((__typeof__ ((X) - (X))) (X)) +#define ARGIFY(X) ((TYPEFY1 (X)) (X)) +/* Create a variable 'name' based on type 'X' to avoid explicit types. + This is mainly used set use 64-bits arguments in x32. */ +#define TYPEFY(X, name) __typeof__ (ARGIFY (X) - ARGIFY (X)) name #undef INTERNAL_SYSCALL #define INTERNAL_SYSCALL(name, nr, args...) \ diff --git a/sysdeps/unix/sysv/linux/x86_64/x32/sysdep.h b/sysdeps/unix/sysv/linux/x86_64/x32/sysdep.h index 2b5cf0c0ea..f3bc7e89df 100644 --- a/sysdeps/unix/sysv/linux/x86_64/x32/sysdep.h +++ b/sysdeps/unix/sysv/linux/x86_64/x32/sysdep.h @@ -44,6 +44,24 @@ # define ZERO_EXTEND_5 movl %r8d, %r8d; # undef ZERO_EXTEND_6 # define ZERO_EXTEND_6 movl %r9d, %r9d; +#else /*! __ASSEMBLER__ */ +# undef ARGIFY +/* For x32, cast + 1. pointer to unsigned long (32 bit). + 2. 32-bit unsigned integer to unsigned long long (64 bit). + 3. 32-bit integer to long long (64 bit). + */ +# define ARGIFY(X) \ + ({ \ + _Pragma ("GCC diagnostic push"); \ + _Pragma ("GCC diagnostic ignored \"-Wpointer-to-int-cast\""); \ + (__builtin_classify_type (X) == 5 \ + ? (unsigned long) (X) \ + : ((sizeof (X) <= 4 && (TYPEFY1 (X)) 0 < (TYPEFY1 (X)) -1) \ + ? (unsigned long long) (X) \ + : (long long) (X))); \ + _Pragma ("GCC diagnostic pop"); \ + }) #endif /* __ASSEMBLER__ */ #endif /* linux/x86_64/x32/sysdep.h */