Linux-api Archive on lore.kernel.org
 help / color / Atom feed
From: ebiederm@xmission.com (Eric W. Biederman)
To: Marco Elver <elver@google.com>
Cc: Florian Weimer <fweimer@redhat.com>,
	"David S. Miller" <davem@davemloft.net>,
	Arnd Bergmann <arnd@arndb.de>,
	Peter Zijlstra <peterz@infradead.org>,
	Ingo Molnar <mingo@kernel.org>,
	Thomas Gleixner <tglx@linutronix.de>,
	Peter Collingbourne <pcc@google.com>,
	Dmitry Vyukov <dvyukov@google.com>,
	Alexander Potapenko <glider@google.com>,
	sparclinux@vger.kernel.org, linux-arch@vger.kernel.org,
	linux-kernel@vger.kernel.org, linux-api@vger.kernel.org,
	kasan-dev@googlegroups.com
Subject: Re: siginfo_t ABI break on sparc64 from si_addr_lsb move 3y ago
Date: Thu, 29 Apr 2021 12:23:54 -0500
Message-ID: <m11rat9f85.fsf@fess.ebiederm.org> (raw)
In-Reply-To: <YIpkvGrBFGlB5vNj@elver.google.com> (Marco Elver's message of "Thu, 29 Apr 2021 09:48:12 +0200")

Marco Elver <elver@google.com> writes:

> Hello,  Eric,
>
> By inspecting the logs I've seen that about 3 years ago there had been a
> number of siginfo_t cleanups. This included moving si_addr_lsb:
>
> 	b68a68d3dcc1 ("signal: Move addr_lsb into the _sigfault union for clarity")
> 	859d880cf544 ("signal: Correct the offset of si_pkey in struct siginfo")
>  	8420f71943ae ("signal: Correct the offset of si_pkey and si_lower in struct siginfo on m68k")
>
> In an ideal world, we could just have si_addr + the union in _sigfault,
> but it seems there are more corner cases. :-/
>
> The reason I've stumbled upon this is that I wanted to add the just
> merged si_perf [1] field to glibc. But what I noticed is that glibc's
> definition and ours are vastly different around si_addr_lsb, si_lower,
> si_upper, and si_pkey.
>
> [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=42dec9a936e7696bea1f27d3c5a0068cd9aa95fd
>
> In our current definition of siginfo_t, si_addr_lsb is placed into the
> same union as si_lower, si_upper, and si_pkey (and now si_perf). From
> the logs I see that si_lower, si_upper, and si_pkey are padded because
> si_addr_lsb used to be outside the union, which goes back to
> "signal: Move addr_lsb into the _sigfault union for clarity".
>
> Since then, si_addr_lsb must also be pointer-aligned, because the union
> containing it must be pointer-aligned (because si_upper, si_lower). On
> all architectures where si_addr_lsb is right after si_addr, this is
> perfectly fine, because si_addr itself is a pointer...
>
> ... except for the anomaly that are 64-bit architectures that define
> __ARCH_SI_TRAPNO and want that 'int si_trapno'. Like, for example
> sparc64, which means siginfo_t's ABI has been subtly broken on sparc64
> since v4.16.
>
> The following static asserts illustrate this:
>
> --- a/arch/sparc/kernel/signal_64.c
> +++ b/arch/sparc/kernel/signal_64.c
> @@ -556,3 +556,37 @@ void do_notify_resume(struct pt_regs *regs, unsigned long orig_i0, unsigned long
>  	user_enter();
>  }
>  
> +static_assert(offsetof(siginfo_t, si_signo)	== 0);
> +static_assert(offsetof(siginfo_t, si_errno)	== 4);
> +static_assert(offsetof(siginfo_t, si_code)	== 8);
> +static_assert(offsetof(siginfo_t, si_pid)	== 16);
> +static_assert(offsetof(siginfo_t, si_uid)	== 20);
> +static_assert(offsetof(siginfo_t, si_tid)	== 16);
> +static_assert(offsetof(siginfo_t, si_overrun)	== 20);
> +static_assert(offsetof(siginfo_t, si_status)	== 24);
> +static_assert(offsetof(siginfo_t, si_utime)	== 32);
> +static_assert(offsetof(siginfo_t, si_stime)	== 40);
> +static_assert(offsetof(siginfo_t, si_value)	== 24);
> +static_assert(offsetof(siginfo_t, si_int)	== 24);
> +static_assert(offsetof(siginfo_t, si_ptr)	== 24);
> +static_assert(offsetof(siginfo_t, si_addr)	== 16);
> +static_assert(offsetof(siginfo_t, si_trapno)	== 24);
> +#if 1 /* Correct offsets, obtained from v4.14 */
> +static_assert(offsetof(siginfo_t, si_addr_lsb)	== 28);
> +static_assert(offsetof(siginfo_t, si_lower)	== 32);
> +static_assert(offsetof(siginfo_t, si_upper)	== 40);
> +static_assert(offsetof(siginfo_t, si_pkey)	== 32);
> +#else /* Current offsets, as of v4.16 */
> +static_assert(offsetof(siginfo_t, si_addr_lsb)	== 32);
> +static_assert(offsetof(siginfo_t, si_lower)	== 40);
> +static_assert(offsetof(siginfo_t, si_upper)	== 48);
> +static_assert(offsetof(siginfo_t, si_pkey)	== 40);
> +#endif
> +static_assert(offsetof(siginfo_t, si_band)	== 16);
> +static_assert(offsetof(siginfo_t, si_fd)	== 20);
>
> ---
>
> Granted, nobody seems to have noticed because I don't even know if these
> fields have use on sparc64. But I don't yet see this as justification to
> leave things as-is...
>
> The collateral damage of this, and the acute problem that I'm having is
> defining si_perf in a sort-of readable and portable way in siginfo_t
> definitions that live outside the kernel, where sparc64 does not yet
> have broken si_addr_lsb. And the same difficulty applies to the kernel
> if we want to unbreak sparc64, while not wanting to move si_perf for
> other architectures.
>
> There are 2 options I see to solve this:
>
> 1. Make things simple again. We could just revert the change moving
>    si_addr_lsb into the union, and sadly accept we'll have to live with
>    that legacy "design" mistake. (si_perf stays in the union, but will
>    unfortunately change its offset for all architectures... this one-off
>    move might be ok because it's new.)
>
> 2. Add special cases to retain si_addr_lsb in the union on architectures
>    that do not have __ARCH_SI_TRAPNO (the majority). I have added a
>    draft patch that would do this below (with some refactoring so that
>    it remains sort-of readable), as an experiment to see how complicated
>    this gets.
>
> Which option do you prefer? Are there better options?

Personally the most important thing to have is a single definition
shared by all architectures so that we consolidate testing.

A little piece of me cries a little whenever I see how badly we
implemented the POSIX design.  As specified by POSIX the fields can be
place in siginfo such that 32bit and 64bit share a common definition.
Unfortunately we did not addpadding after si_addr on 32bit to
accommodate a 64bit si_addr.

I find it unfortunate that we are adding yet another definition that
requires translation between 32bit and 64bit, but I am glad
that at least the translation is not architecture specific.  That common
definition is what has allowed this potential issue to be caught
and that makes me very happy to see.

Let's go with Option 3.

Confirm BUS_MCEERR_AR, BUS_MCEERR_AO, SEGV_BNDERR, SEGV_PKUERR are not
in use on any architecture that defines __ARCH_SI_TRAPNO, and then fixup
the userspace definitions of these fields.

To the kernel I would add some BUILD_BUG_ON's to whatever the best
maintained architecture (sparc64?) that implements __ARCH_SI_TRAPNO just
to confirm we don't create future regressions by accident.

I did a quick search and the architectures that define __ARCH_SI_TRAPNO
are sparc, mips, and alpha.  All have 64bit implementations.  A further
quick search shows that none of those architectures have faults that
use BUS_MCEERR_AR, BUS_MCEERR_AO, SEGV_BNDERR, SEGV_PKUERR, nor do
they appear to use mm/memory-failure.c

So it doesn't look like we have an ABI regression to fix.

Eric

  reply index

Thread overview: 118+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-04-29  7:48 Marco Elver
2021-04-29 17:23 ` Eric W. Biederman [this message]
2021-04-29 18:46   ` Marco Elver
2021-04-29 20:48   ` Arnd Bergmann
2021-04-30 17:08     ` Eric W. Biederman
2021-04-30 19:07       ` Marco Elver
2021-04-30 20:15         ` Eric W. Biederman
2021-04-30 23:50           ` Marco Elver
2021-04-30 22:49         ` [RFC][PATCH 0/3] signal: Move si_trapno into the _si_fault union Eric W. Biederman
2021-04-30 22:50           ` [PATCH 1/3] siginfo: Move si_trapno inside the union inside _si_fault Eric W. Biederman
2021-05-01 10:31             ` Marco Elver
2021-05-02 18:27               ` Eric W. Biederman
2021-04-30 22:54           ` [PATCH 2/3] signal: Implement SIL_FAULT_TRAPNO Eric W. Biederman
2021-04-30 23:19             ` Eric W. Biederman
2021-05-01 10:33             ` Marco Elver
2021-05-02 18:24               ` Eric W. Biederman
2021-04-30 22:55           ` [PATCH 3/3] signal: Use dedicated helpers to send signals with si_trapno set Eric W. Biederman
2021-05-01 10:33             ` Marco Elver
2021-04-30 22:56           ` [PATCH 4/3] signal: Remove __ARCH_SI_TRAPNO Eric W. Biederman
2021-04-30 23:23           ` Is perf_sigtrap synchronous? Eric W. Biederman
2021-05-01  0:28             ` Marco Elver
2021-04-30 23:42           ` [PATCH 5/3] signal: Rename SIL_PERF_EVENT SIL_FAULT_PERF_EVENT for consistency Eric W. Biederman
2021-05-01 10:35             ` Marco Elver
2021-04-30 23:43           ` [PATCH 6/3] signal: Factor force_sig_perf out of perf_sigtrap Eric W. Biederman
2021-05-01 10:45             ` Marco Elver
2021-04-30 23:43           ` [PATCH 7/3] signal: Deliver all of the perf_data in si_perf Eric W. Biederman
2021-05-01 10:47             ` Marco Elver
2021-05-02 18:39               ` Eric W. Biederman
2021-05-02 19:13                 ` Marco Elver
2021-05-03 12:44                 ` Peter Zijlstra
2021-05-03 19:38                   ` Eric W. Biederman
2021-05-03 19:53                     ` Marco Elver
2021-04-30 23:47           ` [RFC][PATCH 0/3] signal: Move si_trapno into the _si_fault union Eric W. Biederman
2021-05-01  0:37             ` Marco Elver
2021-05-01 15:16               ` Eric W. Biederman
2021-05-01 16:24                 ` Marco Elver
2021-05-03 20:25                   ` [PATCH 00/12] signal: sort out si_trapno and si_perf Eric W. Biederman
2021-05-03 20:38                     ` [PATCH 01/12] sparc64: Add compile-time asserts for siginfo_t offsets Eric W. Beiderman
2021-05-03 20:38                       ` [PATCH 02/12] arm: " Eric W. Beiderman
2021-05-03 20:38                       ` [PATCH 03/12] arm64: " Eric W. Beiderman
2021-05-03 20:38                       ` [PATCH 04/12] siginfo: Move si_trapno inside the union inside _si_fault Eric W. Beiderman
2021-05-03 20:38                       ` [PATCH 05/12] signal: Implement SIL_FAULT_TRAPNO Eric W. Beiderman
2021-05-03 20:38                       ` [PATCH 06/12] signal: Use dedicated helpers to send signals with si_trapno set Eric W. Beiderman
2021-05-03 20:38                       ` [PATCH 07/12] signal: Remove __ARCH_SI_TRAPNO Eric W. Beiderman
2021-05-03 20:38                       ` [PATCH 08/12] signal: Rename SIL_PERF_EVENT SIL_FAULT_PERF_EVENT for consistency Eric W. Beiderman
2021-05-03 20:38                       ` [PATCH 09/12] signal: Factor force_sig_perf out of perf_sigtrap Eric W. Beiderman
2021-05-03 20:38                       ` [PATCH 10/12] signal: Redefine signinfo so 64bit fields are possible Eric W. Beiderman
2021-05-03 21:04                         ` Eric W. Biederman
2021-05-03 22:47                           ` Marco Elver
2021-05-04  3:42                             ` Eric W. Biederman
2021-05-04  4:03                               ` Peter Collingbourne
2021-05-04  9:52                                 ` Marco Elver
2021-05-04 16:16                                   ` Eric W. Biederman
2021-05-03 20:38                       ` [PATCH 11/12] signal: Deliver all of the siginfo perf data in _perf Eric W. Beiderman
2021-05-03 20:38                       ` [PATCH 12/12] signalfd: Remove SIL_FAULT_PERF_EVENT fields from signalfd_siginfo Eric W. Beiderman
2021-05-04 21:13                     ` [PATCH v3 00/12] signal: sort out si_trapno and si_perf Eric W. Biederman
2021-05-04 22:05                       ` Marco Elver
2021-05-05 14:12                         ` Eric W. Biederman
2021-05-05 14:10                       ` [PATCH v3 01/12] sparc64: Add compile-time asserts for siginfo_t offsets Eric W. Beiderman
2021-05-05 14:10                         ` [PATCH v3 02/12] arm: " Eric W. Beiderman
2021-05-05 14:10                         ` [PATCH v3 03/12] arm64: " Eric W. Beiderman
2021-05-05 14:10                         ` [PATCH v3 04/12] signal: Verify the alignment and size of siginfo_t Eric W. Beiderman
2021-05-05 17:24                           ` Marco Elver
2021-05-05 14:10                         ` [PATCH v3 05/12] siginfo: Move si_trapno inside the union inside _si_fault Eric W. Beiderman
2021-05-05 14:10                         ` [PATCH v3 06/12] signal: Implement SIL_FAULT_TRAPNO Eric W. Beiderman
2021-05-05 17:25                           ` Marco Elver
2021-05-05 14:10                         ` [PATCH v3 07/12] signal: Use dedicated helpers to send signals with si_trapno set Eric W. Beiderman
2021-05-05 17:25                           ` Marco Elver
2021-05-05 14:10                         ` [PATCH v3 08/12] signal: Remove __ARCH_SI_TRAPNO Eric W. Beiderman
2021-05-05 17:25                           ` Marco Elver
2021-05-05 14:10                         ` [PATCH v3 09/12] signal: Rename SIL_PERF_EVENT SIL_FAULT_PERF_EVENT for consistency Eric W. Beiderman
2021-05-05 17:26                           ` Marco Elver
2021-05-05 14:10                         ` [PATCH v3 10/12] signal: Factor force_sig_perf out of perf_sigtrap Eric W. Beiderman
2021-05-05 17:26                           ` Marco Elver
2021-05-06 10:54                           ` Peter Zijlstra
2021-05-05 14:11                         ` [PATCH v3 11/12] signal: Deliver all of the siginfo perf data in _perf Eric W. Beiderman
2021-05-05 17:27                           ` Marco Elver
2021-05-05 14:11                         ` [PATCH v3 12/12] signalfd: Remove SIL_FAULT_PERF_EVENT fields from signalfd_siginfo Eric W. Beiderman
2021-05-05 17:27                           ` Marco Elver
2021-05-05 17:28                       ` [PATCH v3 00/12] signal: sort out si_trapno and si_perf Marco Elver
2021-05-06  7:00                       ` Geert Uytterhoeven
2021-05-06 10:43                         ` Marco Elver
2021-05-06 15:28                           ` Eric W. Biederman
2021-05-06 15:14                         ` Eric W. Biederman
2021-05-14  4:54                       ` [GIT PULL] siginfo: ABI fixes for v5.13-rc2 Eric W. Biederman
2021-05-14 19:14                         ` Linus Torvalds
2021-05-14 21:15                           ` Eric W. Biederman
2021-05-14 22:38                             ` Eric W. Biederman
2021-05-16  7:40                         ` Ingo Molnar
2021-05-17 15:29                           ` Eric W. Biederman
2021-05-21 14:59                         ` [GIT PULL] siginfo: ABI fixes for v5.13-rc3 Eric W. Biederman
2021-05-21 16:34                           ` pr-tracker-bot
2021-05-17 19:56                       ` [PATCH v4 0/5] siginfo: ABI fixes for TRAP_PERF Eric W. Biederman
2021-05-17 19:57                         ` [PATCH v4 1/5] siginfo: Move si_trapno inside the union inside _si_fault Eric W. Beiderman
2021-05-17 19:57                           ` [PATCH v4 2/5] signal: Implement SIL_FAULT_TRAPNO Eric W. Beiderman
2021-05-17 19:57                           ` [PATCH v4 3/5] signal: Factor force_sig_perf out of perf_sigtrap Eric W. Beiderman
2021-05-17 19:57                           ` [PATCH v4 4/5] signal: Deliver all of the siginfo perf data in _perf Eric W. Beiderman
2021-05-17 19:57                           ` [PATCH v4 5/5] signalfd: Remove SIL_PERF_EVENT fields from signalfd_siginfo Eric W. Beiderman
2021-05-17 20:53                         ` [PATCH v4 0/5] siginfo: ABI fixes for TRAP_PERF Marco Elver
2021-05-18  3:46                           ` Eric W. Biederman
2021-05-18  6:44                             ` Marco Elver
2021-05-01 16:26               ` [RFC][PATCH 0/3] signal: Move si_trapno into the _si_fault union Marco Elver
2021-07-15 18:09           ` [PATCH 0/6] Final si_trapno bits Eric W. Biederman
2021-07-15 18:11             ` [PATCH 1/6] sparc64: Add compile-time asserts for siginfo_t offsets Eric W. Biederman
2021-07-15 18:11             ` [PATCH 2/6] arm: " Eric W. Biederman
2021-07-15 18:11             ` [PATCH 3/6] arm64: " Eric W. Biederman
2021-07-15 18:12             ` [PATCH 4/6] signal/sparc: si_trapno is only used with SIGILL ILL_ILLTRP Eric W. Biederman
2021-07-16 11:49               ` Marco Elver
2021-07-15 18:12             ` [PATCH 5/6] signal/alpha: si_trapno is only used with SIGFPE and SIGTRAP TRAP_UNK Eric W. Biederman
2021-07-16 11:48               ` Marco Elver
2021-07-15 18:13             ` [PATCH 6/6] signal: Remove the generic __ARCH_SI_TRAPNO support Eric W. Biederman
2021-07-16 11:48               ` Marco Elver
2021-07-16 11:50             ` [PATCH 0/6] Final si_trapno bits Marco Elver
2021-07-16 16:08               ` Eric W. Biederman
2021-07-16 17:15                 ` Marco Elver
2021-07-16 16:06             ` [PATCH 7/7] signal: Verify the alignment and size of siginfo_t Eric W. Biederman
2021-07-16 16:07             ` [PATCH 8/6] signal: Rename SIL_PERF_EVENT SIL_FAULT_PERF_EVENT for consistency Eric W. Biederman
2021-04-30 20:43       ` siginfo_t ABI break on sparc64 from si_addr_lsb move 3y ago Arnd Bergmann

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=m11rat9f85.fsf@fess.ebiederm.org \
    --to=ebiederm@xmission.com \
    --cc=arnd@arndb.de \
    --cc=davem@davemloft.net \
    --cc=dvyukov@google.com \
    --cc=elver@google.com \
    --cc=fweimer@redhat.com \
    --cc=glider@google.com \
    --cc=kasan-dev@googlegroups.com \
    --cc=linux-api@vger.kernel.org \
    --cc=linux-arch@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@kernel.org \
    --cc=pcc@google.com \
    --cc=peterz@infradead.org \
    --cc=sparclinux@vger.kernel.org \
    --cc=tglx@linutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-api Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-api/0 linux-api/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-api linux-api/ https://lore.kernel.org/linux-api \
		linux-api@vger.kernel.org
	public-inbox-index linux-api

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-api


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git