From: Linus Torvalds <torvalds@linux-foundation.org> To: <luto@kernel.org> Cc: <dave.hansen@linux.intel.com>, <sean.j.christopherson@intel.com>, <jethro@fortanix.com>, <jarkko.sakkinen@linux.intel.com>, <fweimer@redhat.com>, <linux-api@vger.kernel.org>, Jann Horn <jannh@google.com>, <x86@kernel.org>, <linux-arch@vger.kernel.org>, "Linux Kernel Mailing List" <linux-kernel@vger.kernel.org>, Peter Zijlstra <peterz@infradead.org>, <dalias@libc.org>, <nhorman@redhat.com>, <npmccallum@redhat.com>, <serge.ayoun@intel.com>, <shay.katz-zamir@intel.com>, <linux-sgx@vger.kernel.org>, <andriy.shevchenko@linux.intel.com>, <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>, <bp@alien8.de> Subject: Re: RFC: userspace exception fixups Date: Thu, 1 Nov 2018 12:06:21 -0700 [thread overview] Message-ID: <CAHk-=wjJhdr3JCnGrMKqL-prxYd__kkAspKVYBO3BYYmq2hu4A@mail.gmail.com> (raw) In-Reply-To: <CALCETrWdpoDkbZjkucKL91GWpDPG9p=VqYrULade2pFDR7S=GQ@mail.gmail.com> On Thu, Nov 1, 2018 at 10:53 AM Andy Lutomirski <luto@kernel.org> wrote: > > There's been some discussion of adding a vDSO entry point to wrap > EENTER and do something sensible with the exceptions, I think that's likely the right thing to do, and would be similar to sysenter. > The basic idea would be to allow libc, or maybe even any library, to > register a handler that gets a chance to act on an exception caused by > a user instruction before a signal is delivered. As a straw-man > example for how this could work, there could be a new syscall: > > long register_exception_handler(void (*handler)(int, siginfo_t *, void *)); I'm not a huge fan of signals, but the above is an abomination. It has all the problems of signals _and_ then some. And it in absolutely no way fixes the problem with libraires. In fact, it arguably makes it much much worse, since now there's only one single library that can register it. Yes yes, maybe a library would then expose _another_ interface to other libraries and act as some kind of dispatch point, but on the whole the above is just crazy and fundamentally broken. If you want to register an exception, you need to make it clear (a) which _thread_ the exception registration is valid for (b) which _range_ the exception registration is valid for (c) which _fault_ the exception registration is valid for (page fault, div-by-zero, whatever) (d) which save area (aka stack) and exception handler point. Note that (b) might be more than just an exception IP range. It might well be interesting to register the exception by page fault address (in addition to code range). If you do something that does all of (a)-(d), and you allow some limited number of exception registrations, then maybe. Because at that point, you have something that is actually actively more powerful than signal handling is. But your suggested "just register a broken form of signal handling for a special case" is just wrong. Don't do it. Linus
WARNING: multiple messages have this Message-ID (diff)
From: Linus Torvalds <torvalds@linux-foundation.org> To: luto@kernel.org Cc: dave.hansen@linux.intel.com, sean.j.christopherson@intel.com, jethro@fortanix.com, jarkko.sakkinen@linux.intel.com, fweimer@redhat.com, linux-api@vger.kernel.org, Jann Horn <jannh@google.com>, x86@kernel.org, linux-arch@vger.kernel.org, Linux Kernel Mailing List <linux-kernel@vger.kernel.org>, Peter Zijlstra <peterz@infradead.org>, dalias@libc.org, nhorman@redhat.com, npmccallum@redhat.com, serge.ayoun@intel.com, shay.katz-zamir@intel.com, linux-sgx@vger.kernel.org, andriy.shevchenko@linux.intel.com, tglx@linutronix.de, Ingo Molnar <mingo@redhat.com>, bp@alien8.de Subject: Re: RFC: userspace exception fixups Date: Thu, 1 Nov 2018 12:06:21 -0700 [thread overview] Message-ID: <CAHk-=wjJhdr3JCnGrMKqL-prxYd__kkAspKVYBO3BYYmq2hu4A@mail.gmail.com> (raw) Message-ID: <20181101190621.ybq-3XjMBdTaOx1DgZomZae3qW54u7Ljs9-29Id_ogc@z> (raw) In-Reply-To: <CALCETrWdpoDkbZjkucKL91GWpDPG9p=VqYrULade2pFDR7S=GQ@mail.gmail.com> On Thu, Nov 1, 2018 at 10:53 AM Andy Lutomirski <luto@kernel.org> wrote: > > There's been some discussion of adding a vDSO entry point to wrap > EENTER and do something sensible with the exceptions, I think that's likely the right thing to do, and would be similar to sysenter. > The basic idea would be to allow libc, or maybe even any library, to > register a handler that gets a chance to act on an exception caused by > a user instruction before a signal is delivered. As a straw-man > example for how this could work, there could be a new syscall: > > long register_exception_handler(void (*handler)(int, siginfo_t *, void *)); I'm not a huge fan of signals, but the above is an abomination. It has all the problems of signals _and_ then some. And it in absolutely no way fixes the problem with libraires. In fact, it arguably makes it much much worse, since now there's only one single library that can register it. Yes yes, maybe a library would then expose _another_ interface to other libraries and act as some kind of dispatch point, but on the whole the above is just crazy and fundamentally broken. If you want to register an exception, you need to make it clear (a) which _thread_ the exception registration is valid for (b) which _range_ the exception registration is valid for (c) which _fault_ the exception registration is valid for (page fault, div-by-zero, whatever) (d) which save area (aka stack) and exception handler point. Note that (b) might be more than just an exception IP range. It might well be interesting to register the exception by page fault address (in addition to code range). If you do something that does all of (a)-(d), and you allow some limited number of exception registrations, then maybe. Because at that point, you have something that is actually actively more powerful than signal handling is. But your suggested "just register a broken form of signal handling for a special case" is just wrong. Don't do it. Linus
next prev parent reply other threads:[~2018-11-01 19:06 UTC|newest] Thread overview: 163+ messages / expand[flat|nested] mbox.gz Atom feed top 2018-11-01 17:53 RFC: userspace exception fixups Andy Lutomirski 2018-11-01 17:53 ` Andy Lutomirski 2018-11-01 18:09 ` Florian Weimer 2018-11-01 18:09 ` Florian Weimer 2018-11-01 18:30 ` Rich Felker 2018-11-01 18:30 ` Rich Felker 2018-11-01 19:00 ` Jarkko Sakkinen 2018-11-01 19:00 ` Jarkko Sakkinen 2018-11-01 18:27 ` Rich Felker 2018-11-01 18:27 ` Rich Felker 2018-11-01 18:33 ` Jann Horn 2018-11-01 18:33 ` Jann Horn 2018-11-01 18:52 ` Rich Felker 2018-11-01 18:52 ` Rich Felker 2018-11-01 19:10 ` Linus Torvalds 2018-11-01 19:10 ` Linus Torvalds 2018-11-01 19:31 ` Rich Felker 2018-11-01 19:31 ` Rich Felker 2018-11-01 21:24 ` Linus Torvalds 2018-11-01 21:24 ` Linus Torvalds 2018-11-01 23:22 ` Andy Lutomirski 2018-11-01 23:22 ` Andy Lutomirski 2018-11-02 16:30 ` Sean Christopherson 2018-11-02 16:30 ` Sean Christopherson 2018-11-02 16:37 ` Jethro Beekman 2018-11-02 16:37 ` Jethro Beekman 2018-11-02 16:52 ` Sean Christopherson 2018-11-02 16:52 ` Sean Christopherson 2018-11-02 16:56 ` Jethro Beekman 2018-11-02 16:56 ` Jethro Beekman 2018-11-02 17:01 ` Andy Lutomirski 2018-11-02 17:01 ` Andy Lutomirski 2018-11-02 17:05 ` Jethro Beekman 2018-11-02 17:05 ` Jethro Beekman 2018-11-02 17:16 ` Andy Lutomirski 2018-11-02 17:16 ` Andy Lutomirski 2018-11-02 17:32 ` Rich Felker 2018-11-02 17:32 ` Rich Felker 2018-11-02 17:12 ` Sean Christopherson 2018-11-02 17:12 ` Sean Christopherson 2018-11-02 22:42 ` Jarkko Sakkinen 2018-11-02 22:42 ` Jarkko Sakkinen 2018-11-02 16:56 ` Dave Hansen 2018-11-02 16:56 ` Dave Hansen 2018-11-02 17:06 ` Sean Christopherson 2018-11-02 17:06 ` Sean Christopherson 2018-11-02 17:13 ` Dave Hansen 2018-11-02 17:13 ` Dave Hansen 2018-11-02 17:33 ` Sean Christopherson 2018-11-02 17:33 ` Sean Christopherson 2018-11-02 17:48 ` Andy Lutomirski 2018-11-02 17:48 ` Andy Lutomirski 2018-11-02 18:27 ` Sean Christopherson 2018-11-02 18:27 ` Sean Christopherson 2018-11-02 19:02 ` Jann Horn 2018-11-02 19:02 ` Jann Horn 2018-11-02 22:04 ` Sean Christopherson 2018-11-02 22:04 ` Sean Christopherson 2018-11-02 23:27 ` Jann Horn 2018-11-02 23:27 ` Jann Horn 2018-11-02 23:32 ` Andy Lutomirski 2018-11-02 23:32 ` Andy Lutomirski 2018-11-02 23:36 ` Jann Horn 2018-11-02 23:36 ` Jann Horn 2018-11-06 15:37 ` Sean Christopherson 2018-11-06 15:37 ` Sean Christopherson 2018-11-06 16:57 ` Andy Lutomirski 2018-11-06 16:57 ` Andy Lutomirski 2018-11-06 17:03 ` Dave Hansen 2018-11-06 17:03 ` Dave Hansen 2018-11-06 17:19 ` Sean Christopherson 2018-11-06 17:19 ` Sean Christopherson 2018-11-06 18:20 ` Andy Lutomirski 2018-11-06 18:20 ` Andy Lutomirski 2018-11-06 18:41 ` Dave Hansen 2018-11-06 18:41 ` Dave Hansen 2018-11-06 19:02 ` Andy Lutomirski 2018-11-06 19:02 ` Andy Lutomirski 2018-11-06 19:22 ` Dave Hansen 2018-11-06 19:22 ` Dave Hansen 2018-11-06 20:12 ` Andy Lutomirski 2018-11-06 20:12 ` Andy Lutomirski 2018-11-06 21:00 ` Dave Hansen 2018-11-06 21:00 ` Dave Hansen 2018-11-06 21:07 ` Andy Lutomirski 2018-11-06 21:07 ` Andy Lutomirski 2018-11-06 21:41 ` Andy Lutomirski 2018-11-06 21:41 ` Andy Lutomirski 2018-11-06 21:59 ` Sean Christopherson 2018-11-06 21:59 ` Sean Christopherson 2018-11-06 23:00 ` Andy Lutomirski 2018-11-06 23:00 ` Andy Lutomirski 2018-11-06 23:35 ` Sean Christopherson 2018-11-06 23:35 ` Sean Christopherson 2018-11-06 23:39 ` Andy Lutomirski 2018-11-06 23:39 ` Andy Lutomirski 2018-11-07 0:02 ` Sean Christopherson 2018-11-07 0:02 ` Sean Christopherson 2018-11-07 1:17 ` Andy Lutomirski 2018-11-07 1:17 ` Andy Lutomirski 2018-11-07 6:47 ` Jethro Beekman 2018-11-07 6:47 ` Jethro Beekman 2018-11-07 15:34 ` Sean Christopherson 2018-11-07 15:34 ` Sean Christopherson 2018-11-07 19:01 ` Sean Christopherson 2018-11-07 19:01 ` Sean Christopherson 2018-11-07 20:56 ` Dave Hansen 2018-11-07 20:56 ` Dave Hansen 2018-11-08 15:04 ` Jarkko Sakkinen 2018-11-08 15:04 ` Jarkko Sakkinen 2018-11-08 19:54 ` Sean Christopherson 2018-11-08 19:54 ` Sean Christopherson 2018-11-08 20:05 ` Andy Lutomirski 2018-11-08 20:05 ` Andy Lutomirski 2018-11-08 20:10 ` Dave Hansen 2018-11-08 20:10 ` Dave Hansen 2018-11-08 21:16 ` Sean Christopherson 2018-11-08 21:16 ` Sean Christopherson 2018-11-08 21:50 ` Dave Hansen 2018-11-08 21:50 ` Dave Hansen 2018-11-08 22:04 ` Sean Christopherson 2018-11-08 22:04 ` Sean Christopherson 2018-11-09 7:12 ` Christoph Hellwig 2018-11-09 7:12 ` Christoph Hellwig 2018-11-06 23:17 ` Rich Felker 2018-11-06 23:17 ` Rich Felker 2018-11-06 23:26 ` Sean Christopherson 2018-11-06 23:26 ` Sean Christopherson 2018-11-07 21:27 ` Rich Felker 2018-11-07 21:27 ` Rich Felker 2018-11-07 21:33 ` Andy Lutomirski 2018-11-07 21:33 ` Andy Lutomirski 2018-11-07 21:40 ` Sean Christopherson 2018-11-07 21:40 ` Sean Christopherson 2018-11-08 15:11 ` Jarkko Sakkinen 2018-11-08 15:11 ` Jarkko Sakkinen 2018-11-06 17:00 ` Dave Hansen 2018-11-06 17:00 ` Dave Hansen 2018-11-02 22:37 ` Jarkko Sakkinen 2018-11-02 22:37 ` Jarkko Sakkinen 2018-11-01 19:06 ` Linus Torvalds [this message] 2018-11-01 19:06 ` Linus Torvalds 2018-11-02 22:07 ` Jarkko Sakkinen 2018-11-02 22:07 ` Jarkko Sakkinen 2018-11-18 7:15 ` Jarkko Sakkinen 2018-11-18 7:18 ` Jarkko Sakkinen 2018-11-18 13:02 ` Jarkko Sakkinen 2018-11-19 5:17 ` Jethro Beekman 2018-11-19 14:05 ` Jarkko Sakkinen 2018-11-19 14:59 ` Jarkko Sakkinen 2018-11-19 15:29 ` Andy Lutomirski 2018-11-19 16:02 ` Jarkko Sakkinen 2018-11-19 17:00 ` Andy Lutomirski 2018-11-20 10:11 ` Jarkko Sakkinen 2018-11-20 15:19 ` Andy Lutomirski 2018-11-20 22:55 ` Jarkko Sakkinen 2018-11-21 5:17 ` Jethro Beekman 2018-11-21 15:17 ` Jarkko Sakkinen 2018-11-24 17:07 ` Jarkko Sakkinen 2018-11-26 14:35 ` Sean Christopherson 2018-11-26 22:06 ` Jarkko Sakkinen 2018-11-20 18:09 ` Sean Christopherson 2018-11-20 22:46 ` Jarkko Sakkinen
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to='CAHk-=wjJhdr3JCnGrMKqL-prxYd__kkAspKVYBO3BYYmq2hu4A@mail.gmail.com' \ --to=torvalds@linux-foundation.org \ --cc=andriy.shevchenko@linux.intel.com \ --cc=bp@alien8.de \ --cc=dalias@libc.org \ --cc=dave.hansen@linux.intel.com \ --cc=fweimer@redhat.com \ --cc=jannh@google.com \ --cc=jarkko.sakkinen@linux.intel.com \ --cc=jethro@fortanix.com \ --cc=linux-api@vger.kernel.org \ --cc=linux-arch@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-sgx@vger.kernel.org \ --cc=luto@kernel.org \ --cc=mingo@redhat.com \ --cc=nhorman@redhat.com \ --cc=npmccallum@redhat.com \ --cc=peterz@infradead.org \ --cc=sean.j.christopherson@intel.com \ --cc=serge.ayoun@intel.com \ --cc=shay.katz-zamir@intel.com \ --cc=tglx@linutronix.de \ --cc=x86@kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).