From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pf1-x434.google.com (mail-pf1-x434.google.com [IPv6:2607:f8b0:4864:20::434]) by sourceware.org (Postfix) with ESMTPS id A48F43858C52 for ; Wed, 10 Apr 2024 14:00:39 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org A48F43858C52 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org A48F43858C52 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::434 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712757641; cv=none; b=kZTL6XuGGK7b0xQaiZY+jBSrOmB824a7/gx/fEJfTvX/lYaV0SGvErs7G6q4/1w06pxwl99cx9mxJ4ZhhNxmHdvUtf+sJNq1xCT07DwfIBvOXYITt4v/qsriNjGyYmmAXDEVirSRuQg78pyXc/knrMNqk2yob11vPDJ4Pn6WcyA= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712757641; c=relaxed/simple; bh=dAykqwRzlC2La9U2bJs9G8o1LtOSUxpIDacScUgEehw=; h=DKIM-Signature:Date:Message-ID:From:To:Subject; b=kdA2hVOk0Mhb2whVGC4lcIrK9X+meFN3qm6bBPm6sKaT9vI8fZadiARfq7kJFWCje6XniErHu8LPHj5vftVCJ19DkKGTuVLbxLah4Q39AF9eCjhHILE6kVeqVw47g4OQB2EkhyYIS76zOb6Z0duJxsLWP4h8X62cByuNoZIKsqQ= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pf1-x434.google.com with SMTP id d2e1a72fcca58-6eced6fd98aso5995598b3a.0 for ; Wed, 10 Apr 2024 07:00:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1712757638; x=1713362438; darn=gcc.gnu.org; h=in-reply-to:subject:to:from:message-id:date:from:to:cc:subject:date :message-id:reply-to; bh=dAykqwRzlC2La9U2bJs9G8o1LtOSUxpIDacScUgEehw=; b=Odc4o7gZ2/SEqO5rM6SvTxMIFFwIzizsgCtEY7Q/+9NTVQtKq+00+LxS5GCPPC72G/ iv0k6C+KJLY7fu8nhZT5D2S6+YE0+gjVZIxO+5q9Xz4JKgwh4czwU+eAs11EMsKvOhip k1434+4o/+b/i2iCngNnpW+HE+doVLLlDsx7VguDi6J39ARZeAnq1mQPNieGv+QAOwFr KgFNhqnan8Bcs+h2YkdzaZ8Uv6/7gRB5lQGKMZgAD3mdKg7tVjcBK6b9bhXzU3OXzRia fFQnG8yLl65Hw2U6g3dCGmTl75EA66iOw3/wnr9bq+deYZaqfc9oFnPRdhXToiH5vRUk EUfw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712757638; x=1713362438; h=in-reply-to:subject:to:from:message-id:date:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=dAykqwRzlC2La9U2bJs9G8o1LtOSUxpIDacScUgEehw=; b=SxfEuaqF3GKSM3otLFjmBRf6dP08kVb10trL4Id7ttiWHkSPviz0TmGVnjyuOpUove rOdRoXT5J6vGYfrEOozNCXPFhKH1fhwDjJ+hjG5fbvieEz58oVJK4oEb2m+GEneKUw3W q7mc5/oUrOIWd4vEEazBGjPj2xXJrstXfNGDVDHo6iV+HriVo6hoeITY5j0m1bVEy3I9 5XFqubykQ7dtkUwrECaPvztVDPalOVPcqSrEnbs25T10pu4cUIHRK9nGZDcccdGfB59D nhL4eNvL14JIHTeTCdfh3Mk4gRwebpIvrYJutYBy4Bx5Sjev9VLHT5EBXgmmkkX6/FL0 Blkw== X-Gm-Message-State: AOJu0YzO+1gH4p+HK2dsVyU9htjyu+vkqhZPiOACW58/XrgSLeLpKfUy P8KksrPFjzBgXCpNVyxziGWXX3awoYaht7LB7MwhhfG6bL711tynXW3THo3u X-Google-Smtp-Source: AGHT+IGad7GzZNG5WgZXc31+o11aVm58FOuMOIUSzeZbYPXtE0d7rZoJXVVIoVKgClKSlHATPXa0zA== X-Received: by 2002:a05:6a00:1915:b0:6ed:1c7:8c61 with SMTP id y21-20020a056a00191500b006ed01c78c61mr3016293pfi.12.1712757638229; Wed, 10 Apr 2024 07:00:38 -0700 (PDT) Received: from localhost ([138.117.155.58]) by smtp.gmail.com with ESMTPSA id v25-20020aa78519000000b006ecf0ad97bbsm10515455pfn.17.2024.04.10.07.00.37 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 10 Apr 2024 07:00:37 -0700 (PDT) Date: Wed, 10 Apr 2024 11:00:39 -0300 Message-ID: <21fc28d2e993de0bb5e01bacdedf9289@gmail.com> From: Matheus Afonso Martins Moreira To: gcc@gcc.gnu.org Subject: [RFC] Linux system call builtins In-Reply-To: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: > because the portable c api layer and syscall abi layer > has a large enough gap that applications can break > libc internals by doing raw syscalls. I think that problem cannot really be fixed. System call users just have to be aware of it. It's true that using certain system calls can clobber libc state. However, it should be up to the programmer to decide whether or not that's acceptable. The compiler should empower them regardless. > and it's not just the call convention that's target > specific (this makes the c syscall() function hard to > use on linux) Yes. On Linux, the ABIs are stable and the set of system calls is only ever added to. However, this property does not hold across different architectures. Some targets have several numbered variants of a system call while others only have the latest version. It's true that this is a source of complexity for system call users. > and linux evolves fast enough that raw syscalls have > to be adjusted over time (to support new features) > which is harder when they are all over the place > instead of in the libc only. When those adjustments are done, they avoid breaking existing programs. New versions of the system calls are created, old ones are maintained. Existing binaries continue to work. Even statically linked binaries. It's true that it's harder to update binaries all at once when they are statically linked but Linux still supports them. > that does not make it right. I don't agree with that. I don't think the libc should be required or that the system calls should be a privilege of the libc. The libc should be entirely optional. In the issue I linked you also noticed that the Linux manuals frequently mix up the kernel perspective with that of the libc, and that of glibc in particular. > unfortunately the linux manuals mix the system call > (linux behaviour) and libc api (glibc behaviour) > in the same man page in general, and mainly focus > on the linux behaviour, not on the c api semantics. That's also something I intend to work on. > so your proposal does not fix this particular issue, > just provide a simpler footgun. This issue cannot really be fixed. I believe the only solution to that would be to impose a libc on all of Linux user space. I think that goes against the spirit of Linux as a kernel that's completely independent of its userspace. The footgun already exists in inline assembly form regardless.