From: Florian Weimer <fweimer@redhat.com>
To: Szabolcs Nagy via Libc-alpha <libc-alpha@sourceware.org>
Cc: Xi Ruoyao <xry111@xry111.site>,
Joe Simmons-Talbott <josimmon@redhat.com>,
Szabolcs Nagy <szabolcs.nagy@arm.com>
Subject: Re: [PATCH v6 3/3] nptl: Use direct syscall numbers in setxid
Date: Fri, 28 Apr 2023 12:52:47 +0200 [thread overview]
Message-ID: <871qk48eio.fsf@oldenburg.str.redhat.com> (raw)
In-Reply-To: <ZEjy+zpJ/O3dKn3T@arm.com> (Szabolcs Nagy via Libc-alpha's message of "Wed, 26 Apr 2023 10:46:35 +0100")
* Szabolcs Nagy via Libc-alpha:
> The 04/24/2023 23:17, Xi Ruoyao via Libc-alpha wrote:
>> On Mon, 2023-04-24 at 11:03 -0400, Joe Simmons-Talbott via Libc-alpha
>> wrote:
>> > Make all internal glibc syscalls use direct compile time numeric values
>> > rather than variables. This will make the syscall number easier to
>> > identify during static analysis.
>>
>> This is making the code much more bloated and slower. Do we really want
>> to make everyone's system slower for some debug tools?
>
> the switch statement overhead is many orders of magnitude smaller
> than sending a signal to a thread and executing a syscall there
> (which is where the switch statement happens).
>
> i dont know if the change is justified, but from a target port
> perspective it's useful if inline syscalls are guaranteed to use
> a syscall name that can expand to an integer constant or named
> function.
If the only place we have dynamic system calls in glibc is the syscall
function, we can add a check there to block system calls using it unless
the symbol has been bound before. Together with BTI/IBT, this would
prevent issuing arbitrary system calls using machine code fragments from
glibc.
Not sure if that is important consideration. If it does not matter, we
could change the pthread code to call an internal alias of the syscall
function instead.
Thanks,
Florian
next prev parent reply other threads:[~2023-04-28 10:52 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-24 15:03 [PATCH v6 0/3] x86_64: aarch64: Set call number just before syscall Joe Simmons-Talbott
2023-04-24 15:03 ` [PATCH v6 1/3] x86_64: Set the syscall register right before doing the syscall Joe Simmons-Talbott
2023-05-15 14:15 ` Joe Simmons-Talbott
2023-05-15 16:20 ` H.J. Lu
2023-05-25 18:07 ` Joe Simmons-Talbott
2023-05-25 18:40 ` Noah Goldstein
2023-05-26 7:04 ` Florian Weimer
2023-05-26 12:59 ` Joe Simmons-Talbott
2023-05-26 21:18 ` Noah Goldstein
2023-05-30 10:13 ` Florian Weimer
2023-05-31 18:23 ` Noah Goldstein
2023-06-28 19:17 ` Joe Simmons-Talbott
2023-04-24 15:03 ` [PATCH v6 2/3] aarch64: " Joe Simmons-Talbott
2023-05-09 7:47 ` Szabolcs Nagy
2023-04-24 15:03 ` [PATCH v6 3/3] nptl: Use direct syscall numbers in setxid Joe Simmons-Talbott
2023-04-24 15:17 ` Xi Ruoyao
2023-04-26 9:46 ` Szabolcs Nagy
2023-04-28 10:52 ` Florian Weimer [this message]
2023-04-26 12:39 ` Cristian Rodríguez
2023-04-26 13:24 ` Szabolcs Nagy
2023-05-25 18:07 ` Joe Simmons-Talbott
2023-05-08 14:13 ` [PATCH v6 0/3] x86_64: aarch64: Set call number just before syscall Joe Simmons-Talbott
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=871qk48eio.fsf@oldenburg.str.redhat.com \
--to=fweimer@redhat.com \
--cc=josimmon@redhat.com \
--cc=libc-alpha@sourceware.org \
--cc=szabolcs.nagy@arm.com \
--cc=xry111@xry111.site \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).