From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by sourceware.org (Postfix) with ESMTPS id 99DA53858CDA for ; Fri, 28 Apr 2023 10:52:51 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 99DA53858CDA Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1682679171; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jyEPZZy0J0/U54OB61ECyp3jS61FJlxdDoeZdU/cQkM=; b=JI4+FbPCReEmfIpwEnLCoprhQlGDQn84ypa0pSkgH0DW6Vsx+MsQGjhzqZwTFOCnh3KTTC C41Nwjsn7CVR2B1h6e0nVfI3keZKpGc1pvCDOag4Wjuj5yPQq+OtWnyL4IbffdGa+99iNm K89LZ7i6cBHnK7kmj59g/lL3y9zeJcE= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-14-CP_i9x5MPQmdEwNsmIHX9g-1; Fri, 28 Apr 2023 06:52:50 -0400 X-MC-Unique: CP_i9x5MPQmdEwNsmIHX9g-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id AB2E33C0F37E; Fri, 28 Apr 2023 10:52:49 +0000 (UTC) Received: from oldenburg.str.redhat.com (unknown [10.39.192.74]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 9294E2022EC9; Fri, 28 Apr 2023 10:52:48 +0000 (UTC) From: Florian Weimer To: Szabolcs Nagy via Libc-alpha Cc: Xi Ruoyao , Joe Simmons-Talbott , Szabolcs Nagy Subject: Re: [PATCH v6 3/3] nptl: Use direct syscall numbers in setxid References: <20230424150353.1469397-1-josimmon@redhat.com> <20230424150353.1469397-4-josimmon@redhat.com> Date: Fri, 28 Apr 2023 12:52:47 +0200 In-Reply-To: (Szabolcs Nagy via Libc-alpha's message of "Wed, 26 Apr 2023 10:46:35 +0100") Message-ID: <871qk48eio.fsf@oldenburg.str.redhat.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.4 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-5.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: * Szabolcs Nagy via Libc-alpha: > The 04/24/2023 23:17, Xi Ruoyao via Libc-alpha wrote: >> On Mon, 2023-04-24 at 11:03 -0400, Joe Simmons-Talbott via Libc-alpha >> wrote: >> > Make all internal glibc syscalls use direct compile time numeric value= s >> > rather than variables.=C2=A0 This will make the syscall number easier = to >> > identify during static analysis. >>=20 >> This is making the code much more bloated and slower. Do we really want >> to make everyone's system slower for some debug tools? > > the switch statement overhead is many orders of magnitude smaller > than sending a signal to a thread and executing a syscall there > (which is where the switch statement happens). > > i dont know if the change is justified, but from a target port > perspective it's useful if inline syscalls are guaranteed to use > a syscall name that can expand to an integer constant or named > function. If the only place we have dynamic system calls in glibc is the syscall function, we can add a check there to block system calls using it unless the symbol has been bound before. Together with BTI/IBT, this would prevent issuing arbitrary system calls using machine code fragments from glibc. Not sure if that is important consideration. If it does not matter, we could change the pthread code to call an internal alias of the syscall function instead. Thanks, Florian