From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-oi1-x234.google.com (mail-oi1-x234.google.com [IPv6:2607:f8b0:4864:20::234]) by sourceware.org (Postfix) with ESMTPS id D36AF3858D32 for ; Thu, 25 May 2023 18:40:27 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org D36AF3858D32 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-oi1-x234.google.com with SMTP id 5614622812f47-394c7ba4cb5so728792b6e.1 for ; Thu, 25 May 2023 11:40:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1685040027; x=1687632027; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=wfCmrgcsN63+A1RwnBoCWwEtH2e8t4MNVk0O06AkPmw=; b=Lbfzyuvxmw6gB3Kib4q0BSjHAmvQkPU8NYOl59JHNA6ViC/qtCFfhXA9F0W25ELTOq XZA5h6YKaMajgylxLEvFSIWQ9P4yaeHKsRr7nvx6fQw/XkCKGHcZetW8gZQnxiL7NYEX EOKp4A0d/yMs8T/son1PxQi22gemG8j44Ew5sOhpaYnvwayqVXlbGToBueKyZ0MFjgEW iq60QfsxWGYSAjBuWZvN2/Qs1943IHmpElxPRna3+FABCLYvi/EE5jEZjeexgmzs/Sxe 3iQFMEeXPwSwXugmEE4RROo3Qw3OO/fJIN8uRJGd494BtE6s2kfbARK9/zoVjellFMuK rfpg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685040027; x=1687632027; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=wfCmrgcsN63+A1RwnBoCWwEtH2e8t4MNVk0O06AkPmw=; b=TI1AO+JFHrgSbhejOPK2bSuEbVaI0vyXcysmknsqU+vETP0OYJ+qSuS6oXS0uIDVCO FIHS73iwMWXRngD8T7KF56WRpdhIReXIJI5IelXB25Phsnl0vjNTxiYJFhWK/gpJqFF8 fLK7LWTs8qUs9qSuTHzCA6x6sTKrIhZCHg1mfpl9ZpfpiiWH8co12fW6BMyRL1H1DJPL fG5+z0OqT8YKPjxIBAN7XPczciOTeDwRORcRTXqCHdJfGGHwRJquEINzbY3TawvTTZku 6aZ7Dqz15SwvpkvjQG4NnKZrcLA/orBk+x2CNzl4PxuLRIdhCjlRZYNTq2pd9MHnMqb6 e+Ow== X-Gm-Message-State: AC+VfDyRL3aThGEU8N+vkdBuhZTq/oquIfVCGFal3TsXg2wruIfIKG/L eQ/rGU3XfWMBH4LALFCXVpqdx3+h3qdR/fIz4iDGZlOj X-Google-Smtp-Source: ACHHUZ4HWNaX3vx3yuj/sRWExfpTvmf5Z3s0p8HfRck3Q6A/20yboKgB+tT2fhvIOTlt6+DJ6eslw+HzKDXOONoU5AU= X-Received: by 2002:a05:6808:1a8a:b0:398:105b:530b with SMTP id bm10-20020a0568081a8a00b00398105b530bmr278360oib.33.1685040026753; Thu, 25 May 2023 11:40:26 -0700 (PDT) MIME-Version: 1.0 References: <20230424150353.1469397-1-josimmon@redhat.com> <20230424150353.1469397-2-josimmon@redhat.com> <20230525180743.GN176347@oak> In-Reply-To: <20230525180743.GN176347@oak> From: Noah Goldstein Date: Thu, 25 May 2023 13:40:14 -0500 Message-ID: Subject: Re: [PATCH v6 1/3] x86_64: Set the syscall register right before doing the syscall. To: Joe Simmons-Talbott Cc: libc-alpha@sourceware.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-9.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,GIT_PATCH_0,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Thu, May 25, 2023 at 1:07=E2=80=AFPM Joe Simmons-Talbott via Libc-alpha wrote: > > ping. > > Thanks, > Joe > On Mon, Apr 24, 2023 at 11:03:51AM -0400, Joe Simmons-Talbott wrote: > > To make identifying syscalls easier during call tree analysis load the > > syscall number just before performing the syscall. > > > > Compiler optimizations can place quite a few instructions between the > > setting of the syscall number and the syscall instruction. During call > > tree analysis the number of instructions between the two can lead to > > more difficulty for both tools and humans in properly identifying the > > syscall number. Having the syscall number set in the prior instruction > > to the syscall instruction makes this task easier and less error prone. > > Being able to reliably identify syscalls made by a given API will make > > it easier to understand and verify the safety and security of glibc. > > --- > > sysdeps/unix/sysv/linux/x86_64/sysdep.h | 24 ++++++++++++------------ > > 1 file changed, 12 insertions(+), 12 deletions(-) > > > > diff --git a/sysdeps/unix/sysv/linux/x86_64/sysdep.h b/sysdeps/unix/sys= v/linux/x86_64/sysdep.h > > index cfb51be8c5..0db8660531 100644 > > --- a/sysdeps/unix/sysv/linux/x86_64/sysdep.h > > +++ b/sysdeps/unix/sysv/linux/x86_64/sysdep.h > > @@ -257,9 +257,9 @@ > > TYPEFY (arg1, __arg1) =3D ARGIFY (arg1); = \ > > register TYPEFY (arg1, _a1) asm ("rdi") =3D __arg1; = \ > > asm volatile ( \ > > - "syscall\n\t" \ > > + "movl %1, %k0\n\tsyscall\n\t" \ > > : "=3Da" (resultvar) = \ > > - : "0" (number), "r" (_a1) = \ > > + : "g" (number), "r" (_a1) = \ > > : "memory", REGISTERS_CLOBBERED_BY_SYSCALL); \ > > (long int) resultvar; \ > > }) > > @@ -273,9 +273,9 @@ > > register TYPEFY (arg2, _a2) asm ("rsi") =3D __arg2; = \ > > register TYPEFY (arg1, _a1) asm ("rdi") =3D __arg1; = \ > > asm volatile ( \ > > - "syscall\n\t" \ > > + "movl %1, %k0\n\tsyscall\n\t" \ > > : "=3Da" (resultvar) = \ > > - : "0" (number), "r" (_a1), "r" (_a2) \ > > + : "g" (number), "r" (_a1), "r" (_a2) \ > > : "memory", REGISTERS_CLOBBERED_BY_SYSCALL); \ > > (long int) resultvar; \ > > }) > > @@ -291,9 +291,9 @@ > > register TYPEFY (arg2, _a2) asm ("rsi") =3D __arg2; = \ > > register TYPEFY (arg1, _a1) asm ("rdi") =3D __arg1; = \ > > asm volatile ( \ > > - "syscall\n\t" \ > > + "movl %1, %k0\n\tsyscall\n\t" \ > > : "=3Da" (resultvar) = \ > > - : "0" (number), "r" (_a1), "r" (_a2), "r" (_a3) \ > > + : "g" (number), "r" (_a1), "r" (_a2), "r" (_a3) \ > > : "memory", REGISTERS_CLOBBERED_BY_SYSCALL); \ > > (long int) resultvar; \ > > }) > > @@ -311,9 +311,9 @@ > > register TYPEFY (arg2, _a2) asm ("rsi") =3D __arg2; = \ > > register TYPEFY (arg1, _a1) asm ("rdi") =3D __arg1; = \ > > asm volatile ( \ > > - "syscall\n\t" \ > > + "movl %1, %k0\n\tsyscall\n\t" \ > > : "=3Da" (resultvar) = \ > > - : "0" (number), "r" (_a1), "r" (_a2), "r" (_a3), "r" (_a4) = \ > > + : "g" (number), "r" (_a1), "r" (_a2), "r" (_a3), "r" (_a4) = \ > > : "memory", REGISTERS_CLOBBERED_BY_SYSCALL); \ > > (long int) resultvar; \ > > }) > > @@ -333,9 +333,9 @@ > > register TYPEFY (arg2, _a2) asm ("rsi") =3D __arg2; = \ > > register TYPEFY (arg1, _a1) asm ("rdi") =3D __arg1; = \ > > asm volatile ( \ > > - "syscall\n\t" \ > > + "movl %1, %k0\n\tsyscall\n\t" \ > > : "=3Da" (resultvar) = \ > > - : "0" (number), "r" (_a1), "r" (_a2), "r" (_a3), "r" (_a4), = \ > > + : "g" (number), "r" (_a1), "r" (_a2), "r" (_a3), "r" (_a4), = \ > > "r" (_a5) = \ > > : "memory", REGISTERS_CLOBBERED_BY_SYSCALL); \ > > (long int) resultvar; \ > > @@ -358,9 +358,9 @@ > > register TYPEFY (arg2, _a2) asm ("rsi") =3D __arg2; = \ > > register TYPEFY (arg1, _a1) asm ("rdi") =3D __arg1; = \ > > asm volatile ( \ > > - "syscall\n\t" \ > > + "movl %1, %k0\n\tsyscall\n\t" \ > > : "=3Da" (resultvar) = \ > > - : "0" (number), "r" (_a1), "r" (_a2), "r" (_a3), "r" (_a4), = \ > > + : "g" (number), "r" (_a1), "r" (_a2), "r" (_a3), "r" (_a4), = \ > > "r" (_a5), "r" (_a6) \ > > : "memory", REGISTERS_CLOBBERED_BY_SYSCALL); \ > > (long int) resultvar; \ > > -- > > 2.39.2 > > > I'm minorly opposed to this patch. Even if GLIBC guarantees all syscalls will set the number the instruction before, that's no guarantee for the entire program. Furthermore in the event of: `movl $VAL, %eax; syscall` It's still not safe to *always* assume that `VAL` correspond to the syscall number as a jump (direct or indirect) could still go between the instructions (i.e there is no guarantee in the assembly that the `mov` dominates the `syscall). So at the end of the day, we are bloating the library without, AFAICT, providing any real guarantee. Maybe I'm missing something?