From: "Vivek Das Mohapatra" <vivek@collabora.com>
To: Carlos O'Donell <carlos@redhat.com>
Cc: libc-alpha@sourceware.org
Subject: Re: [RFC][PATCH v1 0/5] Proof-of-Concept implementation of RTLD_SHARED for dlmopen
Date: Fri, 18 May 2018 19:06:00 -0000 [thread overview]
Message-ID: <alpine.DEB.2.20.1805181951540.8443@noise.cbg.collabora.co.uk> (raw)
In-Reply-To: <a946c6c2-e651-0922-6204-c246c604eed2@redhat.com>
> I think the basic design question is "Where does the namespace split exist?"
> If you say the namespace split is below ld.so, then the inner namespace must
> load it's own loader, and handle everything on it's own. This is possible,
> but means that outer threads *must never* call into the inner namespace,
> and that limits the usefullness to a kind of client<->server model where
> shared memory must be used across the namespaces. Your proposal in no way
> limits the choice of eventually having this kind of model.
Right, I've not touched anything down at that level at all.
> Astute readers might argue that if the inner and outer ld.so's agreed on
> an API/ABI then the thread *could* cross the boundary and retain a coherent
> TLS storage. Florian Weimer has been discussing something like this, which
> might let users replace ld.so with their own instrumented version to support
> broader use case models for debugging or more complex auditing than LD_AUDIT
> supports.
Indeed - although I suspect a _lot_ of careful thought about what does
and doesn't have to be agreed on would need to be done - even with the
same libc* mapped into each namespace separately you can get deadlocks
(like the bug that triggered all this).
*where libc = the core group of glibc DSOs
> It's clear to me that dlmopen is *most* useful when threads can cross the
> boundary of the dlmopen call, and in order to do that the thread and all
> the associated thread-local data must be coherent between the outer
> namespace and the inner namespace. Here we are proposing that dlmopen is
> for all shared libraries *above* glibc. This model also does not limit
> making the split lower at a later date and using a different flag. Having
> the namespace split exist just beyond glibc makes the most sense for the
> average user.
Agreed.
> Note that LD_AUDIT actually implements a third split position, just above
> ld.so, and so it uses the same dynamic loader, but new versions of all
> the other libraries.
I had noticed this, and my implementation is pretty much that mechanism
on [a small dose of] steroids.
> So your proposal is really to put the split at just above glibc, or to
> be more precision, above ld.so/libc.so.6/libpthread.so.0, which form a
> coherent group that implements threads.
>
> If I have that wrong, please correct me.
That all sounds right.
Further things I should mention:
- I was wondering if anything other than the core cluster mentioned
above needed to be shared.
- On a semi related note: The runtime-isolation work that triggered
the original project needs to capture the whole of the libc cluster:
would you be averse to there being some sort of mechanism that would
allow a program to determine the list of .so files that constituted
the GLIBC installation? Could be API returning a list of sonames, or
a canonical manifest file would probably also do.
next prev parent reply other threads:[~2018-05-18 19:06 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-16 17:11 Vivek Das Mohapatra
2018-05-16 17:11 ` [RFC][PATCH v1 2/5] include/link.h: Update the link_map struct to allow clones Vivek Das Mohapatra
2018-05-18 18:47 ` Carlos O'Donell
2018-05-18 19:32 ` Vivek Das Mohapatra
2018-05-16 17:11 ` [RFC][PATCH v1 5/5] elf/dl-fini.c: Handle cloned link_map entries in the shutdown path Vivek Das Mohapatra
2018-05-18 19:09 ` Carlos O'Donell
2018-05-18 19:25 ` Vivek Das Mohapatra
2018-05-16 17:11 ` [RFC][PATCH v1 3/5] elf/dl-object.c: Implement a helper function to clone link_map entries Vivek Das Mohapatra
2018-05-20 2:48 ` Carlos O'Donell
2018-05-16 17:11 ` [RFC][PATCH v1 1/5] bits/dlfcn.h: Declare and describe the dlmopen RTLD_SHARED flag Vivek Das Mohapatra
2018-05-18 18:37 ` Carlos O'Donell
2018-05-18 19:31 ` Vivek Das Mohapatra
2018-05-16 17:19 ` [RFC][PATCH v1 4/5] elf/dl-load.c, elf-dl-open.c: Implement RTLD_SHARED dlmopen cloning Vivek Das Mohapatra
2018-05-18 19:02 ` Carlos O'Donell
2018-05-18 19:20 ` Vivek Das Mohapatra
2018-05-16 19:30 ` [RFC][PATCH v1 0/5] Proof-of-Concept implementation of RTLD_SHARED for dlmopen Joseph Myers
2018-05-16 19:39 ` Vivek Das Mohapatra
2018-05-16 19:44 ` Carlos O'Donell
2018-05-16 19:46 ` Vivek Das Mohapatra
2018-05-16 20:39 ` Carlos O'Donell
2018-05-18 11:46 ` Vivek Das Mohapatra
2018-05-18 18:16 ` Carlos O'Donell
2018-05-16 19:44 ` Joseph Myers
2018-05-16 19:46 ` Vivek Das Mohapatra
2018-05-16 20:03 ` Vivek Das Mohapatra
2018-05-18 18:30 ` Carlos O'Donell
2018-05-18 19:06 ` Vivek Das Mohapatra [this message]
2018-05-18 19:26 ` Carlos O'Donell
2018-05-18 19:53 ` Vivek Das Mohapatra
2018-05-18 20:03 ` Carlos O'Donell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.DEB.2.20.1805181951540.8443@noise.cbg.collabora.co.uk \
--to=vivek@collabora.com \
--cc=carlos@redhat.com \
--cc=libc-alpha@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).