This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [Y2038] Fifth draft of the Y2038 design document

From: Arnd Bergmann <arnd at arndb dot de>
To: Albert ARIBAUD <albert dot aribaud at 3adev dot fr>
Cc: Joseph Myers <joseph at codesourcery dot com>, y2038 at lists dot linaro dot org, GNU C Library <libc-alpha at sourceware dot org>, Deepa Dinamani <deepa dot kernel at gmail dot com>
Date: Mon, 27 Feb 2017 21:17:41 +0100
Subject: Re: [Y2038] Fifth draft of the Y2038 design document
Authentication-results: sourceware.org; auth=none
References: <20170222090511.48be22ed.albert.aribaud@3adev.fr> <CAK8P3a2-vsreq0WFiTS-WizSvmci_C5f4pMAiYF7-OhjzQZiNg@mail.gmail.com> <alpine.DEB.2.20.1702222305450.24643@digraph.polyomino.org.uk> <CAK8P3a2nioXeVy+LnAz9wOObTQuD2kfJHUW-eb4=-tcohs43sQ@mail.gmail.com> <alpine.DEB.2.20.1702231726150.30491@digraph.polyomino.org.uk> <CAK8P3a3fFZBx-h=33an45dLVUqEq1eL9Gzu2zTRKQoZLSYKkzQ@mail.gmail.com> <20170227120204.5846d883.albert.aribaud@3adev.fr> <CAK8P3a07bk9j27kxbmtY=hZ=gffAOktsk91Gmo0YDq5DCdcBtw@mail.gmail.com> <alpine.DEB.2.20.1702271841060.12140@digraph.polyomino.org.uk> <CAK8P3a3vHecifoU_q17Xae2Pc8fu3qUOe9FH+HTKL17MhXU=Ag@mail.gmail.com> <20170227210620.3a8af1ce.albert.aribaud@3adev.fr>

On Mon, Feb 27, 2017 at 9:06 PM, Albert ARIBAUD <albert.aribaud@3adev.fr> wrote:
> Maybe a silly question: We all assume that userland code always goes
> through GLIBC to invoke kernel syscalls which handle struct timespecs.
>
> There is the possibility, at least theoretically, that userland invoke
> these syscalls directly.
>
> Should we consider this possibility, or do we deem it purely
> theoretical?
>
> If we consider that not all userland syscalls are made by GLIBC, then
> even if GLIBC checked and cleaned all struct it receives from userland
> and passes to the kernel, it seems to me that the kernel still has to
> check the struct timespecs it receives because they might not come
> from GLIBC and thus, they might not have been cleaned by it.
>
> My feeling is that we should check the struct timespecs in the kernel
> systematically, and in GLIBC only when using them in computations (as
> opposed to passing them to the kernel).

The kernel syscall interface does not always adhere to POSIX, and
when a user calls into the syscalls directly, they should follow the
interface that is documented in the kernel man pages instead.

If we decide to have the kernel interface done the way that Zack
suggested based on the x32 precedent (and Linus before him when the
x32 decision was made[1]), we'd leave it up to any libc implementation
to either use the same timespec definition as the kernel, or use the
POSIX definition and do the zero-pad in the syscall wrapper.

     Arnd

[1] https://lkml.org/lkml/2011/8/31/244

References:
- Fifth draft of the Y2038 design document
  - From: Albert ARIBAUD
- Re: Fifth draft of the Y2038 design document
  - From: Arnd Bergmann
- Re: Fifth draft of the Y2038 design document
  - From: Joseph Myers
- Re: Fifth draft of the Y2038 design document
  - From: Arnd Bergmann
- Re: Fifth draft of the Y2038 design document
  - From: Joseph Myers
- Re: Fifth draft of the Y2038 design document
  - From: Arnd Bergmann
- Re: Fifth draft of the Y2038 design document
  - From: Albert ARIBAUD
- Re: [Y2038] Fifth draft of the Y2038 design document
  - From: Arnd Bergmann
- Re: [Y2038] Fifth draft of the Y2038 design document
  - From: Joseph Myers
- Re: [Y2038] Fifth draft of the Y2038 design document
  - From: Arnd Bergmann
- Re: [Y2038] Fifth draft of the Y2038 design document
  - From: Albert ARIBAUD

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]