From owner-svn-src-all@FreeBSD.ORG Thu Jan 2 13:13:14 2014 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E041DCA6; Thu, 2 Jan 2014 13:13:14 +0000 (UTC) Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 6821218BE; Thu, 2 Jan 2014 13:13:14 +0000 (UTC) Received: from tom.home (kostik@localhost [127.0.0.1]) by kib.kiev.ua (8.14.7/8.14.7) with ESMTP id s02DD88B023973; Thu, 2 Jan 2014 15:13:08 +0200 (EET) (envelope-from kostikbel@gmail.com) DKIM-Filter: OpenDKIM Filter v2.8.3 kib.kiev.ua s02DD88B023973 Received: (from kostik@localhost) by tom.home (8.14.7/8.14.7/Submit) id s02DD80Y023972; Thu, 2 Jan 2014 15:13:08 +0200 (EET) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com using -f Date: Thu, 2 Jan 2014 15:13:08 +0200 From: Konstantin Belousov To: Pawel Jakub Dawidek Subject: Re: svn commit: r255219 - in head: contrib/tcpdump lib/libc lib/libc/capability lib/libc/include lib/libc/sys lib/libprocstat sbin/dhclient sbin/hastd sys/amd64/linux32 sys/bsm sys/cddl/compat/opensola... Message-ID: <20140102131308.GI59496@kib.kiev.ua> References: <201309050009.r8509vsE061271@svn.freebsd.org> <67DFFD7B-01DE-4862-BED3-DD42EB92A8F4@freebsd.org> <20140102093322.GA1655@garage.freebsd.pl> <52C53F69.3040507@mu.org> <20140102104904.GB1655@garage.freebsd.pl> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Tr2u91LvQ9NOAnv9" Content-Disposition: inline In-Reply-To: <20140102104904.GB1655@garage.freebsd.pl> User-Agent: Mutt/1.5.22 (2013-10-16) X-Spam-Status: No, score=-2.0 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_ADSP_CUSTOM_MED,FREEMAIL_FROM,NML_ADSP_CUSTOM_MED autolearn=no version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on tom.home Cc: Stanislav Sedov , svn-src-head@freebsd.org, svn-src-all@freebsd.org, Alfred Perlstein , src-committers@freebsd.org X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Jan 2014 13:13:15 -0000 --Tr2u91LvQ9NOAnv9 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jan 02, 2014 at 11:49:04AM +0100, Pawel Jakub Dawidek wrote: > On Thu, Jan 02, 2014 at 02:28:57AM -0800, Alfred Perlstein wrote: > > On 1/2/14 1:33 AM, Pawel Jakub Dawidek wrote: > > > On Wed, Jan 01, 2014 at 11:16:22PM -0800, Stanislav Sedov wrote: > > >> On Sep 4, 2013, at 5:09 PM, Pawel Jakub Dawidek wr= ote: > > >> > > >>> This commit also breaks compatibility with some existing Capsicum= system calls, > > >>> but I see no other way to do that. This should be fine as Capsicu= m is still > > >>> experimental and this change is not going to 9.x. > > >> Hi! > > >> > > >> This change also increases the size of kinfo_file structure, which w= on???t allow > > >> programs not compiled against HEAD and working with kern.info.filede= sc sysctl > > >> to run properly on HEAD (e.g. 8.x, 9.x and 10.x jails won???t run pr= operly on HEAD, > > >> and it also broke valgrind). Is there absolutely no way to avoid ex= tending the size > > >> of this struct? > > > Well, I made this change to have space for future cap_rights_t > > > expension. I did that change for a major branch, so we don't have to = do > > > it in the middle of 10.x or to not block the work until 11.0. > > > > > > Note that the structure changed size not only because of _kf_cap_spar= e[3] > > > field, but also because cap_rights_t is not uint64_t anymore, it is n= ow > > > struct that contains two uint64_t (1424 - 1392 =3D 4 * 8). > > > > > > I'm afraid it is too late to change it for 10.0 at this point anyway. > > > Not sure if you are aware this was merged to 10, because you write ab= out > > > 10.x jails not working properly on HEAD. 10.x jails will work properly > > > on HEAD. > > > > > > BTW. I'd love if we stop using such structures for a running kernel. > > > We should really move to using libnv to export data like that. > >=20 > > Aren't there enough bits in int _kf_ispare[4]; /* Spac= e=20 > > for more stuff. */ > > to make this work for the time being until you can provide an alternate= =20 > > way to fetch the cap stuff from the kernel. >=20 > I don't plan to provide alternative way to fetch the cap stuff. Well, I > implemented libnv, which can be used to reimplement how we fetch all > data like kinfo_file in a ABI friendly way, but I don't plan to modify > this specific code myself. I.e. you break something and decline to fix it, putting the burden on somebody else. >=20 > > Afaik you could just remove the "spare" and steal 2 or 4 entries from= =20 > > _kf_ispare until it is sorted. >=20 > Yes, this would work for current cap_rights_t structure, at least for > i386 and amd64, but would only allow to expand the structure by one > uint64_t in the future (which might or might not be enough). The > cap_rights_t structure is designed to be expanded to 5 uint64_ts without > breaking ABI. I don't want to stuck with current cap_rights_t that is > designed to expand, but cannot be, because kinfo_file wasn't modified at > the start of a major branch. The ABI stability is not limited to the single branch. It must be preserved across whole project lifetime. >=20 > > Can you please make use of that and discuss merge to 10 with re@? >=20 > I'm Bccing re@, but I'm pretty sure it is too late for such a change, > especially that it breaks ABI with all 10-RCs. I'm also not changing my > mind. I'd like to structure to stay as-is. This is just awful breakage of _ABI_. We cannot leave it as is, unless we also claim that project gave up on ABI stability at all. >=20 > > It really sounds like breaking top/etc under jails is something that=20 > > should and can be avoided. >=20 > I agree. Maybe it should be done every 10 major releases (I'm still fine > with that rule), but we cannot just stuck with it forever. >=20 > My suggestions would be: > 1. Move to libnv. > 2. Detect that the given binary was compiled against some older version > of this structure and copy old structure to userland. Not sure if we > can do that now or not, but I'd expect we can detect that. The only way to fix this is either to stop passing caps in kinfo_file, reverting it to the pre-commit state, or follow Alfred suggestion by consuming spares. My own opinion is that the kinfo change must be removed, and the bug is so critical that another RC must be issued. >=20 > > >>> #if defined(__amd64__) || defined(__i386__) > > >>> -#define KINFO_FILE_SIZE 1392 > > >>> +#define KINFO_FILE_SIZE 1424 > > >>> #endif > > >>> =20 > > >>> struct kinfo_file { > > >>> @@ -389,6 +390,7 @@ > > >>> uint16_t kf_pad1; /* Round to 32 bit= alignment. */ > > >>> int _kf_ispare0; /* Space for more = stuff. */ > > >>> cap_rights_t kf_cap_rights; /* Capability righ= ts. */ > > >>> + uint64_t _kf_cap_spare[3]; /* Space for future= cap_rights_t. */ > > >>> int _kf_ispare[4]; /* Space for more = stuff. */ > > >>> /* Truncated before copyout in sysctl */ > > >>> char kf_path[PATH_MAX]; /* Path to file, i= f any. */ >=20 > --=20 > Pawel Jakub Dawidek http://www.wheelsystems.com > FreeBSD committer http://www.FreeBSD.org > Am I Evil? Yes, I Am! http://mobter.com --Tr2u91LvQ9NOAnv9 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBAgAGBQJSxWXjAAoJEJDCuSvBvK1B9ugP/1c0ZNgQRdYy+y+exHeIBrt4 hwn/5fUYYSpSYD1F4pSfOdhOeBjSORDU2cGTS6izTtH6jFTPqKllYoWohNEQNoqV juFGXeZSFSc7OB2wKtK9rV5H0maSFwX/6RAZtJyxxPIxyCYo3JRFnYQAWtEKMDwI ccQzQrngFavBcJvpsifX1H8e4WvhEADkmzkRRs7wJidAIY4xGbp/Xc8Z7pPNFWLO eSDMyqEEKmKTRlaDyxXfnrGU3AgCzKLj41Ag250oGAzRcrzq3SSxgNVsPSLxvmuE YA2P0Px9UIrYfa8EQ7/7ZqNaliGqnKhNFFkZETmR2yBgzavnwfxr6CbdF2p8qiDZ W1E0EnzFOmz+v2/jx3CT370tcQoz84/27oaXxc7R4I0kZten5SyKyrDp9AZSDVHJ 7xYED7Ew0yVSGEojY1W34w51uG0b2nUYupq0mOAs0rLsuLY71nYmz4YSrCdG08GY wfS5rV0eiehv3oF6TRhVQYyUH17B16vJFGHCnf28im+ebyUOBLNgkEYRnPw3YpdH haDstWPtOQv+5wIjk/8WwiufTXeUwSOxC5b9Itv5MYarO2ny8Sm5J21Eaa1KJ4V+ pJi9xMs+fSa71AlqLxae22VUmEV3ciuHYIyYdtY8SbNu3pQ99d0FlVHtVd7g4Fku AgQ9v/cCrjw/+BnnYPa1 =pVrj -----END PGP SIGNATURE----- --Tr2u91LvQ9NOAnv9--