Re: False positives in nolibc check

[Guillem Jover <guillem@hadrons.org>]

Hi!

On Wed, 2023-06-21 at 17:19:18 +0700, Ammar Faizi wrote:
> On Wed, Jun 21, 2023 at 12:04:47PM +0200, Stefan Hajnoczi wrote:
> > I don't know which features require the toolchain and libc to cooperate.
> > I guess Thread Local Storage won't work and helper functions that
> > compilers emit (like the memset example that Alviro gave).
> 
> Yeah, thread local storage won't work. But the point of my question is
> about liburing. So I expect the answer that's relevant to liburing.
> 
> I mean, you can still use libc and TLS in your app even though the
> liburing.so and liburing.a are nolibc.

> > Disabling hardening because it requires work to support it in a nolibc
> > world seems dubious to me. I don't think it's a good idea for io_uring
> > to lower security because that hurts its image and reduces adoption.
> > Especially right now, when the security of io_uring is being scrutinized
> > (https://security.googleblog.com/2023/06/learnings-from-kctf-vrps-42-linux.html).
> > 
> > While I'm sharing these opinions with you, I understand that some people
> > want nolibc and are fine with disabling the stack protector. The main
> > thing I would like is for liburing to compile or fail with a clear error
> > message instead of breaking somewhere during the build.
> 
> Right, my mistake. I think it's fixed in upstream by commit:
> 
>    319f4be8bd049055c333185928758d0fb445fc43 ("build: Disable stack protector unconditionally")

While I sent that to make it build again, I have to say when I was
preparing the new liburing upload for Debian I hesitated to simply
disable nolibc support for all arches there. Went for now with this
because it is what is supported upstream and seemed like the smaller
delta for now, and going through all functions it seemed "safe", but
I might revisit this TBH.

We have been through this already with libaio, where going through the
nolibc model also caused problems, see:

  https://pagure.io/libaio/c/672eaebd131c789a528e3a9cd089b4b69a82012b

So, I also think I'd appreciate a --use-libc mode (or similar) which I'd
probably consider enabling for Debian. OTOH, I've no idea how much impact
that would cause to performance? Do any of you have numbers?

Thanks,
Guillem