RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1937515 - Disabling OSXSAVE in glibc tunables does not work as expected
Summary: Disabling OSXSAVE in glibc tunables does not work as expected
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: glibc
Version: 8.3
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: rc
: ---
Assignee: Arjun Shankar
QA Contact: Sergey Kolosov
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-03-10 19:52 UTC by Andrew Mike
Modified: 2023-07-18 14:30 UTC (History)
13 users (show)

Fixed In Version: glibc-2.28-170.el8
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-05-10 15:17:34 UTC
Type: Enhancement
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
Patch to fix OSXSAVE tunable support - v1 (677 bytes, patch)
2021-03-11 13:55 UTC, Dante 		no flags Details | Diff
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2022:2005 0 None None None 2022-05-10 15:17:53 UTC
Sourceware 27605 0 P2 RESOLVED tunables can't control xsave/xsavec selection in dl_runtime_resolve_* 2021-03-29 20:42:26 UTC

Description Andrew Mike 2021-03-10 19:52:50 UTC 
Description of problem: When the OSXSAVE cpu feature is disabled in glibc tunables, the x86_64 xsave and xsavec machine instructions are still used.


Version-Release number of selected component (if applicable):
glibc-2.28-127.el8_3.2.x86_64

How reproducible: 100%

Steps to Reproduce:
1. Make, build, and compile a C test program with gcc. Example:

#include <stdio.h>

int main(){
        printf("Hello World\n");
        return 0;
}

2. Set the environment variable GLIBC_TUNABLES="glibc.tune.hwcaps=-OSXSAVE,-XSAVEC_Usable".

3. Run gdb on the executable compiled from step 1.
4. Run the following gdb commands in sequence:
set breakpoint pending on
b _dl_runtime_resolve_fxsave
b _dl_runtime_resolve_xsave
b _dl_runtime_resolve_xsavec
r

Actual results:
The breakpoint for _dl_runtime_resolve_xsave is triggered.

Expected results:
The breakpoint for _dl_runtime_resolve_fxsave is triggered.
Comment 1 Florian Weimer 2021-03-11 08:42:34 UTC 
I do not think trampoline selection can be tuned in this way. Even if it worked, it would be something that could be used for debugging purposes only. For things like string function selection, not using available CPU features is fine because the outcome is identical. But trampoline selection affects how the register file is saved, and once those registers are available in the CPU, the dynamic linker has to deal with them. The XSAVE/XSAVEC trampolines are currently save and restore AVX/AVX2/AVX-512 state, so that has to be used once the supports %ymm (or %zmm) registers.

It is possible to disable OSXSAVE support globally by booting with the “noxsave” kernel option. Individual processes can be launched using the “LD_BIND_NOW=1” environment variable to disable the trampoline. Linking with the -Wl,-z,now compiler option disables trampolines for individual shared objects/main programs. (Red Hat Enterprise Linux 8 system libraries are almost all linked with -Wl,-z,now, so they will not use the trampoline internally.)

I'd be happy to talk to the customer to better understand their requirements. This will require upstream implementation first, and without understanding their needs, I cannot make a case for the change upstream.
Comment 2 Dante 2021-03-11 13:55:38 UTC 
Created attachment 1762644 [details]
Patch to fix OSXSAVE tunable support - v1

This patch borrows from the same reasoning behind the XSAVEC_Usable tunable which changes xsave_state_size to disable XSAVEC in favor of XSAVE.

Since OSXSAVE should disable both XSAVEC and XSAVE in favor of FXSAVE, it sets xsave_state_size to zero which later in the loader code will have the effect of patching the GOT with _dl_runtime_resolve_fxsave as the _dl_runtime_resolve implementation.
Comment 3 Dante 2021-03-11 16:58:06 UTC 
(In reply to Florian Weimer from comment #1)
> I do not think trampoline selection can be tuned in this way. Even if it
> worked, it would be something that could be used for debugging purposes
> only. For things like string function selection, not using available CPU
> features is fine because the outcome is identical. But trampoline selection
> affects how the register file is saved, and once those registers are
> available in the CPU, the dynamic linker has to deal with them. The
> XSAVE/XSAVEC trampolines are currently save and restore AVX/AVX2/AVX-512
> state, so that has to be used once the supports %ymm (or %zmm) registers.
> 
> It is possible to disable OSXSAVE support globally by booting with the
> “noxsave” kernel option. Individual processes can be launched using the
> “LD_BIND_NOW=1” environment variable to disable the trampoline. Linking with
> the -Wl,-z,now compiler option disables trampolines for individual shared
> objects/main programs. (Red Hat Enterprise Linux 8 system libraries are
> almost all linked with -Wl,-z,now, so they will not use the trampoline
> internally.)
> 
> I'd be happy to talk to the customer to better understand their
> requirements. This will require upstream implementation first, and without
> understanding their needs, I cannot make a case for the change upstream.

Hi Florian, thank you for the quick reply.

We need to disable XSAVE and XSAVEC in favor of FXSAVE in the dynamic linker because we need to migrate a running process from one machine to another with a different CPUs. Different CPUs might have different xsave_state_size values, which results in SIGSEGV in xsave/xsavec in the dynamic linker. Disabling xsave/xsavec in favor of fxsave on glibc fixes this problem.

Unfortunately, using LD_BIND_NOW=1 or -Wl,-z,now is not an option for us. Binaries are too big and complex.

Additionally, I do feel this is a bug. The glibc tunables allows "application authors and distribution maintainers to alter the runtime library behavior to match their workload" [1]. In this case, the -OSXSAVE tunable should alter glibc behavior by completely avoiding XSAVE/XSAVEC instructions since OSXSAVE is mandatory for those according to the Intel® 64 and IA-32 Architectures Software Developer’s Manual.

[1] https://www.gnu.org/software/libc/manual/html_node/Tunables.html
Comment 4 Florian Weimer 2021-03-11 19:18:03 UTC 
(In reply to Dante from comment #3)
> We need to disable XSAVE and XSAVEC in favor of FXSAVE in the dynamic linker
> because we need to migrate a running process from one machine to another
> with a different CPUs. Different CPUs might have different xsave_state_size
> values, which results in SIGSEGV in xsave/xsavec in the dynamic linker.
> Disabling xsave/xsavec in favor of fxsave on glibc fixes this problem.

Thanks for providing additional context.

Are you able to share more details about the kind of process migration technology being used? Is it VM-based? Or userspace checkpoint and restore, like CRIU? Or similar to the old Emacs unexec mechanism?

> Additionally, I do feel this is a bug. The glibc tunables allows
> "application authors and distribution maintainers to alter the runtime
> library behavior to match their workload" [1]. In this case, the -OSXSAVE
> tunable should alter glibc behavior by completely avoiding XSAVE/XSAVEC
> instructions since OSXSAVE is mandatory for those according to the Intel® 64
> and IA-32 Architectures Software Developer’s Manual.
> 
> [1] https://www.gnu.org/software/libc/manual/html_node/Tunables.html

I'm not sure if it is possible to avoid XSAVE/XSAVEC in glibc while preserving correctness as far as the rest of the (system) libraries are concerned. The tunables do not mask the features at the CPUID level, so the registers are still there, can be used by application code, and may need saving and restoring.
Comment 6 Dante 2021-03-11 19:48:09 UTC 
(In reply to Florian Weimer from comment #4)
> (In reply to Dante from comment #3)
> > We need to disable XSAVE and XSAVEC in favor of FXSAVE in the dynamic linker
> > because we need to migrate a running process from one machine to another
> > with a different CPUs. Different CPUs might have different xsave_state_size
> > values, which results in SIGSEGV in xsave/xsavec in the dynamic linker.
> > Disabling xsave/xsavec in favor of fxsave on glibc fixes this problem.
> 
> Thanks for providing additional context.
> 
> Are you able to share more details about the kind of process migration
> technology being used? Is it VM-based? Or userspace checkpoint and restore,
> like CRIU? Or similar to the old Emacs unexec mechanism?

Its an userspace checkpoint and restore, like CRIU.

> 
> > Additionally, I do feel this is a bug. The glibc tunables allows
> > "application authors and distribution maintainers to alter the runtime
> > library behavior to match their workload" [1]. In this case, the -OSXSAVE
> > tunable should alter glibc behavior by completely avoiding XSAVE/XSAVEC
> > instructions since OSXSAVE is mandatory for those according to the Intel® 64
> > and IA-32 Architectures Software Developer’s Manual.
> > 
> > [1] https://www.gnu.org/software/libc/manual/html_node/Tunables.html
> 
> I'm not sure if it is possible to avoid XSAVE/XSAVEC in glibc while
> preserving correctness as far as the rest of the (system) libraries are
> concerned. The tunables do not mask the features at the CPUID level, so the
> registers are still there, can be used by application code, and may need
> saving and restoring.

The glibc tunables manual page suggests that system libraries other then glibc are out of the scope of glibc tunables, i.e., tunables should only work on glibc itself. This is precisely the case with the XSAVEC_Usable tunable. Setting it does not prevent other libraries from using the XSAVEC machine instruction, but does prevent glibc itself from using it. Same behavior should apply to OSXSAVE, but currently don't.

Currently, setting GLIBC_TUNABLES="glibc.tune.hwcaps=-OSXSAVE" changes no behavior at all in glibc. A quick grep -r OSXSAVE on glibc source should be sufficient to confirm that.
Comment 14 Arjun Shankar 2021-11-10 17:38:50 UTC 
Notes for QE:

1. The test Andrew details in comment 0 should be run on a reasonably new CPU with 'xsave'. As far as I understand it, xsave is available on Intel generations starting from Sandy Bridge.
It's possible to grep for xsave in the flags line of /proc/cpuinfo to verify that the instruction is available.

2. The tunable should be: GLIBC_TUNABLES="glibc.cpu.hwcaps=-XSAVE" (or -OSXSAVE, or both like "-XSAVE,-OSXSAVE").

3. On a CPU *with* xsave, setting the tunable should result in hitting the fxsave breakpoint, and *not* setting the tunable should result in hitting the *xsave* breakpoint. i.e. if xsave is not disabled, it should be preferred over fxsave.
Comment 19 errata-xmlrpc 2022-05-10 15:17:34 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (glibc bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:2005
Note You need to log in before you can comment on or make changes to this bug.