Native Client currently allows the RDTSC x86 instruction to be used [1], but (as Brad mentioned to me) this instruction gets disabled by Linux's seccomp sandboxing mode [2], which could cause us problems if we want NaCl to be able to run under Chromium's seccomp-based Linux sandbox. How do we want to deal with this?
Is there any equivalent of RDTSC on ARM? If not, we might want to disallow RDTSC on the grounds that it is not portable. How would a program use RDTSC if it were compiled to a portable binary?
If we're going to allow access to the functionality of RDTSC it might be good to put it behind a NaCl syscall, similar to how we have talked about handling fetching the thread pointer on x86-64 for supporting TLS. In the case where the OS-level process can execute RDTSC, its use by NaCl does not have to incur the usual NaCl syscall overhead: we can place "rtdsc; naclret" directly in a syscall trampoline. The advantage of doing this is that it gives us the option to virtualise use of RDTSC if we need to. Otherwise, if we allow RDTSC to be used directly from the start, we might get into a situation where NaCl code depends on it and we cannot remove it without breaking compatibility.
It is possible to patch RDTSC in a binary to jump to some other implementation -- the seccomp sandbox rewrites syscall instructions to do this [3] -- but since RDTSC is only 2 bytes long, it involves moving the following instruction out of the way, which is tricky. (Maybe we could allow RDTSC but require it to be followed by 3 NOPs within the same instruction bundle so that it can be overwritten with a 5-byte jump?)
The seccomp sandbox currently catches the SIGSEGV signal that RDTSC produces and emulates it by forwarding the request to the trusted thread. There's a bug open for making the sandbox rewrite the RDTSC instruction instead, the same way it rewrites syscall instructions [4].
Mark
[1]
http://code.google.com/p/nativeclient/issues/detail?id=84[2] Actually, whether it gets disabled varies between kernel versions.
See
http://blog.cr0.org/2009/05/time-stamp-counter-disabling-oddities.html[3]
http://code.google.com/p/seccompsandbox/source/browse/trunk/library.cc
[4]
http://code.google.com/p/chromium/issues/detail?id=26524