From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752086AbeC2OqY convert rfc822-to-8bit (ORCPT ); Thu, 29 Mar 2018 10:46:24 -0400 Received: from smtp-out4.electric.net ([192.162.216.181]:52397 "EHLO smtp-out4.electric.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750732AbeC2OqW (ORCPT ); Thu, 29 Mar 2018 10:46:22 -0400 From: David Laight To: "'Dominik Brodowski'" , Matthew Wilcox CC: "linux-kernel@vger.kernel.org" , "viro@ZenIV.linux.org.uk" , "torvalds@linux-foundation.org" , "arnd@arndb.de" , "linux-arch@vger.kernel.org" , "hmclauchlan@fb.com" , "tautschn@amazon.co.uk" , Amir Goldstein , Andi Kleen , Andrew Morton , Christoph Hellwig , "Darren Hart" , "David S . Miller" , "Eric W . Biederman" , "H . Peter Anvin" , Ingo Molnar , Jaswinder Singh , Jeff Dike , Jiri Slaby , "kexec@lists.infradead.org" , "linux-fsdevel@vger.kernel.org" , "linux-mm@kvack.org" , "linux-s390@vger.kernel.org" , "Luis R . Rodriguez" , "netdev@vger.kernel.org" , Peter Zijlstra , Thomas Gleixner , "user-mode-linux-devel@lists.sourceforge.net" , "x86@kernel.org" Subject: RE: [PATCH 000/109] remove in-kernel calls to syscalls Thread-Topic: [PATCH 000/109] remove in-kernel calls to syscalls Thread-Index: AQHTx2xJix6+xeNkAEOttoYzhanKr6PnSfuA Date: Thu, 29 Mar 2018 14:46:44 +0000 Message-ID: <07438b1e94ff42a184adb7134a680069@AcuMS.aculab.com> References: <20180329112426.23043-1-linux@dominikbrodowski.net> <20180329142027.GA24860@bombadil.infradead.org> <20180329144209.GA25559@isilmar-4.linta.de> In-Reply-To: <20180329144209.GA25559@isilmar-4.linta.de> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.202.205.33] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 8BIT MIME-Version: 1.0 X-Outbound-IP: 156.67.243.126 X-Env-From: David.Laight@ACULAB.COM X-Proto: esmtps X-Revdns: X-HELO: AcuMS.aculab.com X-TLS: TLSv1.2:ECDHE-RSA-AES256-SHA384:256 X-Authenticated_ID: X-PolicySMART: 3396946, 3397078 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Dominik Brodowski > Sent: 29 March 2018 15:42 > On Thu, Mar 29, 2018 at 07:20:27AM -0700, Matthew Wilcox wrote: > > On Thu, Mar 29, 2018 at 01:22:37PM +0200, Dominik Brodowski wrote: > > > At least on 64-bit x86, it will likely be a hard requirement from v4.17 > > > onwards to not call system call functions in the kernel: It is better to > > > use use a different calling convention for system calls there, where > > > struct pt_regs is decoded on-the-fly in a syscall wrapper which then hands > > > processing over to the actual syscall function. This means that only those > > > parameters which are actually needed for a specific syscall are passed on > > > during syscall entry, instead of filling in six CPU registers with random > > > user space content all the time (which may cause serious trouble down the > > > call chain).[*] > > > > How do we stop new ones from springing up? Some kind of linker trick > > like was used to, er, "dissuade" people from using gets()? > > Once the patches which modify the syscall calling convention are merged, > it won't compile on 64-bit x86, but bark loudly. That should frighten anyone. > Meow. Should be pretty easy to ensure the prototypes aren't in any normal header. Renaming the global symbols (to not match the function name) will make it much harder to call them as well. David From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Laight Subject: RE: [PATCH 000/109] remove in-kernel calls to syscalls Date: Thu, 29 Mar 2018 14:46:44 +0000 Message-ID: <07438b1e94ff42a184adb7134a680069@AcuMS.aculab.com> References: <20180329112426.23043-1-linux@dominikbrodowski.net> <20180329142027.GA24860@bombadil.infradead.org> <20180329144209.GA25559@isilmar-4.linta.de> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 8BIT Cc: "linux-kernel@vger.kernel.org" , "viro@ZenIV.linux.org.uk" , "torvalds@linux-foundation.org" , "arnd@arndb.de" , "linux-arch@vger.kernel.org" , "hmclauchlan@fb.com" , "tautschn@amazon.co.uk" , Amir Goldstein , Andi Kleen , Andrew Morton , Christoph Hellwig , "Darren Hart" , "David S . Miller" , "Eric W . Biederman" , "H . Peter Anvin" , Ingo Molnar , Jaswinder Singh , Jeff Dike , Matthew Wilcox Return-path: In-Reply-To: <20180329144209.GA25559@isilmar-4.linta.de> Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org List-Id: netdev.vger.kernel.org From: Dominik Brodowski > Sent: 29 March 2018 15:42 > On Thu, Mar 29, 2018 at 07:20:27AM -0700, Matthew Wilcox wrote: > > On Thu, Mar 29, 2018 at 01:22:37PM +0200, Dominik Brodowski wrote: > > > At least on 64-bit x86, it will likely be a hard requirement from v4.17 > > > onwards to not call system call functions in the kernel: It is better to > > > use use a different calling convention for system calls there, where > > > struct pt_regs is decoded on-the-fly in a syscall wrapper which then hands > > > processing over to the actual syscall function. This means that only those > > > parameters which are actually needed for a specific syscall are passed on > > > during syscall entry, instead of filling in six CPU registers with random > > > user space content all the time (which may cause serious trouble down the > > > call chain).[*] > > > > How do we stop new ones from springing up? Some kind of linker trick > > like was used to, er, "dissuade" people from using gets()? > > Once the patches which modify the syscall calling convention are merged, > it won't compile on 64-bit x86, but bark loudly. That should frighten anyone. > Meow. Should be pretty easy to ensure the prototypes aren't in any normal header. Renaming the global symbols (to not match the function name) will make it much harder to call them as well. David From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Laight Subject: RE: [PATCH 000/109] remove in-kernel calls to syscalls Date: Thu, 29 Mar 2018 14:46:44 +0000 Message-ID: <07438b1e94ff42a184adb7134a680069@AcuMS.aculab.com> References: <20180329112426.23043-1-linux@dominikbrodowski.net> <20180329142027.GA24860@bombadil.infradead.org> <20180329144209.GA25559@isilmar-4.linta.de> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 8BIT Return-path: In-Reply-To: <20180329144209.GA25559@isilmar-4.linta.de> Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org To: 'Dominik Brodowski' , Matthew Wilcox Cc: "linux-kernel@vger.kernel.org" , "viro@ZenIV.linux.org.uk" , "torvalds@linux-foundation.org" , "arnd@arndb.de" , "linux-arch@vger.kernel.org" , "hmclauchlan@fb.com" , "tautschn@amazon.co.uk" , Amir Goldstein , Andi Kleen , Andrew Morton , Christoph Hellwig , Darren Hart , "David S . Miller" , "Eric W . Biederman" , "H . Peter Anvin" , Ingo Molnar , Jaswinder Singh , Jeff Dike List-Id: linux-arch.vger.kernel.org From: Dominik Brodowski > Sent: 29 March 2018 15:42 > On Thu, Mar 29, 2018 at 07:20:27AM -0700, Matthew Wilcox wrote: > > On Thu, Mar 29, 2018 at 01:22:37PM +0200, Dominik Brodowski wrote: > > > At least on 64-bit x86, it will likely be a hard requirement from v4.17 > > > onwards to not call system call functions in the kernel: It is better to > > > use use a different calling convention for system calls there, where > > > struct pt_regs is decoded on-the-fly in a syscall wrapper which then hands > > > processing over to the actual syscall function. This means that only those > > > parameters which are actually needed for a specific syscall are passed on > > > during syscall entry, instead of filling in six CPU registers with random > > > user space content all the time (which may cause serious trouble down the > > > call chain).[*] > > > > How do we stop new ones from springing up? Some kind of linker trick > > like was used to, er, "dissuade" people from using gets()? > > Once the patches which modify the syscall calling convention are merged, > it won't compile on 64-bit x86, but bark loudly. That should frighten anyone. > Meow. Should be pretty easy to ensure the prototypes aren't in any normal header. Renaming the global symbols (to not match the function name) will make it much harder to call them as well. David From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from smtp-out4.electric.net ([192.162.216.185]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1f1Yp5-0003zB-W2 for kexec@lists.infradead.org; Thu, 29 Mar 2018 14:46:41 +0000 From: David Laight Subject: RE: [PATCH 000/109] remove in-kernel calls to syscalls Date: Thu, 29 Mar 2018 14:46:44 +0000 Message-ID: <07438b1e94ff42a184adb7134a680069@AcuMS.aculab.com> References: <20180329112426.23043-1-linux@dominikbrodowski.net> <20180329142027.GA24860@bombadil.infradead.org> <20180329144209.GA25559@isilmar-4.linta.de> In-Reply-To: <20180329144209.GA25559@isilmar-4.linta.de> Content-Language: en-US MIME-Version: 1.0 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "kexec" Errors-To: kexec-bounces+dwmw2=infradead.org@lists.infradead.org To: 'Dominik Brodowski' , Matthew Wilcox Cc: Peter Zijlstra , Amir Goldstein , "linux-mm@kvack.org" , "H . Peter Anvin" , "tautschn@amazon.co.uk" , Ingo Molnar , "linux-arch@vger.kernel.org" , "linux-s390@vger.kernel.org" , Andi Kleen , "user-mode-linux-devel@lists.sourceforge.net" , "x86@kernel.org" , "hmclauchlan@fb.com" , Christoph Hellwig , Jiri Slaby , Darren Hart , Jaswinder Singh , "arnd@arndb.de" , Jeff Dike , "viro@ZenIV.linux.org.uk" , Thomas Gleixner , "netdev@vger.kernel.org" , "kexec@lists.infradead.org" , "linux-kernel@vger.kernel.org" , "Luis R . Rodriguez" , "Eric W . Biederman" , "linux-fsdevel@vger.kernel.org" , Andrew Morton , "torvalds@linux-foundation.org" , "David S . Miller" From: Dominik Brodowski > Sent: 29 March 2018 15:42 > On Thu, Mar 29, 2018 at 07:20:27AM -0700, Matthew Wilcox wrote: > > On Thu, Mar 29, 2018 at 01:22:37PM +0200, Dominik Brodowski wrote: > > > At least on 64-bit x86, it will likely be a hard requirement from v4.17 > > > onwards to not call system call functions in the kernel: It is better to > > > use use a different calling convention for system calls there, where > > > struct pt_regs is decoded on-the-fly in a syscall wrapper which then hands > > > processing over to the actual syscall function. This means that only those > > > parameters which are actually needed for a specific syscall are passed on > > > during syscall entry, instead of filling in six CPU registers with random > > > user space content all the time (which may cause serious trouble down the > > > call chain).[*] > > > > How do we stop new ones from springing up? Some kind of linker trick > > like was used to, er, "dissuade" people from using gets()? > > Once the patches which modify the syscall calling convention are merged, > it won't compile on 64-bit x86, but bark loudly. That should frighten anyone. > Meow. Should be pretty easy to ensure the prototypes aren't in any normal header. Renaming the global symbols (to not match the function name) will make it much harder to call them as well. David _______________________________________________ kexec mailing list kexec@lists.infradead.org http://lists.infradead.org/mailman/listinfo/kexec