From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752694AbcEXAFN (ORCPT ); Mon, 23 May 2016 20:05:13 -0400 Received: from mail-bl2on0097.outbound.protection.outlook.com ([65.55.169.97]:11385 "EHLO na01-bl2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752200AbcEXAFH (ORCPT ); Mon, 23 May 2016 20:05:07 -0400 Authentication-Results: arndb.de; dkim=none (message not signed) header.d=none;arndb.de; dmarc=none action=none header.from=caviumnetworks.com; From: Yury Norov To: , , , , , , , CC: , , , , , , , , , , , , , , , Subject: [PATCH 01/23] all: syscall wrappers: add documentation Date: Tue, 24 May 2016 03:04:30 +0300 Message-ID: <1464048292-30136-2-git-send-email-ynorov@caviumnetworks.com> X-Mailer: git-send-email 2.5.0 In-Reply-To: <1464048292-30136-1-git-send-email-ynorov@caviumnetworks.com> References: <1464048292-30136-1-git-send-email-ynorov@caviumnetworks.com> MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [50.233.148.158] X-ClientProxiedBy: DM3PR14CA0017.namprd14.prod.outlook.com (10.164.193.155) To CY1PR07MB2229.namprd07.prod.outlook.com (10.164.112.143) X-MS-Office365-Filtering-Correlation-Id: 9d2b0369-7d65-46b8-8fad-08d383670e48 X-Microsoft-Exchange-Diagnostics: 1;CY1PR07MB2229;2:Wjrp28JFRWQgntH5XMTLJlMHwSJfGuvVxf6vRxWnZ6k/SFysCOv2YmXOmLdgsz8ZUzAZ2VuOM977/o+8briSZqm+V+Cs0ghFnHzNGHtZyK7uCn9/pIZEMwQCRsoNkTyB5fT1rkFX2+grtXGKJ5u7VXjOrAdCaLBeSCvVPu1RlRNvstcoKMxiPJd+l+IawOg3;3:5IyXOMjsF/cO/HkCLR0luFmLbTSBc8YfF+iCSEGJ3gb0qby8rSI2uQgmIVkeFbus2MuYeAm12ikG15AJWpab1F01VNAy906Bri5hNk+DsY1rwGB6YLAiljA4Rg1ECfHP X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CY1PR07MB2229; X-Microsoft-Exchange-Diagnostics: 1;CY1PR07MB2229;25:H+28/HqWkXjEMENCYAgiv58kfiJNE69QQJoNZeC1k0s/r49V7s1vhnQ4ExhSEPWhiDXRO0DQurrAFu7tCKACD8cvn91XjHysbrgHmGBM7wjUPEiQWa6Nvm8sj6etkfCF5TdzZJdPLAjBEqzMdkw/FtG8n6wX639OlKeL7VO5+rIwFbsVXJMOlY0mGgKAdoCG6bQERZ4nb0EuT8GAJwidv2Q/C7l/A4uD5NKi+IBWm+Kks25bSFFZu63e4Nba/KsZHeSsVLD7yms1uKGMEK4cJX54/IoPFKkTofPxitJGWWyhgSZWInNDXali4G4UwQLQTPV1anxqWTUFvgE9TBj7xVYjH6Un8e+qv+rK243ul5O1TiUsWubRC1L/GRBRTkhc013WUUOuKabia0532ROqkLfR1qCh3tHDtzpVmUFVYlZvc9v0AfAbv9usbO3yb/l0kuj3IRA4NDIOfrHZGECRd+ICCNih/cufyTVVZTjn7J7DG25qskt9tw4F4/N0c8VZshghyZTemhvIoQFT+9H9OXTMDZj4uU4r4iiJ9csc6QV3NeXYRw0u3H8R4tpW5S6o9wzhtpTwSYwxiy0GXcTRs7I+N89hPUg91RhyqGFFnD3s9ko3CYTZDX+tEcFfY12uthwsXw6fB14ADnzbYUISeI7HsC5K/69X8rrAUjsC34/m7aL9uMpB6wSfyzjij2BiRyrrEDZOyXfwR7UpbcGmVXXbscapsGTO5Ua2UlVL9xIZCyW9n5hN/Gzd4Hj+Fph7pXi9Ab0xrz3dvJ83tDCRlBHR6lNg3zCdmKh3hGOUdiI= X-Microsoft-Exchange-Diagnostics: 1;CY1PR07MB2229;20:ZL/TW4YEYcPYUJNgENIKQxx1uU8K+3zyM9sV/dZt0e4K5Ou8hoQF8Mp36+thzJWqT8tMKSRG6EwwhdCcnA/OKt9faBo+kSFwaPmeH72rmvRldSQYJMW9JqI3zEA8+IgfSyH+TPXt0c3JHeS1w9cRLUhnPr2Ms0sScBMrrVv1RcO4VhHiZWOFJ3WmwVv9nTxnG3tNOrWS6Z1yVHuNt2kPuXjcZDgYN0Xx1eAJaqnJ+sFytVTTweG7GTSvyGsiadZ7Ibox5PcDv9x9+ZVnHBfZ2UxxrJbHuhi4Vjg2OMZ8L099PO6hJd4ClHIkq8DiRYKya58KbDCLk9aGoeVjUsZNjc77omuF0G/H+Br7YlY42QuKGiY6fjiMbcNxZ9sbh0K/ThEOcQODH2sbMNyHSzRjPe+SwWMGPcrO5USQLTln+Dp8jgvYL7lG7f2NdbM/8VCLx+FwawO8kYMepjlCVfMv0bTMr7LxTfv0e0AaNQXZc+ScuxDyo9G8RTtli7xR4QmDycNW/KyzfIpmOQ5XBcLTz6tUhePt0UMQqB/xWRRBIVRGr64Jzra9kTouiT3mGDzCFJdp9rLXEU+ydkRhm7n3yBFnYwKlRLYhZFWIQMdTaqI= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001);SRVR:CY1PR07MB2229;BCL:0;PCL:0;RULEID:;SRVR:CY1PR07MB2229; X-Microsoft-Exchange-Diagnostics: 1;CY1PR07MB2229;4:D6YgqW9ke3UXUE1WJvmHCnje8zK6yh5zvn/UGj1gZ0ww2UXgtY4IpoL9ZzdrzDZXFPcXOP3u07mi8IsAF8utPRQ9cVWAuSgnU69QKb9hdKwwEbAz0ExDXXO7Nqq5+YHoe7YH3zulO20O9wHvKvgwYvAGltEqt523iYlszGBngsB19jgvNTa/737PbmLkk2Q4nfIct5PIXWHW5StdBbDTtVMujojO/FyIMWMVFgareEJCuVG4fQ3+wh3r/haae7UPlvSuGdWEWEwQJZA7+G0bCWmgy+PxHAmZ+wdEhimjRQZIYkldYAWojNO+TYDhWdpIWXA6kVAncgxupdhWVCjPqAOzj5d7++RTEsE+ok/4YCVHBHJ8qBpUAAdoZTXkjfo2 X-Forefront-PRVS: 09525C61DB X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4630300001)(6009001)(43544003)(5004730100002)(2906002)(81166006)(8676002)(5008740100001)(6116002)(2201001)(4326007)(586003)(42186005)(5001770100001)(92566002)(50986999)(48376002)(76176999)(50466002)(76506005)(36756003)(47776003)(66066001)(229853001)(189998001)(33646002)(19580405001)(19580395003)(5003940100001)(50226002)(77096005)(2950100001)(2101003);DIR:OUT;SFP:1101;SCL:1;SRVR:CY1PR07MB2229;H:localhost;FPR:;SPF:None;MLV:sfv;LANG:en; X-Microsoft-Exchange-Diagnostics: 1;CY1PR07MB2229;23:CgxYq2+SlcTxSBl4BBHX89HOjgtGgbUz6iP+8TJGM8Z9Yi5Yzpqj/3fKrAVj+2kav/96DvnGrKTRSg4RP5QMpUdDPmtaYjyahVFQCzgOoMiBoCyQmNQH1wvBdl/vt81ceY11atpFAO7rLkqN6Outj1guVcBeoDE9tfCWgJaBsb2ef+AHlOl1au6+HyyihkA/XBURQqiMSORSWNM9z2Jo2JIKW2a2v3BA7bIwFt+dnmwFBWxg2CqfxfBu21P0xOY3kn7HUEED6HuR5qLzUoaOfkIo1ADFFOrUtTRqA62MTOYTH7YBA4AjYE9srHJhkk23M8wWPv0cdE3eNwDOZ97UYwki3Gd0qwjsUl8oTTTPBVSTIt/67ZyCYaRO1Oh6Db33xQ4kjWp3TyUdJ+Z3rzrx5i2Z3p6FN/wz2Vsizzxc5By5d+81V1npY8qfpkTeqJHGBwB51TrLywXg9vTZrHnmFvOCTMjbsnc6kDgvkWUFuvNd07Zxfl4ckeGV83DJzPfbVM/tFtpgKAKazOulN4Z8xvwnb5UoVYA1DEt+5IiW8Cx/heqZDxO1xDa7FVKft0TYm11jOma1Qto8Zzt/HOsODU3+xh98Ku/PQURpH8JS57eCBor98iFZWeAIVMVadBx1e93a1UNS4ZSjFUwhg0UCSlgFMIul6QdohlqRF0Xw93Zg3wODycG1iI80WvdQ29deaNcHxPlZfc8k8aNfAKkKmzIZBeSXPlmZNVlP77VmuldP2M9h3atIktF747H/TUYo9ogEYvH2/IRC6ExOTXcCEBiAm2Gzt1XCITvi/vWHhy6k8nejtGDMcu7cPRDKuE79lUhx3mZ51vKVyklWGOV13o3VfJC6vyvIdSO5+lE4oS1sFIAv9DPlxP9EpHUtlEkFrNnWD9IyTxI0xPt1c9Y9BpSSMwRKvUGB1hru7vwxQsc= X-Microsoft-Exchange-Diagnostics: 1;CY1PR07MB2229;5:ncZKsp7fM5/6+WBCqQT/Iqfw5sCVTgdLwG3gDRX7wfFqhNnFxZ+JdrT9Ek2wxPgANGOQXl/sE0utUAjDb8fqKRGspu8N5sOubfPipQlxK+3Ox4QlCjg1fjDrLhTcZxANs+oOc0CDR3PEZQLFSP2h6Q==;24:NNL0Nl8cIHl3sVa6h/BeO5NAFaOqKF6P3d3TJmY8Uz4JzR3LT3IsxjtF8oqsDbnGpWRGEQ+9VaVPrN6eA/jJIHIa4Py2Ck5vHyvmnszf+4I=;7:PnCm73jMRcPQ7ZdGE1OuwnC8AKM3RXuKUcik5AB2b03RXN7dbf7692RBSA5MQtl+x85qyHMRIzOupjASStoa2dXxwv/tYhR+TWvqD2aN9HJb6O8KLC4r3B6NqDb3Np1yEe5ZptRWsquQcG0M+Ml0TDh8tQEdjSmEcDWT2hwlGzi0HMHJHzkgUHuc+57lIl/e SpamDiagnosticOutput: 1:23 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: caviumnetworks.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 May 2016 00:05:03.1847 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR07MB2229 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Signed-off-by: Yury Norov --- Documentation/adding-syscalls.txt | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/Documentation/adding-syscalls.txt b/Documentation/adding-syscalls.txt index cc2d4ac..d02a6bd 100644 --- a/Documentation/adding-syscalls.txt +++ b/Documentation/adding-syscalls.txt @@ -341,6 +341,38 @@ To summarize, you need: - instance of __SC_COMP not __SYSCALL in include/uapi/asm-generic/unistd.h +Compatibility System Calls Wrappers +-------------------------------- + +Some architectures prevent 32-bit userspace from access to top halves of 64-bit +registers, but some not. It's not a problem if specific argument is the same +size in kernel and userspace. It also is not a problem if system call is already +handled by compatible routine. Otherwise we'd take care of it. Usually, glibc +and compiler handles register's top halve, but from kernel side, we cannot rely +on it, as malicious code may cause incorrect behaviour and/or security +vulnerabilities. + +For now, only s390 and arm64/ilp32 are affected. + +To clear that top halves, automatic wrappers are introduced. They clear all +required registers before passing control to regular syscall handler. + +If your architecture allows userspace code to access top halves of register, +you need to: + - enable COMPAT_WRAPPER in configuration file; + - declare: "#define __SC_WRAP(nr, sym) [nr] = compat_##sym,", just before + compatible syscall table declaration, if you use generic unistd; or + - declare compat wrappers manually, if you use non-generic syscall table. + The list of unsafe syscalls is in kernel/compat_wrapper. + +If you write new syscall, make sure, its arguments are the same size in both +64- and 32-bits modes. If no, and if there's no explicit compat version for +syscall handler, you need to: + - declare compat version prototype in 'include/linux/compat.h'; + - in 'include/uapi/asm-generic/unistd.h' declare syscall with macro '__SC_WRAP' + instead of '__SYSCALL'; + - add corresponding line to 'kernel/compat_wrapper.c' to let it generate wrapper. + Compatibility System Calls (x86) -------------------------------- -- 2.5.0 From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: From: Yury Norov Subject: [PATCH 01/23] all: syscall wrappers: add documentation Date: Tue, 24 May 2016 03:04:30 +0300 Message-ID: <1464048292-30136-2-git-send-email-ynorov@caviumnetworks.com> In-Reply-To: <1464048292-30136-1-git-send-email-ynorov@caviumnetworks.com> References: <1464048292-30136-1-git-send-email-ynorov@caviumnetworks.com> MIME-Version: 1.0 Content-Type: text/plain Sender: linux-arch-owner@vger.kernel.org Message-ID: <20160524000430.eiIlVS75qD1FU8r1qBYk29e97rRyQiFiEnPwpCSfBfQ@z> List-Archive: List-Post: To: arnd@arndb.de, catalin.marinas@arm.com, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-arch@vger.kernel.org, linux-s390@vger.kernel.org, libc-alpha@sourceware.org Cc: schwidefsky@de.ibm.com, heiko.carstens@de.ibm.com, ynorov@caviumnetworks.com, pinskia@gmail.com, broonie@kernel.org, joseph@codesourcery.com, christoph.muellner@theobroma-systems.com, bamvor.zhangjian@huawei.com, szabolcs.nagy@arm.com, klimov.linux@gmail.com, Nathan_Lynch@mentor.com, agraf@suse.de, Prasun.Kapoor@caviumnetworks.com, kilobyte@angband.pl, geert@linux-m68k.org, philipp.tomsich@theobroma-systems.com List-ID: Signed-off-by: Yury Norov --- Documentation/adding-syscalls.txt | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/Documentation/adding-syscalls.txt b/Documentation/adding-syscalls.txt index cc2d4ac..d02a6bd 100644 --- a/Documentation/adding-syscalls.txt +++ b/Documentation/adding-syscalls.txt @@ -341,6 +341,38 @@ To summarize, you need: - instance of __SC_COMP not __SYSCALL in include/uapi/asm-generic/unistd.h +Compatibility System Calls Wrappers +-------------------------------- + +Some architectures prevent 32-bit userspace from access to top halves of 64-bit +registers, but some not. It's not a problem if specific argument is the same +size in kernel and userspace. It also is not a problem if system call is already +handled by compatible routine. Otherwise we'd take care of it. Usually, glibc +and compiler handles register's top halve, but from kernel side, we cannot rely +on it, as malicious code may cause incorrect behaviour and/or security +vulnerabilities. + +For now, only s390 and arm64/ilp32 are affected. + +To clear that top halves, automatic wrappers are introduced. They clear all +required registers before passing control to regular syscall handler. + +If your architecture allows userspace code to access top halves of register, +you need to: + - enable COMPAT_WRAPPER in configuration file; + - declare: "#define __SC_WRAP(nr, sym) [nr] = compat_##sym,", just before + compatible syscall table declaration, if you use generic unistd; or + - declare compat wrappers manually, if you use non-generic syscall table. + The list of unsafe syscalls is in kernel/compat_wrapper. + +If you write new syscall, make sure, its arguments are the same size in both +64- and 32-bits modes. If no, and if there's no explicit compat version for +syscall handler, you need to: + - declare compat version prototype in 'include/linux/compat.h'; + - in 'include/uapi/asm-generic/unistd.h' declare syscall with macro '__SC_WRAP' + instead of '__SYSCALL'; + - add corresponding line to 'kernel/compat_wrapper.c' to let it generate wrapper. + Compatibility System Calls (x86) -------------------------------- -- 2.5.0 From mboxrd@z Thu Jan 1 00:00:00 1970 From: ynorov@caviumnetworks.com (Yury Norov) Date: Tue, 24 May 2016 03:04:30 +0300 Subject: [PATCH 01/23] all: syscall wrappers: add documentation In-Reply-To: <1464048292-30136-1-git-send-email-ynorov@caviumnetworks.com> References: <1464048292-30136-1-git-send-email-ynorov@caviumnetworks.com> Message-ID: <1464048292-30136-2-git-send-email-ynorov@caviumnetworks.com> To: linux-arm-kernel@lists.infradead.org List-Id: linux-arm-kernel.lists.infradead.org Signed-off-by: Yury Norov --- Documentation/adding-syscalls.txt | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/Documentation/adding-syscalls.txt b/Documentation/adding-syscalls.txt index cc2d4ac..d02a6bd 100644 --- a/Documentation/adding-syscalls.txt +++ b/Documentation/adding-syscalls.txt @@ -341,6 +341,38 @@ To summarize, you need: - instance of __SC_COMP not __SYSCALL in include/uapi/asm-generic/unistd.h +Compatibility System Calls Wrappers +-------------------------------- + +Some architectures prevent 32-bit userspace from access to top halves of 64-bit +registers, but some not. It's not a problem if specific argument is the same +size in kernel and userspace. It also is not a problem if system call is already +handled by compatible routine. Otherwise we'd take care of it. Usually, glibc +and compiler handles register's top halve, but from kernel side, we cannot rely +on it, as malicious code may cause incorrect behaviour and/or security +vulnerabilities. + +For now, only s390 and arm64/ilp32 are affected. + +To clear that top halves, automatic wrappers are introduced. They clear all +required registers before passing control to regular syscall handler. + +If your architecture allows userspace code to access top halves of register, +you need to: + - enable COMPAT_WRAPPER in configuration file; + - declare: "#define __SC_WRAP(nr, sym) [nr] = compat_##sym,", just before + compatible syscall table declaration, if you use generic unistd; or + - declare compat wrappers manually, if you use non-generic syscall table. + The list of unsafe syscalls is in kernel/compat_wrapper. + +If you write new syscall, make sure, its arguments are the same size in both +64- and 32-bits modes. If no, and if there's no explicit compat version for +syscall handler, you need to: + - declare compat version prototype in 'include/linux/compat.h'; + - in 'include/uapi/asm-generic/unistd.h' declare syscall with macro '__SC_WRAP' + instead of '__SYSCALL'; + - add corresponding line to 'kernel/compat_wrapper.c' to let it generate wrapper. + Compatibility System Calls (x86) -------------------------------- -- 2.5.0