From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752314AbeC2Ozb (ORCPT ); Thu, 29 Mar 2018 10:55:31 -0400 Received: from isilmar-4.linta.de ([136.243.71.142]:45014 "EHLO isilmar-4.linta.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752258AbeC2Oz2 (ORCPT ); Thu, 29 Mar 2018 10:55:28 -0400 Date: Thu, 29 Mar 2018 16:55:26 +0200 From: Dominik Brodowski To: David Laight Cc: Matthew Wilcox , "linux-kernel@vger.kernel.org" , "viro@ZenIV.linux.org.uk" , "torvalds@linux-foundation.org" , "arnd@arndb.de" , "linux-arch@vger.kernel.org" , "hmclauchlan@fb.com" , "tautschn@amazon.co.uk" , Amir Goldstein , Andi Kleen , Andrew Morton , Christoph Hellwig , Darren Hart , "David S . Miller" , "Eric W . Biederman" , "H . Peter Anvin" , Ingo Molnar , Jaswinder Singh , Jeff Dike , Jiri Slaby , "kexec@lists.infradead.org" , "linux-fsdevel@vger.kernel.org" , "linux-mm@kvack.org" , "linux-s390@vger.kernel.org" , "Luis R . Rodriguez" , "netdev@vger.kernel.org" , Peter Zijlstra , Thomas Gleixner , "user-mode-linux-devel@lists.sourceforge.net" , "x86@kernel.org" Subject: Re: [PATCH 000/109] remove in-kernel calls to syscalls Message-ID: <20180329145526.GA1414@isilmar-4.linta.de> References: <20180329112426.23043-1-linux@dominikbrodowski.net> <20180329142027.GA24860@bombadil.infradead.org> <20180329144209.GA25559@isilmar-4.linta.de> <07438b1e94ff42a184adb7134a680069@AcuMS.aculab.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <07438b1e94ff42a184adb7134a680069@AcuMS.aculab.com> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Mar 29, 2018 at 02:46:44PM +0000, David Laight wrote: > From: Dominik Brodowski > > Sent: 29 March 2018 15:42 > > On Thu, Mar 29, 2018 at 07:20:27AM -0700, Matthew Wilcox wrote: > > > On Thu, Mar 29, 2018 at 01:22:37PM +0200, Dominik Brodowski wrote: > > > > At least on 64-bit x86, it will likely be a hard requirement from v4.17 > > > > onwards to not call system call functions in the kernel: It is better to > > > > use use a different calling convention for system calls there, where > > > > struct pt_regs is decoded on-the-fly in a syscall wrapper which then hands > > > > processing over to the actual syscall function. This means that only those > > > > parameters which are actually needed for a specific syscall are passed on > > > > during syscall entry, instead of filling in six CPU registers with random > > > > user space content all the time (which may cause serious trouble down the > > > > call chain).[*] > > > > > > How do we stop new ones from springing up? Some kind of linker trick > > > like was used to, er, "dissuade" people from using gets()? > > > > Once the patches which modify the syscall calling convention are merged, > > it won't compile on 64-bit x86, but bark loudly. That should frighten anyone. > > Meow. > > Should be pretty easy to ensure the prototypes aren't in any normal header. That's exactly why the compile will fail. > Renaming the global symbols (to not match the function name) will make it > much harder to call them as well. That still depends on the exact design of the patchset, which is still under review. Thanks, Dominik From mboxrd@z Thu Jan 1 00:00:00 1970 From: Dominik Brodowski Subject: Re: [PATCH 000/109] remove in-kernel calls to syscalls Date: Thu, 29 Mar 2018 16:55:26 +0200 Message-ID: <20180329145526.GA1414@isilmar-4.linta.de> References: <20180329112426.23043-1-linux@dominikbrodowski.net> <20180329142027.GA24860@bombadil.infradead.org> <20180329144209.GA25559@isilmar-4.linta.de> <07438b1e94ff42a184adb7134a680069@AcuMS.aculab.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Matthew Wilcox , "linux-kernel@vger.kernel.org" , "viro@ZenIV.linux.org.uk" , "torvalds@linux-foundation.org" , "arnd@arndb.de" , "linux-arch@vger.kernel.org" , "hmclauchlan@fb.com" , "tautschn@amazon.co.uk" , Amir Goldstein , Andi Kleen , Andrew Morton , Christoph Hellwig , Darren Hart , "David S . Miller" , "Eric W . Biederman" , "H . Peter Anvin" , Ingo Molnar , Jaswinder Singh Return-path: Content-Disposition: inline In-Reply-To: <07438b1e94ff42a184adb7134a680069@AcuMS.aculab.com> Sender: linux-kernel-owner@vger.kernel.org List-Id: netdev.vger.kernel.org On Thu, Mar 29, 2018 at 02:46:44PM +0000, David Laight wrote: > From: Dominik Brodowski > > Sent: 29 March 2018 15:42 > > On Thu, Mar 29, 2018 at 07:20:27AM -0700, Matthew Wilcox wrote: > > > On Thu, Mar 29, 2018 at 01:22:37PM +0200, Dominik Brodowski wrote: > > > > At least on 64-bit x86, it will likely be a hard requirement from v4.17 > > > > onwards to not call system call functions in the kernel: It is better to > > > > use use a different calling convention for system calls there, where > > > > struct pt_regs is decoded on-the-fly in a syscall wrapper which then hands > > > > processing over to the actual syscall function. This means that only those > > > > parameters which are actually needed for a specific syscall are passed on > > > > during syscall entry, instead of filling in six CPU registers with random > > > > user space content all the time (which may cause serious trouble down the > > > > call chain).[*] > > > > > > How do we stop new ones from springing up? Some kind of linker trick > > > like was used to, er, "dissuade" people from using gets()? > > > > Once the patches which modify the syscall calling convention are merged, > > it won't compile on 64-bit x86, but bark loudly. That should frighten anyone. > > Meow. > > Should be pretty easy to ensure the prototypes aren't in any normal header. That's exactly why the compile will fail. > Renaming the global symbols (to not match the function name) will make it > much harder to call them as well. That still depends on the exact design of the patchset, which is still under review. Thanks, Dominik From mboxrd@z Thu Jan 1 00:00:00 1970 From: Dominik Brodowski Subject: Re: [PATCH 000/109] remove in-kernel calls to syscalls Date: Thu, 29 Mar 2018 16:55:26 +0200 Message-ID: <20180329145526.GA1414@isilmar-4.linta.de> References: <20180329112426.23043-1-linux@dominikbrodowski.net> <20180329142027.GA24860@bombadil.infradead.org> <20180329144209.GA25559@isilmar-4.linta.de> <07438b1e94ff42a184adb7134a680069@AcuMS.aculab.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Content-Disposition: inline In-Reply-To: <07438b1e94ff42a184adb7134a680069@AcuMS.aculab.com> Sender: linux-kernel-owner@vger.kernel.org To: David Laight Cc: Matthew Wilcox , "linux-kernel@vger.kernel.org" , "viro@ZenIV.linux.org.uk" , "torvalds@linux-foundation.org" , "arnd@arndb.de" , "linux-arch@vger.kernel.org" , "hmclauchlan@fb.com" , "tautschn@amazon.co.uk" , Amir Goldstein , Andi Kleen , Andrew Morton , Christoph Hellwig , Darren Hart , "David S . Miller" , "Eric W . Biederman" , "H . Peter Anvin" , Ingo Molnar , Jaswinder Singh List-Id: linux-arch.vger.kernel.org On Thu, Mar 29, 2018 at 02:46:44PM +0000, David Laight wrote: > From: Dominik Brodowski > > Sent: 29 March 2018 15:42 > > On Thu, Mar 29, 2018 at 07:20:27AM -0700, Matthew Wilcox wrote: > > > On Thu, Mar 29, 2018 at 01:22:37PM +0200, Dominik Brodowski wrote: > > > > At least on 64-bit x86, it will likely be a hard requirement from v4.17 > > > > onwards to not call system call functions in the kernel: It is better to > > > > use use a different calling convention for system calls there, where > > > > struct pt_regs is decoded on-the-fly in a syscall wrapper which then hands > > > > processing over to the actual syscall function. This means that only those > > > > parameters which are actually needed for a specific syscall are passed on > > > > during syscall entry, instead of filling in six CPU registers with random > > > > user space content all the time (which may cause serious trouble down the > > > > call chain).[*] > > > > > > How do we stop new ones from springing up? Some kind of linker trick > > > like was used to, er, "dissuade" people from using gets()? > > > > Once the patches which modify the syscall calling convention are merged, > > it won't compile on 64-bit x86, but bark loudly. That should frighten anyone. > > Meow. > > Should be pretty easy to ensure the prototypes aren't in any normal header. That's exactly why the compile will fail. > Renaming the global symbols (to not match the function name) will make it > much harder to call them as well. That still depends on the exact design of the patchset, which is still under review. Thanks, Dominik From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from isilmar-4.linta.de ([136.243.71.142]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1f1Yxl-0000F0-UC for kexec@lists.infradead.org; Thu, 29 Mar 2018 14:55:39 +0000 Date: Thu, 29 Mar 2018 16:55:26 +0200 From: Dominik Brodowski Subject: Re: [PATCH 000/109] remove in-kernel calls to syscalls Message-ID: <20180329145526.GA1414@isilmar-4.linta.de> References: <20180329112426.23043-1-linux@dominikbrodowski.net> <20180329142027.GA24860@bombadil.infradead.org> <20180329144209.GA25559@isilmar-4.linta.de> <07438b1e94ff42a184adb7134a680069@AcuMS.aculab.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <07438b1e94ff42a184adb7134a680069@AcuMS.aculab.com> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "kexec" Errors-To: kexec-bounces+dwmw2=infradead.org@lists.infradead.org To: David Laight Cc: Peter Zijlstra , Amir Goldstein , "linux-mm@kvack.org" , "H . Peter Anvin" , "tautschn@amazon.co.uk" , Ingo Molnar , "linux-arch@vger.kernel.org" , "linux-s390@vger.kernel.org" , Andi Kleen , "user-mode-linux-devel@lists.sourceforge.net" , "x86@kernel.org" , Matthew Wilcox , "hmclauchlan@fb.com" , Christoph Hellwig , Jiri Slaby , Darren Hart , Jaswinder Singh , "arnd@arndb.de" , Jeff Dike , "viro@ZenIV.linux.org.uk" , Thomas Gleixner , "netdev@vger.kernel.org" , "kexec@lists.infradead.org" , "linux-kernel@vger.kernel.org" , "Luis R . Rodriguez" , "Eric W . Biederman" , "linux-fsdevel@vger.kernel.org" , Andrew Morton , "torvalds@linux-foundation.org" , "David S . Miller" On Thu, Mar 29, 2018 at 02:46:44PM +0000, David Laight wrote: > From: Dominik Brodowski > > Sent: 29 March 2018 15:42 > > On Thu, Mar 29, 2018 at 07:20:27AM -0700, Matthew Wilcox wrote: > > > On Thu, Mar 29, 2018 at 01:22:37PM +0200, Dominik Brodowski wrote: > > > > At least on 64-bit x86, it will likely be a hard requirement from v4.17 > > > > onwards to not call system call functions in the kernel: It is better to > > > > use use a different calling convention for system calls there, where > > > > struct pt_regs is decoded on-the-fly in a syscall wrapper which then hands > > > > processing over to the actual syscall function. This means that only those > > > > parameters which are actually needed for a specific syscall are passed on > > > > during syscall entry, instead of filling in six CPU registers with random > > > > user space content all the time (which may cause serious trouble down the > > > > call chain).[*] > > > > > > How do we stop new ones from springing up? Some kind of linker trick > > > like was used to, er, "dissuade" people from using gets()? > > > > Once the patches which modify the syscall calling convention are merged, > > it won't compile on 64-bit x86, but bark loudly. That should frighten anyone. > > Meow. > > Should be pretty easy to ensure the prototypes aren't in any normal header. That's exactly why the compile will fail. > Renaming the global symbols (to not match the function name) will make it > much harder to call them as well. That still depends on the exact design of the patchset, which is still under review. Thanks, Dominik _______________________________________________ kexec mailing list kexec@lists.infradead.org http://lists.infradead.org/mailman/listinfo/kexec