From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=5bHT=BN=vger.kernel.org=linux-kernel-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-14.6 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
	NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1,
	USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 2A8B0C433E1
	for <linux-kernel@archiver.kernel.org>; Mon,  3 Aug 2020 15:59:07 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id 0AF9B2072A
	for <linux-kernel@archiver.kernel.org>; Mon,  3 Aug 2020 15:59:07 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="CmZKNOH/"
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728209AbgHCP7G (ORCPT
        <rfc822;linux-kernel@archiver.kernel.org>);
        Mon, 3 Aug 2020 11:59:06 -0400
Received: from linux.microsoft.com ([13.77.154.182]:43092 "EHLO
        linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725945AbgHCP7G (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 3 Aug 2020 11:59:06 -0400
Received: from [192.168.254.32] (unknown [47.187.206.220])
        by linux.microsoft.com (Postfix) with ESMTPSA id 0B58220B4908;
        Mon,  3 Aug 2020 08:59:04 -0700 (PDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 0B58220B4908
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com;
        s=default; t=1596470345;
        bh=61JblHzq4qhtQkPzj2G3tGZ75oReI0NIx105fosLKrI=;
        h=Subject:To:Cc:References:From:Date:In-Reply-To:From;
        b=CmZKNOH/KALtRXbeh0M5SY5+FforFJaVBEotq9VkjW4009Y9gJ4Y8SiPFK60B63Ek
         PKT5VksgRHxxB2UeKRaW8GTHJZ0qNSXo3Bv3a1oHMYNew4GGXbm8WZ2IzEPQtDPc28
         jbSZxdwUc01p8o/CYVhWcBeeqUmlISxGx9Y/uaWA=
Subject: Re: [PATCH v1 0/4] [RFC] Implement Trampoline File Descriptor
To:     David Laight <David.Laight@ACULAB.COM>,
        Andy Lutomirski <luto@kernel.org>
Cc:     Kernel Hardening <kernel-hardening@lists.openwall.com>,
        Linux API <linux-api@vger.kernel.org>,
        linux-arm-kernel <linux-arm-kernel@lists.infradead.org>,
        Linux FS Devel <linux-fsdevel@vger.kernel.org>,
        linux-integrity <linux-integrity@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>,
        LSM List <linux-security-module@vger.kernel.org>,
        Oleg Nesterov <oleg@redhat.com>, X86 ML <x86@kernel.org>
References: <20200728131050.24443-1-madvenka@linux.microsoft.com>
 <CALCETrVy5OMuUx04-wWk9FJbSxkrT2vMfN_kANinudrDwC4Cig@mail.gmail.com>
 <3b916198-3a98-bd19-9a1c-f2d8d44febe8@linux.microsoft.com>
 <a5fb2778a86f45b58ef5dd35228d950b@AcuMS.aculab.com>
From:   "Madhavan T. Venkataraman" <madvenka@linux.microsoft.com>
Message-ID: <8f938da2-a10d-ca15-56f0-70315c678771@linux.microsoft.com>
Date:   Mon, 3 Aug 2020 10:59:04 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <a5fb2778a86f45b58ef5dd35228d950b@AcuMS.aculab.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org



On 8/3/20 3:23 AM, David Laight wrote:
> From: Madhavan T. Venkataraman
>> Sent: 02 August 2020 19:55
>> To: Andy Lutomirski <luto@kernel.org>
>> Cc: Kernel Hardening <kernel-hardening@lists.openwall.com>; Linux API <linux-api@vger.kernel.org>;
>> linux-arm-kernel <linux-arm-kernel@lists.infradead.org>; Linux FS Devel <linux-
>> fsdevel@vger.kernel.org>; linux-integrity <linux-integrity@vger.kernel.org>; LKML <linux-
>> kernel@vger.kernel.org>; LSM List <linux-security-module@vger.kernel.org>; Oleg Nesterov
>> <oleg@redhat.com>; X86 ML <x86@kernel.org>
>> Subject: Re: [PATCH v1 0/4] [RFC] Implement Trampoline File Descriptor
>>
>> More responses inline..
>>
>> On 7/28/20 12:31 PM, Andy Lutomirski wrote:
>>>> On Jul 28, 2020, at 6:11 AM, madvenka@linux.microsoft.com wrote:
>>>>
>>>> From: "Madhavan T. Venkataraman" <madvenka@linux.microsoft.com>
>>>>
>>> 2. Use existing kernel functionality.  Raise a signal, modify the
>>> state, and return from the signal.  This is very flexible and may not
>>> be all that much slower than trampfd.
>> Let me understand this. You are saying that the trampoline code
>> would raise a signal and, in the signal handler, set up the context
>> so that when the signal handler returns, we end up in the target
>> function with the context correctly set up. And, this trampoline code
>> can be generated statically at build time so that there are no
>> security issues using it.
>>
>> Have I understood your suggestion correctly?
> I was thinking that you'd just let the 'not executable' page fault
> signal happen (SIGSEGV?) when the code jumps to on-stack trampoline
> is executed.
>
> The user signal handler can then decode the faulting instruction
> and, if it matches the expected on-stack trampoline, modify the
> saved registers before returning from the signal.
>
> No kernel changes and all you need to add to the program is
> an architecture-dependant signal handler.

Understood.

Madhavan

From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=/KYd=BN=lists.infradead.org=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-7.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
	NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1
	autolearn=no autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 04A12C433E0
	for <linux-arm-kernel@archiver.kernel.org>; Mon,  3 Aug 2020 16:00:31 +0000 (UTC)
Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id C73E3206DA
	for <linux-arm-kernel@archiver.kernel.org>; Mon,  3 Aug 2020 16:00:30 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="czILnK14";
	dkim=fail reason="signature verification failed" (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="CmZKNOH/"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C73E3206DA
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linux.microsoft.com
Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding:
	Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive:
	List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:Date:Message-ID:From:
	References:To:Subject:Reply-To:Content-ID:Content-Description:Resent-Date:
	Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner;
	 bh=aNHdBN24evzdkdSsEWu2x9hfayxffZ/L1FzI2gk0/FI=; b=czILnK14Z9JyWLPzdq141cvwH
	Jh+jJflLs5wcQ2+5xH/ndBRPwVx/vuSR7J0OH4UmCzydIg0U1gL/VwlkqXWMUgEQHI6URI7uY3NFl
	7907n0SN9dISyEvDvquclTChEdVnWA+rDxAZZOxVP9lkhRjFO38Ecvmx2TIYOLPljQ0YoukujET61
	15sTmO2pqAgBQ8BxfvNzJAFbWaK5YoxEm1kmAnVg14Ow2JzWi8wflSfqHY+SlSQwbylSZeBqRaI5H
	nV7lJgQyeJnDoxnar4chr0Q9cS6pkD37V6CxDESmAraEua445Cz5Pf/lxP4Zw0/oZHe6q8iFlwBrz
	GZwnVGulQ==;
Received: from localhost ([::1] helo=merlin.infradead.org)
	by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux))
	id 1k2crk-0005bX-Sa; Mon, 03 Aug 2020 15:59:08 +0000
Received: from linux.microsoft.com ([13.77.154.182])
 by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux))
 id 1k2cri-0005af-84
 for linux-arm-kernel@lists.infradead.org; Mon, 03 Aug 2020 15:59:06 +0000
Received: from [192.168.254.32] (unknown [47.187.206.220])
 by linux.microsoft.com (Postfix) with ESMTPSA id 0B58220B4908;
 Mon,  3 Aug 2020 08:59:04 -0700 (PDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 0B58220B4908
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com;
 s=default; t=1596470345;
 bh=61JblHzq4qhtQkPzj2G3tGZ75oReI0NIx105fosLKrI=;
 h=Subject:To:Cc:References:From:Date:In-Reply-To:From;
 b=CmZKNOH/KALtRXbeh0M5SY5+FforFJaVBEotq9VkjW4009Y9gJ4Y8SiPFK60B63Ek
 PKT5VksgRHxxB2UeKRaW8GTHJZ0qNSXo3Bv3a1oHMYNew4GGXbm8WZ2IzEPQtDPc28
 jbSZxdwUc01p8o/CYVhWcBeeqUmlISxGx9Y/uaWA=
Subject: Re: [PATCH v1 0/4] [RFC] Implement Trampoline File Descriptor
To: David Laight <David.Laight@ACULAB.COM>, Andy Lutomirski <luto@kernel.org>
References: <20200728131050.24443-1-madvenka@linux.microsoft.com>
 <CALCETrVy5OMuUx04-wWk9FJbSxkrT2vMfN_kANinudrDwC4Cig@mail.gmail.com>
 <3b916198-3a98-bd19-9a1c-f2d8d44febe8@linux.microsoft.com>
 <a5fb2778a86f45b58ef5dd35228d950b@AcuMS.aculab.com>
From: "Madhavan T. Venkataraman" <madvenka@linux.microsoft.com>
Message-ID: <8f938da2-a10d-ca15-56f0-70315c678771@linux.microsoft.com>
Date: Mon, 3 Aug 2020 10:59:04 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <a5fb2778a86f45b58ef5dd35228d950b@AcuMS.aculab.com>
Content-Language: en-US
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20200803_115906_348182_E9CF8FDB 
X-CRM114-Status: GOOD (  16.19  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Cc: Kernel Hardening <kernel-hardening@lists.openwall.com>,
 Linux API <linux-api@vger.kernel.org>, X86 ML <x86@kernel.org>,
 LKML <linux-kernel@vger.kernel.org>, Oleg Nesterov <oleg@redhat.com>,
 LSM List <linux-security-module@vger.kernel.org>,
 Linux FS Devel <linux-fsdevel@vger.kernel.org>,
 linux-integrity <linux-integrity@vger.kernel.org>,
 linux-arm-kernel <linux-arm-kernel@lists.infradead.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

CgpPbiA4LzMvMjAgMzoyMyBBTSwgRGF2aWQgTGFpZ2h0IHdyb3RlOgo+IEZyb206IE1hZGhhdmFu
IFQuIFZlbmthdGFyYW1hbgo+PiBTZW50OiAwMiBBdWd1c3QgMjAyMCAxOTo1NQo+PiBUbzogQW5k
eSBMdXRvbWlyc2tpIDxsdXRvQGtlcm5lbC5vcmc+Cj4+IENjOiBLZXJuZWwgSGFyZGVuaW5nIDxr
ZXJuZWwtaGFyZGVuaW5nQGxpc3RzLm9wZW53YWxsLmNvbT47IExpbnV4IEFQSSA8bGludXgtYXBp
QHZnZXIua2VybmVsLm9yZz47Cj4+IGxpbnV4LWFybS1rZXJuZWwgPGxpbnV4LWFybS1rZXJuZWxA
bGlzdHMuaW5mcmFkZWFkLm9yZz47IExpbnV4IEZTIERldmVsIDxsaW51eC0KPj4gZnNkZXZlbEB2
Z2VyLmtlcm5lbC5vcmc+OyBsaW51eC1pbnRlZ3JpdHkgPGxpbnV4LWludGVncml0eUB2Z2VyLmtl
cm5lbC5vcmc+OyBMS01MIDxsaW51eC0KPj4ga2VybmVsQHZnZXIua2VybmVsLm9yZz47IExTTSBM
aXN0IDxsaW51eC1zZWN1cml0eS1tb2R1bGVAdmdlci5rZXJuZWwub3JnPjsgT2xlZyBOZXN0ZXJv
dgo+PiA8b2xlZ0ByZWRoYXQuY29tPjsgWDg2IE1MIDx4ODZAa2VybmVsLm9yZz4KPj4gU3ViamVj
dDogUmU6IFtQQVRDSCB2MSAwLzRdIFtSRkNdIEltcGxlbWVudCBUcmFtcG9saW5lIEZpbGUgRGVz
Y3JpcHRvcgo+Pgo+PiBNb3JlIHJlc3BvbnNlcyBpbmxpbmUuLgo+Pgo+PiBPbiA3LzI4LzIwIDEy
OjMxIFBNLCBBbmR5IEx1dG9taXJza2kgd3JvdGU6Cj4+Pj4gT24gSnVsIDI4LCAyMDIwLCBhdCA2
OjExIEFNLCBtYWR2ZW5rYUBsaW51eC5taWNyb3NvZnQuY29tIHdyb3RlOgo+Pj4+Cj4+Pj4g77u/
RnJvbTogIk1hZGhhdmFuIFQuIFZlbmthdGFyYW1hbiIgPG1hZHZlbmthQGxpbnV4Lm1pY3Jvc29m
dC5jb20+Cj4+Pj4KPj4+IDIuIFVzZSBleGlzdGluZyBrZXJuZWwgZnVuY3Rpb25hbGl0eS4gIFJh
aXNlIGEgc2lnbmFsLCBtb2RpZnkgdGhlCj4+PiBzdGF0ZSwgYW5kIHJldHVybiBmcm9tIHRoZSBz
aWduYWwuICBUaGlzIGlzIHZlcnkgZmxleGlibGUgYW5kIG1heSBub3QKPj4+IGJlIGFsbCB0aGF0
IG11Y2ggc2xvd2VyIHRoYW4gdHJhbXBmZC4KPj4gTGV0IG1lIHVuZGVyc3RhbmQgdGhpcy4gWW91
IGFyZSBzYXlpbmcgdGhhdCB0aGUgdHJhbXBvbGluZSBjb2RlCj4+IHdvdWxkIHJhaXNlIGEgc2ln
bmFsIGFuZCwgaW4gdGhlIHNpZ25hbCBoYW5kbGVyLCBzZXQgdXAgdGhlIGNvbnRleHQKPj4gc28g
dGhhdCB3aGVuIHRoZSBzaWduYWwgaGFuZGxlciByZXR1cm5zLCB3ZSBlbmQgdXAgaW4gdGhlIHRh
cmdldAo+PiBmdW5jdGlvbiB3aXRoIHRoZSBjb250ZXh0IGNvcnJlY3RseSBzZXQgdXAuIEFuZCwg
dGhpcyB0cmFtcG9saW5lIGNvZGUKPj4gY2FuIGJlIGdlbmVyYXRlZCBzdGF0aWNhbGx5IGF0IGJ1
aWxkIHRpbWUgc28gdGhhdCB0aGVyZSBhcmUgbm8KPj4gc2VjdXJpdHkgaXNzdWVzIHVzaW5nIGl0
Lgo+Pgo+PiBIYXZlIEkgdW5kZXJzdG9vZCB5b3VyIHN1Z2dlc3Rpb24gY29ycmVjdGx5Pwo+IEkg
d2FzIHRoaW5raW5nIHRoYXQgeW91J2QganVzdCBsZXQgdGhlICdub3QgZXhlY3V0YWJsZScgcGFn
ZSBmYXVsdAo+IHNpZ25hbCBoYXBwZW4gKFNJR1NFR1Y/KSB3aGVuIHRoZSBjb2RlIGp1bXBzIHRv
IG9uLXN0YWNrIHRyYW1wb2xpbmUKPiBpcyBleGVjdXRlZC4KPgo+IFRoZSB1c2VyIHNpZ25hbCBo
YW5kbGVyIGNhbiB0aGVuIGRlY29kZSB0aGUgZmF1bHRpbmcgaW5zdHJ1Y3Rpb24KPiBhbmQsIGlm
IGl0IG1hdGNoZXMgdGhlIGV4cGVjdGVkIG9uLXN0YWNrIHRyYW1wb2xpbmUsIG1vZGlmeSB0aGUK
PiBzYXZlZCByZWdpc3RlcnMgYmVmb3JlIHJldHVybmluZyBmcm9tIHRoZSBzaWduYWwuCj4KPiBO
byBrZXJuZWwgY2hhbmdlcyBhbmQgYWxsIHlvdSBuZWVkIHRvIGFkZCB0byB0aGUgcHJvZ3JhbSBp
cwo+IGFuIGFyY2hpdGVjdHVyZS1kZXBlbmRhbnQgc2lnbmFsIGhhbmRsZXIuCgpVbmRlcnN0b29k
LgoKTWFkaGF2YW4KCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fCmxpbnV4LWFybS1rZXJuZWwgbWFpbGluZyBsaXN0CmxpbnV4LWFybS1rZXJuZWxAbGlzdHMu
aW5mcmFkZWFkLm9yZwpodHRwOi8vbGlzdHMuaW5mcmFkZWFkLm9yZy9tYWlsbWFuL2xpc3RpbmZv
L2xpbnV4LWFybS1rZXJuZWwK