From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.7 required=3.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED,DKIM_VALID,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 43D29C433B4 for ; Tue, 18 May 2021 23:53:33 +0000 (UTC) Received: from desiato.infradead.org (desiato.infradead.org [90.155.92.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id AB528610C7 for ; Tue, 18 May 2021 23:53:32 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org AB528610C7 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=desiato.20200630; h=Sender:Content-Transfer-Encoding :Content-Type:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:Cc:To:Subject:Message-ID:Date:From:In-Reply-To: References:MIME-Version:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=6Wqehrt3iXVTVSRCAOaYrTxKjummxTnKCp2HklWwDmQ=; b=LzKZ80VdtWiPVINvF+wZazBq1 9nSsp1TvBLiTWrnWny4AyKsl52NBTadHYbmtyGPETvvUhDAOyyKvND4bhteWiZNJn4jwKxNng6sRR 2xROvzm0xyeUtvyaYYHUqBWYf8ajNA+MNkERauvwYiRhog2LrBgO1olAeDwQWeVd6SwsCrFd9WALV k4ON4WV/EFVSLXobpAOQLHbO5z1mqtTC+HiF5cld575nObeIptbZoV7joTTgvFwmUsxNYAC6odAgJ mZiH/STARoE8GQo4JdMm+vGd3j+gFnAGAWpSkVpRgAMQF0krJ7IMzxhiTuMHPH4W/Nb1tngeXw5R4 HclycDCvA==; Received: from localhost ([::1] helo=desiato.infradead.org) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lj9V2-002D8f-3a; Tue, 18 May 2021 23:51:46 +0000 Received: from bombadil.infradead.org ([198.137.202.133]) by desiato.infradead.org with esmtps (Exim 4.94 #2 (Red Hat Linux)) id 1lj9Uy-002D8V-Og for linux-arm-kernel@desiato.infradead.org; Tue, 18 May 2021 23:51:40 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Content-Type:Cc:To:Subject:Message-ID :Date:From:In-Reply-To:References:MIME-Version:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=0IjcznopF00s42V62Q4DwQxE1WnpZq8FmdwRVPdjvEo=; b=pw7kXW5rlkHKYgWTxxPWFhSq+R MuEp/x0OutWzwVE1olx2Ph4t4Ba5oaKFCv5NESEPEAeRgDrWsQwMZKQvA0WGuJLItpwMZusSv9e8G /WPq11ig/kKIM7P13g1Q+BU8DSe9V0X44S+6zt3KGB35JyJsiwKVvoqpAL4uJOR9WI5D2EJMybTDk 6Kl9M1usXlyAQY3+12JUkrX0Iq+KwZpV6O0aUB7AT5UdhEA0JT6kdNIBXQIuDMon9yzdcjMAVssWT ZO/EuQAHWK32kF+7yDlOMI8DBud2GHFINADzCZjAUAO3wLKLdRk8wH+h11f0eURZ7r3/HJkvjOwEr Jx2ys8Yw==; Received: from mail-ej1-x62c.google.com ([2a00:1450:4864:20::62c]) by bombadil.infradead.org with esmtps (Exim 4.94 #2 (Red Hat Linux)) id 1lj9Uv-00F1xG-Rz for linux-arm-kernel@lists.infradead.org; Tue, 18 May 2021 23:51:39 +0000 Received: by mail-ej1-x62c.google.com with SMTP id c20so17256559ejm.3 for ; Tue, 18 May 2021 16:51:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=0IjcznopF00s42V62Q4DwQxE1WnpZq8FmdwRVPdjvEo=; b=WsZ+Fm5yv2oDq/u/6I23ZY7ycwVDxzauC8u6hdwmDloiTD9btCT7WdP5Um49pACXzz def+9JyxT9WDprDCjenPCmRVujwLW4W4cc2ekw+MUm9VTY0QcmzDe1Bn7aOXqp7XqKQ8 l9or71ngl29KIuq0S8Po6jTdtv9I+lcdvmcjrnR3Wb19953aqyhnuN+dVjfAIomlNtXH GKNnSO50O+l55QkeQErBsO8Bj7P+5SQM8vBd1rVB2dIyD2u9WTCNolJ+YOSw5zEg4hCv i/iUNBpRQ9Oprw+5Xd3q+4x9ifoF4T7bJKzFtaODZxmTNotm8xFs4afcxbC6m5jLcQOi 8KWg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=0IjcznopF00s42V62Q4DwQxE1WnpZq8FmdwRVPdjvEo=; b=hxUeGPqTbDaX/oPQAe64HwD3wnVB6t2Kqrab/pZG/hB4OsviBCL2J367GZ2CI+vQeE F6Iah8sQySTDepyTRJFpMJoEGLBF6p5GxTdgtpg+PE2Xm03VWYP8UeE/zzyzZKQ9yPKN NcSLeh99e/SoGg3m71vE2vD2E5wTXWRMTmjRop7UNtUhwOoYUk0hbCM7kVUl72nBW7WN YzsvbsN55QSn7sqtilFLAIeCXEDnapYp5i5Loj8dVxyhKbVabiLCwF1BDE/KdIe/i3ZF Wx8PcDpRpPL167lllMecpzkXy/NJYDHURzPZAFazq6O4As9T6UyoW40RO8DZDUv0GIDa reJQ== X-Gm-Message-State: AOAM531EG8IcMNN3kIg7f/iAhDBc1wZMh5VjgEHfbS4gaCst98fs3YEb sGzTtTOCGke5yJmNVa8W6OPYR7qgykvlS3HqxvY= X-Google-Smtp-Source: ABdhPJw9zyvsAtZH0Fu9ekeObuTogb3dy2yR6SuMVoj7iWZLNLuwyLlvErUT73Mn6WUb+u1TMlMyiZfDohsWqJD07jA= X-Received: by 2002:a17:906:17ca:: with SMTP id u10mr8517332eje.124.1621381896332; Tue, 18 May 2021 16:51:36 -0700 (PDT) MIME-Version: 1.0 References: <20210518090658.9519-1-amanieu@gmail.com> <20210518090658.9519-9-amanieu@gmail.com> In-Reply-To: From: "Amanieu d'Antras" Date: Wed, 19 May 2021 00:51:00 +0100 Message-ID: Subject: Re: [RESEND PATCH v4 8/8] arm64: Allow 64-bit tasks to invoke compat syscalls To: Arnd Bergmann Cc: Ryan Houdek , Catalin Marinas , Will Deacon , Mark Rutland , Steven Price , David Laight , Mark Brown , Linux ARM , Linux Kernel Mailing List X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210518_165137_944483_E9C8EB36 X-CRM114-Status: GOOD ( 26.84 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Tue, May 18, 2021 at 2:03 PM Arnd Bergmann wrote: > I'm still undecided about this approach. It is an easy way to expose the 32-bit > ABIs, it mostly copies what x86-64 already does with 32-bit syscalls and > it doesn't expose a lot of attack surface that isn't already exposed to normal > 32-bit tasks running compat mode. > > On the other hand, exposing the entire aarch32 syscall set seems both > too broad and not broad enough: Half of the system calls behave the > exact same way in native and compat mode, so they wouldn't need to > be exposed like this, a lot of others are trivially emulated in user space > by calling the native versions. The syscalls that are actually hard to do > such as ioctl() or the signal handling will work for aarch32 emulation, but > they are still insufficient to correctly emulate other 32-bit architectures > that have a slightly different ABI. This means the interface is a fairly good > fit for Tango, but much less so for FEX. > > It's also worth pointing out that this approach has a few things in common > with Yury's ilp32 tree at https://github.com/norov/linux/tree/ilp32-5.2 > Unlike the x86 x32 mode, that port however does not allow calling compat > syscalls from normal 64-bit tasks but rather keys the syscall entry point > off the executable format., which wouldn't work here. It also uses the > asm-generic system call numbers instead of the arm32 syscall numbers. > > I assume you have already considered or tried the alternative approach of > only adding a minimal set of syscalls that are needed for the emulation. > Having a way to limit the address space for mmap() and similar > system calls sounds like a generally useful addition, and having an > extended variant of ioctl() that lets you pick the target ABI (arm32, x86-32, > ...) on supported drivers would probably be better for FEX. Can you > explain the tradeoffs that led you towards duplicating the syscall > entry points instead? Tango needs the entire compat ABI to be exposed to support seccomp for translated AArch32 processes. Here's how this works: 1. When a translated process installs a seccomp filter, Tango injects a prefix into the seccomp program which effectively does: if (arch == AUDIT_ARCH_AARCH64) { // 64-bit syscalls used by Tango for internal operations if (syscall_in_tango_whitelist(nr)) return SECCOMP_RET_ALLOW; } // continue to user-supplied seccomp program 2. When Tango performs a 32-bit syscall on behalf of the translated process, the seccomp filter will see a syscall with AUDIT_ARCH_ARM and the compat syscall number. This allows the user-supplied seccomp filter to behave exactly as if it was running in a native AArch32 process. _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel