From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.7 required=3.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED,DKIM_VALID,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8C7A5C433ED for ; Wed, 19 May 2021 16:17:12 +0000 (UTC) Received: from desiato.infradead.org (desiato.infradead.org [90.155.92.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 18CC161244 for ; Wed, 19 May 2021 16:17:12 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 18CC161244 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=desiato.20200630; h=Sender:Content-Transfer-Encoding :Content-Type:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:Cc:To:Subject:Message-ID:Date:From:In-Reply-To: References:MIME-Version:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=ZUKSHm4gR7fxwvrhHdLZeggJVYQdPnaQDxbrkNQ8d/s=; b=B2nxK8feD9x34ZYSkTkpRS6EX fD1A53u5JZWgbqv+30Uku8GIG49hnjgB0IInZKhxiowtJFf90uh8TY7XL1cKofEB+8zAGI5lCGJJQ qPJHWVujqxCKgCuehCFZuUtjXik155B5SPGWTUV8tCuqfxH676GswEOoF0/jlrwuveRoa+7fwzoEv 9lunQouCeoHqoCS+y6jKaN6u2PISsr+IELbXAWUdNswA5QhMqwl51rBrT1xCbP1cqlu/Dm5WLIgC/ faG8CdPo6XBNH2GZ8W83Kn1o6+6P3ITONpccRzD0RRklApoY7aKI+TkIWMqmV/dCn84r+ZeaKtxZg ZYF/gdT0Q==; Received: from localhost ([::1] helo=desiato.infradead.org) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1ljOqv-004U0t-DK; Wed, 19 May 2021 16:15:21 +0000 Received: from bombadil.infradead.org ([2607:7c80:54:e::133]) by desiato.infradead.org with esmtps (Exim 4.94 #2 (Red Hat Linux)) id 1ljOqr-004U0h-Mx for linux-arm-kernel@desiato.infradead.org; Wed, 19 May 2021 16:15:17 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Content-Type:Cc:To:Subject:Message-ID :Date:From:In-Reply-To:References:MIME-Version:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=euUbnNVLGUAionJ86okTP34g0fVZ9JZZ001iCcnhQ1E=; b=30WAHgEbrwaVuZhdVWn+tCC7uf M84n8nrpK3dm1EPLjzCiLpN1IBRuChCkfwEchOSriZsIbma/eRTFP8rzHxKIcvUuR56vRj3BBu0+L SORsG/CBfnqgdzl1b23UlzzBKv3wJjoFJpPIyb/AtL3ZUZcPl/GHPMhPEhqkwro5KMwAskBhQDDLL 9m0+sToatbE+KN57Bx+0i9SlNmX2Tzxm6XKGMU9rpgBwa1GBXgErnqMXPhRLJRxxW/M4BXye2LD6U SidJObh/QJAgYR9JtBtm8i1fyLGni1axRnHryAhNoZ+r6C5N6NQrkZy1VmxyGSiwiDPMypoHlNSWu 9YOQGBZQ==; Received: from mail-ej1-x631.google.com ([2a00:1450:4864:20::631]) by bombadil.infradead.org with esmtps (Exim 4.94 #2 (Red Hat Linux)) id 1ljOqo-00FcOZ-TW for linux-arm-kernel@lists.infradead.org; Wed, 19 May 2021 16:15:16 +0000 Received: by mail-ej1-x631.google.com with SMTP id p24so19546446ejb.1 for ; Wed, 19 May 2021 09:15:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=euUbnNVLGUAionJ86okTP34g0fVZ9JZZ001iCcnhQ1E=; b=IGWvV3g+wI0u33bR8kxu+8pUactwsMA96L8+f7zB4n75FQciRkhL+61FSo22/9u6ye MgtLDx8QRLwTC9VVIaDFu+R/1JjKFkJebO3Xdo0zYdVmRm/1UNRYiO9bc3xAefBg4yZm 5iJZdF6y21ZH97BrIB5gPP6AyiXmYJ+rwteattF+udD5mG+8U1BZDiulYnP2e1WFdwG/ 3jnffxRvg3TCqKEV5KNJ/s4KzTXIYI5g/O0xU+alPCiUwedXMBf0g2wrUSFTlZSWkJu3 sxvQCDxSe5aOmz7Zu6Kf+1W1x4B/6FF+ZXsH9bBLXXSBhGWW6O8i7CfbBzDJ5b3BkhV0 oBQw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=euUbnNVLGUAionJ86okTP34g0fVZ9JZZ001iCcnhQ1E=; b=IrZQgI7NcCnKU4tvPIZeWgGQ6LDR+3fKJS2dsWSMf4NloJFRsgiletjawX897xgSfj 3R+iwKPsOZNnCBkcduIC0xBLHGfbcHTf6tKZkNL9LeEyQzQEunSrR/RQLOQWm0Or7gur 2i3Pk6Uk4AAnnVQOg9H1RFtFi9nOq0RDtlOtM4uSZim+poiwqYwyzPhYV9Hb+NQR/dMW X9zgI8ZJzlf8SD5M1HWCbkOl6RRekMkmVweLiqhZ/+M8dCLtx9hZkrbsWzlp9GPwwzYK W2nZgK8LammQmft53/zBxFx6W7RC2bkn5jX/IQWiSyz3bhndMDmj2+iWwrWj8Z0x4gmS IGAA== X-Gm-Message-State: AOAM532ipTGDU3nKIuzPiTjSm4xuubOfo2ZpkY6pP7y7KV2kX/RTEuh8 IrrXjB/9MsZJvlFd1vJuyQq5Irt6XE6zlDaDm/Y= X-Google-Smtp-Source: ABdhPJzxecr0ezsnx3X0SGG9M891eMwzEBBNQ3xtc6D0ZjqjuFWo5rltqyRGYEXlbXNp9E4BwL8fcJpYWV9QLX4LWzQ= X-Received: by 2002:a17:906:17ca:: with SMTP id u10mr13290634eje.124.1621440910179; Wed, 19 May 2021 09:15:10 -0700 (PDT) MIME-Version: 1.0 References: <20210518090658.9519-1-amanieu@gmail.com> <20210518090658.9519-9-amanieu@gmail.com> <14982d7d-bee1-6c25-8b18-123c29959f52@arm.com> In-Reply-To: <14982d7d-bee1-6c25-8b18-123c29959f52@arm.com> From: "Amanieu d'Antras" Date: Wed, 19 May 2021 17:14:33 +0100 Message-ID: Subject: Re: [RESEND PATCH v4 8/8] arm64: Allow 64-bit tasks to invoke compat syscalls To: Steven Price Cc: Arnd Bergmann , Ryan Houdek , Catalin Marinas , Will Deacon , Mark Rutland , David Laight , Mark Brown , Linux ARM , Linux Kernel Mailing List X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210519_091514_993150_5A545EA9 X-CRM114-Status: GOOD ( 19.91 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Wed, May 19, 2021 at 4:30 PM Steven Price wrote: > Perhaps I'm missing something, but surely some syscalls that would be > native on 32 bit will have to be translated by Tango to 64 bit syscalls > to do the right thing? E.g. from the previous patch compat sigreturn > isn't available. That's correct. Tango handles syscalls in 3 different ways: - ~20 syscalls are completely emulated in userspace or through 64-bit syscalls. E.g. sigaction, sigreturn, clone, exit. - Another ~50 syscalls have various forms of pre/post-processing, but are otherwise passed on to the kernel compat syscall handler. E.g. open, mmap, ptrace. - The remaining syscalls are passed on to the kernel compat syscall handler directly. The first group of ~20 syscalls will effectively bypass the user-specified seccomp filter: any 64-bit syscalls used to emulate them will be whitelisted. I consider this an acceptable limitation to Tango's seccomp support since I see no viable way of supporting seccomp filtering for these syscalls. > In those cases to correctly emulate seccomp, isn't Tango is going to > have to implement the seccomp filter in user space? I have not implemented user-mode seccomp emulation because it can trivially be bypassed by spawning a 64-bit child process which runs outside Tango. Even when spawning another translated process, the user-mode filter will not be preserved across an execve. > I guess the question comes down to how big a hole is > syscall_in_tango_whitelist() - if Tango only requires a small set of > syscalls then there is still some security benefit, but otherwise this > doesn't seem like a particularly big benefit considering you're already > going to need the BPF infrastructure in user space. Currently Tango only whitelists ~50 syscalls, which is small enough to provide security benefits and definitely better than not supporting seccomp at all. _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel