linux-arm-kernel.lists.infradead.org archive mirror
 help / color / mirror / Atom feed
From: Yury Norov <yury.norov@gmail.com>
To: Catalin Marinas <catalin.marinas@arm.com>,
	Arnd Bergmann <arnd@arndb.de>,
	linux-audit/audit-kernel
	<reply+ADSN7RXLQ62LNLD2MK5HFHF65GIU3EVBNHHDPMBXHU@reply.github.com>
Cc: linux-audit/audit-kernel <audit-kernel@noreply.github.com>,
	Mention <mention@noreply.github.com>,
	Xiongfeng Wang <wangxiongfeng2@huawei.com>,
	bobo.shaobowang@huawei.com,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	"linux-arm-kernel@lists.infradead.org"
	<linux-arm-kernel@lists.infradead.org>,
	 "linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
	"linux-arch@vger.kernel.org" <linux-arch@vger.kernel.org>,
	"linux-api@vger.kernel.org" <linux-api@vger.kernel.org>,
	Adam Borowski <kilobyte@angband.pl>,
	Alexander Graf <agraf@suse.de>,
	Alexey Klimov <klimov.linux@gmail.com>,
	Andreas Schwab <schwab@suse.de>,
	Andrew Pinski <pinskia@gmail.com>,
	Bamvor Zhangjian <bamv2005@gmail.com>,
	Chris Metcalf <cmetcalf@mellanox.com>,
	Christoph Muellner <christoph.muellner@theobroma-systems.com>,
	Dave Martin <Dave.Martin@arm.com>,
	"David S . Miller" <davem@davemloft.net>,
	Florian Weimer <fweimer@redhat.com>,
	Geert Uytterhoeven <geert@linux-m68k.org>,
	Heiko Carstens <heiko.carstens@de.ibm.com>,
	James Hogan <james.hogan@imgtec.com>,
	James Morse <james.morse@arm.com>,
	Joseph Myers <joseph@codesourcery.com>,
	Lin Yongting <linyongting@huawei.com>,
	Manuel Montezelo <manuel.montezelo@gmail.com>,
	Mark Brown <broonie@kernel.org>,
	Martin Schwidefsky <schwidefsky@de.ibm.com>,
	Maxim Kuvyrkov <maxim.kuvyrkov@linaro.org>,
	Nathan_Lynch <Nathan_Lynch@mentor.com>,
	Philipp Tomsich <philipp.tomsich@theobroma-systems.com>,
	Prasun Kapoor <Prasun.Kapoor@caviumnetworks.com>,
	Ramana Radhakrishnan <ramana.gcc@googlemail.com>,
	Steve Ellcey <sellcey@caviumnetworks.com>,
	Szabolcs Nagy <szabolcs.nagy@arm.com>
Subject: Re: [linux-audit/audit-kernel] BUG: audit_classify_syscall() fails to properly handle 64-bit syscalls when executing as 32-bit application on ARM (#131)
Date: Fri, 2 Jul 2021 11:07:58 -0700	[thread overview]
Message-ID: <YN9V/qM0mxIYXt3h@yury-ThinkPad> (raw)
In-Reply-To: <linux-audit/audit-kernel/issues/131/872191450@github.com>

On Thu, Jul 01, 2021 at 05:08:45AM -0700, Paul Moore wrote:

[CC ILP32 list]

Weiyuchen wrote:

> I use ILP32 program on 5.10 kernel Recently, and I find that I can't recored log in some case, here is a example:

The last supported kernel version by me is 5.2. Did you port the ilp32
to 5.10 by youself? Can you please share this work?

> I set one rule on the system:
> 
>> auditctl -w /etc/shadow -p wa -k test
> 
> my test program's core func is:
> 
>> open("/etc/shadow", O_WRONLY | O_APPEND);
> 
> when I use 64 bit program to access /etc/shadow, I can get audit log rightly
> but when I use ILP32 program, I can't get any audit log
> 
> I analyse this problem for days, and I find it's due to this commit:
> 
>> 0fe4141ba63a5dfd425c6d2dd9d8cbafd3497946
>> .......
>>  #define AUDIT_ARCH_AARCH64     (EM_AARCH64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
>> +#define AUDIT_ARCH_AARCH64ILP32        (EM_AARCH64|__AUDIT_ARCH_LE)
>>  #define AUDIT_ARCH_ALPHA       (EM_ALPHA|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
>>  #define AUDIT_ARCH_ARCOMPACT   (EM_ARCOMPACT|__AUDIT_ARCH_LE)
>>  #define AUDIT_ARCH_ARCOMPACTBE (EM_ARCOMPACT) 

I cannot see this commit in Linux mainline. Can you point me to the
exact git repo?

> Beacuse of ILP32 program use 64 bit syscall in most case
> (according to the arm ilp32 Documents:)
> when audit enter audit_classify_syscall function, it turns to a branch different from the kernel without AUDIT_ARCH_AARCH64ILP32 defination, however the syscall num on both kernel is same, so audit can't recognize the 64 bit syscall num when it runs to 32ILP branch

I've never seen this bug before. Can you please check if it exists in
4.9 or 5.2 versions? Can you share the full reproducer and/or
corresponding test in LTP?

---

Paul Moore wrote:

> >From the ILP32 whitepaper:
> > What is ILP32?
> >
> > The ARMv8 architecture supports 32-bit and 64-bit instruction sets (AArch32 and AArch64
> respectively), both use 32-bit instruction encodings but with different register lengths and data
> type sizes.
> >
> > ILP32 is intended for use where, for whatever reason, it is beneficial to use int, long and pointer
> represented as 32-bit values. This could be for performance or legacy 32-bit compatibility
> reasons.
> >
> > Linux on AArch64 uses LP64 as its standard data model, where Long and Pointer are 64-bit,
> Ints are 32-bit.
> >
> > AArch64-ILP32 uses the AArch64 instruction set coupled with a data model where Int, Long
> and Pointer are 32-bit.
> 
> ... which means that ILP32 is basically the ARM version of x32.  Which is pretty much just the worst thing ever; x32 needed to die a painful death and my initial thought is that ILP32 deserves the same fate.

ARM64/ILP32 is not a version of x32. ABI concept and implementation
are different. I understand your criticism about x32, but this project
is closer to mips, spark or power compatibility layers.

In the kernel we have more than 10 implementations of compatibility
layers, and only one causes serious troubles, AFAIK.

> @weiyuchen we will add this to the queue to investigate but it may take a while; if you are interested in working on it you are always welcome to submit patches.
> 
> -- 
> You are receiving this because you were mentioned.
> Reply to this email directly or view it on GitHub:
> https://github.com/linux-audit/audit-kernel/issues/131#issuecomment-872191450

To Catalin, Arnd:

At least Marvell, Samsung, Huawei, Cisco and Weiyuchen's employer
actively use and develop arm64/ilp32. I receive feedback / bugrepotrs
on ilp32 every 4-6 month. Is that enough for you to reconsider
including the project into the mainline?

For me, having different versions of ILP32 is more dangerous in this
situation, than upstreaming the project and fixing 2-3 bugs a year.

Thanks,
Yury

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

       reply	other threads:[~2021-07-02 18:09 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <linux-audit/audit-kernel/issues/131@github.com>
     [not found] ` <linux-audit/audit-kernel/issues/131/872191450@github.com>
2021-07-02 18:07   ` Yury Norov [this message]
2021-07-02 18:19     ` [linux-audit/audit-kernel] BUG: audit_classify_syscall() fails to properly handle 64-bit syscalls when executing as 32-bit application on ARM (#131) Florian Weimer
2021-07-05  9:36       ` Szabolcs Nagy
2021-07-05 11:55         ` Arnd Bergmann
2021-07-05 12:09           ` Szabolcs Nagy
2021-07-05 10:48     ` Andreas Schwab
2021-07-07 18:44       ` Yury Norov
2021-07-07 18:54         ` Paul Moore
2021-07-05 13:40     ` Arnd Bergmann

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YN9V/qM0mxIYXt3h@yury-ThinkPad \
    --to=yury.norov@gmail.com \
    --cc=Dave.Martin@arm.com \
    --cc=Nathan_Lynch@mentor.com \
    --cc=Prasun.Kapoor@caviumnetworks.com \
    --cc=agraf@suse.de \
    --cc=arnd@arndb.de \
    --cc=audit-kernel@noreply.github.com \
    --cc=bamv2005@gmail.com \
    --cc=bobo.shaobowang@huawei.com \
    --cc=broonie@kernel.org \
    --cc=catalin.marinas@arm.com \
    --cc=christoph.muellner@theobroma-systems.com \
    --cc=cmetcalf@mellanox.com \
    --cc=davem@davemloft.net \
    --cc=fweimer@redhat.com \
    --cc=geert@linux-m68k.org \
    --cc=heiko.carstens@de.ibm.com \
    --cc=james.hogan@imgtec.com \
    --cc=james.morse@arm.com \
    --cc=joseph@codesourcery.com \
    --cc=kilobyte@angband.pl \
    --cc=klimov.linux@gmail.com \
    --cc=linux-api@vger.kernel.org \
    --cc=linux-arch@vger.kernel.org \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linyongting@huawei.com \
    --cc=manuel.montezelo@gmail.com \
    --cc=maxim.kuvyrkov@linaro.org \
    --cc=mention@noreply.github.com \
    --cc=philipp.tomsich@theobroma-systems.com \
    --cc=pinskia@gmail.com \
    --cc=ramana.gcc@googlemail.com \
    --cc=reply+ADSN7RXLQ62LNLD2MK5HFHF65GIU3EVBNHHDPMBXHU@reply.github.com \
    --cc=schwab@suse.de \
    --cc=schwidefsky@de.ibm.com \
    --cc=sellcey@caviumnetworks.com \
    --cc=szabolcs.nagy@arm.com \
    --cc=wangxiongfeng2@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).