Received: by 10.223.176.46 with SMTP id f43csp999540wra; Fri, 26 Jan 2018 10:08:22 -0800 (PST) X-Google-Smtp-Source: AH8x227Lo8ggVGqe4a1rM9DQzdBhD9hPVyJRbFdM7DLOtK9BOWY61M7y2zFDWGBFusjN3r4pRAvD X-Received: by 2002:a17:902:7c97:: with SMTP id y23-v6mr15035003pll.439.1516990101987; Fri, 26 Jan 2018 10:08:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516990101; cv=none; d=google.com; s=arc-20160816; b=HsCP88qmaStSHJxEkeocSakx8LziAybaxdV9TaAYu6uoTNZcMrKXbRaIe8JuEUWHqq 0VyImNflFAy+KrcvM5+8DyUSeW9EtjcWuB6fb2X0OyzNb4sgALWd821Q/Ov0t/w1FUyp +aHjwr+DONd29uwpTfv3+Idgnlznr+6FPRULRExhwmx2ksPPtwRixmCYU6o04OX75pji Smrua3qFt7MYBSCdSJsU/jF47pYbg1ktiUUZF9tSZ/hLsjzGhBx7IVH9yDM5deNW3rhQ CsBzH54yg0t2g79v2XXOpijK1iIvUPdisT06x4EHILDYNg8JXGdeozm2C2CWG9hZNl9E sPFQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=GgG3o6BihZmtXaoJtZ6D3rVWetyjMcQXIAZku69SSzI=; b=LkiVEtCd4X5BpMHQ+zuX9Brlye6pkA1YRuEeF0zh1xStAIsGZYGU5aqGKwCTgaK0X/ xuvqadRBP4u3g17dwPfExXw7Oe06fGRLKoRNbU7G9Z0gPfvAVCnE1yDcqvMhNtcDf2lY TBbWPD0lRKlle6ofy8PZXgBempEdAd9pun4zSiBNjCuLuQmttRyZWdBxeybnIYhMNtAg AsZ4BtTwarh0RrFcWd/WMXzCeQRf8xaNlfa/9g6ZkhX2zRDUb2nZ354uwZXLusuCyewt APrVnf/CbXY6RaHOBIaf68k1IkVXilsoyoYuyxrsgVQsnmI19d193NA932Zi9fwAVqnY yjPg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r26si3295014pgd.313.2018.01.26.10.08.07; Fri, 26 Jan 2018 10:08:21 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751913AbeAZSHm (ORCPT + 99 others); Fri, 26 Jan 2018 13:07:42 -0500 Received: from zeniv.linux.org.uk ([195.92.253.2]:46988 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751403AbeAZSHl (ORCPT ); Fri, 26 Jan 2018 13:07:41 -0500 Received: from viro by ZenIV.linux.org.uk with local (Exim 4.87 #1 (Red Hat Linux)) id 1ef8PK-0005PM-84; Fri, 26 Jan 2018 18:07:22 +0000 Date: Fri, 26 Jan 2018 18:07:22 +0000 From: Al Viro To: Linus Torvalds Cc: Andy Lutomirski , Alan Cox , David Laight , the arch/x86 maintainers , LKML , Greg Kroah-Hartman , Jann Horn , Samuel Neves , Dan Williams , Kernel Hardening , Borislav Petkov Subject: Re: [PATCH] x86/retpoline/entry: Disable the entire SYSCALL64 fast path with retpolines on Message-ID: <20180126180722.GA13338@ZenIV.linux.org.uk> References: <1516976647.5438.6.camel@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.1 (2017-09-22) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jan 26, 2018 at 09:40:23AM -0800, Linus Torvalds wrote: > On Fri, Jan 26, 2018 at 7:57 AM, Andy Lutomirski wrote: > > > > I gave the rearrangement like this a try yesterday and it's a bit of a > > mess. Part of the problem is that there are a bunch of pieces of code > > that expect sys_xyz() to be actual callable functions. > > That's not supposed to be a mess. > > That's part of why we do that whole indirection through SYSC##xyz to > sys##_xyz: the asm-callable ones will do the full casting of > troublesome arguments (some architectures have C calling sequence > rules that have security issues, so we need to make sure that the > arguments actually follow the right rules and 'int' arguments are > properly sign-extended etc). > > So that whole indirection could be made to *also* create another > version of the syscall that instead took the arguments from ptregs. > > We already do exactly that for the tracing events: look how > FTRACE_SYSCALLS ends up creating that extra metadata. > > The ptreg version should be done the same way: don't make 'sys_xyz()' > take a struct ptregs, instead make those SYSCALL_DEFINE*() macros > create a _new_ function called 'ptregs_xyz()' and then that function > does the argument unpacking. > > Then the x86 system call table can just be switched over to call those > ptreg versions instead. Umm... What about other architectures? Or do you want SYSCALL_DEFINE... to be per-arch? I wonder how much would that "go through pt_regs" hurt on something like sparc...