Received: by 2002:a25:ef43:0:0:0:0:0 with SMTP id w3csp1624770ybm; Sat, 30 May 2020 15:13:53 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzdHBm83QLIXbc4CP+kesy8vCq9u7/mr+V6OuJSg0XtTQBCr06xyCCBowS1ysSgeyJyzpog X-Received: by 2002:a17:906:4cd9:: with SMTP id q25mr13938438ejt.175.1590876833022; Sat, 30 May 2020 15:13:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1590876833; cv=none; d=google.com; s=arc-20160816; b=bWyTFjtuRIu1i9paiV+xMHlM3KLCjhpcY41DEj3zYST9Zw1jojW2XklqVI3gXFuiKm QavtwWIUHK69p8Eph8b43+Yo9fVFHdHDdECaUEF3xWbFGXbCKfN/HkWviNHRAnNeHEVb Vsf+VU8oA+7qVL6GsLibC6G06eXBZOuCUVi/OQdSCZgeLTJzxOGwlMDY0UU5iU+Y5SBZ y/ke+2Fc9Nl/aV9VRnzl1ZF+JC9tjFmSbf8PC4ZlIdSDuJOPl/1nRhYgDq47J1aCsQjE DhH4KVIMd+6wKrkSECGwtEmdlxWrqfl6IdcGt/UeSLgtDGeRQmQU2I14GTuoMDHHHbzx IXHg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:in-reply-to:cc:references:message-id :date:subject:mime-version:from:content-transfer-encoding :dkim-signature; bh=IJG975TaiBmIzLOVZ3nGyQfAGrYF+nqirpk8j/Gw4m8=; b=anaMuiCRIwz0vZAMFziLWlEdUgpc0JqSzJdvx8dZYhpSSC2lU7sVHc/wEiR5uCKxt/ QqlNa8Pf+U7nkEe0eQFPdLvAYDaKgrHPVSnAovowg/0Q8nGek2PVpY2ZumG8T1wK7YF6 OsorHPz5Ie2wompLWQUN0gxc1rvYu5fMxIcjiH+sx5BUideQIfb/QSWzFgo4lRWZmNdt n54rWg8gwN0eC62NxQA+uf6G/JoAxm9MkWagtY/Pb9zRuS19zXjMSAOVuYL1E16wRyPj gdJuaze/EV2t1IES1L8TA298f5U0KSVo6JQUl4CLgF/FOyGd/Qe+Cuhjky8Pr9wDZAgK ecMA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b="OC/hLkJc"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id gu10si8232279ejb.38.2020.05.30.15.13.27; Sat, 30 May 2020 15:13:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b="OC/hLkJc"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729350AbgE3WJ4 (ORCPT + 99 others); Sat, 30 May 2020 18:09:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53824 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729083AbgE3WJz (ORCPT ); Sat, 30 May 2020 18:09:55 -0400 Received: from mail-pg1-x542.google.com (mail-pg1-x542.google.com [IPv6:2607:f8b0:4864:20::542]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 83F2BC03E969 for ; Sat, 30 May 2020 15:09:55 -0700 (PDT) Received: by mail-pg1-x542.google.com with SMTP id s10so1744410pgm.0 for ; Sat, 30 May 2020 15:09:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amacapital-net.20150623.gappssmtp.com; s=20150623; h=content-transfer-encoding:from:mime-version:subject:date:message-id :references:cc:in-reply-to:to; bh=IJG975TaiBmIzLOVZ3nGyQfAGrYF+nqirpk8j/Gw4m8=; b=OC/hLkJcKCfkGjca/ksMnRr18G7AnBBEf/2e93joZYzpvYe3dvBkCGIxx0GpjR0Bbn kz+ua65cRcjsMcjmRHDj0QbWXekl2mV9OQWjob9+bBdNRCMPbb4MxojQ/icpHT556XTA arNOf4B4/useyzw6ykKvZ6z7REkUIC6K7wyL6YiaLb2m939w6d41FkzWfAuZfOHbTHLJ uMxHXRPJsrQC9MxrQaUAmWzoT966BsE6PSbjkVSzWbndG2+Z39TGgQO+iHJ5tir7lgin a18DwZ/j4ZneYPlAEjRqswtTczuCXR7TxTVcyHerjpKC0U7gGppEaQ8j1C4qiwHhd6Yd fEng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:content-transfer-encoding:from:mime-version :subject:date:message-id:references:cc:in-reply-to:to; bh=IJG975TaiBmIzLOVZ3nGyQfAGrYF+nqirpk8j/Gw4m8=; b=G9hVUSgBQ8eTBWNbpFThHOBglWArVONokGm+y+TENJ0YtMJmCx2WD7f5nErnsRhxyf EVtxH+JEL9XBuPZlY+lCreeoOgrUsNQekg2eiawHgyZz91bLERBoZ39d5KQkIgCHY2gy Q+ZW/ZIqSViVJfAL51x/g/M+TxttAtkd/AKX9jJIYTzgaP5FVad/vOGxjhGBAND1F/ZB Ve1yf8t/Gv7hCzD34jZSS+4IZd/U9yIFUNJsx1XmjMxFUCZWouacTqY7U93bY95jPalq 64olD0l/PvYxgrjIe/ggP37CU8UhpI/yhUzCBmcaFLP8WdsDEwcEONuR4+vUcSumhsbi 2ZxQ== X-Gm-Message-State: AOAM531jVzHKBjoBelAul/ZAjaeVs+n3TbR8bkbvWQZAo0aRZzvtG+3z 7jOhxXzfK2rh6tQ4m+1t9WVZZQ== X-Received: by 2002:a62:168d:: with SMTP id 135mr13680179pfw.239.1590876593499; Sat, 30 May 2020 15:09:53 -0700 (PDT) Received: from ?IPv6:2600:1010:b04c:ab45:e4c2:341d:a35e:6a40? ([2600:1010:b04c:ab45:e4c2:341d:a35e:6a40]) by smtp.gmail.com with ESMTPSA id j10sm3021457pjf.9.2020.05.30.15.09.51 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 30 May 2020 15:09:52 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: Andy Lutomirski Mime-Version: 1.0 (1.0) Subject: Re: [PATCH RFC] seccomp: Implement syscall isolation based on memory areas Date: Sat, 30 May 2020 15:09:47 -0700 Message-Id: References: <20200530055953.817666-1-krisman@collabora.com> Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, kernel@collabora.com, Thomas Gleixner , Kees Cook , Will Drewry , "H . Peter Anvin" , Paul Gofman In-Reply-To: <20200530055953.817666-1-krisman@collabora.com> To: Gabriel Krisman Bertazi X-Mailer: iPhone Mail (17E262) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > On May 29, 2020, at 11:00 PM, Gabriel Krisman Bertazi wrote: >=20 > =EF=BB=BFModern Windows applications are executing system call instruction= s > directly from the application's code without going through the WinAPI. > This breaks Wine emulation, because it doesn't have a chance to > intercept and emulate these syscalls before they are submitted to Linux. >=20 > In addition, we cannot simply trap every system call of the application > to userspace using PTRACE_SYSEMU, because performance would suffer, > since our main use case is to run Windows games over Linux. Therefore, > we need some in-kernel filtering to decide whether the syscall was > issued by the wine code or by the windows application. Do you really need in-kernel filtering? What if you could have efficient us= erspace filtering instead? That is, set something up so that all syscalls, e= xcept those from a special address, are translated to CALL thunk where the t= hunk is configured per task. Then the thunk can do whatever emulation is ne= eded. Getting the details and especially the interaction with any seccomp filters t= hat may be installed right could be tricky, but the performance should be de= cent, at least on non-PTI systems. (If we go this route, I suspect that the correct interaction with seccomp is= that this type of redirection takes precedence over seccomp and seccomp fil= ters are not invoked for redirected syscalls. After all, a redirected syscal= l is, functionally, not a syscall at all.) >=20