Received: by 2002:a25:ca44:0:0:0:0:0 with SMTP id a65csp377687ybg; Tue, 28 Jul 2020 08:15:34 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz1h5Z1vj68S8pD9zkkWcw+xme6F5WT8tePPIZtg/FK97+L9TRjVy/P1FuTJI9nYKgL5pni X-Received: by 2002:a05:6402:947:: with SMTP id h7mr26972499edz.213.1595949334510; Tue, 28 Jul 2020 08:15:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595949334; cv=none; d=google.com; s=arc-20160816; b=Qj/pDO2Q2Rup693YO/PAQ+35ga4Cw9vNzpgZI3xKc/n1N3SekPPVh4Z/W80JotTraY sRUJ5IG2ynScZ3eB/QR3td01DQUvtcx6daSrOnC0SpHRZtWVhiikFqVI0cw+Ob7zxu1x 5bf0WvRxydEBNBHPOYThvkeItnRL2V6xwe/LzT0j+sMdKNO+IK1+zYE8deakK7iBC7tL 77JyplHa1GqwiBdCnkgqu7JZHTWzIFIcdwQZN6Rtn1zVVbiGK5qo7i2Bo1RsDrkzGqRW aLmhUOtbDsdR9Xw05cv6rSEw06+zDN3Zh0b1WfSuQeJ9MMxoqPmGZ5Sv89DRZXOkVgTF OEwA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :content-language:accept-language:in-reply-to:references:message-id :date:thread-index:thread-topic:subject:to:from; bh=ITRG6jQ3CiNzgdVDsBFHNkDJ6ryKJgl6ULrzuQISFUc=; b=yeUFoGhFQdrIlb8OOAc8P9T9oDi1WdxzwHq36VZdD10aKU9K5pITj7eycXGbggA4sP MizLNWZ2Vy0kF5rTBQe9h2mc5RnMU8NMDEwCyStLWNrDowY5s37DPv3o83PzzbooHB57 lLbTF4oT3/1NlFWJ5XJ/1z3xTuh/NFJTNjped7nwp4pixyk6eHbTvX+/gqzjgB4DQUsH Q5ldlxRmkAUr3+e3fyv8q6PDAkmZLMJ2iT4YaWM5jcKeAe2Au/ezD9aKm1GkZBMkVuCN JWonGjm/kmLE3w5is31J1F2R7SbeOyHl1sKtlx2N9ZFSH2tNG6D5iuBjfPp9/yMPQj6s 9Kkg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aculab.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id s3si739210edq.125.2020.07.28.08.15.11; Tue, 28 Jul 2020 08:15:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aculab.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730860AbgG1POO convert rfc822-to-8bit (ORCPT + 99 others); Tue, 28 Jul 2020 11:14:14 -0400 Received: from eu-smtp-delivery-151.mimecast.com ([185.58.86.151]:55563 "EHLO eu-smtp-delivery-151.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730720AbgG1PNT (ORCPT ); Tue, 28 Jul 2020 11:13:19 -0400 Received: from AcuMS.aculab.com (156.67.243.126 [156.67.243.126]) (Using TLS) by relay.mimecast.com with ESMTP id uk-mta-235-JJgRaiMhNeeB2BdH3JMmbA-1; Tue, 28 Jul 2020 16:13:13 +0100 X-MC-Unique: JJgRaiMhNeeB2BdH3JMmbA-1 Received: from AcuMS.Aculab.com (fd9f:af1c:a25b:0:43c:695e:880f:8750) by AcuMS.aculab.com (fd9f:af1c:a25b:0:43c:695e:880f:8750) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Tue, 28 Jul 2020 16:13:12 +0100 Received: from AcuMS.Aculab.com ([fe80::43c:695e:880f:8750]) by AcuMS.aculab.com ([fe80::43c:695e:880f:8750%12]) with mapi id 15.00.1347.000; Tue, 28 Jul 2020 16:13:12 +0100 From: David Laight To: "'madvenka@linux.microsoft.com'" , "kernel-hardening@lists.openwall.com" , "linux-api@vger.kernel.org" , "linux-arm-kernel@lists.infradead.org" , "linux-fsdevel@vger.kernel.org" , "linux-integrity@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "linux-security-module@vger.kernel.org" , "oleg@redhat.com" , "x86@kernel.org" Subject: RE: [PATCH v1 0/4] [RFC] Implement Trampoline File Descriptor Thread-Topic: [PATCH v1 0/4] [RFC] Implement Trampoline File Descriptor Thread-Index: AQHWZOCQT+e4gDrzGEmP/30MMvDTCqkdFOrw Date: Tue, 28 Jul 2020 15:13:12 +0000 Message-ID: References: <20200728131050.24443-1-madvenka@linux.microsoft.com> In-Reply-To: <20200728131050.24443-1-madvenka@linux.microsoft.com> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.202.205.107] MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: aculab.com Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8BIT Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: madvenka@linux.microsoft.com > Sent: 28 July 2020 14:11 ... > The kernel creates the trampoline mapping without any permissions. When > the trampoline is executed by user code, a page fault happens and the > kernel gets control. The kernel recognizes that this is a trampoline > invocation. It sets up the user registers based on the specified > register context, and/or pushes values on the user stack based on the > specified stack context, and sets the user PC to the requested target > PC. When the kernel returns, execution continues at the target PC. > So, the kernel does the work of the trampoline on behalf of the > application. Isn't the performance of this going to be horrid? If you don't care that much about performance the fixup can all be done in userspace within the fault signal handler. Since whatever you do needs the application changed why not change the implementation of nested functions to not need on-stack executable trampolines. I can think of other alternatives that don't need much more than an array of 'push constant; jump trampoline' instructions be created (all jump to the same place). You might want something to create an executable page of such instructions. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)