Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp239934pxk; Wed, 23 Sep 2020 01:44:29 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxT7LzeHFKnHPu9WxjJoR0FPYBMzkhq935FF/ubVd5HTZa9oER7IZdXHhdCeTsLgOm5pt4A X-Received: by 2002:a17:906:1c5b:: with SMTP id l27mr9555641ejg.283.1600850668949; Wed, 23 Sep 2020 01:44:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1600850668; cv=none; d=google.com; s=arc-20160816; b=Rp8KU+SJXt84esZ+XfAlUFuen6fkdjMYCG3W3ReljazG9VhxjLKfutaPXBWM/uZqU8 d1dh6LP+gdwdyhqld7uTtELmYWBSg7tKtDU2sWAzbhWoCCfcXv/mBKQfWXJPKjqW0yev 4OeyWumaAgrz/QSaF8JUcY86oX6mB7eqe1LjVi31JtEDylRngyGcrWdsDf1uDKcqFwda cCh1qr0YzyIHLWZpveJ2LMzb1+49DYnR2ibxzQn2iV34CnvrtKgpPvfmEx/63XXpP5al Pginmddr/zmKFNGE87MSVnJDuvWTFQdtQ13U3PvDjJFUClOccWG+DDu+u/Vg8exX+UJ/ JR4Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=DtCkYYq+b4E2Y5zgpfbfz2wT0gdWMwxQkiCRDr5GY64=; b=umTPaZUK5PiwQsBK4+JN37mysk3Gb+ye2+RwdbB5ZXKjCBmH7VnGNtieUW4i/ybWMy OBf0gMqpKnzk5RWKFJ7JwTLNkFOvJkLzpUhgYvHbLxUAq04ZsoulUqvwQagy2RAV5qmi DFfSlJXSoBxTt0v9RQYw3IBsx5VK6yS09/SgHkURMpnxmHlnMG8lg2UFXM3NMPqbP6gB /h0nRzBTfR1d5A6+1eRVCUKwXN/Aaqa6BZEnXvqZ9Q9hs/3x9dNRHzQL4xr1A7qvcsBl f3Ey6xzhZog3YMo88tK/TdPoS+MW734W6zzL4VHcl/ztpGNfcghYxP0iu9GKGev2bbje 7H4A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b20si11956122eds.592.2020.09.23.01.44.05; Wed, 23 Sep 2020 01:44:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726550AbgIWImf (ORCPT + 99 others); Wed, 23 Sep 2020 04:42:35 -0400 Received: from jabberwock.ucw.cz ([46.255.230.98]:45778 "EHLO jabberwock.ucw.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726381AbgIWImf (ORCPT ); Wed, 23 Sep 2020 04:42:35 -0400 Received: by jabberwock.ucw.cz (Postfix, from userid 1017) id 59AD61C0BB1; Wed, 23 Sep 2020 10:42:33 +0200 (CEST) Date: Wed, 23 Sep 2020 10:42:32 +0200 From: Pavel Machek To: madvenka@linux.microsoft.com Cc: kernel-hardening@lists.openwall.com, linux-api@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-fsdevel@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, oleg@redhat.com, x86@kernel.org, luto@kernel.org, David.Laight@ACULAB.COM, fweimer@redhat.com, mark.rutland@arm.com, mic@digikod.net Subject: Re: [PATCH v2 0/4] [RFC] Implement Trampoline File Descriptor Message-ID: <20200923084232.GB30279@amd> References: <210d7cd762d5307c2aa1676705b392bd445f1baa> <20200922215326.4603-1-madvenka@linux.microsoft.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="zx4FCpZtqtKETZ7O" Content-Disposition: inline In-Reply-To: <20200922215326.4603-1-madvenka@linux.microsoft.com> User-Agent: Mutt/1.5.23 (2014-03-12) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --zx4FCpZtqtKETZ7O Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi! > Solution proposed in this RFC > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D >=20 > >From this RFC's perspective, there are two scenarios for dynamic code: >=20 > Scenario 1 > ---------- >=20 > We know what code we need only at runtime. For instance, JIT code generat= ed > for frequently executed Java methods. Only at runtime do we know what > methods need to be JIT compiled. Such code cannot be statically defined. = It > has to be generated at runtime. >=20 > Scenario 2 > ---------- >=20 > We know what code we need in advance. User trampolines are a good example= of > this. It is possible to define such code statically with some help from t= he > kernel. >=20 > This RFC addresses (2). (1) needs a general purpose trusted code generator > and is out of scope for this RFC. This is slightly less crazy talk than introduction talking about holes in W^X. But it is very, very far from normal Unix system, where you have selection of interpretters to run your malware on (sh, python, awk, emacs, ...) and often you can even compile malware from sources.=20 And as you noted, we don't have "a general purpose trusted code generator" for our systems. I believe you should simply delete confusing "introduction" and provide details of super-secure system where your patches would be useful, instead. Best regards, Pavel --=20 (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blo= g.html --zx4FCpZtqtKETZ7O Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAl9rCngACgkQMOfwapXb+vKeqgCgpVQMutlRE7F/wzcDjcBTlXwI RbAAnjRDzunOtf0iSPKO6rIM9FPy6+JQ =wVZX -----END PGP SIGNATURE----- --zx4FCpZtqtKETZ7O--