Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp3767892rdg; Wed, 18 Oct 2023 05:45:55 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFCxqPf6wt9K70Bi0sx5YorNTW/sQnBiEY7MDaDoovTpUUgMiwHIXuHJWB04+WSsLyi6XNA X-Received: by 2002:a05:6358:cb1a:b0:13f:2833:bf41 with SMTP id gr26-20020a056358cb1a00b0013f2833bf41mr4830782rwb.23.1697633155161; Wed, 18 Oct 2023 05:45:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697633155; cv=none; d=google.com; s=arc-20160816; b=lHdcRaVLc5LkdsCo/1yi0J5MxDaOIUaPhPR4pN0Pa3txL1bR9EGnq+IjiXL5AefWz7 KEGZwygowYnKXkWsvqvfr89iPi9WeVt9QKO9bXJdEGOvRc2KZfj3y0xynGDvLL67cjyN QzQrA8vRURkmCP+VupfRjGXVnjDNlQldEvBusIHFHM6RdwJT9oWuy1P69/CjEB6sa/w/ Gwn98sWFD9pd1GKggpC784Xl6igEpweM9q0uM79s6dL9Ef8lEAhLaRbtZufpoflCi3z2 FMONk1TAUGKky75Br24VWLITuH2Az1mu/n9Xz8k9bo3xD9jS4OZkkz5GVkzCvcpPhDyT 2etA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:subject:cc:to:from:date:references:in-reply-to :message-id:mime-version:user-agent:feedback-id:dkim-signature :dkim-signature; bh=L//WJax4brKzE8K7jlKJOqfsX92u6DaWmDWFcr+tAL8=; fh=w39KTIpzQqr7ktyJ5PkEbvCR1v5lVYDowxn69YyzAF8=; b=n1gsM0TOZryd+3QyteBMdXgaVnKEm4UOmJrYgrvvWSt3YMWniEOwgeIJsEOhwhQwjk yubkUpvYRd+ZS4ZSBwcnbNoYg6MsDi82uGdgDQf9Ui6/fRUFNkORLsSnD9PAjXeV02l+ 6uzlpRBix9C1dIeEerRq/fPeQ9qDbEwtL5giK8ULfE/BF+IlvFIRBcXTKcvfPpBAnUOn vEIyEuDKrdicp15RA4/0VgVVU2gK1anrY8a0pF82CWFEqoUizne89CMC0iYZC4kv8WCr 5vqK+hQzzdJvdYoz4RK3lAtLZ59FSOSfRtbxM4QCdq4o+fEHyMAzMKf7rUtePMqYhbDt CmLQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@arndb.de header.s=fm2 header.b=qYyY873D; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b="A/NkEeWR"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from fry.vger.email (fry.vger.email. [2620:137:e000::3:8]) by mx.google.com with ESMTPS id 201-20020a6302d2000000b00589fcc39ef1si2019710pgc.365.2023.10.18.05.45.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Oct 2023 05:45:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) client-ip=2620:137:e000::3:8; Authentication-Results: mx.google.com; dkim=pass header.i=@arndb.de header.s=fm2 header.b=qYyY873D; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b="A/NkEeWR"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id 3C39D81C0CAE; Wed, 18 Oct 2023 05:45:52 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230397AbjJRMpF (ORCPT + 99 others); Wed, 18 Oct 2023 08:45:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45954 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230384AbjJRMpD (ORCPT ); Wed, 18 Oct 2023 08:45:03 -0400 Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3C5AC98 for ; Wed, 18 Oct 2023 05:45:01 -0700 (PDT) Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 0795F5C02E2; Wed, 18 Oct 2023 08:44:58 -0400 (EDT) Received: from imap51 ([10.202.2.101]) by compute5.internal (MEProxy); Wed, 18 Oct 2023 08:44:58 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arndb.de; h=cc :cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to; s=fm2; t=1697633098; x=1697719498; bh=L/ /WJax4brKzE8K7jlKJOqfsX92u6DaWmDWFcr+tAL8=; b=qYyY873Dt2zfjzazma nNumniuOGs+QnE66R8Qw7LXa1+z9SCRvo+dMkr17AHe+reNoSTFV3yo3/TcyH75E qDgQZDtsM008s8kQyV4qV1NuHEC8//U96z/HedW/G78+IMf7sl8dXbWswjhsZELG nebAjcMP8GI8M56Dx0OeC3Nb/HW4Tsi716ecclcRVvRNRTqNFPUt/E9ZtlLmNTCx NGjy3H7ZKZkeEVHBC6NCY2BwIdsacEBM7lKEKYNGAYc+SqRsW1Tw38/k+BARVAQG /A84IRDVI8iKvLnpcJqAV2rexGBogHbezzFIs0Nkt2aXL7+nJyNqSMu6uabRXEA6 Hhiw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; t=1697633098; x=1697719498; bh=L//WJax4brKzE 8K7jlKJOqfsX92u6DaWmDWFcr+tAL8=; b=A/NkEeWRcrtfFAAUpsMK5GrpinDVT eIAmNsl60iPZ2tWGKUnQSriCq3Sg7iRDOpYMnUU5pFR346syIDPWEq6ITbZGDAkb 0oBmatvLu5A39KsvTbEPlt1zJzTaBJF92fMazM15k6IkLWEEUbP1/hk6NNuj1ZcM KHookJ8wMYcnXEYhO9F0eGX+36DvChIhaRd+boLeHfN1ucbaiTHkf0+i32vy1w26 KnsNW0VVCiRlbCIPKIWfPCIoBfudWQNDhJknaoN6mqxu/2JWj+DIm1FPc1BscGzb cb4lnmxXSxqdqqS50gU4l1GD4Py3OQ4OrLA+4qp68lVMAEko1WlVJWykg== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrjeeggdehgecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefofgggkfgjfhffhffvvefutgesthdtredtreertdenucfhrhhomhepfdetrhhn ugcuuegvrhhgmhgrnhhnfdcuoegrrhhnugesrghrnhgusgdruggvqeenucggtffrrghtth gvrhhnpeevhfffledtgeehfeffhfdtgedvheejtdfgkeeuvefgudffteettdekkeeufeeh udenucffohhmrghinhepkhgvrhhnvghlrdhorhhgnecuvehluhhsthgvrhfuihiivgeptd enucfrrghrrghmpehmrghilhhfrhhomheprghrnhgusegrrhhnuggsrdguvg X-ME-Proxy: Feedback-ID: i56a14606:Fastmail Received: by mailuser.nyi.internal (Postfix, from userid 501) id A1D67B60089; Wed, 18 Oct 2023 08:44:57 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.9.0-alpha0-1019-ged83ad8595-fm-20231002.001-ged83ad85 MIME-Version: 1.0 Message-Id: In-Reply-To: <20231018122729.GA18556@willie-the-truck> References: <20231018122729.GA18556@willie-the-truck> Date: Wed, 18 Oct 2023 14:44:37 +0200 From: "Arnd Bergmann" To: "Will Deacon" , "Andrea della Porta" Cc: "Catalin Marinas" , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, nik.borisov@suse.com, "Kees Cook" Subject: Re: [PATCH 0/4] arm64: Make Aarch32 compatibility enablement optional at boot Content-Type: text/plain X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Wed, 18 Oct 2023 05:45:52 -0700 (PDT) On Wed, Oct 18, 2023, at 14:27, Will Deacon wrote: > Hi, > > On Wed, Oct 18, 2023 at 01:13:18PM +0200, Andrea della Porta wrote: >> Aarch32 compatibility mode is enabled at compile time through >> CONFIG_COMPAT Kconfig option. This patchset lets 32-bit support >> (for both processes and syscalls) be enabled at boot time using >> a kernel parameter. Also, it provides a mean for distributions >> to set their own default without sacrificing compatibility support, >> that is users can override default behaviour through the kernel >> parameter. > > I proposed something similar in the past: > > https://lkml.kernel.org/linux-fsdevel/20210916131816.8841-1-will@kernel.org/ > > bu the conclusion there (see the reply from Kees) was that it was better > to either use existing seccomp mechanisms or add something to control > which binfmts can be loaded. Right, I was going to reply along the same lines here: x86 is a bit of a special case that needs this, but I believe all the other architectures already guard the compat syscall execution on test_thread_flag(TIF_32BIT) that is only set by the compat binfmt loader. Doing the reverse is something that has however come up in the past several times and that could be interesting: In order to run userspace emulation (qemu-user, fex, ...) we may want to allow calling syscalls and ioctls for foreign ABIs in a native task, and at that point having a mechanism to control this capability globally or per task would be useful as well. The compat mode (arm32 on arm64) is the easiest case here, but the same thing could be done for emulating the very subtle architecture differences (x86-64 on arm64, arm64 on x86_64, arm32 on x86-compat, or any of the above on riscv or loongarch). Arnd