Received: by 2002:a05:7412:f690:b0:e2:908c:2ebd with SMTP id ej16csp218266rdb;
        Thu, 19 Oct 2023 02:17:30 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IFnQXXKCGwYX1JNBciJdZW0OrN0KiwawdugULfLlNIZKru5uU8BokGhmuJ+RjeZpAWcL/pg
X-Received: by 2002:a17:90a:ca91:b0:27c:f715:144 with SMTP id y17-20020a17090aca9100b0027cf7150144mr1561297pjt.19.1697707050533;
        Thu, 19 Oct 2023 02:17:30 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1697707050; cv=none;
        d=google.com; s=arc-20160816;
        b=bunfFVlo1a91hAbrfPmeYZxi4rV+u+5OaDr0yXvksOejapmxAjmRXreCwI8GOmmB9d
         cpLO4uIqwAkFbOIc4O0j98WQNhMvcqtBG6U3FjcDkdc9ISn754osp/DCWCtjaLO0yng8
         5Sn20r6tSSz43riOGl3GiV8TV+p8qiZaOnf66XzOpCRqMtuILAJucHvAXzD1ELseWhtR
         f/Qy7/EgqXlcvuNwWGdFXW+5a2aBpZJb/0RL0lInA1iVRmCy43aYecWvs8IjuSBLePSr
         fBjaCjfksLC+tUygP5NJAWNNhwaWFQMax1GOm+i8QXvfUY9hAR8G6GCJ378soERUltEH
         3gag==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:mail-followup-to:message-id:subject:cc:to:from:date
         :dkim-signature:dkim-signature;
        bh=ZprsuHZTxDGGvkpD70ElLcVpDjdCC6AMdVMYjcnRnhI=;
        fh=zn/ttSXdaoU/N+d/DW1vXqA79/r02ygBYJu6Kk0mmLs=;
        b=VQV3jrTf8pWpc1/a9AJmogK2SFrm7M1AQ7gOPJ1h1tc4StHOAdhv1PkBIm9QYli23V
         n4l1IcMFwPffteqd+WLbhsxjwtiQfs6KUr75K7NDIX4ITwTefYBQ6DHkofsiGdvI5foM
         es5zIskzkRwbIMpmFNPXbPSr6JoCUKDkd4+ZU7gmXHxbtIj15mfggZcEbWpifIElcU9Y
         FjLAz9t/txElensxb3smdS2JV16VbuNfatKtVMxZSRHZyOWr31c2jZa3gql7bmYloNRQ
         nIzCJkx98WC6hee8R6Fp39bexKzsSHOh9Fr0uSGviA9pkQgFwZ49edShuWJtOKHuw5Ua
         VEhg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=T3uCxO2R;
       dkim=neutral (no key) header.i=@suse.de;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from agentk.vger.email (agentk.vger.email. [23.128.96.32])
        by mx.google.com with ESMTPS id q11-20020a65684b000000b005859b1b34f7si4122668pgt.862.2023.10.19.02.17.30
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 19 Oct 2023 02:17:30 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) client-ip=23.128.96.32;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=T3uCxO2R;
       dkim=neutral (no key) header.i=@suse.de;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by agentk.vger.email (Postfix) with ESMTP id DDB3C8135D72;
	Thu, 19 Oct 2023 02:17:27 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at agentk.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1345035AbjJSJRP (ORCPT <rfc822;gvb.lkml@gmail.com> + 99 others);
        Thu, 19 Oct 2023 05:17:15 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49176 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S235216AbjJSJRE (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 19 Oct 2023 05:17:04 -0400
Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7F013131
        for <linux-kernel@vger.kernel.org>; Thu, 19 Oct 2023 02:17:02 -0700 (PDT)
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
        (No client certificate requested)
        by smtp-out2.suse.de (Postfix) with ESMTPS id C2E181FD91;
        Thu, 19 Oct 2023 09:17:00 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa;
        t=1697707020; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
         mime-version:mime-version:content-type:content-type:
         in-reply-to:in-reply-to:references:references;
        bh=ZprsuHZTxDGGvkpD70ElLcVpDjdCC6AMdVMYjcnRnhI=;
        b=T3uCxO2RX/VCsAwxswLlNr9T+uYeTq/jP11mL2rPUI0bgMoLC6tcgB19uGJ2vIlGaQZvGj
        8p3OAOwqbC9uNSCAb5RK6CSDQmXAdoUep708lm9AG7UHPwDyygvH4jDPHFWfh87GunwdZp
        ucopG1IAHQatVTODx1g9tpU3TuSHUzI=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;
        s=susede2_ed25519; t=1697707020;
        h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
         mime-version:mime-version:content-type:content-type:
         in-reply-to:in-reply-to:references:references;
        bh=ZprsuHZTxDGGvkpD70ElLcVpDjdCC6AMdVMYjcnRnhI=;
        b=5/lVFspdxsQdL4g7iVg/loSdldfyf99T75JLfM6IkwsaXbmGy4vM+InrlM9AkwCh6SdiE+
        QdXqORzJDw894UDA==
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
        (No client certificate requested)
        by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id ACDF7139C2;
        Thu, 19 Oct 2023 09:17:00 +0000 (UTC)
Received: from dovecot-director2.suse.de ([192.168.254.65])
        by imap2.suse-dmz.suse.de with ESMTPSA
        id TQPCKAz0MGW9VQAAMHmgww
        (envelope-from <aporta@suse.de>); Thu, 19 Oct 2023 09:17:00 +0000
Date:   Thu, 19 Oct 2023 11:17:00 +0200
From:   Andrea della Porta <aporta@suse.de>
To:     Will Deacon <will@kernel.org>
Cc:     Andrea della Porta <andrea.porta@suse.com>,
        Catalin Marinas <catalin.marinas@arm.com>,
        linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org,
        nik.borisov@suse.com, arnd@arndb.de, keescook@chromium.org
Subject: Re: [PATCH 0/4] arm64: Make Aarch32 compatibility enablement
 optional at boot
Message-ID: <ZTD0DAes-J-YQ2eu@apocalypse>
Mail-Followup-To: Will Deacon <will@kernel.org>,
        Andrea della Porta <andrea.porta@suse.com>,
        Catalin Marinas <catalin.marinas@arm.com>,
        linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org,
        nik.borisov@suse.com, arnd@arndb.de, keescook@chromium.org
References: <cover.1697614386.git.andrea.porta@suse.com>
 <20231018122729.GA18556@willie-the-truck>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20231018122729.GA18556@willie-the-truck>
Authentication-Results: smtp-out2.suse.de;
        none
X-Spam-Level: 
X-Spam-Score: -7.61
X-Spamd-Result: default: False [-7.61 / 50.00];
         ARC_NA(0.00)[];
         RCVD_VIA_SMTP_AUTH(0.00)[];
         FROM_HAS_DN(0.00)[];
         TO_DN_SOME(0.00)[];
         TO_MATCH_ENVRCPT_ALL(0.00)[];
         NEURAL_HAM_LONG(-3.00)[-1.000];
         MIME_GOOD(-0.10)[text/plain];
         REPLY(-4.00)[];
         DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519];
         NEURAL_HAM_SHORT(-1.00)[-1.000];
         RCPT_COUNT_SEVEN(0.00)[8];
         FROM_EQ_ENVFROM(0.00)[];
         MIME_TRACE(0.00)[0:+];
         MID_RHS_NOT_FQDN(0.50)[];
         RCVD_COUNT_TWO(0.00)[2];
         RCVD_TLS_ALL(0.00)[];
         BAYES_HAM(-0.01)[51.25%]
X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
	SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no
	version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Thu, 19 Oct 2023 02:17:28 -0700 (PDT)

On 13:27 Wed 18 Oct     , Will Deacon wrote:
> Hi,
> 
> On Wed, Oct 18, 2023 at 01:13:18PM +0200, Andrea della Porta wrote:
> > Aarch32 compatibility mode is enabled at compile time through
> > CONFIG_COMPAT Kconfig option. This patchset lets 32-bit support
> > (for both processes and syscalls) be enabled at boot time using
> > a kernel parameter. Also, it provides a mean for distributions 
> > to set their own default without sacrificing compatibility support,
> > that is users can override default behaviour through the kernel
> > parameter.
> 
> I proposed something similar in the past:
> 
> https://lkml.kernel.org/linux-fsdevel/20210916131816.8841-1-will@kernel.org/
> 
> bu the conclusion there (see the reply from Kees) was that it was better
> to either use existing seccomp mechanisms or add something to control
> which binfmts can be loaded.
> 
> Will

I see. Seccomp sounds like a really good idea, since just blocking the compat
binfmt would not avoid the call to 32-bit syscalls per se: it's true that
ARM64 enforce the transition from A64 to A32 only on exception return and
PSTATE.nRW flag can change only from EL1, maybe though some exploitation
may arise in the future to do just that (I'm not aware of any or come up
with a proof off the top of my head, but I can't exclude it either). So,
assuming by absurd a switch to A32 is feasible, the further step of embedding
A32 instruction in a A64 ELF executable is a breeze. Hence blocking the 
syscall (and not only the binfmt loading) could prove necessary. I know all
of this is higly speculative right now, maybe it's worth thinking nonetheless.

Andrea