Received: by 2002:a05:7412:f690:b0:e2:908c:2ebd with SMTP id ej16csp258044rdb; Thu, 19 Oct 2023 03:52:42 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFJ7LVMINcx9TynvSB6qkzU/gfGaf9DaZk5XMM7fD9kdlsHu8Tvlefn/WeAjqeEc+D/5Vlo X-Received: by 2002:a17:902:e5cb:b0:1c9:bfd3:1f4a with SMTP id u11-20020a170902e5cb00b001c9bfd31f4amr1975034plf.66.1697712762559; Thu, 19 Oct 2023 03:52:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697712762; cv=none; d=google.com; s=arc-20160816; b=gikFyr8EpQxibFqXm12/KhmBaEVYNPPnhHXrZLZakqO15K9NtsNQIAFaGIfhj9pkTR X2kcHdxUZpN4sqa7ZqATSPGHw5zg7PTjGHymQ95+zNvNgdbcCFhiEMYazCiZJ8dxUs6Q L71b3T6U8SntghgIO6PzbQrah/mUkKPYErxnEVlxlkVumrfYedgKAJdIZyfFUVw9mqPi vYSR2Hd5KfmI0BnsA8liNl36CbynB8OAvxQLMkveP1WKbKcvOlq1w3W1CLHdU9cakiB+ +5fnVEcly1pD6S1HktipaIfukHmWFxZYYmW70balYmV7WDRZszh3yxiEimPGZqRcREwS MwQA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:mail-followup-to:message-id:subject:cc:to:from:date :dkim-signature:dkim-signature; bh=QpIy/RTUlzS5m0v5JYCmLVvG8ZLB5o2VoYwjMduXzG8=; fh=8/I9XDp/TXrpfPj1Rx6ubxRD12FswM8ZzjyoLyPrH9M=; b=fWW/PhcMIaD5/1mLDXghZRyLhHPbe9NLdfrj6OUPPNYG8AT5nccTA49NE5UHInt96S TfgqmfZHVFf7L7EUxZMBqPR+/IOvZLWW605Vr7o8dGkaaVcuAlM7oTds2syeHTwzAYd8 FYBt+8gZV+UWqRakRzIeU2ert4S8oP3EpvAHjGEqIsh9ISe0GHlIrD4mERiitSmdn1j3 TVJ9w4eL+Z6xKTuBDWkwgB1u1UG/9ewG67u0dJGmg8gha5NhBwPjkfnsXxrr2XZbXqH1 nrKgaxgL6uAQdly3AJA3MOdnhHQEF336PkeHfig2oRypsdYZ6rj6Vitf6tu8nBl3T8Wy GcQQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=UFTds98f; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=pDTHfyhC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Return-Path: Received: from lipwig.vger.email (lipwig.vger.email. [23.128.96.33]) by mx.google.com with ESMTPS id jo23-20020a170903055700b001c9ca0a03dcsi1753015plb.86.2023.10.19.03.52.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 19 Oct 2023 03:52:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) client-ip=23.128.96.33; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=UFTds98f; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=pDTHfyhC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id 10CD880AC8EA; Thu, 19 Oct 2023 03:52:40 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345213AbjJSKwc (ORCPT + 99 others); Thu, 19 Oct 2023 06:52:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46814 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235229AbjJSKwa (ORCPT ); Thu, 19 Oct 2023 06:52:30 -0400 Received: from smtp-out2.suse.de (smtp-out2.suse.de [IPv6:2001:67c:2178:6::1d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9E1D911F for ; Thu, 19 Oct 2023 03:52:27 -0700 (PDT) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 4626A1F88B; Thu, 19 Oct 2023 10:52:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1697712746; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=QpIy/RTUlzS5m0v5JYCmLVvG8ZLB5o2VoYwjMduXzG8=; b=UFTds98fre9xAAk4LYP0ojQT9dICphovGKc+CtcYLSaPKrQWQx5MVLsqEaagjGk0GeKi00 vdUAEna7ahED15Xses+xsjBCpC3JooTZALeQ3iiDlnc31VjyzHkGJuM9r7p6wtVasUNSai iw9IQFJEayUA9jNkU0tif1akSC36cw4= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1697712746; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=QpIy/RTUlzS5m0v5JYCmLVvG8ZLB5o2VoYwjMduXzG8=; b=pDTHfyhClmgvWfXOlaipVUP2nou1GgWvffDtvm5whgXnY4xz7LBiiUEPiO1vEAguVovjM0 5u4Qa6vL6DhNnNAQ== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 28F411357F; Thu, 19 Oct 2023 10:52:26 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id H3zyB2oKMWVlCAAAMHmgww (envelope-from ); Thu, 19 Oct 2023 10:52:26 +0000 Date: Thu, 19 Oct 2023 12:52:25 +0200 From: Andrea della Porta To: Arnd Bergmann Cc: Will Deacon , Andrea della Porta , Catalin Marinas , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, nik.borisov@suse.com, Kees Cook Subject: Re: [PATCH 0/4] arm64: Make Aarch32 compatibility enablement optional at boot Message-ID: Mail-Followup-To: Arnd Bergmann , Will Deacon , Andrea della Porta , Catalin Marinas , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, nik.borisov@suse.com, Kees Cook References: <20231018122729.GA18556@willie-the-truck> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Authentication-Results: smtp-out2.suse.de; none X-Spam-Level: X-Spam-Score: -10.60 X-Spamd-Result: default: False [-10.60 / 50.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-3.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; REPLY(-4.00)[]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; NEURAL_HAM_SHORT(-1.00)[-1.000]; RCPT_COUNT_SEVEN(0.00)[8]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; MID_RHS_NOT_FQDN(0.50)[]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; BAYES_HAM(-3.00)[100.00%] X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Thu, 19 Oct 2023 03:52:40 -0700 (PDT) On 14:44 Wed 18 Oct , Arnd Bergmann wrote: > On Wed, Oct 18, 2023, at 14:27, Will Deacon wrote: > > Hi, > > > > On Wed, Oct 18, 2023 at 01:13:18PM +0200, Andrea della Porta wrote: > >> Aarch32 compatibility mode is enabled at compile time through > >> CONFIG_COMPAT Kconfig option. This patchset lets 32-bit support > >> (for both processes and syscalls) be enabled at boot time using > >> a kernel parameter. Also, it provides a mean for distributions > >> to set their own default without sacrificing compatibility support, > >> that is users can override default behaviour through the kernel > >> parameter. > > > > I proposed something similar in the past: > > > > https://lkml.kernel.org/linux-fsdevel/20210916131816.8841-1-will@kernel.org/ > > > > bu the conclusion there (see the reply from Kees) was that it was better > > to either use existing seccomp mechanisms or add something to control > > which binfmts can be loaded. > > Right, I was going to reply along the same lines here: x86 is > a bit of a special case that needs this, but I believe all the > other architectures already guard the compat syscall execution > on test_thread_flag(TIF_32BIT) that is only set by the compat > binfmt loader. Are you referring to the fact that x86 can switch at will between 32- and 64- bit code? Regarding the TIF_32BIT flag, thanks for the head-up. I still believe though that this mechanism can somehow break down in the future, since prohibiting 32 bit executable loading *and* blocking 32 bit compat syscall are two separate path of execution, held together by the architecture prohibiting to switch to A32 instructions by design. Breaking the first rule and embedding wisely crafted A32 instruction in an executable is easy, while the difficult part is finding some 'reentrancy' to be able to do the execution state switch, as pinted out in https://lore.kernel.org/lkml/ZTD0DAes-J-YQ2eu@apocalypse/. I agree it's highly speculative and not something to be concerned right now, it's just a head up, should the need arise in the future. > Doing the reverse is something that has however come up in the > past several times and that could be interesting: In order to > run userspace emulation (qemu-user, fex, ...) we may want to > allow calling syscalls and ioctls for foreign ABIs in a native > task, and at that point having a mechanism to control this > capability globally or per task would be useful as well. > > The compat mode (arm32 on arm64) is the easiest case here, but the > same thing could be done for emulating the very subtle architecture > differences (x86-64 on arm64, arm64 on x86_64, arm32 on x86-compat, > or any of the above on riscv or loongarch). > > Arnd Really interesting, Since it's more related to emulation needs (my patch has another focus due to the fact that A64 can execute A32 natively), I'll take a look at this separately. Andrea