Received: by 2002:a05:7412:f690:b0:e2:908c:2ebd with SMTP id ej16csp285122rdb; Thu, 19 Oct 2023 04:42:42 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHNOI1tl3msn8P5LyTYUkYyKODm2SXQv2lWIwdge77aY3NpCge5KUmTbBGaLCzcgAXxCnop X-Received: by 2002:a05:6a21:7741:b0:133:d17d:193a with SMTP id bc1-20020a056a21774100b00133d17d193amr1706945pzc.59.1697715762642; Thu, 19 Oct 2023 04:42:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697715762; cv=none; d=google.com; s=arc-20160816; b=0L9gScHD2iABcArm4nfHbBQOXTSq9Ygi3m7qTGuNen8/HUpTkAIwXe549147v7xix2 26O3yT24gctHknAaSFZ1v+z8/eeiGgA2to8OUYjCJNE6lAdKIPFriu8j7mp6djflzv5i Yq+DB3X83FkU040Hap6j34DN0j2BRGoeqveYyejJYg6DIjQ7cT/i4q1ZingdrEHtIQnw MoLM8qlKo09LM0GvlgYu+VIUiv3Aa5WG/6eZqrWToQMGmYMPuvbZnYcRJw+7KJDVYtJ7 uH+MNW90JIqr8qvEWfH2U69QXNGjHrIVb37IZkmTeX3OFyVB5rFFFYnwSppzjixJ8tgU WGww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:subject:cc:to:from:date:references:in-reply-to :message-id:mime-version:user-agent:feedback-id:dkim-signature :dkim-signature; bh=U2gqYc9zqSX1Su7Bd7S3GZCjJ4GSS8Kq+u+LYXmTYRQ=; fh=T8NqJ6BDRkuKuIHvnhWVSVRGfyetrT6259JRpr1YUd4=; b=JDKLZuFyCQlUDsvb9c/BzbTggS76/DmFBxIqleIF6NCYulForoedFQglgENsPiBRM7 5FQs2lhL9JpV4Y02p63BfghNGU/TTcoIsPaPZryqWvKoADVXa6DA/FicgE8a5rzN3TVe 1PBKRIQaECFsgmf4+n+GBOlNyu/u2qDhV9tg9+bRjN6Hfju19A6BMwRiW+x0lKLkYkyX lzosk1nmuylgyTRvhm8QjjB60ZBoE3XVtSQ9cgS6GTSOvhQIC4MdEtXNgRpcL1HL6Fbp 5RJPxflZGsRy3uz6vL48gZT2UY6bgT6oBoYxss0lQ6KFKJb0dvvF0aol7RNzTttPsTSa ECiQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@arndb.de header.s=fm2 header.b=S9G5LX4f; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=CDBLOJyc; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from howler.vger.email (howler.vger.email. [23.128.96.34]) by mx.google.com with ESMTPS id u6-20020a17090abb0600b00277651787f1si1845229pjr.145.2023.10.19.04.42.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 19 Oct 2023 04:42:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) client-ip=23.128.96.34; Authentication-Results: mx.google.com; dkim=pass header.i=@arndb.de header.s=fm2 header.b=S9G5LX4f; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=CDBLOJyc; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by howler.vger.email (Postfix) with ESMTP id 1AE57824E7AA; Thu, 19 Oct 2023 04:42:39 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345355AbjJSLmZ (ORCPT + 99 others); Thu, 19 Oct 2023 07:42:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41258 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233048AbjJSLmY (ORCPT ); Thu, 19 Oct 2023 07:42:24 -0400 Received: from wout3-smtp.messagingengine.com (wout3-smtp.messagingengine.com [64.147.123.19]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 290A69F for ; Thu, 19 Oct 2023 04:42:22 -0700 (PDT) Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.west.internal (Postfix) with ESMTP id 9FFE53200976; Thu, 19 Oct 2023 07:42:20 -0400 (EDT) Received: from imap51 ([10.202.2.101]) by compute5.internal (MEProxy); Thu, 19 Oct 2023 07:42:21 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arndb.de; h=cc :cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to; s=fm2; t=1697715740; x=1697802140; bh=U2 gqYc9zqSX1Su7Bd7S3GZCjJ4GSS8Kq+u+LYXmTYRQ=; b=S9G5LX4fYsVuWGKoii mBG0HcarkUtMhdoal9QD1/AfKxCwoltpxDFNrn7mrHuEmd0E0SWDeXFoVfdsogVP p3MI1gej+pJ5un05zPJ3dXlBlpoVJrwjtJN37qpV3y/tnPmJeqlRjQueasGchLr1 1bTWz5ZWmHB8zPZA9YjvoSfS48PV8ypwbBonhHL/7Herfy/aocZSsJc3GatUrnNl Qe2zP8m7t0eXIi4GLWrIP8NXsYV6ZuZedz0nPULxBt/37dgyYc7SP83B03p2wdU5 ifruX6vfR8V9iT5NRI3wrhWD8Aif5s0LZOD/mCqZnFKxlXem15RGA8MQPOJlp4V6 jUJQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; t=1697715740; x=1697802140; bh=U2gqYc9zqSX1S u7Bd7S3GZCjJ4GSS8Kq+u+LYXmTYRQ=; b=CDBLOJycnB+uz4LLx5DvS/P01SjEA FAiRALNSsNQDpnRt39pgvZ/KlDtAo+caE+fOfTWTf2jSqU6tamHAK7VnWW0AUEMk t+I730RNrpZSgf0jF938D09y8N1+Jzu9svYkIy56++pQBOOuRcuX87Ux0RJ0XgfJ VURj3FjgIvhjTlZGaEgVVHslgkuz5auIgyIX50ABOi/j27abzxNp4ZmsYCVzW9KH EazCH8TnDTWpOJGqe7ltZEZKGRUfGNvouguWCPzggbmPVAuiPUTkupGF3uAx0Ak9 Qb82rt0dSNlIuO99wX5X0vpVCoIKKaY3puq2XMGXslNrANLY/nZPaB+4g== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrjeeigdegfecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefofgggkfgjfhffhffvvefutgesthdtredtreertdenucfhrhhomhepfdetrhhn ugcuuegvrhhgmhgrnhhnfdcuoegrrhhnugesrghrnhgusgdruggvqeenucggtffrrghtth gvrhhnpeevhfffledtgeehfeffhfdtgedvheejtdfgkeeuvefgudffteettdekkeeufeeh udenucffohhmrghinhepkhgvrhhnvghlrdhorhhgnecuvehluhhsthgvrhfuihiivgeptd enucfrrghrrghmpehmrghilhhfrhhomheprghrnhgusegrrhhnuggsrdguvg X-ME-Proxy: Feedback-ID: i56a14606:Fastmail Received: by mailuser.nyi.internal (Postfix, from userid 501) id A6D0BB60089; Thu, 19 Oct 2023 07:42:19 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.9.0-alpha0-1019-ged83ad8595-fm-20231002.001-ged83ad85 MIME-Version: 1.0 Message-Id: <6d3d4e4d-a2f6-493e-972c-a695efa37947@app.fastmail.com> In-Reply-To: References: <20231018122729.GA18556@willie-the-truck> Date: Thu, 19 Oct 2023 13:41:59 +0200 From: "Arnd Bergmann" To: "Andrea della Porta" Cc: "Will Deacon" , "Andrea della Porta" , "Catalin Marinas" , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, nik.borisov@suse.com, "Kees Cook" Subject: Re: [PATCH 0/4] arm64: Make Aarch32 compatibility enablement optional at boot Content-Type: text/plain X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on howler.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Thu, 19 Oct 2023 04:42:39 -0700 (PDT) On Thu, Oct 19, 2023, at 12:52, Andrea della Porta wrote: > On 14:44 Wed 18 Oct , Arnd Bergmann wrote: >> On Wed, Oct 18, 2023, at 14:27, Will Deacon wrote: >> >> Right, I was going to reply along the same lines here: x86 is >> a bit of a special case that needs this, but I believe all the >> other architectures already guard the compat syscall execution >> on test_thread_flag(TIF_32BIT) that is only set by the compat >> binfmt loader. > > Are you referring to the fact that x86 can switch at will between 32- and 64- > bit code? No. > Regarding the TIF_32BIT flag, thanks for the head-up. I still believe though > that this mechanism can somehow break down in the future, since prohibiting > 32 bit executable loading *and* blocking 32 bit compat syscall are two > separate path of execution, held together by the architecture prohibiting > to switch to A32 instructions by design. Breaking the first rule and embedding > wisely crafted A32 instruction in an executable is easy, while the difficult > part is finding some 'reentrancy' to be able to do the execution state switch, > as pinted out in https://lore.kernel.org/lkml/ZTD0DAes-J-YQ2eu@apocalypse/. > I agree it's highly speculative and not something to be concerned right > now, it's just a head up, should the need arise in the future. There are (at least) five separate aspects to compat mode that are easy to mix up: 1. Instruction decoding -- switching between the modes supported by the CPU (A64/A32/T32) 2. Word size -- what happens to the upper 32 bits of a register in an arithmetic operation 3. Personality -- Which architecture string gets returned by the uname syscall (aarch64 vs armv8) as well as the format of /proc/cpuinfo 4. system call entry points -- how a process calls into native or compat syscalls, or possibly foreign OS emulation 5. Binary format -- elf32 vs elf64 executables On most architectures with compat mode, 4. and 5. are fundamentally tied together today: a compat task can only call compat syscalls and a native task can only call native syscalls. x86 is the exception here, as it uses different instructions (int80, syscall, sysenter) and picks the syscall table based on that instruction. I think 1. and 2. are also always tied to 5 on arm, but this is not necessarily true for other architectures. 3. used to be tied to 5 on some architectures in the past, but should be independent now. >> Doing the reverse is something that has however come up in the >> past several times and that could be interesting: In order to >> run userspace emulation (qemu-user, fex, ...) we may want to >> allow calling syscalls and ioctls for foreign ABIs in a native >> task, and at that point having a mechanism to control this >> capability globally or per task would be useful as well. >> >> The compat mode (arm32 on arm64) is the easiest case here, but the >> same thing could be done for emulating the very subtle architecture >> differences (x86-64 on arm64, arm64 on x86_64, arm32 on x86-compat, >> or any of the above on riscv or loongarch). > > Really interesting, Since it's more related to emulation needs (my patch > has another focus due to the fact that A64 can execute A32 natively), > I'll take a look at this separately. A64 mode (unlike some other architectures, notably mips64) cannot execute A32 or T32 instructions without a mode switch, the three are entirely incompatible on the binary level. Many ARMv8-CPUs support both Aarch64 mode and Aarch32 (A32/T32), but a lot of the newer ones (e.g. Apple M1/M2, Cortex-R82 or Cortex-A715) only do Aarch64 and need user-space emulation to run 32-bit binaries. Arnd