Received: by 2002:a05:7412:f690:b0:e2:908c:2ebd with SMTP id ej16csp285122rdb;
        Thu, 19 Oct 2023 04:42:42 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IHNOI1tl3msn8P5LyTYUkYyKODm2SXQv2lWIwdge77aY3NpCge5KUmTbBGaLCzcgAXxCnop
X-Received: by 2002:a05:6a21:7741:b0:133:d17d:193a with SMTP id bc1-20020a056a21774100b00133d17d193amr1706945pzc.59.1697715762642;
        Thu, 19 Oct 2023 04:42:42 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1697715762; cv=none;
        d=google.com; s=arc-20160816;
        b=0L9gScHD2iABcArm4nfHbBQOXTSq9Ygi3m7qTGuNen8/HUpTkAIwXe549147v7xix2
         26O3yT24gctHknAaSFZ1v+z8/eeiGgA2to8OUYjCJNE6lAdKIPFriu8j7mp6djflzv5i
         Yq+DB3X83FkU040Hap6j34DN0j2BRGoeqveYyejJYg6DIjQ7cT/i4q1ZingdrEHtIQnw
         MoLM8qlKo09LM0GvlgYu+VIUiv3Aa5WG/6eZqrWToQMGmYMPuvbZnYcRJw+7KJDVYtJ7
         uH+MNW90JIqr8qvEWfH2U69QXNGjHrIVb37IZkmTeX3OFyVB5rFFFYnwSppzjixJ8tgU
         WGww==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:subject:cc:to:from:date:references:in-reply-to
         :message-id:mime-version:user-agent:feedback-id:dkim-signature
         :dkim-signature;
        bh=U2gqYc9zqSX1Su7Bd7S3GZCjJ4GSS8Kq+u+LYXmTYRQ=;
        fh=T8NqJ6BDRkuKuIHvnhWVSVRGfyetrT6259JRpr1YUd4=;
        b=JDKLZuFyCQlUDsvb9c/BzbTggS76/DmFBxIqleIF6NCYulForoedFQglgENsPiBRM7
         5FQs2lhL9JpV4Y02p63BfghNGU/TTcoIsPaPZryqWvKoADVXa6DA/FicgE8a5rzN3TVe
         1PBKRIQaECFsgmf4+n+GBOlNyu/u2qDhV9tg9+bRjN6Hfju19A6BMwRiW+x0lKLkYkyX
         lzosk1nmuylgyTRvhm8QjjB60ZBoE3XVtSQ9cgS6GTSOvhQIC4MdEtXNgRpcL1HL6Fbp
         5RJPxflZGsRy3uz6vL48gZT2UY6bgT6oBoYxss0lQ6KFKJb0dvvF0aol7RNzTttPsTSa
         ECiQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@arndb.de header.s=fm2 header.b=S9G5LX4f;
       dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=CDBLOJyc;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from howler.vger.email (howler.vger.email. [23.128.96.34])
        by mx.google.com with ESMTPS id u6-20020a17090abb0600b00277651787f1si1845229pjr.145.2023.10.19.04.42.42
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 19 Oct 2023 04:42:42 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) client-ip=23.128.96.34;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@arndb.de header.s=fm2 header.b=S9G5LX4f;
       dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=CDBLOJyc;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by howler.vger.email (Postfix) with ESMTP id 1AE57824E7AA;
	Thu, 19 Oct 2023 04:42:39 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1345355AbjJSLmZ (ORCPT <rfc822;gvb.lkml@gmail.com> + 99 others);
        Thu, 19 Oct 2023 07:42:25 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41258 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S233048AbjJSLmY (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 19 Oct 2023 07:42:24 -0400
Received: from wout3-smtp.messagingengine.com (wout3-smtp.messagingengine.com [64.147.123.19])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 290A69F
        for <linux-kernel@vger.kernel.org>; Thu, 19 Oct 2023 04:42:22 -0700 (PDT)
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45])
        by mailout.west.internal (Postfix) with ESMTP id 9FFE53200976;
        Thu, 19 Oct 2023 07:42:20 -0400 (EDT)
Received: from imap51 ([10.202.2.101])
  by compute5.internal (MEProxy); Thu, 19 Oct 2023 07:42:21 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arndb.de; h=cc
        :cc:content-type:content-type:date:date:from:from:in-reply-to
        :in-reply-to:message-id:mime-version:references:reply-to:sender
        :subject:subject:to:to; s=fm2; t=1697715740; x=1697802140; bh=U2
        gqYc9zqSX1Su7Bd7S3GZCjJ4GSS8Kq+u+LYXmTYRQ=; b=S9G5LX4fYsVuWGKoii
        mBG0HcarkUtMhdoal9QD1/AfKxCwoltpxDFNrn7mrHuEmd0E0SWDeXFoVfdsogVP
        p3MI1gej+pJ5un05zPJ3dXlBlpoVJrwjtJN37qpV3y/tnPmJeqlRjQueasGchLr1
        1bTWz5ZWmHB8zPZA9YjvoSfS48PV8ypwbBonhHL/7Herfy/aocZSsJc3GatUrnNl
        Qe2zP8m7t0eXIi4GLWrIP8NXsYV6ZuZedz0nPULxBt/37dgyYc7SP83B03p2wdU5
        ifruX6vfR8V9iT5NRI3wrhWD8Aif5s0LZOD/mCqZnFKxlXem15RGA8MQPOJlp4V6
        jUJQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
        messagingengine.com; h=cc:cc:content-type:content-type:date:date
        :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to
        :message-id:mime-version:references:reply-to:sender:subject
        :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
        :x-sasl-enc; s=fm3; t=1697715740; x=1697802140; bh=U2gqYc9zqSX1S
        u7Bd7S3GZCjJ4GSS8Kq+u+LYXmTYRQ=; b=CDBLOJycnB+uz4LLx5DvS/P01SjEA
        FAiRALNSsNQDpnRt39pgvZ/KlDtAo+caE+fOfTWTf2jSqU6tamHAK7VnWW0AUEMk
        t+I730RNrpZSgf0jF938D09y8N1+Jzu9svYkIy56++pQBOOuRcuX87Ux0RJ0XgfJ
        VURj3FjgIvhjTlZGaEgVVHslgkuz5auIgyIX50ABOi/j27abzxNp4ZmsYCVzW9KH
        EazCH8TnDTWpOJGqe7ltZEZKGRUfGNvouguWCPzggbmPVAuiPUTkupGF3uAx0Ak9
        Qb82rt0dSNlIuO99wX5X0vpVCoIKKaY3puq2XMGXslNrANLY/nZPaB+4g==
X-ME-Sender: <xms:GxYxZdk3O7B3Mp2Kx5uyeqcnR4udpan9Lrc5J1PDNau1X7jAKV62vw>
    <xme:GxYxZY3ZZS-iU5Y-5D-wootvjDVe_1P2Yaz_EHQVDrpDMXj65YC49Ugzz-nb11ITW
    0IYfI1FRccV-5VG_tw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrjeeigdegfecutefuodetggdotefrodftvf
    curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu
    uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc
    fjughrpefofgggkfgjfhffhffvvefutgesthdtredtreertdenucfhrhhomhepfdetrhhn
    ugcuuegvrhhgmhgrnhhnfdcuoegrrhhnugesrghrnhgusgdruggvqeenucggtffrrghtth
    gvrhhnpeevhfffledtgeehfeffhfdtgedvheejtdfgkeeuvefgudffteettdekkeeufeeh
    udenucffohhmrghinhepkhgvrhhnvghlrdhorhhgnecuvehluhhsthgvrhfuihiivgeptd
    enucfrrghrrghmpehmrghilhhfrhhomheprghrnhgusegrrhhnuggsrdguvg
X-ME-Proxy: <xmx:GxYxZTqnLnsQLCOFL-NC2o3KudcqCegiDi8KDwijx6HvKE5SK13hRg>
    <xmx:GxYxZdm7dhdz39mgXbdFmo7V5SKIGRFCPwNOE3MmKbJLr-cJBLBWZw>
    <xmx:GxYxZb21okDJ3JyvcTu_MwTzX9Vz0vj-38U5eMBzIjsLKlI1UPj9qQ>
    <xmx:HBYxZb-1aX_NFfG6Vu69nZIXBvGqZ3LdcpES1dpsgyeeQziDq28o0w>
Feedback-ID: i56a14606:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501)
        id A6D0BB60089; Thu, 19 Oct 2023 07:42:19 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.9.0-alpha0-1019-ged83ad8595-fm-20231002.001-ged83ad85
MIME-Version: 1.0
Message-Id: <6d3d4e4d-a2f6-493e-972c-a695efa37947@app.fastmail.com>
In-Reply-To: <ZTEKabxNdegsbxyv@apocalypse>
References: <cover.1697614386.git.andrea.porta@suse.com>
 <20231018122729.GA18556@willie-the-truck>
 <da4985cd-43db-4957-b841-7b8f6bf8f885@app.fastmail.com>
 <ZTEKabxNdegsbxyv@apocalypse>
Date:   Thu, 19 Oct 2023 13:41:59 +0200
From:   "Arnd Bergmann" <arnd@arndb.de>
To:     "Andrea della Porta" <aporta@suse.de>
Cc:     "Will Deacon" <will@kernel.org>,
        "Andrea della Porta" <andrea.porta@suse.com>,
        "Catalin Marinas" <catalin.marinas@arm.com>,
        linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org,
        nik.borisov@suse.com, "Kees Cook" <keescook@chromium.org>
Subject: Re: [PATCH 0/4] arm64: Make Aarch32 compatibility enablement optional at boot
Content-Type: text/plain
X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
	SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no
	version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on howler.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Thu, 19 Oct 2023 04:42:39 -0700 (PDT)

On Thu, Oct 19, 2023, at 12:52, Andrea della Porta wrote:
> On 14:44 Wed 18 Oct     , Arnd Bergmann wrote:
>> On Wed, Oct 18, 2023, at 14:27, Will Deacon wrote:
>> 
>> Right, I was going to reply along the same lines here: x86 is
>> a bit of a special case that needs this, but I believe all the
>> other architectures already guard the compat syscall execution
>> on test_thread_flag(TIF_32BIT) that is only set by the compat
>> binfmt loader.
>
> Are you referring to the fact that x86 can switch at will between 32- and 64-
> bit code?

No.

> Regarding the TIF_32BIT flag, thanks for the head-up. I still believe though
> that this mechanism can somehow break down in the future, since prohibiting
> 32 bit executable loading *and* blocking 32 bit compat syscall are two
> separate path of execution, held together by the architecture prohibiting
> to switch to A32 instructions by design. Breaking the first rule and embedding 
> wisely crafted A32 instruction in an executable is easy, while the difficult
> part is finding some 'reentrancy' to be able to do the execution state switch,
> as pinted out in https://lore.kernel.org/lkml/ZTD0DAes-J-YQ2eu@apocalypse/.
> I agree it's highly speculative and not something to be concerned right
> now, it's just a head up, should the need arise in the future.

There are (at least) five separate aspects to compat mode that are easy
to mix up:

1. Instruction decoding -- switching between the modes supported by the
   CPU (A64/A32/T32)
2. Word size -- what happens to the upper 32 bits of a register in
   an arithmetic operation
3. Personality -- Which architecture string gets returned by the
   uname syscall (aarch64 vs armv8) as well as the format of
   /proc/cpuinfo
4. system call entry points -- how a process calls into native or
   compat syscalls, or possibly foreign OS emulation
5. Binary format -- elf32 vs elf64 executables

On most architectures with compat mode, 4. and 5. are fundamentally
tied together today: a compat task can only call compat syscalls
and a native task can only call native syscalls. x86 is the exception
here, as it uses different instructions (int80, syscall, sysenter)
and picks the syscall table based on that instruction.

I think 1. and 2. are also always tied to 5 on arm, but this is
not necessarily true for other architectures. 3. used to be tied
to 5 on some architectures in the past, but should be independent
now.

>> Doing the reverse is something that has however come up in the
>> past several times and that could be interesting: In order to
>> run userspace emulation (qemu-user, fex, ...) we may want to
>> allow calling syscalls and ioctls for foreign ABIs in a native
>> task, and at that point having a mechanism to control this
>> capability globally or per task would be useful as well.
>> 
>> The compat mode (arm32 on arm64) is the easiest case here, but the
>> same thing could be done for emulating the very subtle architecture
>> differences (x86-64 on arm64, arm64 on x86_64, arm32 on x86-compat,
>> or any of the above on riscv or  loongarch).
>
> Really interesting, Since it's more related to emulation needs (my patch
> has another focus due to the fact that A64 can execute A32 natively),
> I'll take a look at this separately.

A64 mode (unlike some other architectures, notably mips64) cannot
execute A32 or T32 instructions without a mode switch, the three are
entirely incompatible on the binary level.

Many ARMv8-CPUs support both Aarch64 mode and Aarch32 (A32/T32),
but a lot of the newer ones (e.g. Apple M1/M2, Cortex-R82 or
Cortex-A715) only do Aarch64 and need user-space emulation to run
32-bit binaries.

    Arnd