From: Gabriel Krisman Bertazi <krisman@collabora.com>
To: Andy Lutomirski <luto@amacapital.net>
Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org,
kernel@collabora.com, Thomas Gleixner <tglx@linutronix.de>,
Kees Cook <keescook@chromium.org>,
Will Drewry <wad@chromium.org>,
"H . Peter Anvin" <hpa@zytor.com>,
Paul Gofman <gofmanp@gmail.com>
Subject: Re: [PATCH RFC] seccomp: Implement syscall isolation based on memory areas
Date: Sat, 30 May 2020 20:26:17 -0400 [thread overview]
Message-ID: <85367hkl06.fsf@collabora.com> (raw)
In-Reply-To: <AF65147C-15DB-4BA4-A08B-55676B489BA5@amacapital.net> (Andy Lutomirski's message of "Sat, 30 May 2020 15:09:47 -0700")
Andy Lutomirski <luto@amacapital.net> writes:
>> On May 29, 2020, at 11:00 PM, Gabriel Krisman Bertazi <krisman@collabora.com> wrote:
>>
>> Modern Windows applications are executing system call instructions
>> directly from the application's code without going through the WinAPI.
>> This breaks Wine emulation, because it doesn't have a chance to
>> intercept and emulate these syscalls before they are submitted to Linux.
>>
>> In addition, we cannot simply trap every system call of the application
>> to userspace using PTRACE_SYSEMU, because performance would suffer,
>> since our main use case is to run Windows games over Linux. Therefore,
>> we need some in-kernel filtering to decide whether the syscall was
>> issued by the wine code or by the windows application.
>
> Do you really need in-kernel filtering? What if you could have
> efficient userspace filtering instead? That is, set something up so
> that all syscalls, except those from a special address, are translated
> to CALL thunk where the thunk is configured per task. Then the thunk
> can do whatever emulation is needed.
Hi,
I suggested something similar to my customer, by using
libsyscall-intercept. The idea would be overwritting the syscall
instruction with a call to the entry point. I'm not a specialist on the
specifics of Windows games, (cc'ed Paul Gofman, who can provide more
details on that side), but as far as I understand, the reason why that
is not feasible is that the anti-cheat protection in games will abort
execution if the binary region was modified either on-disk or in-memory.
Is there some mechanism to do that without modiyfing the application?
> Getting the details and especially the interaction with any seccomp
> filters that may be installed right could be tricky, but the performance
> should be decent, at least on non-PTI systems.
>
> (If we go this route, I suspect that the correct interaction with
> seccomp is that this type of redirection takes precedence over seccomp
> and seccomp filters are not invoked for redirected syscalls. After all,
> a redirected syscall is, functionally, not a syscall at all.)
>
--
Gabriel Krisman Bertazi
next prev parent reply other threads:[~2020-05-31 0:26 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-30 5:59 [PATCH RFC] seccomp: Implement syscall isolation based on memory areas Gabriel Krisman Bertazi
2020-05-30 17:30 ` Kees Cook
2020-05-31 5:56 ` Gabriel Krisman Bertazi
2020-05-31 12:39 ` Paul Gofman
2020-05-31 16:49 ` Matthew Wilcox
2020-05-31 17:10 ` Paul Gofman
2020-05-31 17:31 ` Matthew Wilcox
2020-05-31 18:01 ` Paul Gofman
2020-06-01 17:54 ` Gabriel Krisman Bertazi
2020-06-01 17:53 ` Gabriel Krisman Bertazi
2020-05-30 22:09 ` Andy Lutomirski
2020-05-31 0:26 ` Gabriel Krisman Bertazi [this message]
2020-05-31 0:59 ` Andy Lutomirski
2020-05-31 12:56 ` Paul Gofman
2020-05-31 18:10 ` Andy Lutomirski
2020-05-31 18:36 ` Paul Gofman
2020-05-31 18:57 ` Andy Lutomirski
2020-05-31 19:37 ` Paul Gofman
2020-05-31 21:03 ` Andy Lutomirski
2020-06-01 18:06 ` Gabriel Krisman Bertazi
2020-06-01 20:08 ` Kees Cook
2020-06-01 23:18 ` Andy Lutomirski
2020-06-11 19:38 ` Gabriel Krisman Bertazi
2020-05-31 23:33 ` Brendan Shanks
2020-06-01 1:51 ` Andy Lutomirski
2020-06-25 23:14 ` Robert O'Callahan
2020-06-25 23:48 ` Gabriel Krisman Bertazi
2020-06-26 1:03 ` Robert O'Callahan
2020-06-01 3:20 ` kbuild test robot
2020-06-01 8:30 ` kbuild test robot
2020-06-05 6:06 ` Sargun Dhillon
-- strict thread matches above, loose matches on Subject: below --
2020-06-01 1:10 kbuild test robot
2020-06-01 9:23 Billy Laws
2020-06-01 13:59 ` Andy Lutomirski
2020-06-01 17:48 ` hpa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=85367hkl06.fsf@collabora.com \
--to=krisman@collabora.com \
--cc=gofmanp@gmail.com \
--cc=hpa@zytor.com \
--cc=keescook@chromium.org \
--cc=kernel@collabora.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@amacapital.net \
--cc=tglx@linutronix.de \
--cc=wad@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.