From: Thomas Gleixner <tglx@linutronix.de>
To: "Björn Töpel" <bjorn@kernel.org>,
"Celeste Liu" <coelacanthushex@gmail.com>,
"Celeste Liu via B4 Relay"
<devnull+CoelacanthusHex.gmail.com@kernel.org>,
"Paul Walmsley" <paul.walmsley@sifive.com>,
"Palmer Dabbelt" <palmer@dabbelt.com>,
"Albert Ou" <aou@eecs.berkeley.edu>,
"Björn Töpel" <bjorn@rivosinc.com>
Cc: Palmer Dabbelt <palmer@rivosinc.com>,
Alexandre Ghiti <alex@ghiti.fr>,
"Dmitry V. Levin" <ldv@strace.io>,
Andrea Bolognani <abologna@redhat.com>,
Felix Yan <felixonmars@archlinux.org>,
Ruizhe Pan <c141028@gmail.com>,
Shiqi Zhang <shiqi@isrc.iscas.ac.cn>, Guo Ren <guoren@kernel.org>,
Yao Zi <ziyao@disroot.org>, Han Gao <gaohan@iscas.ac.cn>,
linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org,
stable@vger.kernel.org
Subject: Re: [PATCH] riscv/entry: get correct syscall number from syscall_get_nr()
Date: Fri, 25 Oct 2024 15:12:14 +0200 [thread overview]
Message-ID: <871q045ntd.ffs@tglx> (raw)
In-Reply-To: <8734kpqu8k.fsf@all.your.base.are.belong.to.us>
On Mon, Oct 21 2024 at 09:46, Björn Töpel wrote:
> Celeste Liu <coelacanthushex@gmail.com> writes:
>> 1. syscall_enter_from_user_mode() will do two things:
>> 1) the return value is only to inform whether the syscall should be skipped.
>> 2) regs will be modified by filters (seccomp or ptrace and so on).
>> 2. for common entry user, there is two informations: syscall number and
>> the return value of syscall_enter_from_user_mode() (called is_skipped below).
>> so there is three situations:
>> 1) if syscall number is invalid, the syscall should not be performed, and
>> we set a0 to -ENOSYS to inform userspace the syscall doesn't exist.
>> 2) if syscall number is valid, is_skipped will be used:
>> a) if is_skipped is -1, which means there are some filters reject this syscall,
>> so the syscall should not performed. (Of course, we can use bool instead to
>> get better semantic)
>> b) if is_skipped != -1, which means the filters approved this syscall,
>> so we invoke syscall handler with modified regs.
>>
>> In your design, the logical condition is not obvious. Why syscall_enter_from_user_mode()
>> informed the syscall will be skipped but the syscall handler will be called
>> when syscall number is invalid? The users need to think two things to get result:
>> a) -1 means skip
>> b) -1 < 0 in signed integer, so the skip condition is always a invalid syscall number.
>>
>> In may way, the users only need to think one thing: The syscall_enter_from_user_mode()
>> said -1 means the syscall should not be performed, so use it as a condition of reject
>> directly. They just need to combine the informations that they get from API as the
>> condition of control flow.
>
> I'm all-in for simpler API usage! Maybe massage the
> syscall_enter_from_user_mode() (or a new one), so that additional
> syscall_get_nr() call is not needed?
It's completely unclear to me what the actual problem is. The flow how
this works on all architectures is:
regs->orig_a0 = regs->a0
regs->a0 = -ENOSYS;
nr = syscall_enter_from_user_mode(....);
if (nr >= 0)
regs->a0 = nr < MAX_SYSCALL ? syscall(nr) : -ENOSYS;
If syscall_trace_enter() returns -1 to skip the syscall, then regs->a0
is unmodified, unless one of the magic operations modified it.
If syscall_trace_enter() was not active (no tracer, no seccomp ...) then
regs->a0 already contains -ENOSYS.
So what's the exact problem?
Thanks,
tglx
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
WARNING: multiple messages have this Message-ID (diff)
From: Thomas Gleixner <tglx@linutronix.de>
To: "Björn Töpel" <bjorn@kernel.org>,
"Celeste Liu" <coelacanthushex@gmail.com>,
"Celeste Liu via B4 Relay"
<devnull+CoelacanthusHex.gmail.com@kernel.org>,
"Paul Walmsley" <paul.walmsley@sifive.com>,
"Palmer Dabbelt" <palmer@dabbelt.com>,
"Albert Ou" <aou@eecs.berkeley.edu>,
"Björn Töpel" <bjorn@rivosinc.com>
Cc: Palmer Dabbelt <palmer@rivosinc.com>,
Alexandre Ghiti <alex@ghiti.fr>,
"Dmitry V. Levin" <ldv@strace.io>,
Andrea Bolognani <abologna@redhat.com>,
Felix Yan <felixonmars@archlinux.org>,
Ruizhe Pan <c141028@gmail.com>,
Shiqi Zhang <shiqi@isrc.iscas.ac.cn>, Guo Ren <guoren@kernel.org>,
Yao Zi <ziyao@disroot.org>, Han Gao <gaohan@iscas.ac.cn>,
linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org,
stable@vger.kernel.org
Subject: Re: [PATCH] riscv/entry: get correct syscall number from syscall_get_nr()
Date: Fri, 25 Oct 2024 15:12:14 +0200 [thread overview]
Message-ID: <871q045ntd.ffs@tglx> (raw)
In-Reply-To: <8734kpqu8k.fsf@all.your.base.are.belong.to.us>
On Mon, Oct 21 2024 at 09:46, Björn Töpel wrote:
> Celeste Liu <coelacanthushex@gmail.com> writes:
>> 1. syscall_enter_from_user_mode() will do two things:
>> 1) the return value is only to inform whether the syscall should be skipped.
>> 2) regs will be modified by filters (seccomp or ptrace and so on).
>> 2. for common entry user, there is two informations: syscall number and
>> the return value of syscall_enter_from_user_mode() (called is_skipped below).
>> so there is three situations:
>> 1) if syscall number is invalid, the syscall should not be performed, and
>> we set a0 to -ENOSYS to inform userspace the syscall doesn't exist.
>> 2) if syscall number is valid, is_skipped will be used:
>> a) if is_skipped is -1, which means there are some filters reject this syscall,
>> so the syscall should not performed. (Of course, we can use bool instead to
>> get better semantic)
>> b) if is_skipped != -1, which means the filters approved this syscall,
>> so we invoke syscall handler with modified regs.
>>
>> In your design, the logical condition is not obvious. Why syscall_enter_from_user_mode()
>> informed the syscall will be skipped but the syscall handler will be called
>> when syscall number is invalid? The users need to think two things to get result:
>> a) -1 means skip
>> b) -1 < 0 in signed integer, so the skip condition is always a invalid syscall number.
>>
>> In may way, the users only need to think one thing: The syscall_enter_from_user_mode()
>> said -1 means the syscall should not be performed, so use it as a condition of reject
>> directly. They just need to combine the informations that they get from API as the
>> condition of control flow.
>
> I'm all-in for simpler API usage! Maybe massage the
> syscall_enter_from_user_mode() (or a new one), so that additional
> syscall_get_nr() call is not needed?
It's completely unclear to me what the actual problem is. The flow how
this works on all architectures is:
regs->orig_a0 = regs->a0
regs->a0 = -ENOSYS;
nr = syscall_enter_from_user_mode(....);
if (nr >= 0)
regs->a0 = nr < MAX_SYSCALL ? syscall(nr) : -ENOSYS;
If syscall_trace_enter() returns -1 to skip the syscall, then regs->a0
is unmodified, unless one of the magic operations modified it.
If syscall_trace_enter() was not active (no tracer, no seccomp ...) then
regs->a0 already contains -ENOSYS.
So what's the exact problem?
Thanks,
tglx
next prev parent reply other threads:[~2024-10-25 14:31 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-16 17:49 [PATCH] riscv/entry: get correct syscall number from syscall_get_nr() Celeste Liu
2024-10-16 17:49 ` Celeste Liu via B4 Relay
2024-10-16 17:49 ` Celeste Liu via B4 Relay
2024-10-16 17:51 ` kernel test robot
2024-10-21 14:00 ` Björn Töpel
2024-10-21 14:00 ` Björn Töpel
2024-10-21 15:23 ` Celeste Liu
2024-10-21 15:23 ` Celeste Liu
2024-10-21 16:46 ` Björn Töpel
2024-10-21 16:46 ` Björn Töpel
2024-10-25 13:12 ` Thomas Gleixner [this message]
2024-10-25 13:12 ` Thomas Gleixner
2024-10-25 14:30 ` Björn Töpel
2024-10-25 14:30 ` Björn Töpel
2024-10-26 20:21 ` Thomas Gleixner
2024-10-26 20:21 ` Thomas Gleixner
2024-10-27 15:29 ` Celeste Liu
2024-10-27 15:29 ` Celeste Liu
2024-10-27 15:56 ` Thomas Gleixner
2024-10-27 15:56 ` Thomas Gleixner
2024-10-27 17:01 ` Celeste Liu
2024-10-27 17:01 ` Celeste Liu
2024-10-27 21:52 ` Thomas Gleixner
2024-10-27 21:52 ` Thomas Gleixner
2024-10-28 0:17 ` Ron Economos
2024-10-28 0:17 ` Ron Economos
2024-10-28 16:25 ` Celeste Liu
2024-10-28 16:25 ` Celeste Liu
2024-10-28 19:33 ` Björn Töpel
2024-10-28 19:33 ` Björn Töpel
2024-11-30 22:39 ` Celeste Liu
2024-11-30 22:39 ` Celeste Liu
2024-10-28 9:45 ` Björn Töpel
2024-10-28 9:45 ` Björn Töpel
2024-11-15 21:49 ` Aurelien Jarno
2024-11-15 21:49 ` Aurelien Jarno
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=871q045ntd.ffs@tglx \
--to=tglx@linutronix.de \
--cc=abologna@redhat.com \
--cc=alex@ghiti.fr \
--cc=aou@eecs.berkeley.edu \
--cc=bjorn@kernel.org \
--cc=bjorn@rivosinc.com \
--cc=c141028@gmail.com \
--cc=coelacanthushex@gmail.com \
--cc=devnull+CoelacanthusHex.gmail.com@kernel.org \
--cc=felixonmars@archlinux.org \
--cc=gaohan@iscas.ac.cn \
--cc=guoren@kernel.org \
--cc=ldv@strace.io \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=palmer@dabbelt.com \
--cc=palmer@rivosinc.com \
--cc=paul.walmsley@sifive.com \
--cc=shiqi@isrc.iscas.ac.cn \
--cc=stable@vger.kernel.org \
--cc=ziyao@disroot.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.