From: Andrea della Porta <aporta@suse.de>
To: Mark Rutland <mark.rutland@arm.com>
Cc: Andrea della Porta <andrea.porta@suse.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>,
linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, nik.borisov@suse.com
Subject: Re: [PATCH 4/4] arm64: Make Aarch32 emulation boot time configurable
Date: Thu, 19 Oct 2023 14:50:13 +0200 [thread overview]
Message-ID: <ZTEmBU73nLnYMfEC@apocalypse> (raw)
In-Reply-To: <ZS_XYwHovY6B7Whp@FVFF77S0Q05N.cambridge.arm.com>
On 14:02 Wed 18 Oct , Mark Rutland wrote:
> On Wed, Oct 18, 2023 at 01:13:22PM +0200, Andrea della Porta wrote:
> > Distributions would like to reduce their attack surface as much as
> > possible but at the same time they'd want to retain flexibility to
> > cater to a variety of legacy software. This stems from the conjecture
> > that compat layer is likely rarely tested and could have latent
> > security bugs. Ideally distributions will set their default policy
> > and also give users the ability to override it as appropriate.
> >
> > To enable this use case, introduce CONFIG_AARCH32_EMULATION_DEFAULT_DISABLED
> > compile time option, which controls whether 32bit processes/syscalls
> > should be allowed or not. This option is aimed mainly at distributions
> > to set their preferred default behavior in their kernels.
> >
> > To allow users to override the distro's policy, introduce the
> > 'aarch32_emulation' parameter which allows overriding
> > CONFIG_AARCH32_EMULATION_DEFAULT_DISABLED state at boot time.
> >
> > Signed-off-by: Andrea della Porta <andrea.porta@suse.com>
> > ---
> > Documentation/admin-guide/kernel-parameters.txt | 7 +++++++
> > arch/arm64/Kconfig | 9 +++++++++
> > arch/arm64/kernel/entry-common.c | 8 +++++++-
> > 3 files changed, 23 insertions(+), 1 deletion(-)
> >
> > diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> > index 0a1731a0f0ef..a41c5e6f5d2e 100644
> > --- a/Documentation/admin-guide/kernel-parameters.txt
> > +++ b/Documentation/admin-guide/kernel-parameters.txt
> > @@ -1,3 +1,10 @@
> > + aarch32_emulation= [ARM64]
> > + Format: <bool>
> > + When true, allows loading 32-bit programs and executing
> > + 32-bit syscalls, essentially overriding
> > + AARCH32_EMULATION_DEFAULT_DISABLED at boot time. when false,
> > + unconditionally disables AARCH32 emulation.
>
> Can we please drop the 'emulation' part of the name? We don't use that
> terminology on arm64 for regular execution of compat tasks, and only use that
> to refer to true emulation of deprecated instructions.
>
> We already have the 'allow_mismatched_32bit_el0' option; can we please us a
> name that aligns with that? e.g. 'allow_32bit_el0=false' to disable support.
>
Sure, 'allow_mismatched_32bit_el0' will do. I'll prepare a patch accordingly.
Andrea
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
WARNING: multiple messages have this Message-ID (diff)
From: Andrea della Porta <aporta@suse.de>
To: Mark Rutland <mark.rutland@arm.com>
Cc: Andrea della Porta <andrea.porta@suse.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>,
linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, nik.borisov@suse.com
Subject: Re: [PATCH 4/4] arm64: Make Aarch32 emulation boot time configurable
Date: Thu, 19 Oct 2023 14:50:13 +0200 [thread overview]
Message-ID: <ZTEmBU73nLnYMfEC@apocalypse> (raw)
In-Reply-To: <ZS_XYwHovY6B7Whp@FVFF77S0Q05N.cambridge.arm.com>
On 14:02 Wed 18 Oct , Mark Rutland wrote:
> On Wed, Oct 18, 2023 at 01:13:22PM +0200, Andrea della Porta wrote:
> > Distributions would like to reduce their attack surface as much as
> > possible but at the same time they'd want to retain flexibility to
> > cater to a variety of legacy software. This stems from the conjecture
> > that compat layer is likely rarely tested and could have latent
> > security bugs. Ideally distributions will set their default policy
> > and also give users the ability to override it as appropriate.
> >
> > To enable this use case, introduce CONFIG_AARCH32_EMULATION_DEFAULT_DISABLED
> > compile time option, which controls whether 32bit processes/syscalls
> > should be allowed or not. This option is aimed mainly at distributions
> > to set their preferred default behavior in their kernels.
> >
> > To allow users to override the distro's policy, introduce the
> > 'aarch32_emulation' parameter which allows overriding
> > CONFIG_AARCH32_EMULATION_DEFAULT_DISABLED state at boot time.
> >
> > Signed-off-by: Andrea della Porta <andrea.porta@suse.com>
> > ---
> > Documentation/admin-guide/kernel-parameters.txt | 7 +++++++
> > arch/arm64/Kconfig | 9 +++++++++
> > arch/arm64/kernel/entry-common.c | 8 +++++++-
> > 3 files changed, 23 insertions(+), 1 deletion(-)
> >
> > diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> > index 0a1731a0f0ef..a41c5e6f5d2e 100644
> > --- a/Documentation/admin-guide/kernel-parameters.txt
> > +++ b/Documentation/admin-guide/kernel-parameters.txt
> > @@ -1,3 +1,10 @@
> > + aarch32_emulation= [ARM64]
> > + Format: <bool>
> > + When true, allows loading 32-bit programs and executing
> > + 32-bit syscalls, essentially overriding
> > + AARCH32_EMULATION_DEFAULT_DISABLED at boot time. when false,
> > + unconditionally disables AARCH32 emulation.
>
> Can we please drop the 'emulation' part of the name? We don't use that
> terminology on arm64 for regular execution of compat tasks, and only use that
> to refer to true emulation of deprecated instructions.
>
> We already have the 'allow_mismatched_32bit_el0' option; can we please us a
> name that aligns with that? e.g. 'allow_32bit_el0=false' to disable support.
>
Sure, 'allow_mismatched_32bit_el0' will do. I'll prepare a patch accordingly.
Andrea
next prev parent reply other threads:[~2023-10-19 12:50 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-18 11:13 [PATCH 0/4] arm64: Make Aarch32 compatibility enablement optional at boot Andrea della Porta
2023-10-18 11:13 ` Andrea della Porta
2023-10-18 11:13 ` [PATCH 1/4] arm64: Introduce aarch32_enabled() Andrea della Porta
2023-10-18 11:13 ` Andrea della Porta
2023-10-18 11:13 ` [PATCH 2/4] arm64/process: Make loading of 32bit processes depend on aarch32_enabled() Andrea della Porta
2023-10-18 11:13 ` Andrea della Porta
2023-10-18 12:52 ` Mark Rutland
2023-10-18 12:52 ` Mark Rutland
2023-10-19 12:38 ` Andrea della Porta
2023-10-19 12:38 ` Andrea della Porta
2023-10-19 14:27 ` Mark Rutland
2023-10-19 14:27 ` Mark Rutland
2023-10-19 14:32 ` Andrea della Porta
2023-10-19 14:32 ` Andrea della Porta
2023-10-19 14:50 ` Mark Rutland, Will Deacon
2023-10-19 14:50 ` Mark Rutland, Will Deacon
2023-10-18 11:13 ` [PATCH 3/4] arm64/entry-common: Make Aarch32 syscalls' availability " Andrea della Porta
2023-10-18 11:13 ` Andrea della Porta
2023-10-18 12:57 ` Mark Rutland
2023-10-18 12:57 ` Mark Rutland
2023-10-19 12:48 ` Andrea della Porta
2023-10-19 12:48 ` Andrea della Porta
2023-10-22 20:30 ` kernel test robot
2023-10-22 20:30 ` kernel test robot
2023-10-18 11:13 ` [PATCH 4/4] arm64: Make Aarch32 emulation boot time configurable Andrea della Porta
2023-10-18 11:13 ` Andrea della Porta
2023-10-18 13:02 ` Mark Rutland
2023-10-18 13:02 ` Mark Rutland
2023-10-19 12:50 ` Andrea della Porta [this message]
2023-10-19 12:50 ` Andrea della Porta
2023-10-18 12:27 ` [PATCH 0/4] arm64: Make Aarch32 compatibility enablement optional at boot Will Deacon
2023-10-18 12:27 ` Will Deacon
2023-10-18 12:44 ` Arnd Bergmann
2023-10-18 12:44 ` Arnd Bergmann
2023-10-19 10:52 ` Andrea della Porta
2023-10-19 10:52 ` Andrea della Porta
2023-10-19 11:41 ` Arnd Bergmann
2023-10-19 11:41 ` Arnd Bergmann
2023-10-19 9:17 ` Andrea della Porta
2023-10-19 9:17 ` Andrea della Porta
2023-10-18 12:52 ` Mark Rutland
2023-10-18 12:52 ` Mark Rutland
2023-10-19 12:34 ` Andrea della Porta
2023-10-19 12:34 ` Andrea della Porta
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZTEmBU73nLnYMfEC@apocalypse \
--to=aporta@suse.de \
--cc=andrea.porta@suse.com \
--cc=catalin.marinas@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=nik.borisov@suse.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.