From: Arnd Bergmann <arnd@arndb.de>
To: Andy Lutomirski <luto@amacapital.net>
Cc: Yury Norov <ynorov@caviumnetworks.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Linux ARM <linux-arm-kernel@lists.infradead.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
"open list:DOCUMENTATION" <linux-doc@vger.kernel.org>,
linux-arch <linux-arch@vger.kernel.org>,
Linux API <linux-api@vger.kernel.org>,
Adam Borowski <kilobyte@angband.pl>,
Alexander Graf <agraf@suse.de>,
Alexey Klimov <klimov.linux@gmail.com>,
Andreas Schwab <schwab@suse.de>,
Andrew Pinski <pinskia@gmail.com>,
Bamvor Zhangjian <bamv2005@gmail.com>,
Chris Metcalf <cmetcalf@mellanox.com>,
Christoph Muellner <christoph.muellner@theobroma-systems.com>,
Dave Martin <Dave.Martin@arm.com>,
David Miller <davem@davemloft.net>,
Florian Weimer <fweimer@redhat.com>
Subject: Re: [PATCH v9 00/24] ILP32 for ARM64
Date: Sun, 14 Oct 2018 21:49:01 +0200 [thread overview]
Message-ID: <CAK8P3a1Yhhv1TcQTcF0MinicGovgp_0g_sXqADe3fjVTtOK_aw@mail.gmail.com> (raw)
In-Reply-To: <CALCETrVuabkb5ZQOSgQQTEq8CrS602NBpAkE2=4n982r1f5reQ@mail.gmail.com>
On Sat, Oct 13, 2018 at 9:36 PM Andy Lutomirski <luto@amacapital.net> wrote:
>
> On Wed, May 16, 2018 at 1:19 AM Yury Norov <ynorov@caviumnetworks.com> wrote:
> >
> > This series enables AARCH64 with ILP32 mode.
> >
> > As supporting work, it introduces ARCH_32BIT_OFF_T configuration
> > option that is enabled for existing 32-bit architectures but disabled
> > for new arches (so 64-bit off_t userspace type is used by new userspace).
> > Also it deprecates getrlimit and setrlimit syscalls prior to prlimit64.
>
> Second, ILP32 user code is highly unlikely
> to end up with the same struct layout as ILP64 code. The latter seems
> like it should be solved entirely in userspace by adding a way to
> annotate a structure as being a kernel ABI structure and getting the
> toolchain to lay it out as if it were ILP64 even though the target is
> ILP32.
The syscall ABI could be almost completely abstracted in glibc, the
main issue is ioctl and a couple of related interfaces that pass data
structures (read() on /dev/input/*, mmap on /dev/snd/*
or raw sockets, fcntl).
The question whether a data type is laid out like a 64-bit architecture
would cannot be a property of the type in most of those cases,
because the same types are used elsewhere. Many ioctls just
take a pointer to a 'long' or similar, and then you have structures
like 'timespec' that are used both in syscall/ioctl ABI and in normal
user space code, but are required to be laid out differently there.
(timespec is a bad example because y2038 of course, but it
illustrates the point).
> 2. I think you should make a conscious decision as to whether the
> ILP32-ness of a syscall is a property of the task or of the syscall.
> On x86, x32-ness is a property of the syscall, but historically it
> also got rather entangled with the state of the task, and the result
> was a mess. It looks like you're making it be a property of the task,
> which is fine, but you're making it impossible for very clever ILP32
> libraries to include little ILP64 stubs that do fancy things with full
> 64-bit syscalls.
>
> 3. Make very certain that you aren't exploitable by malicious
> processes that set the high bits in ILP32 syscall args. x86 compat
> has issues like that in the past.
This point was actually the most important one for keeping the
aarch64 ilp32 interface as restricted as it is: it doesn't allow
anything that the normal aarch32/armv7 emulation doesn't
already provide.
Arnd
next prev parent reply other threads:[~2018-10-14 19:49 UTC|newest]
Thread overview: 68+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-16 8:18 [PATCH v9 00/24] ILP32 for ARM64 Yury Norov
2018-05-16 8:18 ` [PATCH 01/24] arm64: signal: Make parse_user_sigframe() independent of rt_sigframe layout Yury Norov
2018-05-16 8:18 ` [PATCH 02/24] ptrace: Add compat PTRACE_{G,S}ETSIGMASK handlers Yury Norov
2018-05-16 8:18 ` [PATCH 03/24] compat ABI: use non-compat openat and open_by_handle_at variants Yury Norov
2018-05-16 8:18 ` [PATCH 04/24] 32-bit userspace ABI: introduce ARCH_32BIT_OFF_T config option Yury Norov
2018-06-08 17:32 ` Catalin Marinas
2018-06-08 22:33 ` Palmer Dabbelt
2018-06-09 7:43 ` Yury Norov
2018-06-09 21:13 ` Adam Borowski
2018-06-09 7:42 ` Yury Norov
2018-06-11 7:48 ` Arnd Bergmann
2018-06-11 11:27 ` Yury Norov
2018-06-25 6:19 ` Yury Norov
2018-08-02 18:30 ` Palmer Dabbelt
2018-05-16 8:18 ` [PATCH 05/24] asm-generic: Drop getrlimit and setrlimit syscalls from default list Yury Norov
2018-05-16 8:18 ` [PATCH 06/24] thread: move thread bits accessors to separated file Yury Norov
2018-05-16 8:18 ` [PATCH 07/24] arm64: ilp32: add documentation on the ILP32 ABI for ARM64 Yury Norov
2018-05-23 14:06 ` Pavel Machek
2018-05-24 12:15 ` Yury Norov
2018-05-24 12:24 ` Dr. Philipp Tomsich
2018-05-16 8:18 ` [PATCH 08/24] arm64: rename COMPAT to AARCH32_EL0 in Kconfig Yury Norov
2018-05-16 8:18 ` [PATCH 09/24] arm64: rename functions that reference compat term Yury Norov
2018-05-16 8:18 ` [PATCH 10/24] arm64: uapi: set __BITS_PER_LONG correctly for ILP32 and LP64 Yury Norov
2018-05-16 8:18 ` [PATCH 11/24] arm64: introduce is_a32_task and is_a32_thread (for AArch32 compat) Yury Norov
2018-05-16 8:18 ` [PATCH 12/24] arm64: ilp32: add is_ilp32_compat_{task,thread} and TIF_32BIT_AARCH64 Yury Norov
2018-05-16 8:18 ` [PATCH 13/24] arm64: introduce binfmt_elf32.c Yury Norov
2018-05-16 8:18 ` [PATCH 14/24] arm64: change compat_elf_hwcap and compat_elf_hwcap2 prefix to a32 Yury Norov
2018-05-16 8:19 ` [PATCH 15/24] arm64: ilp32: introduce binfmt_ilp32.c Yury Norov
2018-05-16 8:19 ` [PATCH 16/24] arm64: ilp32: share aarch32 syscall handlers Yury Norov
2018-05-16 8:19 ` [PATCH 17/24] arm64: ilp32: add sys_ilp32.c and a separate table (in entry.S) to use it Yury Norov
2018-05-16 8:19 ` [PATCH 18/24] arm64: signal: share lp64 signal structures and routines to ilp32 Yury Norov
2018-05-16 8:19 ` [PATCH 19/24] arm64: signal32: move ilp32 and aarch32 common code to separated file Yury Norov
2018-05-16 8:19 ` [PATCH 20/24] arm64: ilp32: introduce ilp32-specific sigframe and ucontext Yury Norov
2018-05-16 8:19 ` [PATCH 21/24] arm64: ptrace: handle ptrace_request differently for aarch32 and ilp32 Yury Norov
2018-05-16 8:19 ` [PATCH 22/24] arm64:ilp32: add vdso-ilp32 and use for signal return Yury Norov
2018-05-16 8:19 ` [PATCH 23/24] arm64:ilp32: add ARM64_ILP32 to Kconfig Yury Norov
2018-05-16 8:19 ` [PATCH 24/24] arm64: ilp32: Make the Kconfig option default y Yury Norov
2018-07-24 17:39 ` [PATCH v9 00/24] ILP32 for ARM64 Yury Norov
2018-07-25 9:48 ` Andreas Schwab
2018-10-10 14:10 ` Eugene Syromiatnikov
2018-10-10 14:18 ` Arnd Bergmann
2018-10-10 14:39 ` Szabolcs Nagy
2018-10-13 2:07 ` Eugene Syromiatnikov
2018-10-13 9:20 ` Catalin Marinas
2018-10-14 19:53 ` Arnd Bergmann
2018-10-10 15:36 ` Catalin Marinas
2018-10-13 2:14 ` Eugene Syromiatnikov
2018-10-13 9:34 ` Catalin Marinas
2018-10-13 13:43 ` Yury Norov
2018-10-13 16:54 ` Andy Lutomirski
2018-10-13 19:36 ` Andy Lutomirski
2018-10-14 19:49 ` Arnd Bergmann [this message]
2018-10-18 11:14 ` Catalin Marinas
2018-11-19 21:29 ` Yury Norov
2019-01-07 15:50 ` Yuri Norov
[not found] ` <DC9A951E-B638-4820-8499-02D5322E7DF7@amacapital.net>
2019-01-07 20:43 ` Yuri Norov
2019-01-08 21:18 ` [PATCH] arm64: introduce AUDIT_ARCH_AARCH64ILP32 for ilp32 Yuri Norov
2019-03-05 20:56 ` [PATCH v9 00/24] ILP32 for ARM64 Yury Norov
2019-05-08 22:59 ` Yury Norov
2019-05-08 23:10 ` Yury Norov
2019-05-13 8:48 ` Andreas Schwab
2019-05-13 20:16 ` [EXT] " Yuri Norov
2019-05-14 10:43 ` [LTP] " Cyril Hrubis
2019-05-14 23:01 ` Yury Norov
2019-05-14 23:41 ` Yury Norov
2019-07-09 22:42 ` Yury Norov
-- strict thread matches above, loose matches on Subject: below --
2018-05-15 19:11 Yury Norov
2018-05-15 19:40 ` Yury Norov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAK8P3a1Yhhv1TcQTcF0MinicGovgp_0g_sXqADe3fjVTtOK_aw@mail.gmail.com \
--to=arnd@arndb.de \
--cc=Dave.Martin@arm.com \
--cc=agraf@suse.de \
--cc=bamv2005@gmail.com \
--cc=catalin.marinas@arm.com \
--cc=christoph.muellner@theobroma-systems.com \
--cc=cmetcalf@mellanox.com \
--cc=davem@davemloft.net \
--cc=fweimer@redhat.com \
--cc=kilobyte@angband.pl \
--cc=klimov.linux@gmail.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=pinskia@gmail.com \
--cc=schwab@suse.de \
--cc=ynorov@caviumnetworks.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).