From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 11159CDB483 for ; Thu, 19 Oct 2023 09:17:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References: Message-ID:Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=QJoKplNlDi+NqzxIV+0yYfWHedRW0n3GjLRGqrbrMPY=; b=w30zqAyP7y8HEb DG5deJdQXDWJE200ftFuGUxqf0MTcIwKcQV97UkUDhFjOJxbyaTUqF28lpwOvfkkgNRKVSvCEmR0L 4ggOsBkD0khWcRu4eTvP+vzN2lVpAvfZ9xYwX5dH8tesgM8CDwlaYJ+EmtBVhgYU3TWravsybyKMb RndVHAwMR9xYJ7Ekx/0Ah9/5GujmXDFlnHGaZ1o9ktAXLZ7N0qA4qR5WWV4Xor9ciiD//KcHhHklM zJA8aYjIGcdN+OrNl/EiglHUbOjyrLW5o/lw54vvB3IXYv775BNIGT/X81uFcpIkUPg+pYnybtsM1 C3SDbmCIS/qdvqsG9COQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1qtP9O-00Gpm3-2f; Thu, 19 Oct 2023 09:17:06 +0000 Received: from smtp-out2.suse.de ([195.135.220.29]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1qtP9M-00GplU-13 for linux-arm-kernel@lists.infradead.org; Thu, 19 Oct 2023 09:17:05 +0000 Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id C2E181FD91; Thu, 19 Oct 2023 09:17:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1697707020; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=ZprsuHZTxDGGvkpD70ElLcVpDjdCC6AMdVMYjcnRnhI=; b=T3uCxO2RX/VCsAwxswLlNr9T+uYeTq/jP11mL2rPUI0bgMoLC6tcgB19uGJ2vIlGaQZvGj 8p3OAOwqbC9uNSCAb5RK6CSDQmXAdoUep708lm9AG7UHPwDyygvH4jDPHFWfh87GunwdZp ucopG1IAHQatVTODx1g9tpU3TuSHUzI= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1697707020; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=ZprsuHZTxDGGvkpD70ElLcVpDjdCC6AMdVMYjcnRnhI=; b=5/lVFspdxsQdL4g7iVg/loSdldfyf99T75JLfM6IkwsaXbmGy4vM+InrlM9AkwCh6SdiE+ QdXqORzJDw894UDA== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id ACDF7139C2; Thu, 19 Oct 2023 09:17:00 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id TQPCKAz0MGW9VQAAMHmgww (envelope-from ); Thu, 19 Oct 2023 09:17:00 +0000 Date: Thu, 19 Oct 2023 11:17:00 +0200 From: Andrea della Porta To: Will Deacon Cc: Andrea della Porta , Catalin Marinas , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, nik.borisov@suse.com, arnd@arndb.de, keescook@chromium.org Subject: Re: [PATCH 0/4] arm64: Make Aarch32 compatibility enablement optional at boot Message-ID: Mail-Followup-To: Will Deacon , Andrea della Porta , Catalin Marinas , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, nik.borisov@suse.com, arnd@arndb.de, keescook@chromium.org References: <20231018122729.GA18556@willie-the-truck> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20231018122729.GA18556@willie-the-truck> Authentication-Results: smtp-out2.suse.de; none X-Spamd-Result: default: False [-7.61 / 50.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-3.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; REPLY(-4.00)[]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; NEURAL_HAM_SHORT(-1.00)[-1.000]; RCPT_COUNT_SEVEN(0.00)[8]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; MID_RHS_NOT_FQDN(0.50)[]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; BAYES_HAM(-0.01)[51.25%] X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20231019_021704_507327_DC7F44C2 X-CRM114-Status: GOOD ( 18.91 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On 13:27 Wed 18 Oct , Will Deacon wrote: > Hi, > > On Wed, Oct 18, 2023 at 01:13:18PM +0200, Andrea della Porta wrote: > > Aarch32 compatibility mode is enabled at compile time through > > CONFIG_COMPAT Kconfig option. This patchset lets 32-bit support > > (for both processes and syscalls) be enabled at boot time using > > a kernel parameter. Also, it provides a mean for distributions > > to set their own default without sacrificing compatibility support, > > that is users can override default behaviour through the kernel > > parameter. > > I proposed something similar in the past: > > https://lkml.kernel.org/linux-fsdevel/20210916131816.8841-1-will@kernel.org/ > > bu the conclusion there (see the reply from Kees) was that it was better > to either use existing seccomp mechanisms or add something to control > which binfmts can be loaded. > > Will I see. Seccomp sounds like a really good idea, since just blocking the compat binfmt would not avoid the call to 32-bit syscalls per se: it's true that ARM64 enforce the transition from A64 to A32 only on exception return and PSTATE.nRW flag can change only from EL1, maybe though some exploitation may arise in the future to do just that (I'm not aware of any or come up with a proof off the top of my head, but I can't exclude it either). So, assuming by absurd a switch to A32 is feasible, the further step of embedding A32 instruction in a A64 ELF executable is a breeze. Hence blocking the syscall (and not only the binfmt loading) could prove necessary. I know all of this is higly speculative right now, maybe it's worth thinking nonetheless. Andrea _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel