From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <viro@ftp.linux.org.uk>
X-Google-Smtp-Source: AH8x22742BeZeIa80VyKtqdgI9e7F+kPCOwX5cKMggB+9b9RQ7GpX8lLWAy0s+iGhiJyBgDV3Lzv
ARC-Seal: i=1; a=rsa-sha256; t=1516990055; cv=none;
        d=google.com; s=arc-20160816;
        b=kziELgltrEK9Yiua1H74d6X6glfaoIXs9j5Gxhb0PSBlD134YnPColRDhWk6xgpq18
         0bhHNCfpSDw02XG7mtWCsZ4Em8T1zMhdR9Z+ncY+JLgEsXUgCfu1Tp72VqTUP0O6zDgk
         AJykOGkOTaEDbTQ1Y+v0nkbb8/5vp75LhNDQ/Lur4enJCzKSZPCDD6jhe/UOdN9Ps7DN
         1IU0kO9Cj9yXYuv5pcQOaDNIY1F+obcmODTU4IIYX1hPvOCgWTiGN4pWhYxarDaMlLgU
         8w+RIlwr3VYEN1pR/ZWbKLJF0Yjk1MnDkPP5goWPCUE/ucSr3KfyIQiahBlNGhn53mzd
         VtEA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=sender:user-agent:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date
         :arc-authentication-results;
        bh=GgG3o6BihZmtXaoJtZ6D3rVWetyjMcQXIAZku69SSzI=;
        b=P20dp+pXCc2KpAa2aT6kTptVKypyLRWlLBtYrNgY6m+x20ONE2QsmFy9fIqXRXRqoY
         BeAejYeh4/apNku9WfONwn2Ec6iH8XmFu2luzGZEdOxDOUmbk6D8AWaCjBjzTBfD3uUg
         J+kFOPazfMhPI1UozAw+hEdI1eGIRnVsT7W02KIkstG0kwVOW5KEjUKzM0TerYTWCUVD
         3N/XOFHFdsLkNR31KMgmlViz7Lij1occMRGDiL88ZMCu9c8dCM0LlI8uPpiDJ5LyTfWT
         6cm1VTZvTTbi5nWUv+Whq5MS2jV1RdyyWfIL3ZGybTPDe8KsTGpBaKWaG72HupGloASJ
         uuIQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of viro@ftp.linux.org.uk designates 195.92.253.2 as permitted sender) smtp.mailfrom=viro@ftp.linux.org.uk
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of viro@ftp.linux.org.uk designates 195.92.253.2 as permitted sender) smtp.mailfrom=viro@ftp.linux.org.uk
Date: Fri, 26 Jan 2018 18:07:22 +0000
From: Al Viro <viro@ZenIV.linux.org.uk>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andy Lutomirski <luto@kernel.org>, Alan Cox <alan@linux.intel.com>,
	David Laight <David.Laight@aculab.com>,
	the arch/x86 maintainers <x86@kernel.org>,
	LKML <linux-kernel@vger.kernel.org>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Jann Horn <jannh@google.com>,
	Samuel Neves <samuel.c.p.neves@gmail.com>,
	Dan Williams <dan.j.williams@intel.com>,
	Kernel Hardening <kernel-hardening@lists.openwall.com>,
	Borislav Petkov <bp@alien8.de>
Subject: Re: [PATCH] x86/retpoline/entry: Disable the entire SYSCALL64 fast
 path with retpolines on
Message-ID: <20180126180722.GA13338@ZenIV.linux.org.uk>
References: <CA+55aFyONQeyHit6LcQz_JM5+C9pr61fcWFSpdn=7K_2mZN+oA@mail.gmail.com>
 <CALCETrVUY9p9jMNhuBgM3mWATsr1Fc_ZWc=bjidBkLw7bq5Vdg@mail.gmail.com>
 <CA+55aFwUn7+WiHxL7PBWxNrGB0--HETqUjdRwxi+DkMvCP_CaA@mail.gmail.com>
 <CALCETrV1JHK1ovjjD1vbs08K1an6tq6nbRoAj9uyrY2GUYJJBA@mail.gmail.com>
 <CA+55aFzTXVRPo7OBPMo2OB26GisY8-dg6NaC8ackVJgS9M0+4w@mail.gmail.com>
 <CALCETrU42C1S3nvSuLuamXtp2-s1xBG3q5cSNVOfGThncHxBZA@mail.gmail.com>
 <b8ea504729db4073abf82ebd5d8a53c6@AcuMS.aculab.com>
 <1516976647.5438.6.camel@linux.intel.com>
 <CALCETrXaARjGa+fCmxDDYNQCgv0ZSm+DaUFoXFmRxU9J245HxQ@mail.gmail.com>
 <CA+55aFzr_tvdjsq1B+N1zrprNe-qfwo0At+r8uKiS=BGN_92vQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CA+55aFzr_tvdjsq1B+N1zrprNe-qfwo0At+r8uKiS=BGN_92vQ@mail.gmail.com>
User-Agent: Mutt/1.9.1 (2017-09-22)
Sender: Al Viro <viro@ftp.linux.org.uk>
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: =?utf-8?q?1590316784671066673?=
X-GMAIL-MSGID: =?utf-8?q?1590679363910503215?=
X-Mailing-List: linux-kernel@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>

On Fri, Jan 26, 2018 at 09:40:23AM -0800, Linus Torvalds wrote:
> On Fri, Jan 26, 2018 at 7:57 AM, Andy Lutomirski <luto@kernel.org> wrote:
> >
> > I gave the rearrangement like this a try yesterday and it's a bit of a
> > mess.  Part of the problem is that there are a bunch of pieces of code
> > that expect sys_xyz() to be actual callable functions.
> 
> That's not supposed to be a mess.
> 
> That's part of why we do that whole indirection through SYSC##xyz to
> sys##_xyz: the asm-callable ones will do the full casting of
> troublesome arguments (some architectures have C calling sequence
> rules that have security issues, so we need to make sure that the
> arguments actually follow the right rules and 'int' arguments are
> properly sign-extended etc).
> 
> So that whole indirection could be made to *also* create another
> version of the syscall that instead took the arguments from ptregs.
> 
> We already do exactly that for the tracing events: look how
> FTRACE_SYSCALLS ends up creating that extra metadata.
> 
> The ptreg version should be done the same way: don't make 'sys_xyz()'
> take a struct ptregs, instead make those SYSCALL_DEFINE*() macros
> create a _new_ function called 'ptregs_xyz()' and then that function
> does the argument unpacking.
> 
> Then the x86 system call table can just be switched over to call those
> ptreg versions instead.

Umm...  What about other architectures?  Or do you want SYSCALL_DEFINE...
to be per-arch?  I wonder how much would that "go through pt_regs" hurt
on something like sparc...