| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <cover.1697614386.git.andrea.porta@suse.com>
Date: Wed, 18 Oct 2023 13:13:18 +0200
From: Andrea della Porta <andrea.porta@...e.com>
To: Catalin Marinas <catalin.marinas@....com>,
Will Deacon <will@...nel.org>,
linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org
Cc: nik.borisov@...e.com, Andrea della Porta <andrea.porta@...e.com>
Subject: [PATCH 0/4] arm64: Make Aarch32 compatibility enablement optional at boot
Aarch32 compatibility mode is enabled at compile time through
CONFIG_COMPAT Kconfig option. This patchset lets 32-bit support
(for both processes and syscalls) be enabled at boot time using
a kernel parameter. Also, it provides a mean for distributions
to set their own default without sacrificing compatibility support,
that is users can override default behaviour through the kernel
parameter.
*** Notes about syscall management ***
VBAR_EL1 register, which holds the exception table address,
is setup very early in the boot process, before parse_early_param().
This means that it's not possible to access boot parameter before
setting the register. Also, setting the aforementioned register
for secondary cpus is done later in the boot flow.
Several ways to work around this has been considered, among which:
* resetting VBAR_EL1 to point to one of two vector tables (the
former with 32-bit exceptions handler enabled and the latter
pointing to unhandled stub, just as if CONFIG_COMPAT is enabled)
depending on the proposed boot parameter. This has the disadvantage
to produce a somewhat messy patchset involving several lines,
has higher cognitive load since there are at least three places
where the register is getting changed (not near to each other),
and have implications on other code segments (namely kpti, kvm
and vdso), requiring special care.
* patching the vector table contents once the early param is available.
This has most of the implications of the previous option
(except maybe not impacting other code segments), plus it sounds
a little 'hackish'.
The chosen approach involves conditional executing 32-bit syscalls
depending on the parameter value. This of course results in a
little performance loss, but has the following advantages:
* all the cons from previously explained alternatives are solved
* users of 32-bit apps on 64-bit kernel are already suffering from
performance losses due to 32-bit apps not fully leveraging the 64-bit
processor, so they are already aware of this
* users of 32-bit apps on 64-bit kernel are believed
to be a minority and most of the time there are sources available
to be recompiled for 64-bit as a workaround for better performance
It worth mentioning that users of 64-bit apps are, of course,
unaffected.
Based on the work from Nikolay Borisov, see:
Link: https://lkml.org/lkml/2023/6/23/387
Andrea della Porta (4):
arm64: Introduce aarch32_enabled()
arm64/process: Make loading of 32bit processes depend on
aarch32_enabled()
arm64/entry-common: Make Aarch32 syscalls' availability depend on
aarch32_enabled()
arm64: Make Aarch32 emulation boot time configurable
.../admin-guide/kernel-parameters.txt | 7 ++++
arch/arm64/Kconfig | 9 +++++
arch/arm64/include/asm/compat.h | 12 +++++++
arch/arm64/kernel/entry-common.c | 33 +++++++++++++++++--
arch/arm64/kernel/process.c | 2 +-
5 files changed, 59 insertions(+), 4 deletions(-)
--
2.35.3
Powered by blists - more mailing lists