| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 19 Oct 2023 15:50:53 +0100
From: Mark Rutland <mark.rutland@....com>, Will Deacon <will@...nel.org>
To: Andrea della Porta <andrea.porta@...e.com>,
Catalin Marinas <catalin.marinas@....com>,
linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
nik.borisov@...e.com
Subject: Re: [PATCH 2/4] arm64/process: Make loading of 32bit processes
depend on aarch32_enabled()
On Thu, Oct 19, 2023 at 04:32:27PM +0200, Andrea della Porta wrote:
> On 15:27 Thu 19 Oct , Mark Rutland wrote:
> > On Thu, Oct 19, 2023 at 02:38:32PM +0200, Andrea della Porta wrote:
> > > On 13:52 Wed 18 Oct , Mark Rutland wrote:
> > > > On Wed, Oct 18, 2023 at 01:13:20PM +0200, Andrea della Porta wrote:
> > > > > Major aspect of Aarch32 emulation is the ability to load 32bit
> > > > > processes.
> > > > > That's currently decided (among others) by compat_elf_check_arch().
> > > > >
> > > > > Make the macro use aarch32_enabled() to decide if Aarch32 compat is
> > > > > enabled before loading a 32bit process.
> > > > >
> > > > > Signed-off-by: Andrea della Porta <andrea.porta@...e.com>
> > > >
> > > > Why can't you make system_supports_32bit_el0() take the option into account
> > > > instead?
> > > >
> > >
> > > I may be wrong here, but it seems to me that system_supports_32bit_el0()
> > > answers teh question "can this system supports compat execution?" rather than
> > > "do I want this system to run any compat execution?". That's the point of
> > > aarch32_enabled(), to state whether we want teh system to run A32 code or not,
> > > regardless of the system supporting it (of course, if the system does not
> > > support A32 in EL0, this is a no-no, but that's another story).
> >
> > That's what the implementation does today, but we're really using it as a "do
> > we intend for 32-bit EL0 to work?" predicate, and generally the
> > system_supports_${FEATURE}() helpers are affected by the combination of actual
> > HW support, kernel config options, *and* kernel command line options. For
> > example, system_supports_sve() is affected by both CONFIG_ARM64_SVE and the
> > "arm64.nosve" command line option.
> >
> > Thanks,
> > Mark.
>
> Many thanks for the explanation, then inserting aach32_enabled() in
> system_supports_32bit_el0() is the way to go.
I think what we should do here is clean up the way we implement
system_supports_32bit_el0() such that it can be a cpucap, and have the
conditions that would affect aarch32_enabled() feed into that. That way,
system_supports_32bit_el0() will compile down to a single branch/nop (or elided
entirely when known to be false at compile-time), and with that I think can
reasonably fold the existing UNHANDLED() logic into the entry-common.c
exception handlers as a simplification.
The only obviously painful part is that enable_mismatched_32bit_el0() allows
(mismatched) AArch32 support to be enabled after we finalize system cpucaps, as
part of a late hotplug. I suspect that was implemented that way for expedience
rather than because we wanted to enable mismatched AArch32 after finalizing
cpucaps.
Will, do you remember why we used a cpuhp callback for enabling mismatched
32-bit support? I couldn't see anything explicit in the commit message for:
2122a833316f2f3f ("arm64: Allow mismatched 32-bit EL0 support")
... and I suspect it was just easier to write that way, rather than adding more
code around setup_system_capabilities() ?
Mark.
Powered by blists - more mailing lists