On Tue, Jan 17, 2012 at 11:01 AM, Andrew Lutomirski <luto@xxxxxxx> wrote: > On Tue, Jan 17, 2012 at 8:56 AM, Will Drewry <wad@xxxxxxxxxxxx> wrote: >> On Tue, Jan 17, 2012 at 10:45 AM, Oleg Nesterov <oleg@xxxxxxxxxx> wrote: >>> On 01/16, Will Drewry wrote: >>>> >>>> On Mon, Jan 16, 2012 at 12:37 PM, Oleg Nesterov <oleg@xxxxxxxxxx> wrote: >>>> > >>>> > Yes, thanks, I forgot about compat tasks again. But this is easy, just >>>> > we need regs_64_to_32(). >>>> >>>> Yup - we could make the assumption that is_compat_task is always >>>> 32-bit and the pt_regs is always 64-bit, then copy_and_truncate with >>>> regs_64_to_32. Seems kinda wonky though :/ >>> >>> much simpler/faster than what regset does to create the artificial >>> user_regs_struct32. >> >> True, I could collapse pt_regs to looks like the exported ABI pt_regs. >> Then only compat processes would get the copy overhead. That could >> be tidy and not break ABI. It would mean that I have to assume that >> if unsigned long == 64-bit and is_compat_task(), then the task is >> 32-bit. Do you think if we ever add a crazy 128-bit "supercomputer" >> arch that we will add a is_compat64_task() so that I could properly >> collapse? :) >> >> I like this idea! > > FWIW, it's possible for a task to execute in 32-bit mode when > !is_compat_task or in 64-bit mode when is_compat_task. From earlier > in the thread, I think you were planning to block the wrong-bitness > syscall entries, but it's worth double-checking that you don't open up > a hole when a compat task issues the 64-bit syscall instruction. Yup - I had to (see below). > (is_compat_task says whether the executable was marked as 32-bit. The > actual execution mode is determined by the cs register, which the user > can control. See the user_64bit_mode function in > arch/asm/x86/ptrace.h. But maybe it would make more sense to have a > separate 32-bit and 64-bit BPF program and select which one to use > based on the entry point.) So that was my original design, but the problem was with how regviews decides on the user_regs_struct. It decides using TIF_IA32 while I can only check the cross-arch is_compat_task() which checks TS_COMPAT on x86. If I'm just collapsing registers for compat calls (which I am exploring the viability of right now), then I guess I could re-fork the filtering to support compat versus non-compat. The nastier bits there were that I don't want to allow a compat call to be allowed because a process only defined non-compat. I think that can be made manage-able though. I'll finish proving out the possibilities here. Thanks! will -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
