From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 9D008EB64DC
	for <linux-mm@archiver.kernel.org>; Thu,  6 Jul 2023 11:55:58 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 05DCD8D0005; Thu,  6 Jul 2023 07:55:58 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 00E0C8D0001; Thu,  6 Jul 2023 07:55:57 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id DF38F8D0005; Thu,  6 Jul 2023 07:55:57 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15])
	by kanga.kvack.org (Postfix) with ESMTP id CDD2C8D0001
	for <linux-mm@kvack.org>; Thu,  6 Jul 2023 07:55:57 -0400 (EDT)
Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay08.hostedemail.com (Postfix) with ESMTP id 9402914058C
	for <linux-mm@kvack.org>; Thu,  6 Jul 2023 11:55:57 +0000 (UTC)
X-FDA: 80981033154.12.206376B
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
	by imf13.hostedemail.com (Postfix) with ESMTP id B178720018
	for <linux-mm@kvack.org>; Thu,  6 Jul 2023 11:55:55 +0000 (UTC)
Authentication-Results: imf13.hostedemail.com;
	dkim=pass header.d=kernel.org header.s=k20201202 header.b=QHrNdqEM;
	dmarc=pass (policy=none) header.from=kernel.org;
	spf=pass (imf13.hostedemail.com: domain of pali@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=pali@kernel.org
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1688644555;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:content-transfer-encoding:in-reply-to:
	 references:dkim-signature; bh=DfC8Js2AlSTiOCotnxvM74lmQGrNG2aTCPx50ukhEBg=;
	b=akdqkFnG9e5+sMIWRLGtDW57wclkJggDWcVePRFN0jIX1oMqs7kPMtwhGEYhDwpbxdPsRa
	4l04Sc43DleBp/wpkE+wKnVOrzo5XlckJRjpibBPn1LlL8hoEBbh428iMgxoxQKZmsak5v
	rKPE0PvvkwPoJ2nqbS8kHGTUp9Sq3GY=
ARC-Authentication-Results: i=1;
	imf13.hostedemail.com;
	dkim=pass header.d=kernel.org header.s=k20201202 header.b=QHrNdqEM;
	dmarc=pass (policy=none) header.from=kernel.org;
	spf=pass (imf13.hostedemail.com: domain of pali@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=pali@kernel.org
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1688644555; a=rsa-sha256;
	cv=none;
	b=n682AYzSaNXpi9nlrOaOdFzBovQlIXPWB0DeCSzBFTLHFRye2ylJ3MMbcweET7JQVXGOPN
	LO5Q8O5d/iabvFaNnyOM9LQEtRD/gRvSqalMoliqBSV6mC1w7icI/jLDAZjAf45JvO+mQw
	UK6bDpQ8DY4rgRETYt26fHl2JEmGhWg=
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits))
	(No client certificate requested)
	by dfw.source.kernel.org (Postfix) with ESMTPS id D82A961913;
	Thu,  6 Jul 2023 11:55:54 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 24E3EC433C8;
	Thu,  6 Jul 2023 11:55:54 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1688644554;
	bh=BGc/sGoxt46gvCplYYAp6lrh85oEpbkPlYP/t1UMvII=;
	h=Date:From:To:Cc:Subject:From;
	b=QHrNdqEM7O7UaM9Hk0wAgbbc/0OawSLtVVbHCo+lW91jkW1ivv4ee1wXy5+0HtN5A
	 n0sVLHzoatVIGGHWurEnBQrLdDH1OJ6YYZw+/i2Gwhlp/Mu9z3j2WHmbMfNu1RKWa6
	 fv7bMTWyGavPKaqRyDgU1e9eEf+W8FiVBK5os63ADlB+33bJjcjeAzD2VjaHTQ6pQS
	 asw4acuYkQ3QimKA3jf1ErLHsaVCTXcwu+w/amckpAoR9nfQHnn6drE0+5TPUnaFyZ
	 YA4Yq1Dhjg2+lJAHyI5D+lvoPWkTpFlxAvovuxcug3zmidY7st7IcomGoNFpxqAYDj
	 CQt6pNNmNLIcg==
Received: by pali.im (Postfix)
	id CB6A7970; Thu,  6 Jul 2023 13:55:50 +0200 (CEST)
Date: Thu, 6 Jul 2023 13:55:50 +0200
From: Pali =?utf-8?B?Um9ow6Fy?= <pali@kernel.org>
To: Eric Biederman <ebiederm@xmission.com>,
	Kees Cook <keescook@chromium.org>
Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org
Subject: binfmt_misc & different PE binaries
Message-ID: <20230706115550.sqyh3k26e2glz2lu@pali>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: NeoMutt/20180716
X-Rspamd-Queue-Id: B178720018
X-Rspam-User: 
X-Rspamd-Server: rspam05
X-Stat-Signature: oxeafg94wkhuciszge4zeydiff6wnsy9
X-HE-Tag: 1688644555-593540
X-HE-Meta: U2FsdGVkX19cZcIcFc4a9iavA0mRaYfsgvX+EFkMNEwN3d7vs2vKgmQefHczW9eHwbB/dTp+BHbp9ZoGeQUXa2XvdeEpPXyZ+1Z1D9q16BbjrOCG3dZBBvpShTuWK7ucRr0x3cq3R3REN2uV3do1Z3AcCLGTsXwf75KkfcMqlYaUHxRGQ+x+rb59gDqsNz4jOwJMw4bGF7kDS7W0kkKPvY/tUzf+7vULlYePGWW3yB3NsPoR0oNu0a/oQnf+loBR3bC7ps/tup9DtzGn0XAS+t1Ixo7r+ZOMyABDJR/8iS/pzzYkabt7+HYiGqR69cMdDneDsDEm4DwDkdE3LbZV24n3thDCtnKY9cU/QnC99DhgZcT/S+2iJyNJIlYXI5qjGLqSaEP15FQKHza2iNCS9LZo91b+/hCIUIZBAACUjYwtz6K2SDstSTcFAisJmMxG31Ake+FUezECOIQTy1GG1OHsbySUW7cLCq2OvSCdaJhNRTSE74HxigQni9VVFM6Oz35KvIX3wAEHM7CCgK6V9kZJIPmxJiFo5fjtodfou5ceBG7tllQqYT+lf5suULOeB2C+b9Sj2hj0l8g/3OSRxYvHTGYVClulcvqRc/+/74e/d9rYJBgEkH8DySYqfxJMxF59NaNFXOPkPYZNsPC8q8bdFpmfF6WYNOUov8XH0JVrorxjJBHAlXh52kf2vWnzIccoFvLv/RE4bqkTbpi3upbWeauxiJcZMzmx6yko5TQKqLvWjmdSLHVslOk3dFdpGkot65lEHllNW2YNSYY0j++Q2ZSM0hsFiUfDmd8J28K08spVETP9t3jaUMm7zXUXaADxWHyJFSB7B9D0g6oCGPHme46fbms6iJaLC7wr0W/vE2HUhbQefcsRQHadxDWGXi7suy8OcEdEAlamIFkST+5l0HJxHkVyiLFJmMqlWqMvzs/j/GaYriqgeoHru8CtHof0zbfA3pfzTJS2vhG
 hFCRmt3L
 4+P2hjiijpX725fBA2M78HcNAJfMaTo/fc5hMY/ONQQbC612Y9ce+iCOc8gdrIqeRjEonhMgqo8WmLbELCutyE9X3p8bnaZ2WUJO/8wxV7L1h5tCFepqvjGlBKLRrWPZGCUb5W6oCKPfflAK9KJxB4kJrxLfM1weoLo6BPg/jGoRkao7d0/sCRWtNBM5/xypxo8A5Lzsnu/R5N3gWZJ+Lwgkp+I4nDnofuX7NAHOofiN0JPrBxj6ci6iNBCQ8Quev9/I6ysxOQlcsuOv2tAaFP6pqMKXDtBtWyDzroUA29ZEFKTBWXCsjoipUSNo5XUdvO2G+gIsHEyvx2kHQrgg5eYoUj/7wBGKaHkeaKctMH8VAybjqlRD6i8ZmpuLCZBcwVo/ka4AOv0QlWeKFlc/nUldR7g==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

Hello,

I would like to ask how to properly register binfmt_misc for different
PE binaries, so kernel could execute the correct loader for them.

I mean, how to register support for Win32 (console/gui) PE binaries and
also for CLR PE binaries (dotnet). Win32 needs to be executed under wine
and CLR ideally under dotnet core (or mono).

I have read kernel documentation files admin-guide/binfmt-misc.rst
and admin-guide/mono.rst. But seems that they are in conflicts as both
wants to registers its own handler for the same magic:

  echo ':DOSWin:M::MZ::/usr/local/bin/wine:' > register

  echo ':CLR:M::MZ::/usr/bin/mono:' > /proc/sys/fs/binfmt_misc/register

Not mentioning the fact that they register DOS MZ handler, which matches
not only all PE binaries (including EFI, libraries, other processors),
but also all kind of other NE/LE/LX binaries and different DOS extenders.

>From documentation it looks like that even registering PE binaries is
impossible by binfmt_misc as PE is detected by checking that indirect
reference from 0x3C is PE\0\0. And distinguish between Win32 and CLR
needs to parse PE COM descriptor directory.

Or it is possible to write binfmt_misc pattern match based on indirect
offset?