From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id BFD67C0015E
	for <linux-mm@archiver.kernel.org>; Sun,  6 Aug 2023 16:23:54 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 912176B0072; Sun,  6 Aug 2023 12:23:53 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 8C1A66B0074; Sun,  6 Aug 2023 12:23:53 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 788BA6B0075; Sun,  6 Aug 2023 12:23:53 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15])
	by kanga.kvack.org (Postfix) with ESMTP id 698A36B0072
	for <linux-mm@kvack.org>; Sun,  6 Aug 2023 12:23:53 -0400 (EDT)
Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay02.hostedemail.com (Postfix) with ESMTP id 271BD120833
	for <linux-mm@kvack.org>; Sun,  6 Aug 2023 16:23:53 +0000 (UTC)
X-FDA: 81094201146.18.0C17D92
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
	by imf10.hostedemail.com (Postfix) with ESMTP id 506B7C001A
	for <linux-mm@kvack.org>; Sun,  6 Aug 2023 16:23:51 +0000 (UTC)
Authentication-Results: imf10.hostedemail.com;
	dkim=pass header.d=kernel.org header.s=k20201202 header.b=lHl824MQ;
	dmarc=pass (policy=none) header.from=kernel.org;
	spf=pass (imf10.hostedemail.com: domain of pali@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=pali@kernel.org
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1691339031; a=rsa-sha256;
	cv=none;
	b=ovA/88UIhEyAYKrsnXI3YoTNXSREU9/P/GAWQd96tm5e3WXxbOnD4hAyOjpA+hsC37q7Px
	IcgATkLuBYjTI9peCnSdcXpisvIAYBaLuVxaa+/qGaC1Qa6MckY2CjHVfZpwfyOUHkftxA
	7v7KS82r5oJ8Vt5kGYgRjiyDMI2Z76s=
ARC-Authentication-Results: i=1;
	imf10.hostedemail.com;
	dkim=pass header.d=kernel.org header.s=k20201202 header.b=lHl824MQ;
	dmarc=pass (policy=none) header.from=kernel.org;
	spf=pass (imf10.hostedemail.com: domain of pali@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=pali@kernel.org
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1691339031;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=Lnwm/mc+XxmmLSXiER3Pgnk2IR8GvbHg5YZUfrsA8hA=;
	b=0cnq6ifI3n9ndL+FIElWHOL7Ueamb+2XtVS/pP70Si4sqAOOMXB6XSXItuJPEo7N4BUGFR
	L19BQO+32R90PAYM9TbaUIgVthwe3GB5LvaY7TwRz3ms0HlHEUD/LQsCTsplCafiaDyHiN
	pDuo9DEQ3qtmZR+5ce6yNKSlQ+QnuJI=
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits))
	(No client certificate requested)
	by dfw.source.kernel.org (Postfix) with ESMTPS id 2FB8E60EF3;
	Sun,  6 Aug 2023 16:23:50 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6A5B4C433C8;
	Sun,  6 Aug 2023 16:23:49 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1691339029;
	bh=WvFbeGSja2fHMrxL2gi9+8yw0glACJgkp0g0wx3S3X8=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=lHl824MQUgGjsskvmnR12XTxpi0jiVMNlZjh7ntIn+BFtzVz4rfT9hNRdDqe/67GC
	 Nu5jkNTL2uDrLtaDP/76/Zt7JxzfmNci3FeVjPWCCqBS3KRoLaoI9kxfx1fWRe1bDq
	 7uoCewZ2DQUQjTcTxHBFUicazxePi7Sovf0xGlvr+t+nR1lEWTptBFwwbyVnryWRoJ
	 /sXh1HGB21hosXGkSWH/ZGFUskEFrEyetxv+x7FqKym2lM5jroFn+Kx5jTgHHm/5aN
	 5U72pnwST8yHaIMxpERNWpZXGbe7LWd0hKE8iw0qrsIS6NdVjw9IunBXd9ZnSv7HG7
	 rcgfdE6bHGMUw==
Received: by pali.im (Postfix)
	id EB6E280E; Sun,  6 Aug 2023 18:23:46 +0200 (CEST)
Date: Sun, 6 Aug 2023 18:23:46 +0200
From: Pali =?utf-8?B?Um9ow6Fy?= <pali@kernel.org>
To: Eric Biederman <ebiederm@xmission.com>,
	Kees Cook <keescook@chromium.org>
Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org
Subject: Re: binfmt_misc & different PE binaries
Message-ID: <20230806162346.v7gjoev2nepxlcox@pali>
References: <20230706115550.sqyh3k26e2glz2lu@pali>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <20230706115550.sqyh3k26e2glz2lu@pali>
User-Agent: NeoMutt/20180716
X-Rspam-User: 
X-Rspamd-Server: rspam06
X-Rspamd-Queue-Id: 506B7C001A
X-Stat-Signature: he78kyqhnjko41s1156rbbkxdhkh3j77
X-HE-Tag: 1691339031-343055
X-HE-Meta: U2FsdGVkX18dTyz77bEzY8iJ1LZob0B7DjDvTZd0wvYHxI4tOznZlbNvfIK2FV9zswsvxgZiocCR7D/N7MLmhTca0+bMSOq96Q4oP9oHiX3KHauUe+atfCpHoEXQYjuL2Xfc/sPY4x7GIkM6n/5mrk11Wf5OkOHDFV/rjj8KHJWNQnQ5z1imk+enuFPmIotO01I4hiB2LZhKf9KanGiippZzR11rc1T4ORUsIRwlRrbzqE2GpyM1ShfKKG0voKVdrDXXx5QDYzS6ohEcKRT4Ur3ZOOn70oxChbiWyYj+8Inzg2IlSmPB3t83yX75D2MPxvICjgv0P29QWod61zwvnbMwUWHj+XfwVL+ZHXShPMuwolNs3xE4Bveytey6QjU2xl0LHJUhuknyKtIH3SRFHlPY2xilnNu1CpS2cLePA+RHMXS2is+P9X9fiHzlK+pkXkiihuoWXbOT/EEEYUVM7l7YeCROCb1SLieEcDKHrcDPOUzXcqjq6EQE9RmyLtoIsbaz/E709cicPezjWtemme3mKAjKy4MKkEo1NSkGYFc1J3LcUFxchLFW0NBBumPxoxA/olDYWXsejpLUFNP73wo4+nHGnKfoMPgDDovyRs71iaOOGmWPxkl8zf1OhUfxsEaz/J4W0uYk5gI+mZ7Uk+Kil0RvHLo+WBsTGUcfIDV1dy7TijH1lrFZUGMVNKpF5hK/xh9yBQa/MQ7Uf2aE5TJXfD5qccTseEdcTb+ekjXaRZeeplhZETrdPZEHN8xDgwroNRmMhUL0D856qz4Y4FRj3Ed3IkOPjF9N/cdFCVPQm0WvzU+kYYflZw5EVQz6pTg8PkV35YPJOmx/kWR8ekF2oygkc2gsOgJa8akW/RMDgcV7ghuoUXP58kojKXxo2pRpEV6X2aU9MOrb8SzaZL2M0piKZ3RGHGF20uyiGSS30WNOo2OgBHS9YGWoVbLww3nsIRQJlpCAyfjBt2c
 n7jUvt/1
 xnJ2cfnVt6DoistKX2uT8cFn9lXFkLLv6Q4bRulVNo1x+URQ74aizw11eaM0YiFzVJX0+hAyXTYK1WC0cp0MOyH0EqXO+rHdwqJoppiP+1np/vkA+bw/upPQaY2wPnp18Ksf64ImfkeZVdIjo6wv+DhKzuAy6SzVJDQVbskSHRZRzpVTheDMenKzITFUlnKAtITW9gMhAxIEN9McZ0qa+cFSZh1h8rkHF6YzJLniCZHBGcGf09jW1+WOiOBauVSK5gA+PuoX+6WFLZpqbM6nzo60g4WK3TaHLX/tCQlB+Grwym6weBkd4vUYW/kXpo9wMJSBr6ciy6N7dzsTn8og6fZLFMM81gYsxsohfaJV8GetTXxTyqG5DVMOO2aM8BJi+G4kf06rnc5k+iqo8SxO5fCBLnQ==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

Hello, I would like to remind this email about binfmt_misc for PE.

On Thursday 06 July 2023 13:55:50 Pali Rohár wrote:
> Hello,
> 
> I would like to ask how to properly register binfmt_misc for different
> PE binaries, so kernel could execute the correct loader for them.
> 
> I mean, how to register support for Win32 (console/gui) PE binaries and
> also for CLR PE binaries (dotnet). Win32 needs to be executed under wine
> and CLR ideally under dotnet core (or mono).
> 
> I have read kernel documentation files admin-guide/binfmt-misc.rst
> and admin-guide/mono.rst. But seems that they are in conflicts as both
> wants to registers its own handler for the same magic:
> 
>   echo ':DOSWin:M::MZ::/usr/local/bin/wine:' > register
> 
>   echo ':CLR:M::MZ::/usr/bin/mono:' > /proc/sys/fs/binfmt_misc/register
> 
> Not mentioning the fact that they register DOS MZ handler, which matches
> not only all PE binaries (including EFI, libraries, other processors),
> but also all kind of other NE/LE/LX binaries and different DOS extenders.
> 
> From documentation it looks like that even registering PE binaries is
> impossible by binfmt_misc as PE is detected by checking that indirect
> reference from 0x3C is PE\0\0. And distinguish between Win32 and CLR
> needs to parse PE COM descriptor directory.
> 
> Or it is possible to write binfmt_misc pattern match based on indirect
> offset?