From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.7 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,UNPARSEABLE_RELAY autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 74B83C433E0 for ; Sun, 31 May 2020 00:26:25 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 098BD207DF for ; Sun, 31 May 2020 00:26:24 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 098BD207DF Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=collabora.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 603C280007; Sat, 30 May 2020 20:26:24 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 5B49E8E0003; Sat, 30 May 2020 20:26:24 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4CA1B80007; Sat, 30 May 2020 20:26:24 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0201.hostedemail.com [216.40.44.201]) by kanga.kvack.org (Postfix) with ESMTP id 348608E0003 for ; Sat, 30 May 2020 20:26:24 -0400 (EDT) Received: from smtpin26.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id E72EB8B4BC for ; Sun, 31 May 2020 00:26:23 +0000 (UTC) X-FDA: 76875122646.26.glove94_7202169076b33 Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin26.hostedemail.com (Postfix) with ESMTP id C8E1F1804B663 for ; Sun, 31 May 2020 00:26:23 +0000 (UTC) X-HE-Tag: glove94_7202169076b33 X-Filterd-Recvd-Size: 3506 Received: from bhuna.collabora.co.uk (bhuna.collabora.co.uk [46.235.227.227]) by imf47.hostedemail.com (Postfix) with ESMTP for ; Sun, 31 May 2020 00:26:23 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (Authenticated sender: krisman) with ESMTPSA id CA2402A0357 From: Gabriel Krisman Bertazi To: Andy Lutomirski Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, kernel@collabora.com, Thomas Gleixner , Kees Cook , Will Drewry , "H . Peter Anvin" , Paul Gofman Subject: Re: [PATCH RFC] seccomp: Implement syscall isolation based on memory areas Organization: Collabora References: <20200530055953.817666-1-krisman@collabora.com> Date: Sat, 30 May 2020 20:26:17 -0400 In-Reply-To: (Andy Lutomirski's message of "Sat, 30 May 2020 15:09:47 -0700") Message-ID: <85367hkl06.fsf@collabora.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: C8E1F1804B663 X-Spamd-Result: default: False [0.00 / 100.00] X-Rspamd-Server: rspam01 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Andy Lutomirski writes: >> On May 29, 2020, at 11:00 PM, Gabriel Krisman Bertazi wrote: >>=20 >> =EF=BB=BFModern Windows applications are executing system call instructi= ons >> directly from the application's code without going through the WinAPI. >> This breaks Wine emulation, because it doesn't have a chance to >> intercept and emulate these syscalls before they are submitted to Linux. >>=20 >> In addition, we cannot simply trap every system call of the application >> to userspace using PTRACE_SYSEMU, because performance would suffer, >> since our main use case is to run Windows games over Linux. Therefore, >> we need some in-kernel filtering to decide whether the syscall was >> issued by the wine code or by the windows application. > > Do you really need in-kernel filtering? What if you could have > efficient userspace filtering instead? That is, set something up so > that all syscalls, except those from a special address, are translated > to CALL thunk where the thunk is configured per task. Then the thunk > can do whatever emulation is needed. Hi, I suggested something similar to my customer, by using libsyscall-intercept. The idea would be overwritting the syscall instruction with a call to the entry point. I'm not a specialist on the specifics of Windows games, (cc'ed Paul Gofman, who can provide more details on that side), but as far as I understand, the reason why that is not feasible is that the anti-cheat protection in games will abort execution if the binary region was modified either on-disk or in-memory. Is there some mechanism to do that without modiyfing the application? > Getting the details and especially the interaction with any seccomp > filters that may be installed right could be tricky, but the performance > should be decent, at least on non-PTI systems. > > (If we go this route, I suspect that the correct interaction with > seccomp is that this type of redirection takes precedence over seccomp > and seccomp filters are not invoked for redirected syscalls. After all, > a redirected syscall is, functionally, not a syscall at all.) > --=20 Gabriel Krisman Bertazi