From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5AF75E77197 for ; Thu, 9 Jan 2025 16:19:56 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B15A66B008C; Thu, 9 Jan 2025 11:19:55 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id A9F7C6B0092; Thu, 9 Jan 2025 11:19:55 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 93F166B0093; Thu, 9 Jan 2025 11:19:55 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 743266B008C for ; Thu, 9 Jan 2025 11:19:55 -0500 (EST) Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 173B216025B for ; Thu, 9 Jan 2025 16:19:55 +0000 (UTC) X-FDA: 82988424750.14.3DBCA68 Received: from out03.mta.xmission.com (out03.mta.xmission.com [166.70.13.233]) by imf07.hostedemail.com (Postfix) with ESMTP id D8B5640013 for ; Thu, 9 Jan 2025 16:19:52 +0000 (UTC) Authentication-Results: imf07.hostedemail.com; dkim=none; dmarc=pass (policy=none) header.from=xmission.com; spf=pass (imf07.hostedemail.com: domain of ebiederm@xmission.com designates 166.70.13.233 as permitted sender) smtp.mailfrom=ebiederm@xmission.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1736439593; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Uqlb+/CQ0U57+e7MyqlXHtFTnpg/3coOYCDXTy3/KYc=; b=H7+Qb7KfYhoo7v1ARkeKpXR2CtKlv/UWTAam81TnBvxOkEeqF1gKKaeUjOB6xkBZsqMqYO daBqilqXF3/efpQMGomT5bE2OP0KoFo7T5WSohlzJfiQV9ahCx0KkkWNy0dYy8gdycIieT IvM4KfLBuaSg/XXQc74M+XMrEVG7++4= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1736439593; a=rsa-sha256; cv=none; b=2H5FDsZlzB+UArqu4QeG2hogMh9ILUPib89m7VdTfbJ7ZpoTKezZDVxtwBnRYD2M5qqYIW Dshkq6Wq3tbVyL/f9nW6yYpx2L4BXCd95FdfrGMtseW+LocbSbQ+s/m0iT0em9GHOCosYj 6xfWyCNZpDpxOE8qoLUe0joAMXoYkN8= ARC-Authentication-Results: i=1; imf07.hostedemail.com; dkim=none; dmarc=pass (policy=none) header.from=xmission.com; spf=pass (imf07.hostedemail.com: domain of ebiederm@xmission.com designates 166.70.13.233 as permitted sender) smtp.mailfrom=ebiederm@xmission.com Received: from in01.mta.xmission.com ([166.70.13.51]:59428) by out03.mta.xmission.com with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.93) (envelope-from ) id 1tVvG6-004LZS-Rm; Thu, 09 Jan 2025 09:19:46 -0700 Received: from ip72-198-198-28.om.om.cox.net ([72.198.198.28]:44194 helo=email.froward.int.ebiederm.org.xmission.com) by in01.mta.xmission.com with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.93) (envelope-from ) id 1tVvG5-009qdf-JI; Thu, 09 Jan 2025 09:19:46 -0700 From: "Eric W. Biederman" To: John Paul Adrian Glaubitz Cc: Arnd Bergmann , Richard Henderson , Matt Turner , Kees Cook , "Paul E. McKenney" , linux-alpha@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, Michael Cree , Sam James , "Maciej W. Rozycki" , Geert Uytterhoeven , Michael Karcher , Chris Hofstaedtler , util-linux@vger.kernel.org, linux-mips@vger.kernel.org, loongarch@lists.linux.dev References: <20250103140148.370368-1-glaubitz@physik.fu-berlin.de> <24f03227-1b55-4e50-b6e9-7ac74fda2602@app.fastmail.com> <678ee681-12c3-4e79-a04b-495daf343846@app.fastmail.com> <82d33a2d-dffe-4268-a175-4536b3f9c07f@app.fastmail.com> Date: Thu, 09 Jan 2025 10:18:42 -0600 In-Reply-To: (John Paul Adrian Glaubitz's message of "Thu, 09 Jan 2025 10:12:03 +0100") Message-ID: <87ed1cufj1.fsf@email.froward.int.ebiederm.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-XM-SPF: eid=1tVvG5-009qdf-JI;;;mid=<87ed1cufj1.fsf@email.froward.int.ebiederm.org>;;;hst=in01.mta.xmission.com;;;ip=72.198.198.28;;;frm=ebiederm@xmission.com;;;spf=pass X-XM-AID: U2FsdGVkX19rKnAbYTd2HzCFmMonoQpOugPKZhwJLI8= Subject: Re: [PATCH] alpha: Fix personality flag propagation across an exec X-SA-Exim-Connect-IP: 166.70.13.51 X-SA-Exim-Rcpt-To: loongarch@lists.linux.dev, linux-mips@vger.kernel.org, util-linux@vger.kernel.org, zeha@debian.org, kernel@mkarcher.dialup.fu-berlin.de, geert@linux-m68k.org, macro@orcam.me.uk, sam@gentoo.org, mcree@orcon.net.nz, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-alpha@vger.kernel.org, paulmck@kernel.org, kees@kernel.org, mattst88@gmail.com, richard.henderson@linaro.org, arnd@arndb.de, glaubitz@physik.fu-berlin.de X-SA-Exim-Mail-From: ebiederm@xmission.com X-SA-Exim-Scanned: No (on out03.mta.xmission.com); SAEximRunCond expanded to false X-Rspamd-Queue-Id: D8B5640013 X-Rspam-User: X-Rspamd-Server: rspam07 X-Stat-Signature: 99xwxkndh59ymn4x4hz3mxsnmsdz77hi X-HE-Tag: 1736439592-504415 X-HE-Meta: U2FsdGVkX1//Sj0GFf+OHxg3gAvsQKpdh7fmNR8ALcrQP7QJ4kibpdvojqhAVD00DsPIaUR0nBJE50YQvxljuOwzBlNOCcfqLH0YyoeSgMybp/191rVNXVGA/UxEcBw8/TXMIsqn8j8wU/VZpZTVqQA2mXPIpTdFyXUZ8c6TQwu9ekV+x7Z6EBRFrecjYwqDVYU4UosRn6Y5f401YWknB1RhPOp5LPWDCfVCyZMBb12pyR1FPxb9CiS0BX4TlOR3FLEDdxoIubZV/foC9Dd3xStgKObz3q/QqazKZUvudg1hloc1RMP9xb8nY3UEIDGxYSlLgRXXdZDmRNXBwTzbkCyRbLsXS6lHsbSt6SePMut91jx2nNZpOvjr/xd5SfH4CiezRPk3I/sPf5Z0QboK4wItYE1MKaNAQbVL9qhVYxUJ0J++urLQKHbkXHyULbKmg6M4VXOGk956Dj4Wbjja5iPRkafbW7y+18bToz/DWVrOJ0hIm7JMRrVQnGxfBGSPTGnKU8qJuDhTRkWsUncFd9CASDb0JHvEsGCtn1LodKECGc7m7qhgvMoQLRC/ub2qjpf+pWNacZI3C3iLU/sIzY9rbx3yiyK/soFnat+l9y0NlTbp7braSfF9pHMQ3p+1Cwx9f90LT8G53cA2XtHKZ22hMKSyTHwUDCQbouznPovRMJ52ehEDwtNq+n9nHev53Z/NFK+l9csOMpI9eQdZmULvrpQa3ieBgSAWXb5/F/2IXhcDxKghSJzxwe9ywkKYIIo8XtBx3glAam2MIvDhnvhDFL0kEk0ZE1VRJjEw6E60fNsPkrNJisVYHHqh8DBRC819OS9Ji35kbBDKr28jvEETTdhn/Us82+cUkKSzNoecGStGVmyVnq3ZJO2HQzSWJzeCH/mLkWU0RcMGWtXyFmZQ765bz9AYWxuA0HO3Z5rovmwwPdUoKYuvurRcPnXBxEWHOu6PDtyJOgT21xM 9o62zHqS ZQ6XEs5ltuS5mfeJiqgQRrwoNBw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: John Paul Adrian Glaubitz writes: > Hi Arnd, > > On Thu, 2025-01-09 at 09:56 +0100, Arnd Bergmann wrote: >> On Thu, Jan 9, 2025, at 09:46, John Paul Adrian Glaubitz wrote: >> > On Thu, 2025-01-09 at 09:43 +0100, Arnd Bergmann wrote: >> > > On Thu, Jan 9, 2025, at 09:01, Arnd Bergmann wrote: >> > > > On Fri, Jan 3, 2025, at 15:01, John Paul Adrian Glaubitz wrote: >> > > > >> > > > > >> > > > > #define SET_PERSONALITY(EX) \ >> > > > > - set_personality(((EX).e_flags & EF_ALPHA_32BIT) \ >> > > > > - ? PER_LINUX_32BIT : PER_LINUX) >> > > > > + set_personality((((EX).e_flags & EF_ALPHA_32BIT) \ >> > > > > + ? PER_LINUX_32BIT : PER_LINUX) | (current->personality & (~PER_MASK))) *Grumble* It would be good to move those EF_${ARCH} flags from arch/${ARCH}/include/asm/elf.h to arch/${ARCH}/include/uapi/asm/elf.h Simply because those flags are architecture specific ABI. >> > > > This looks wrong to me: since ADDR_LIMIT_32BIT is not part of >> > > > PER_MASK, executing a regular binary from a taso binary no longer >> > > > reverts back to the entire 64-bit address space. >> > > > >> > > > It seems that the behavior on most other architectures changed in 2012 >> > > > commit 16f3e95b3209 ("cross-arch: don't corrupt personality flags upon >> > > > exec()"). >> > > > >> > >> > So, if I understand this correctly, we should just use PER_MASK on alpha >> > for 64-bit executables and allow the bits to be cleared for 32-bit binaries? >> >> I think ideally the EF_ALPHA_32BIT handling should use TIF_32BIT >> as we do on other architectures, at that point the custom SET_PERSONALITY() >> can be removed in favor of the asm-generic version. > > I have thought about that as well but I wasn't sure whether the extra > mangling on alpha was necessary. > >> Alternatively this could do something like the arm32 version (note >> that on arm, PER_LINUX_32BIT/ADDR_LIMIT_32BIT means "allow using >> the entire 32-bit address space rather than limiting to 26 bits for >> compatibility", while on alpha it means "use only 31 instead of >> 42 bits for addressing", but the logic can be the same): >> >> unsigned int personality = current->personality & ~PER_MASK; >> /* >> * APCS-26 is only valid for OABI executables >> */ >> if ((eflags & EF_ARM_EABI_MASK) == EF_ARM_EABI_UNKNOWN && >> (eflags & EF_ARM_APCS_26)) >> personality &= ~ADDR_LIMIT_32BIT; >> else >> personality |= ADDR_LIMIT_32BIT; >> set_personality(personality); > > So, this would be the 100% correct for alpha then which would not loose > any functionality even for 32-bit binaries? I don't think it is correct to think about 32-bit binaries on alpha. Alpha never had a 32bit instruction set. But at some point it looks like binaries that could not handle more than 31 bits of address space got ported and someone implemented a work-around. I guess this is the --taso option that Arnd mentioned. I think the alpha version would look like: #define SET_PERSONALITY(ex) \ do { \ unsigned long personality = current->personality & ~PER_MASK; \ if ((EX).e_flags & EF_ALPHA_32BIT) \ personality |= ADDR_LIMIT_32BIT; \ else \ personality &= ~ADDR_LIMIT_32BIT \ set_personality(personality); \ while (0) I do see code under arch/alpha/ testing ADDR_LIMIT_32BIT when setting STACK_TOP, TASK_UNMAPPED_BASE, and arch_get_unmapped_area. So I think the code still works. >> In any case, I think we should fix alpha, mips and loongarch at >> the same time, to make sure it doesn't take another decade to >> fix the rest. > > If you're willing to fix all three at once, I would be happy to help > with the testing on all three architectures as I have machines for all > of these. Yes getting those fixed would be nice. I don't expect it is worth the hassle to remove support for EF_ALPHA_32BIT, but I looked into it quickly. I looked at the history to see if I could find any information about what was using the EF_ALPHA_32BIT flag and unfortunately I could not find anything. Support for the flag first appeared the 2.1.86 release, and the change description has been lost to time. Does anyone know if there are any remaining alpha binaries that set EF_ALPHA_32BIT? If no interesting binaries have EF_ALPHA_32BIT set anymore it might be worth using the generic SET_PERSONALITY and implementing an arch_check_elf to just fail if one of those binaries show up. Perhaps: static inline int arch_check_elf(struct elfhdr *ehdr, bool has_interp, struct elfhdr *interp_ehdr, struct arch_elf_state *state) { if (WARN_ON_ONCE(ehdr->e_flags & EF_ALPHA_32BIT)) { return -ENOEXEC; } return 0; } Though frankly it might make more sense and go the other way. I think only mips has a non-trivial implementation of arch_check_elf. Eric