From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C3E66C433E0 for ; Sat, 30 May 2020 22:09:56 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 4CBDC20774 for ; Sat, 30 May 2020 22:09:56 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=amacapital-net.20150623.gappssmtp.com header.i=@amacapital-net.20150623.gappssmtp.com header.b="OC/hLkJc" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 4CBDC20774 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=amacapital.net Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id AA49780007; Sat, 30 May 2020 18:09:55 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id A583F8E0003; Sat, 30 May 2020 18:09:55 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9441080007; Sat, 30 May 2020 18:09:55 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0202.hostedemail.com [216.40.44.202]) by kanga.kvack.org (Postfix) with ESMTP id 7B1428E0003 for ; Sat, 30 May 2020 18:09:55 -0400 (EDT) Received: from smtpin05.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id 34383180AD837 for ; Sat, 30 May 2020 22:09:55 +0000 (UTC) X-FDA: 76874778750.05.ice32_568c8975ac809 Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin05.hostedemail.com (Postfix) with ESMTP id 1DF4718023451 for ; Sat, 30 May 2020 22:09:55 +0000 (UTC) X-HE-Tag: ice32_568c8975ac809 X-Filterd-Recvd-Size: 4816 Received: from mail-pf1-f194.google.com (mail-pf1-f194.google.com [209.85.210.194]) by imf15.hostedemail.com (Postfix) with ESMTP for ; Sat, 30 May 2020 22:09:54 +0000 (UTC) Received: by mail-pf1-f194.google.com with SMTP id w68so860791pfb.3 for ; Sat, 30 May 2020 15:09:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amacapital-net.20150623.gappssmtp.com; s=20150623; h=content-transfer-encoding:from:mime-version:subject:date:message-id :references:cc:in-reply-to:to; bh=IJG975TaiBmIzLOVZ3nGyQfAGrYF+nqirpk8j/Gw4m8=; b=OC/hLkJcKCfkGjca/ksMnRr18G7AnBBEf/2e93joZYzpvYe3dvBkCGIxx0GpjR0Bbn kz+ua65cRcjsMcjmRHDj0QbWXekl2mV9OQWjob9+bBdNRCMPbb4MxojQ/icpHT556XTA arNOf4B4/useyzw6ykKvZ6z7REkUIC6K7wyL6YiaLb2m939w6d41FkzWfAuZfOHbTHLJ uMxHXRPJsrQC9MxrQaUAmWzoT966BsE6PSbjkVSzWbndG2+Z39TGgQO+iHJ5tir7lgin a18DwZ/j4ZneYPlAEjRqswtTczuCXR7TxTVcyHerjpKC0U7gGppEaQ8j1C4qiwHhd6Yd fEng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:content-transfer-encoding:from:mime-version :subject:date:message-id:references:cc:in-reply-to:to; bh=IJG975TaiBmIzLOVZ3nGyQfAGrYF+nqirpk8j/Gw4m8=; b=Q9AYDcFkjERB+5iQAP8YJC3yW9X58vwsSSRS4ynVx3SsZQFpSclSeIluq2SXYOKUJb oBEyYHg1R5976XhqA/aQ2+y9oY0L16NeuwZzC+cuce2zQ+RGUD8pSPkJBCMYAdcVU6Vp 3TKztu870j02VpxP7s0tMVqVyAE3FysYwsvGLvTgNvs9TVmyzjQCu7jdx17I/vn9e720 v0HakN19uZpJhjKnGuj6KCrRGqNJmY+OWLxZ5DF5cY1vVhCP6554GA83I6FtBIVxZNFU 7a0O6C3+4o+eyMxb4dSrUtgH7UycbBBt3k7+xKQ+IoBP7YzfYtVXJtdM+SvNWxG7mREW siEw== X-Gm-Message-State: AOAM531ND173/GtBxqZuotp5s2pwjBLBgkSywwP+So7Ivge8lI9UzrEB ouOseLUshEYtOcMYEB6jFMEnXw== X-Google-Smtp-Source: ABdhPJyw1L2yZts8THEmLvBEWQkmWYc16lkejAQ1R9GVuduClxKl8KSpejZFvIg8PQL+n7hgheZizw== X-Received: by 2002:a62:168d:: with SMTP id 135mr13680179pfw.239.1590876593499; Sat, 30 May 2020 15:09:53 -0700 (PDT) Received: from ?IPv6:2600:1010:b04c:ab45:e4c2:341d:a35e:6a40? ([2600:1010:b04c:ab45:e4c2:341d:a35e:6a40]) by smtp.gmail.com with ESMTPSA id j10sm3021457pjf.9.2020.05.30.15.09.51 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 30 May 2020 15:09:52 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: Andy Lutomirski Mime-Version: 1.0 (1.0) Subject: Re: [PATCH RFC] seccomp: Implement syscall isolation based on memory areas Date: Sat, 30 May 2020 15:09:47 -0700 Message-Id: References: <20200530055953.817666-1-krisman@collabora.com> Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, kernel@collabora.com, Thomas Gleixner , Kees Cook , Will Drewry , "H . Peter Anvin" , Paul Gofman In-Reply-To: <20200530055953.817666-1-krisman@collabora.com> To: Gabriel Krisman Bertazi X-Mailer: iPhone Mail (17E262) X-Rspamd-Queue-Id: 1DF4718023451 X-Spamd-Result: default: False [0.00 / 100.00] X-Rspamd-Server: rspam02 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: > On May 29, 2020, at 11:00 PM, Gabriel Krisman Bertazi wrote: >=20 > =EF=BB=BFModern Windows applications are executing system call instruction= s > directly from the application's code without going through the WinAPI. > This breaks Wine emulation, because it doesn't have a chance to > intercept and emulate these syscalls before they are submitted to Linux. >=20 > In addition, we cannot simply trap every system call of the application > to userspace using PTRACE_SYSEMU, because performance would suffer, > since our main use case is to run Windows games over Linux. Therefore, > we need some in-kernel filtering to decide whether the syscall was > issued by the wine code or by the windows application. Do you really need in-kernel filtering? What if you could have efficient us= erspace filtering instead? That is, set something up so that all syscalls, e= xcept those from a special address, are translated to CALL thunk where the t= hunk is configured per task. Then the thunk can do whatever emulation is ne= eded. Getting the details and especially the interaction with any seccomp filters t= hat may be installed right could be tricky, but the performance should be de= cent, at least on non-PTI systems. (If we go this route, I suspect that the correct interaction with seccomp is= that this type of redirection takes precedence over seccomp and seccomp fil= ters are not invoked for redirected syscalls. After all, a redirected syscal= l is, functionally, not a syscall at all.) >=20