Re: [PATCH v3 1/4] kexec: simplify compat_sys_kexec_load

From: Eric W. Biederman
Date: Tue May 18 2021 - 12:02:22 EST

Next message: Cornelia Huck: "Re: [PATCH v1 00/11] KVM: s390: pv: implement lazy destroy"
Previous message: Andi Kleen: "Re: [RFC v2-fix 1/1] x86/traps: Add #VE support for TDX guest"
In reply to: Arnd Bergmann: "Re: [PATCH v3 1/4] kexec: simplify compat_sys_kexec_load"
Next in thread: Eric W. Biederman: "Re: [PATCH v3 1/4] kexec: simplify compat_sys_kexec_load"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Arnd Bergmann <arnd@xxxxxxxxxx> writes:

> On Tue, May 18, 2021 at 4:05 PM Arnd Bergmann <arnd@xxxxxxxxxx> wrote:
>>
>> On Tue, May 18, 2021 at 3:41 PM Eric W. Biederman <ebiederm@xxxxxxxxxxxx> wrote:
>> >
>> > Arnd Bergmann <arnd@xxxxxxxxxx> writes:
>> >
>> > > From: Arnd Bergmann <arnd@xxxxxxxx>KEXEC_ARCH_DEFAULT
>> > >
>> > > The compat version of sys_kexec_load() uses compat_alloc_user_space to
>> > > convert the user-provided arguments into the native format.
>> > >
>> > > Move the conversion into the regular implementation with
>> > > an in_compat_syscall() check to simplify it and avoid the
>> > > compat_alloc_user_space() call.
>> > >
>> > > compat_sys_kexec_load() now behaves the same as sys_kexec_load().
>> >
>> > Nacked-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
>> >KEXEC_ARCH_DEFAULT
>> > The patch is wrong.
>> >
>> > The logic between the compat entry point and the ordinary entry point
>> > are by necessity different. This unifies the logic and breaks the compat
>> > entry point.
>> >
>> > The fundamentally necessity is that the code being loaded needs to know
>> > which mode the kernel is running in so it can safely transition to the
>> > new kernel.
>> >
>> > Given that the two entry points fundamentally need different logic,
>> > and that difference was not preserved and the goal of this patchset
>> > was to unify that which fundamentally needs to be different. I don't
>> > think this patch series makes any sense for kexec.
>>
>> Sorry, I'm not following that explanation. Can you clarify what different
>> modes of the kernel you are referring to here, and how my patch
>> changes this?
>
> I think I figured it out now myself after comparing the two functions:
>
> --- a/kernel/kexec.c
> +++ b/kernel/kexec.c
> @@ -269,7 +269,8 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry,
> unsigned long, nr_segments,
>
> /* Verify we are on the appropriate architecture */
> if (((flags & KEXEC_ARCH_MASK) != KEXEC_ARCH) &&
> - ((flags & KEXEC_ARCH_MASK) != KEXEC_ARCH_DEFAULT))
> + (in_compat_syscall() ||
> + ((flags & KEXEC_ARCH_MASK) != KEXEC_ARCH_DEFAULT)))
> return -EINVAL;
>
> /* Because we write directly to the reserved memory
>
> Not sure if that's the best way of doing it, but it looks like folding this
> in restores the current behavior.

Yes. That is pretty much all there is.

I personally can't stand the sight of in_compat_syscall() doubly so when
you have to lie to the type system with casts. The cognitive dissonance
I experience is extreme.

I will be happy to help you find another way to get rid of
compat_alloc_user, but not that way.

There is a whole mess in there that was introduced when someone added
do_kexec_load while I was napping in 2017 that makes the system calls an
absolute mess. It all needs to be cleaned up.

Eric

Next message: Cornelia Huck: "Re: [PATCH v1 00/11] KVM: s390: pv: implement lazy destroy"
Previous message: Andi Kleen: "Re: [RFC v2-fix 1/1] x86/traps: Add #VE support for TDX guest"
In reply to: Arnd Bergmann: "Re: [PATCH v3 1/4] kexec: simplify compat_sys_kexec_load"
Next in thread: Eric W. Biederman: "Re: [PATCH v3 1/4] kexec: simplify compat_sys_kexec_load"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]