[RFC PATCH 05/13] x86/um: nommu: syscall translation by zpoline
Johannes Berg
johannes at sipsolutions.net
Fri Oct 25 08:20:49 PDT 2024
On Fri, 2024-10-25 at 21:58 +0900, Hajime Tazaki wrote:
>
> > > + if (down_write_killable(&mm->mmap_lock)) {
> > > + err = -EINTR;
> > > + return err;
> >
> > ?
>
> the lock isn't needed actually so, will remove it.
Oh, I was just looking at the weird handling of the err variable :)
> > What happens if the binary JITs some code and you don't find it? I don't
> > remember from your talk - there you seemed to say this was fine just
> > slow, but that was zpoline in a different context (container)?
>
> instructions loaded after execve family (like JIT generated code,
> loaded with dlopen, etc) isn't going to be translated. we can
> translated it by tweaking the userspace loader (ld.so w/ LD_PRELOAD)
> or hook mprotect(2) syscall before executing JIT generated code.
> generic description is written in the document ([12/13]).
Guess I should've read that, sorry.
> > Perhaps UML could additionally install a seccomp filter or something on
> > itself while running a userspace program? Hmm.
>
> I'm trying to understand the purpose of seccomp filter you suggested
> here; is it for preventing executed by untranslated code ?
Yeah, that's what I was wondering.
Obviously you have to be able to get rid of the seccomp filter again so
it's not foolproof, but perhaps not _that_ bad?
I'm not worried about security or so, it's clear this isn't even _meant_
to have security. But I do wonder about really hard to debug issues if
userspace suddenly makes syscalls to the host, that'd be ... difficult
to understand?
johannes
More information about the linux-um
mailing list