From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.3 required=5.0 tests=MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_PASS
	autolearn=ham autolearn_force=no version=3.4.2
Received: (qmail 12512 invoked from network); 21 Apr 2020 09:57:20 -0000
Received-SPF:  pass (mother.openwall.net: domain of lists.openwall.com
  designates 195.42.179.200 as permitted sender)
  receiver=inbox.vuxu.org; client-ip=195.42.179.200
  envelope-from=<musl-return-15779-ml=inbox.vuxu.org@lists.openwall.com>
Received: from mother.openwall.net (195.42.179.200)
  by inbox.vuxu.org with UTF8ESMTPZ; 21 Apr 2020 09:57:20 -0000
Received: (qmail 16318 invoked by uid 550); 21 Apr 2020 09:57:18 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
List-ID: <musl.lists.openwall.com>
Reply-To: musl@lists.openwall.com
Received: (qmail 16300 invoked from network); 21 Apr 2020 09:57:18 -0000
From: Florian Weimer <fw@deneb.enyo.de>
To: Nicholas Piggin <npiggin@gmail.com>
Cc: Rich Felker <dalias@libc.org>,  Nicholas Piggin via Libc-alpha <libc-alpha@sourceware.org>,  libc-dev@lists.llvm.org,  linuxppc-dev@lists.ozlabs.org,  musl@lists.openwall.com
References: <1586931450.ub4c8cq8dj.astroid@bobo.none>
	<20200415225539.GL11469@brightrain.aerifal.cx>
	<1586994952.nnxigedbu2.astroid@bobo.none>
	<20200416095800.GC23945@port70.net>
	<1587341904.1r83vbudyf.astroid@bobo.none>
	<20200420012904.GY11469@brightrain.aerifal.cx>
	<1587348046.pwnfbo52iq.astroid@bobo.none>
	<20200420211751.GF23945@port70.net>
Date: Tue, 21 Apr 2020 11:57:00 +0200
In-Reply-To: <20200420211751.GF23945@port70.net> (Szabolcs Nagy's message of
	"Mon, 20 Apr 2020 23:17:51 +0200")
Message-ID: <87eeshupoz.fsf@mid.deneb.enyo.de>
MIME-Version: 1.0
Content-Type: text/plain
Subject: Re: [musl] Powerpc Linux 'scv' system call ABI proposal take 2

* Szabolcs Nagy:

> * Nicholas Piggin <npiggin@gmail.com> [2020-04-20 12:08:36 +1000]:
>> Excerpts from Rich Felker's message of April 20, 2020 11:29 am:
>> > Also, allowing patching of executable pages is generally frowned upon
>> > these days because W^X is a desirable hardening property.
>> 
>> Right, it would want be write-protected after being patched.
>
> "frowned upon" means that users may have to update
> their security policy setting in pax, selinux, apparmor,
> seccomp bpf filters and who knows what else that may
> monitor and flag W&X mprotect.
>
> libc update can break systems if the new libc does W&X.

It's possible to map over pre-compiled alternative implementations,
though.  Basically, we would do the patching and build time and store
the results in the file.

It works best if the variance is concentrated on a few pages, and
there are very few alternatives.  For example, having two syscall APIs
and supporting threading and no-threading versions would need four
code versions in total, which is likely excessive.