From: Markos Chandras <Markos.Chandras@imgtec.com>
To: <linux-mips@linux-mips.org>
Subject: Re: [PATCH 3.15] MIPS: Add new AUDIT_ARCH token for the N32 ABI on MIPS64
Date: Tue, 6 May 2014 08:47:41 +0100 [thread overview]
Message-ID: <5368939D.9030801@imgtec.com> (raw)
In-Reply-To: <5360C13A.5040902@imgtec.com>
On 04/30/2014 10:24 AM, Markos Chandras wrote:
> On 04/24/2014 08:19 PM, Paul Moore wrote:
>> On Tuesday, April 22, 2014 03:40:36 PM Markos Chandras wrote:
>>> A MIPS64 kernel may support ELF files for all 3 MIPS ABIs
>>> (O32, N32, N64). Furthermore, the AUDIT_ARCH_MIPS{,EL}64 token
>>> does not provide enough information about the ABI for the 64-bit
>>> process. As a result of which, userland needs to use complex
>>> seccomp filters to decide whether a syscall belongs to the o32 or n32
>>> or n64 ABI. Therefore, a new arch token for MIPS64/n32 is added so it
>>> can be used by seccomp to explicitely set syscall filters for this ABI.
>>>
>>> Link: http://sourceforge.net/p/libseccomp/mailman/message/32239040/
>>> Cc: Andy Lutomirski <luto@amacapital.net>
>>> Cc: Eric Paris <eparis@redhat.com>
>>> Cc: Paul Moore <pmoore@redhat.com>
>>> Cc: Ralf Baechle <ralf@linux-mips.org>
>>> Signed-off-by: Markos Chandras <markos.chandras@imgtec.com>
>>> ---
>>> Ralf, can we please have this in 3.15 (Assuming it's ACK'd)?
>>>
>>> Thanks a lot!
>>> ---
>>> arch/mips/include/asm/syscall.h | 2 ++
>>> include/uapi/linux/audit.h | 12 ++++++++++++
>>> 2 files changed, 14 insertions(+)
>>
>> I'm far from qualified to ACK any MIPS specific patches, but I do want to add
>> my support for this patch. As Markos states above, without this patch any
>> seccomp BPF code will be more complex than necessary (see x32 for an idea) and
>> projects that try to abstract away the arch/ABI specific nature of the BPF
>> seccomp filters will be have to do a lot more work. Please merge this patch,
>> or something similar, along with the MIPS BPF seccomp filters in 3.15; waiting
>> until 3.16 will be too late.
>>
>> I also don't want to speak for the audit folks (Eric?), but I think you'll
>> hear that this patch makes life much easier for them as well.
>>
>> Thanks,
>> -Paul
>
> Ralf ping? Can we please have this in 3.15 so userspace application get
> the updated token instead of using the AUDIT_ARCH_MIPS{,EL}64 for both
> n32 and n64? It may be harder to change it once 3.15 is released (ABI
> break).
>
Ralf ping again? With -r5 approaching, there might be limited time left
to push this.
--
markos
WARNING: multiple messages have this Message-ID (diff)
From: Markos Chandras <Markos.Chandras@imgtec.com>
To: linux-mips@linux-mips.org
Subject: Re: [PATCH 3.15] MIPS: Add new AUDIT_ARCH token for the N32 ABI on MIPS64
Date: Tue, 6 May 2014 08:47:41 +0100 [thread overview]
Message-ID: <5368939D.9030801@imgtec.com> (raw)
Message-ID: <20140506074741.jeO6WJTaMuh4sML_HuJ3oTq3xxHFn4wFp4ScrFzWy98@z> (raw)
In-Reply-To: <5360C13A.5040902@imgtec.com>
On 04/30/2014 10:24 AM, Markos Chandras wrote:
> On 04/24/2014 08:19 PM, Paul Moore wrote:
>> On Tuesday, April 22, 2014 03:40:36 PM Markos Chandras wrote:
>>> A MIPS64 kernel may support ELF files for all 3 MIPS ABIs
>>> (O32, N32, N64). Furthermore, the AUDIT_ARCH_MIPS{,EL}64 token
>>> does not provide enough information about the ABI for the 64-bit
>>> process. As a result of which, userland needs to use complex
>>> seccomp filters to decide whether a syscall belongs to the o32 or n32
>>> or n64 ABI. Therefore, a new arch token for MIPS64/n32 is added so it
>>> can be used by seccomp to explicitely set syscall filters for this ABI.
>>>
>>> Link: http://sourceforge.net/p/libseccomp/mailman/message/32239040/
>>> Cc: Andy Lutomirski <luto@amacapital.net>
>>> Cc: Eric Paris <eparis@redhat.com>
>>> Cc: Paul Moore <pmoore@redhat.com>
>>> Cc: Ralf Baechle <ralf@linux-mips.org>
>>> Signed-off-by: Markos Chandras <markos.chandras@imgtec.com>
>>> ---
>>> Ralf, can we please have this in 3.15 (Assuming it's ACK'd)?
>>>
>>> Thanks a lot!
>>> ---
>>> arch/mips/include/asm/syscall.h | 2 ++
>>> include/uapi/linux/audit.h | 12 ++++++++++++
>>> 2 files changed, 14 insertions(+)
>>
>> I'm far from qualified to ACK any MIPS specific patches, but I do want to add
>> my support for this patch. As Markos states above, without this patch any
>> seccomp BPF code will be more complex than necessary (see x32 for an idea) and
>> projects that try to abstract away the arch/ABI specific nature of the BPF
>> seccomp filters will be have to do a lot more work. Please merge this patch,
>> or something similar, along with the MIPS BPF seccomp filters in 3.15; waiting
>> until 3.16 will be too late.
>>
>> I also don't want to speak for the audit folks (Eric?), but I think you'll
>> hear that this patch makes life much easier for them as well.
>>
>> Thanks,
>> -Paul
>
> Ralf ping? Can we please have this in 3.15 so userspace application get
> the updated token instead of using the AUDIT_ARCH_MIPS{,EL}64 for both
> n32 and n64? It may be harder to change it once 3.15 is released (ABI
> break).
>
Ralf ping again? With -r5 approaching, there might be limited time left
to push this.
--
markos
next prev parent reply other threads:[~2014-05-06 7:47 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1397550996-14805-1-git-send-email-markos.chandras@imgtec.com>
[not found] ` <1397738551.2725.18.camel@localhost>
[not found] ` <534FCF75.7060708@imgtec.com>
[not found] ` <4648181.no7KCQCtEi@sifl>
[not found] ` <534FFBCF.5010800@imgtec.com>
[not found] ` <1397750939.750.1.camel@localhost>
2014-04-17 16:20 ` [libseccomp-discuss] [PATCH v3 0/2] Add support for MIPS BE/LE and O32 ABI Andy Lutomirski
2014-04-17 16:24 ` Markos Chandras
2014-04-17 16:24 ` Markos Chandras
2014-04-17 19:13 ` Ralf Baechle
2014-04-17 19:38 ` Andy Lutomirski
2014-04-17 20:07 ` Ralf Baechle
2014-04-17 20:30 ` Paul Moore
2014-04-22 14:40 ` [PATCH 3.15] MIPS: Add new AUDIT_ARCH token for the N32 ABI on MIPS64 Markos Chandras
2014-04-22 14:40 ` Markos Chandras
2014-04-24 19:19 ` Paul Moore
2014-04-30 9:24 ` Markos Chandras
2014-04-30 9:24 ` Markos Chandras
2014-05-06 7:47 ` Markos Chandras [this message]
2014-05-06 7:47 ` Markos Chandras
2014-05-08 14:10 ` Paul Moore
2014-05-12 18:53 ` Paul Moore
2014-05-12 19:09 ` Eric Paris
2014-05-21 20:59 ` Paul Moore
2014-05-21 21:07 ` Andy Lutomirski
2014-05-21 22:10 ` James Hogan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5368939D.9030801@imgtec.com \
--to=markos.chandras@imgtec.com \
--cc=linux-mips@linux-mips.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.