From: Thomas Gleixner <tglx@linutronix.de>
To: Ingo Molnar <mingo@elte.hu>
Cc: Peter Zijlstra <peterz@infradead.org>,
Will Drewry <wad@chromium.org>,
Steven Rostedt <rostedt@goodmis.org>,
Frederic Weisbecker <fweisbec@gmail.com>,
James Morris <jmorris@namei.org>,
linux-kernel@vger.kernel.org, Eric Paris <eparis@redhat.com>,
kees.cook@canonical.com, agl@chromium.org,
"Serge E. Hallyn" <serge@hallyn.com>,
Ingo Molnar <mingo@redhat.com>,
Andrew Morton <akpm@linux-foundation.org>,
Tejun Heo <tj@kernel.org>, Michal Marek <mmarek@suse.cz>,
Oleg Nesterov <oleg@redhat.com>, Jiri Slaby <jslaby@suse.cz>,
David Howells <dhowells@redhat.com>,
Russell King <linux@arm.linux.org.uk>,
Michal Simek <monstr@monstr.eu>,
Ralf Baechle <ralf@linux-mips.org>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Paul Mackerras <paulus@samba.org>,
Martin Schwidefsky <schwidefsky@de.ibm.com>,
Heiko Carstens <heiko.carstens@de.ibm.com>,
linux390@de.ibm.com, Paul Mundt <lethal@linux-sh.org>,
"David S. Miller" <davem@davemloft.net>,
"H. Peter Anvin" <hpa@zytor.com>,
x86@kernel.org,
linux-arm-kernel <linux-arm-kernel@lists.infradead.org>,
linux-mips@linux-mips.org, linuxppc-dev@lists.ozlabs.org,
linux-s390@vger.kernel.org, linux-sh@vger.kernel.org,
sparclinux@vger.kernel.org,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering
Date: Wed, 25 May 2011 19:48:51 +0200 (CEST) [thread overview]
Message-ID: <alpine.LFD.2.02.1105251836030.3078@ionos> (raw)
In-Reply-To: <20110525150153.GE29179@elte.hu>
On Wed, 25 May 2011, Ingo Molnar wrote:
> * Thomas Gleixner <tglx@linutronix.de> wrote:
> > On Tue, 24 May 2011, Ingo Molnar wrote:
> > > * Peter Zijlstra <peterz@infradead.org> wrote:
> > >
> > > > On Tue, 2011-05-24 at 10:59 -0500, Will Drewry wrote:
> > > > > include/linux/ftrace_event.h | 4 +-
> > > > > include/linux/perf_event.h | 10 +++++---
> > > > > kernel/perf_event.c | 49 +++++++++++++++++++++++++++++++++++++---
> > > > > kernel/seccomp.c | 8 ++++++
> > > > > kernel/trace/trace_syscalls.c | 27 +++++++++++++++++-----
> > > > > 5 files changed, 82 insertions(+), 16 deletions(-)
> > > >
> > > > I strongly oppose to the perf core being mixed with any sekurity voodoo
> > > > (or any other active role for that matter).
> > >
> > > I'd object to invisible side-effects as well, and vehemently so. But note how
> > > intelligently it's used here: it's explicit in the code, it's used explicitly
> > > in kernel/seccomp.c and the event generation place in
> > > kernel/trace/trace_syscalls.c.
> > >
> > > So this is a really flexible solution IMO and does not extend events with some
> > > invisible 'active' role. It extends the *call site* with an open-coded active
> > > role - which active role btw. already pre-existed.
> >
> > We do _NOT_ make any decision based on the trace point so what's the
> > "pre-existing" active role in the syscall entry code?
>
> The seccomp code we are discussing in this thread.
That's proposed code and has absolutely nothing to do with the
existing trace point semantics.
> > I'm all for code reuse and reuse of interfaces, but this is completely
> > wrong. Instrumentation and security decisions are two fundamentally
> > different things and we want them kept separate. Instrumentation is
> > not meant to make decisions. Just because we can does not mean that it
> > is a good idea.
>
> Instrumentation does not 'make decisions': the calling site, which is
> already emitting both the event and wants to do decisions based on
> the data that also generates the event wants to do decisions.
You can repeat that as often as you want, it does not make it more
true. Fact is that the decision is made in the middle of the perf code.
> + /* Transition the task if required. */
> + if (ctx->type == task_context && event->attr.require_secure) {
> +#ifdef CONFIG_SECCOMP
> + /* Don't allow perf events to escape mode = 1. */
> + if (!current->seccomp.mode)
> + current->seccomp.mode = 2;
> +#endif
> + }
and further down
> + if (event->attr.err_on_discard)
> + ok = -EACCES;
> Those decisions *will be made* and you cannot prevent that, the only
> open question is can it reuse code intelligently, which code it is
> btw. already calling for observation reasons?
The tracepoint is called for observation reasons and now you make it a
decision function. That's what I call abuse.
> ( Note that pure observers wont be affected and note that pure
> observation call sites are not affected either. )
Hahaha, they still have to run through the additional code when
seccomp is enabled and we still have to propagate the return value
down to the point where the tracepoint itself is. You call that not
affected?
> > So what the current approach does is:
> >
> > - abuse the existing ftrace syscall hook by adding a return value to
> > the tracepoint.
> >
> > So we need to propagate that for every tracepoint just because we
> > have a single user.
>
> This is a technical criticism i share with you and i think it can be
> fixed - i outlined it to Will yesterday.
>
> And no, if done cleanly it's not 'abuse' to reuse code. Could we wait
> for the first clean iteration of this patch instead of rushing
> judgement prematurely?
There is no way to do it cleanly. It always comes for the price that
you add additional code into the tracing code path. And there are
other people who try hard to remove stuff to recude the overhead which
is caused by instrumentation.
> > - abuse the perf per task mechanism
> >
> > Just because we have per task context in perf does not mean that we
> > pull everything and the world which requires per task context into
> > perf. The security folks have per task context already so security
> > related stuff wants to go there.
>
> We do not pull 'everything and the world' in, but code that wants to
> process events in places that already emit events surely sounds
> related to me :-)
We have enough places where different independent parts of the kernel
want to hook into for obvious reasons.
We have notifiers for those where performance does not matter much and
we have separate calls into the independent functions where it matters
or where we need to evaluate the results in specific ways.
So now you turn instrumentation into a security mechanism, which
"works" nicely for a particular purpose, i.e. decision on a particular
syscall number. Now, how do you make that work when a decision has to
be made on more than a simple match, e.g. syscall number + arguments ?
Not at all, unless you add more complexity and arbitrary callbacks
into the instrumentation code.
> > Brilliant, we have already two ABIs (perf/ftrace) to support and at
> > the same time we urgently need to solve the problem of better
> > integration of those two. So adding a third completely unrelated
> > component with a guaranteed ABI is just making this even more complex.
>
> So your solution is to add yet another ABI for seccomp and to keep
> seccomp a limited hack forever, just because you are not interested
> in security?
Well, I'm interested in security, but I'm neither interested in
security decisions inside instrumentation code nor in security models
which are limited hacks by definition unless you want to add callback
complexities to the instrumentation code.
It all looks nice and charming with this minimalistic use case, but
add real features to it and it gets messy in a split second and you
can't hold that off once you started to allow A. And you clearly
stated that you want to have more trace point based security features
than the simple syscall number filtering.
> I think we want fewer ABIs and more flexible/reusable facilities.
I'm all for that, but security and instrumentation are different
beasts.
> > We can factor out the filtering code and let the security dudes
> > reuse it for their own purposes. That makes them to have their own
> > interfaces and does not impose any restrictions upon the
> > tracing/perf ones. And really security stuff wants to be integrated
> > into the existing security frameworks and not duct taped into
> > perf/trace just because it's a conveniant hack around limitiations
> > of the existing security stuff.
>
> You are missing what i tried to point out in earlier discussions:
> from a security design POV this isnt just about the system call
> boundary. If this seccomp variant is based on events then it could
> grow proper security checks in other places as well, in places where
> we have some sort of object observation event anyway.
Right, that requires callbacks and more stuff to do object based
observation and ties a trace point into a place where it might not
make sense after a while, but the security decision wants to stay at
that place. The syscall example is so tempting because it's simplistic
and easy to solve, but every extension to that model is going to
create a nightmare.
You are duct taping stuff together which has totally different
semantics and requirements. And your only argument is reuse of
existing code. That's a good argument in principle, but there is a
fundamental difference between intelligent reuse and enforcing it just
for reuse sake.
> So this is opens up possibilities to reuse and unify code on a very
> broad basis.
By making a total mess out of it?
> So yes, over-integration is obviously wrong - but so is needless
> fragmentation.
Right. And this falls into the category of over-integration. We have
people working on security and they are working on stacked security
models, so where is the justification to start another security
framework inside the instrumentation code which is completely non
interoperable with the existing ones?
> If anything then that should tell you something that events and
> seccomp are not just casually related ...
They happen to have the hook at the same point in the source and for
pure coincidence it works because the problem to solve is extremly
simplistic. And that's why the diffstat is minimalistic, but that does
not prove anything.
Thanks,
tglx
WARNING: multiple messages have this Message-ID (diff)
From: Thomas Gleixner <tglx@linutronix.de>
To: Ingo Molnar <mingo@elte.hu>
Cc: linux-mips@linux-mips.org, linux-sh@vger.kernel.org,
Peter Zijlstra <peterz@infradead.org>,
Frederic Weisbecker <fweisbec@gmail.com>,
Heiko Carstens <heiko.carstens@de.ibm.com>,
Oleg Nesterov <oleg@redhat.com>,
David Howells <dhowells@redhat.com>,
Paul Mackerras <paulus@samba.org>, Eric Paris <eparis@redhat.com>,
"H. Peter Anvin" <hpa@zytor.com>,
sparclinux@vger.kernel.org, Jiri Slaby <jslaby@suse.cz>,
linux-s390@vger.kernel.org, Russell King <linux@arm.linux.org.uk>,
x86@kernel.org, James Morris <jmorris@namei.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Ingo Molnar <mingo@redhat.com>,
kees.cook@canonical.com, "Serge E. Hallyn" <serge@hallyn.com>,
Steven Rostedt <rostedt@goodmis.org>,
Martin Schwidefsky <schwidefsky@de.ibm.com>,
linux-arm-kernel <linux-arm-kernel@lists.infradead.org>,
Michal Marek <mmarek@suse.cz>, Michal Simek <monstr@monstr.eu>,
Will Drewry <wad@chromium.org>,
linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org,
Ralf Baechle <ralf@linux-mips.org>,
Paul Mundt <lethal@linux-sh.org>, Tejun Heo <tj@kernel.org>,
linux390@de.ibm.com, Andrew Morton <akpm@linux-foundation.org>,
agl@chromium.org, "David S. Miller" <davem@davemloft.net>
Subject: Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering
Date: Wed, 25 May 2011 19:48:51 +0200 (CEST) [thread overview]
Message-ID: <alpine.LFD.2.02.1105251836030.3078@ionos> (raw)
In-Reply-To: <20110525150153.GE29179@elte.hu>
On Wed, 25 May 2011, Ingo Molnar wrote:
> * Thomas Gleixner <tglx@linutronix.de> wrote:
> > On Tue, 24 May 2011, Ingo Molnar wrote:
> > > * Peter Zijlstra <peterz@infradead.org> wrote:
> > >
> > > > On Tue, 2011-05-24 at 10:59 -0500, Will Drewry wrote:
> > > > > include/linux/ftrace_event.h | 4 +-
> > > > > include/linux/perf_event.h | 10 +++++---
> > > > > kernel/perf_event.c | 49 +++++++++++++++++++++++++++++++++++++---
> > > > > kernel/seccomp.c | 8 ++++++
> > > > > kernel/trace/trace_syscalls.c | 27 +++++++++++++++++-----
> > > > > 5 files changed, 82 insertions(+), 16 deletions(-)
> > > >
> > > > I strongly oppose to the perf core being mixed with any sekurity voodoo
> > > > (or any other active role for that matter).
> > >
> > > I'd object to invisible side-effects as well, and vehemently so. But note how
> > > intelligently it's used here: it's explicit in the code, it's used explicitly
> > > in kernel/seccomp.c and the event generation place in
> > > kernel/trace/trace_syscalls.c.
> > >
> > > So this is a really flexible solution IMO and does not extend events with some
> > > invisible 'active' role. It extends the *call site* with an open-coded active
> > > role - which active role btw. already pre-existed.
> >
> > We do _NOT_ make any decision based on the trace point so what's the
> > "pre-existing" active role in the syscall entry code?
>
> The seccomp code we are discussing in this thread.
That's proposed code and has absolutely nothing to do with the
existing trace point semantics.
> > I'm all for code reuse and reuse of interfaces, but this is completely
> > wrong. Instrumentation and security decisions are two fundamentally
> > different things and we want them kept separate. Instrumentation is
> > not meant to make decisions. Just because we can does not mean that it
> > is a good idea.
>
> Instrumentation does not 'make decisions': the calling site, which is
> already emitting both the event and wants to do decisions based on
> the data that also generates the event wants to do decisions.
You can repeat that as often as you want, it does not make it more
true. Fact is that the decision is made in the middle of the perf code.
> + /* Transition the task if required. */
> + if (ctx->type == task_context && event->attr.require_secure) {
> +#ifdef CONFIG_SECCOMP
> + /* Don't allow perf events to escape mode = 1. */
> + if (!current->seccomp.mode)
> + current->seccomp.mode = 2;
> +#endif
> + }
and further down
> + if (event->attr.err_on_discard)
> + ok = -EACCES;
> Those decisions *will be made* and you cannot prevent that, the only
> open question is can it reuse code intelligently, which code it is
> btw. already calling for observation reasons?
The tracepoint is called for observation reasons and now you make it a
decision function. That's what I call abuse.
> ( Note that pure observers wont be affected and note that pure
> observation call sites are not affected either. )
Hahaha, they still have to run through the additional code when
seccomp is enabled and we still have to propagate the return value
down to the point where the tracepoint itself is. You call that not
affected?
> > So what the current approach does is:
> >
> > - abuse the existing ftrace syscall hook by adding a return value to
> > the tracepoint.
> >
> > So we need to propagate that for every tracepoint just because we
> > have a single user.
>
> This is a technical criticism i share with you and i think it can be
> fixed - i outlined it to Will yesterday.
>
> And no, if done cleanly it's not 'abuse' to reuse code. Could we wait
> for the first clean iteration of this patch instead of rushing
> judgement prematurely?
There is no way to do it cleanly. It always comes for the price that
you add additional code into the tracing code path. And there are
other people who try hard to remove stuff to recude the overhead which
is caused by instrumentation.
> > - abuse the perf per task mechanism
> >
> > Just because we have per task context in perf does not mean that we
> > pull everything and the world which requires per task context into
> > perf. The security folks have per task context already so security
> > related stuff wants to go there.
>
> We do not pull 'everything and the world' in, but code that wants to
> process events in places that already emit events surely sounds
> related to me :-)
We have enough places where different independent parts of the kernel
want to hook into for obvious reasons.
We have notifiers for those where performance does not matter much and
we have separate calls into the independent functions where it matters
or where we need to evaluate the results in specific ways.
So now you turn instrumentation into a security mechanism, which
"works" nicely for a particular purpose, i.e. decision on a particular
syscall number. Now, how do you make that work when a decision has to
be made on more than a simple match, e.g. syscall number + arguments ?
Not at all, unless you add more complexity and arbitrary callbacks
into the instrumentation code.
> > Brilliant, we have already two ABIs (perf/ftrace) to support and at
> > the same time we urgently need to solve the problem of better
> > integration of those two. So adding a third completely unrelated
> > component with a guaranteed ABI is just making this even more complex.
>
> So your solution is to add yet another ABI for seccomp and to keep
> seccomp a limited hack forever, just because you are not interested
> in security?
Well, I'm interested in security, but I'm neither interested in
security decisions inside instrumentation code nor in security models
which are limited hacks by definition unless you want to add callback
complexities to the instrumentation code.
It all looks nice and charming with this minimalistic use case, but
add real features to it and it gets messy in a split second and you
can't hold that off once you started to allow A. And you clearly
stated that you want to have more trace point based security features
than the simple syscall number filtering.
> I think we want fewer ABIs and more flexible/reusable facilities.
I'm all for that, but security and instrumentation are different
beasts.
> > We can factor out the filtering code and let the security dudes
> > reuse it for their own purposes. That makes them to have their own
> > interfaces and does not impose any restrictions upon the
> > tracing/perf ones. And really security stuff wants to be integrated
> > into the existing security frameworks and not duct taped into
> > perf/trace just because it's a conveniant hack around limitiations
> > of the existing security stuff.
>
> You are missing what i tried to point out in earlier discussions:
> from a security design POV this isnt just about the system call
> boundary. If this seccomp variant is based on events then it could
> grow proper security checks in other places as well, in places where
> we have some sort of object observation event anyway.
Right, that requires callbacks and more stuff to do object based
observation and ties a trace point into a place where it might not
make sense after a while, but the security decision wants to stay at
that place. The syscall example is so tempting because it's simplistic
and easy to solve, but every extension to that model is going to
create a nightmare.
You are duct taping stuff together which has totally different
semantics and requirements. And your only argument is reuse of
existing code. That's a good argument in principle, but there is a
fundamental difference between intelligent reuse and enforcing it just
for reuse sake.
> So this is opens up possibilities to reuse and unify code on a very
> broad basis.
By making a total mess out of it?
> So yes, over-integration is obviously wrong - but so is needless
> fragmentation.
Right. And this falls into the category of over-integration. We have
people working on security and they are working on stacked security
models, so where is the justification to start another security
framework inside the instrumentation code which is completely non
interoperable with the existing ones?
> If anything then that should tell you something that events and
> seccomp are not just casually related ...
They happen to have the hook at the same point in the source and for
pure coincidence it works because the problem to solve is extremly
simplistic. And that's why the diffstat is minimalistic, but that does
not prove anything.
Thanks,
tglx
WARNING: multiple messages have this Message-ID (diff)
From: tglx@linutronix.de (Thomas Gleixner)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering
Date: Wed, 25 May 2011 19:48:51 +0200 (CEST) [thread overview]
Message-ID: <alpine.LFD.2.02.1105251836030.3078@ionos> (raw)
In-Reply-To: <20110525150153.GE29179@elte.hu>
On Wed, 25 May 2011, Ingo Molnar wrote:
> * Thomas Gleixner <tglx@linutronix.de> wrote:
> > On Tue, 24 May 2011, Ingo Molnar wrote:
> > > * Peter Zijlstra <peterz@infradead.org> wrote:
> > >
> > > > On Tue, 2011-05-24 at 10:59 -0500, Will Drewry wrote:
> > > > > include/linux/ftrace_event.h | 4 +-
> > > > > include/linux/perf_event.h | 10 +++++---
> > > > > kernel/perf_event.c | 49 +++++++++++++++++++++++++++++++++++++---
> > > > > kernel/seccomp.c | 8 ++++++
> > > > > kernel/trace/trace_syscalls.c | 27 +++++++++++++++++-----
> > > > > 5 files changed, 82 insertions(+), 16 deletions(-)
> > > >
> > > > I strongly oppose to the perf core being mixed with any sekurity voodoo
> > > > (or any other active role for that matter).
> > >
> > > I'd object to invisible side-effects as well, and vehemently so. But note how
> > > intelligently it's used here: it's explicit in the code, it's used explicitly
> > > in kernel/seccomp.c and the event generation place in
> > > kernel/trace/trace_syscalls.c.
> > >
> > > So this is a really flexible solution IMO and does not extend events with some
> > > invisible 'active' role. It extends the *call site* with an open-coded active
> > > role - which active role btw. already pre-existed.
> >
> > We do _NOT_ make any decision based on the trace point so what's the
> > "pre-existing" active role in the syscall entry code?
>
> The seccomp code we are discussing in this thread.
That's proposed code and has absolutely nothing to do with the
existing trace point semantics.
> > I'm all for code reuse and reuse of interfaces, but this is completely
> > wrong. Instrumentation and security decisions are two fundamentally
> > different things and we want them kept separate. Instrumentation is
> > not meant to make decisions. Just because we can does not mean that it
> > is a good idea.
>
> Instrumentation does not 'make decisions': the calling site, which is
> already emitting both the event and wants to do decisions based on
> the data that also generates the event wants to do decisions.
You can repeat that as often as you want, it does not make it more
true. Fact is that the decision is made in the middle of the perf code.
> + /* Transition the task if required. */
> + if (ctx->type == task_context && event->attr.require_secure) {
> +#ifdef CONFIG_SECCOMP
> + /* Don't allow perf events to escape mode = 1. */
> + if (!current->seccomp.mode)
> + current->seccomp.mode = 2;
> +#endif
> + }
and further down
> + if (event->attr.err_on_discard)
> + ok = -EACCES;
> Those decisions *will be made* and you cannot prevent that, the only
> open question is can it reuse code intelligently, which code it is
> btw. already calling for observation reasons?
The tracepoint is called for observation reasons and now you make it a
decision function. That's what I call abuse.
> ( Note that pure observers wont be affected and note that pure
> observation call sites are not affected either. )
Hahaha, they still have to run through the additional code when
seccomp is enabled and we still have to propagate the return value
down to the point where the tracepoint itself is. You call that not
affected?
> > So what the current approach does is:
> >
> > - abuse the existing ftrace syscall hook by adding a return value to
> > the tracepoint.
> >
> > So we need to propagate that for every tracepoint just because we
> > have a single user.
>
> This is a technical criticism i share with you and i think it can be
> fixed - i outlined it to Will yesterday.
>
> And no, if done cleanly it's not 'abuse' to reuse code. Could we wait
> for the first clean iteration of this patch instead of rushing
> judgement prematurely?
There is no way to do it cleanly. It always comes for the price that
you add additional code into the tracing code path. And there are
other people who try hard to remove stuff to recude the overhead which
is caused by instrumentation.
> > - abuse the perf per task mechanism
> >
> > Just because we have per task context in perf does not mean that we
> > pull everything and the world which requires per task context into
> > perf. The security folks have per task context already so security
> > related stuff wants to go there.
>
> We do not pull 'everything and the world' in, but code that wants to
> process events in places that already emit events surely sounds
> related to me :-)
We have enough places where different independent parts of the kernel
want to hook into for obvious reasons.
We have notifiers for those where performance does not matter much and
we have separate calls into the independent functions where it matters
or where we need to evaluate the results in specific ways.
So now you turn instrumentation into a security mechanism, which
"works" nicely for a particular purpose, i.e. decision on a particular
syscall number. Now, how do you make that work when a decision has to
be made on more than a simple match, e.g. syscall number + arguments ?
Not at all, unless you add more complexity and arbitrary callbacks
into the instrumentation code.
> > Brilliant, we have already two ABIs (perf/ftrace) to support and at
> > the same time we urgently need to solve the problem of better
> > integration of those two. So adding a third completely unrelated
> > component with a guaranteed ABI is just making this even more complex.
>
> So your solution is to add yet another ABI for seccomp and to keep
> seccomp a limited hack forever, just because you are not interested
> in security?
Well, I'm interested in security, but I'm neither interested in
security decisions inside instrumentation code nor in security models
which are limited hacks by definition unless you want to add callback
complexities to the instrumentation code.
It all looks nice and charming with this minimalistic use case, but
add real features to it and it gets messy in a split second and you
can't hold that off once you started to allow A. And you clearly
stated that you want to have more trace point based security features
than the simple syscall number filtering.
> I think we want fewer ABIs and more flexible/reusable facilities.
I'm all for that, but security and instrumentation are different
beasts.
> > We can factor out the filtering code and let the security dudes
> > reuse it for their own purposes. That makes them to have their own
> > interfaces and does not impose any restrictions upon the
> > tracing/perf ones. And really security stuff wants to be integrated
> > into the existing security frameworks and not duct taped into
> > perf/trace just because it's a conveniant hack around limitiations
> > of the existing security stuff.
>
> You are missing what i tried to point out in earlier discussions:
> from a security design POV this isnt just about the system call
> boundary. If this seccomp variant is based on events then it could
> grow proper security checks in other places as well, in places where
> we have some sort of object observation event anyway.
Right, that requires callbacks and more stuff to do object based
observation and ties a trace point into a place where it might not
make sense after a while, but the security decision wants to stay at
that place. The syscall example is so tempting because it's simplistic
and easy to solve, but every extension to that model is going to
create a nightmare.
You are duct taping stuff together which has totally different
semantics and requirements. And your only argument is reuse of
existing code. That's a good argument in principle, but there is a
fundamental difference between intelligent reuse and enforcing it just
for reuse sake.
> So this is opens up possibilities to reuse and unify code on a very
> broad basis.
By making a total mess out of it?
> So yes, over-integration is obviously wrong - but so is needless
> fragmentation.
Right. And this falls into the category of over-integration. We have
people working on security and they are working on stacked security
models, so where is the justification to start another security
framework inside the instrumentation code which is completely non
interoperable with the existing ones?
> If anything then that should tell you something that events and
> seccomp are not just casually related ...
They happen to have the hook at the same point in the source and for
pure coincidence it works because the problem to solve is extremly
simplistic. And that's why the diffstat is minimalistic, but that does
not prove anything.
Thanks,
tglx
next prev parent reply other threads:[~2011-05-25 17:49 UTC|newest]
Thread overview: 406+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-04-28 3:08 [PATCH 2/7] tracing: split out syscall_trace_enter construction Will Drewry
2011-04-28 3:08 ` [PATCH 3/7] seccomp_filter: Enable ftrace-based system call filtering Will Drewry
2011-04-28 13:50 ` Steven Rostedt
2011-04-28 15:30 ` Will Drewry
2011-04-28 16:20 ` Serge E. Hallyn
2011-04-28 16:56 ` Steven Rostedt
2011-04-28 18:02 ` Will Drewry
2011-04-28 14:29 ` Frederic Weisbecker
2011-04-28 15:15 ` Will Drewry
2011-04-28 15:57 ` Frederic Weisbecker
2011-04-28 16:05 ` Will Drewry
2011-04-28 15:12 ` Frederic Weisbecker
2011-04-28 15:20 ` Frederic Weisbecker
2011-04-28 15:29 ` Will Drewry
2011-04-28 16:13 ` Frederic Weisbecker
2011-04-28 16:48 ` Will Drewry
2011-04-28 17:36 ` Frederic Weisbecker
2011-04-28 18:21 ` Will Drewry
2011-04-28 16:28 ` Steven Rostedt
2011-04-28 16:53 ` Will Drewry
2011-04-28 16:55 ` Serge E. Hallyn
2011-04-28 17:16 ` Steven Rostedt
2011-04-28 17:39 ` Serge E. Hallyn
2011-04-28 18:01 ` Will Drewry
2011-04-28 18:21 ` Steven Rostedt
2011-04-28 18:34 ` Will Drewry
2011-04-28 18:54 ` Serge E. Hallyn
2011-04-28 19:07 ` Steven Rostedt
2011-05-12 3:02 ` [PATCH 3/5] v2 seccomp_filters: " Will Drewry
2011-05-12 3:02 ` Will Drewry
2011-05-12 3:02 ` Will Drewry
2011-05-12 7:48 ` Ingo Molnar
2011-05-12 7:48 ` Ingo Molnar
2011-05-12 7:48 ` Ingo Molnar
2011-05-12 9:24 ` Kees Cook
2011-05-12 9:24 ` Kees Cook
2011-05-12 9:24 ` Kees Cook
2011-05-12 10:49 ` Ingo Molnar
2011-05-12 10:49 ` Ingo Molnar
2011-05-12 10:49 ` Ingo Molnar
2011-05-12 11:44 ` James Morris
2011-05-12 11:44 ` James Morris
2011-05-12 11:44 ` James Morris
2011-05-12 13:01 ` Ingo Molnar
2011-05-12 13:01 ` Ingo Molnar
2011-05-12 13:01 ` Ingo Molnar
2011-05-12 16:26 ` Will Drewry
2011-05-12 16:26 ` Will Drewry
2011-05-12 16:26 ` Will Drewry
2011-05-16 12:55 ` Ingo Molnar
2011-05-16 12:55 ` Ingo Molnar
2011-05-16 12:55 ` Ingo Molnar
2011-05-16 14:42 ` Will Drewry
2011-05-16 14:42 ` Will Drewry
2011-05-16 14:42 ` Will Drewry
2011-05-13 0:18 ` James Morris
2011-05-13 0:18 ` James Morris
2011-05-13 0:18 ` James Morris
2011-05-13 12:10 ` Ingo Molnar
2011-05-13 12:10 ` Ingo Molnar
2011-05-13 12:10 ` Ingo Molnar
2011-05-13 12:19 ` Peter Zijlstra
2011-05-13 12:19 ` Peter Zijlstra
2011-05-13 12:19 ` Peter Zijlstra
2011-05-13 12:26 ` Ingo Molnar
2011-05-13 12:26 ` Ingo Molnar
2011-05-13 12:26 ` Ingo Molnar
2011-05-13 12:39 ` Peter Zijlstra
2011-05-13 12:39 ` Peter Zijlstra
2011-05-13 12:39 ` Peter Zijlstra
2011-05-13 12:43 ` Peter Zijlstra
2011-05-13 12:43 ` Peter Zijlstra
2011-05-13 12:43 ` Peter Zijlstra
2011-05-13 12:54 ` Ingo Molnar
2011-05-13 12:54 ` Ingo Molnar
2011-05-13 12:54 ` Ingo Molnar
2011-05-13 13:08 ` Peter Zijlstra
2011-05-13 13:08 ` Peter Zijlstra
2011-05-13 13:08 ` Peter Zijlstra
2011-05-13 13:18 ` Ingo Molnar
2011-05-13 13:18 ` Ingo Molnar
2011-05-13 13:18 ` Ingo Molnar
2011-05-13 13:55 ` Peter Zijlstra
2011-05-13 13:55 ` Peter Zijlstra
2011-05-13 13:55 ` Peter Zijlstra
2011-05-13 14:57 ` Ingo Molnar
2011-05-13 14:57 ` Ingo Molnar
2011-05-13 14:57 ` Ingo Molnar
2011-05-13 15:27 ` Peter Zijlstra
2011-05-13 15:27 ` Peter Zijlstra
2011-05-13 15:27 ` Peter Zijlstra
2011-05-14 7:05 ` Ingo Molnar
2011-05-14 7:05 ` Ingo Molnar
2011-05-14 7:05 ` Ingo Molnar
2011-05-16 16:23 ` Steven Rostedt
2011-05-16 16:23 ` Steven Rostedt
2011-05-16 16:23 ` Steven Rostedt
2011-05-16 16:52 ` Ingo Molnar
2011-05-16 16:52 ` Ingo Molnar
2011-05-16 16:52 ` Ingo Molnar
2011-05-16 17:03 ` Steven Rostedt
2011-05-16 17:03 ` Steven Rostedt
2011-05-16 17:03 ` Steven Rostedt
2011-05-17 12:42 ` Ingo Molnar
2011-05-17 12:42 ` Ingo Molnar
2011-05-17 12:42 ` Ingo Molnar
2011-05-17 13:05 ` Steven Rostedt
2011-05-17 13:05 ` Steven Rostedt
2011-05-17 13:05 ` Steven Rostedt
2011-05-17 13:19 ` Ingo Molnar
2011-05-17 13:19 ` Ingo Molnar
2011-05-17 13:19 ` Ingo Molnar
2011-05-19 4:07 ` Will Drewry
2011-05-19 4:07 ` Will Drewry
2011-05-19 4:07 ` Will Drewry
2011-05-19 12:22 ` Steven Rostedt
2011-05-19 12:22 ` Steven Rostedt
2011-05-19 12:22 ` Steven Rostedt
2011-05-19 21:05 ` Will Drewry
2011-05-19 21:05 ` Will Drewry
2011-05-19 21:05 ` Will Drewry
2011-05-24 15:59 ` Will Drewry
2011-05-24 15:59 ` Will Drewry
2011-05-24 15:59 ` Will Drewry
2011-05-24 16:20 ` Peter Zijlstra
2011-05-24 16:20 ` Peter Zijlstra
2011-05-24 16:20 ` Peter Zijlstra
2011-05-24 16:25 ` Thomas Gleixner
2011-05-24 16:25 ` Thomas Gleixner
2011-05-24 16:25 ` Thomas Gleixner
2011-05-24 19:00 ` Will Drewry
2011-05-24 19:00 ` Will Drewry
2011-05-24 19:00 ` Will Drewry
2011-05-24 19:54 ` Ingo Molnar
2011-05-24 19:54 ` Ingo Molnar
2011-05-24 19:54 ` Ingo Molnar
2011-05-24 20:10 ` Ingo Molnar
2011-05-24 20:10 ` Ingo Molnar
2011-05-24 20:10 ` Ingo Molnar
2011-05-25 10:35 ` Thomas Gleixner
2011-05-25 10:35 ` Thomas Gleixner
2011-05-25 10:35 ` Thomas Gleixner
2011-05-25 15:01 ` Ingo Molnar
2011-05-25 15:01 ` Ingo Molnar
2011-05-25 15:01 ` Ingo Molnar
2011-05-25 17:43 ` Peter Zijlstra
2011-05-25 17:43 ` Peter Zijlstra
2011-05-25 17:43 ` Peter Zijlstra
2011-05-29 20:17 ` Ingo Molnar
2011-05-29 20:17 ` Ingo Molnar
2011-05-29 20:17 ` Ingo Molnar
2011-05-25 17:48 ` Thomas Gleixner [this message]
2011-05-25 17:48 ` Thomas Gleixner
2011-05-25 17:48 ` Thomas Gleixner
2011-05-25 18:01 ` Kees Cook
2011-05-25 18:42 ` Linus Torvalds
2011-05-25 19:06 ` Ingo Molnar
2011-05-25 19:54 ` Will Drewry
2011-05-25 19:11 ` Kees Cook
2011-05-25 20:01 ` Linus Torvalds
2011-05-25 20:19 ` Ingo Molnar
2011-06-09 9:00 ` Sven Anders
2011-05-26 14:37 ` Colin Walters
2011-05-26 15:03 ` Linus Torvalds
2011-05-26 15:28 ` Colin Walters
2011-05-26 16:33 ` Will Drewry
2011-05-26 16:46 ` Linus Torvalds
2011-05-26 17:02 ` Will Drewry
2011-05-26 17:04 ` Will Drewry
2011-05-26 17:17 ` Linus Torvalds
2011-05-26 17:38 ` Will Drewry
2011-05-26 18:33 ` Linus Torvalds
2011-05-26 18:47 ` Ingo Molnar
2011-05-26 19:05 ` david
2011-05-26 19:09 ` Eric Paris
2011-05-26 19:46 ` Ingo Molnar
2011-05-26 19:49 ` david
2011-05-26 18:49 ` Will Drewry
2011-06-01 3:10 ` [PATCH v3 01/13] tracing: split out filter initialization and clean up Will Drewry
2011-06-01 3:10 ` [PATCH v3 02/13] tracing: split out syscall_trace_enter construction Will Drewry
2011-06-01 7:00 ` Ingo Molnar
2011-06-01 17:15 ` Will Drewry
2011-06-02 14:29 ` Ingo Molnar
2011-06-02 15:18 ` Will Drewry
2011-06-01 3:10 ` [PATCH v3 03/13] seccomp_filters: new mode with configurable syscall filters Will Drewry
2011-06-02 17:36 ` Paul E. McKenney
2011-06-02 18:14 ` Will Drewry
2011-06-02 19:42 ` Paul E. McKenney
2011-06-02 20:28 ` Will Drewry
2011-06-02 20:46 ` Steven Rostedt
2011-06-02 21:12 ` Paul E. McKenney
2011-06-01 3:10 ` [PATCH v3 04/13] seccomp_filter: add process state reporting Will Drewry
2011-06-01 3:10 ` [PATCH v3 05/13] seccomp_filter: Document what seccomp_filter is and how it works Will Drewry
2011-06-01 21:23 ` Kees Cook
2011-06-01 23:03 ` Will Drewry
2011-06-01 3:10 ` [PATCH v3 06/13] x86: add HAVE_SECCOMP_FILTER and seccomp_execve Will Drewry
2011-06-01 3:10 ` [PATCH v3 07/13] arm: select HAVE_SECCOMP_FILTER Will Drewry
2011-06-01 3:10 ` Will Drewry
2011-06-01 3:10 ` [PATCH v3 08/13] microblaze: select HAVE_SECCOMP_FILTER and provide seccomp_execve Will Drewry
2011-06-01 5:37 ` Michal Simek
2011-06-01 3:10 ` [PATCH v3 09/13] mips: " Will Drewry
2011-06-01 3:10 ` [PATCH v3 10/13] s390: " Will Drewry
2011-06-01 3:10 ` [PATCH v3 11/13] powerpc: " Will Drewry
2011-06-01 3:10 ` Will Drewry
2011-06-01 3:10 ` [PATCH v3 12/13] sparc: " Will Drewry
2011-06-01 3:10 ` Will Drewry
2011-06-01 3:35 ` [PATCH v3 12/13] sparc: select HAVE_SECCOMP_FILTER and provide David Miller
2011-06-01 3:35 ` [PATCH v3 12/13] sparc: select HAVE_SECCOMP_FILTER and provide seccomp_execve David Miller
2011-06-01 3:10 ` [PATCH v3 13/13] sh: select HAVE_SECCOMP_FILTER Will Drewry
2011-06-01 3:10 ` Will Drewry
2011-06-02 5:27 ` Paul Mundt
2011-06-02 5:27 ` Paul Mundt
2011-05-26 17:38 ` [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering Valdis.Kletnieks
2011-05-26 18:08 ` Will Drewry
2011-05-26 18:22 ` Valdis.Kletnieks
2011-05-26 17:07 ` Steven Rostedt
2011-05-26 18:43 ` Casey Schaufler
2011-05-26 18:54 ` Steven Rostedt
2011-05-26 18:34 ` david
2011-05-26 18:54 ` Ingo Molnar
2011-05-26 1:19 ` James Morris
2011-05-26 6:08 ` Avi Kivity
2011-05-26 8:24 ` Ingo Molnar
2011-05-26 8:35 ` Pekka Enberg
2011-05-26 8:49 ` Avi Kivity
2011-05-26 8:57 ` Pekka Enberg
[not found] ` <20110526085939.GG29458@redhat.com>
2011-05-26 10:38 ` Ingo Molnar
2011-05-26 10:46 ` Avi Kivity
2011-05-26 10:46 ` Gleb Natapov
2011-05-26 11:11 ` Ingo Molnar
2011-05-26 9:30 ` Ingo Molnar
2011-05-26 9:48 ` Ingo Molnar
2011-05-26 11:02 ` Avi Kivity
2011-05-26 11:16 ` Ingo Molnar
2011-05-26 10:56 ` Avi Kivity
2011-05-26 11:38 ` Ingo Molnar
2011-05-26 18:06 ` Avi Kivity
2011-05-26 18:15 ` Ingo Molnar
2011-05-26 18:20 ` Avi Kivity
2011-05-26 18:36 ` Ingo Molnar
2011-05-26 18:43 ` Valdis.Kletnieks
2011-05-26 18:50 ` Ingo Molnar
2011-05-26 18:22 ` Peter Zijlstra
2011-05-26 18:38 ` Ingo Molnar
2011-05-27 0:12 ` James Morris
2011-05-29 16:51 ` Aneesh Kumar K.V
2011-05-29 17:02 ` Linus Torvalds
2011-05-29 18:23 ` Al Viro
2011-05-26 8:43 ` Ingo Molnar
2011-05-26 8:43 ` Ingo Molnar
2011-05-26 8:43 ` Ingo Molnar
2011-05-26 9:15 ` Ingo Molnar
2011-05-26 9:15 ` Ingo Molnar
2011-05-26 9:15 ` Ingo Molnar
2011-05-24 20:08 ` Ingo Molnar
2011-05-24 20:08 ` Ingo Molnar
2011-05-24 20:08 ` Ingo Molnar
2011-05-24 20:14 ` Steven Rostedt
2011-05-24 20:14 ` Steven Rostedt
2011-05-24 20:14 ` Steven Rostedt
2011-05-24 20:25 ` Kees Cook
2011-05-25 19:09 ` Ingo Molnar
2011-05-25 16:40 ` Will Drewry
2011-05-13 15:17 ` Eric Paris
2011-05-13 15:17 ` Eric Paris
2011-05-13 15:17 ` Eric Paris
2011-05-13 15:29 ` [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system callfiltering David Laight
2011-05-13 15:29 ` David Laight
2011-05-13 15:29 ` David Laight
2011-05-13 15:29 ` David Laight
2011-05-16 12:03 ` Ingo Molnar
2011-05-16 12:03 ` Ingo Molnar
2011-05-16 12:03 ` Ingo Molnar
2011-05-13 12:49 ` [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering Ingo Molnar
2011-05-13 12:49 ` Ingo Molnar
2011-05-13 12:49 ` Ingo Molnar
2011-05-13 13:55 ` Peter Zijlstra
2011-05-13 13:55 ` Peter Zijlstra
2011-05-13 13:55 ` Peter Zijlstra
2011-05-13 15:02 ` Ingo Molnar
2011-05-13 15:02 ` Ingo Molnar
2011-05-13 15:02 ` Ingo Molnar
2011-05-13 15:10 ` Eric Paris
2011-05-13 15:10 ` Eric Paris
2011-05-13 15:10 ` Eric Paris
2011-05-13 15:23 ` Peter Zijlstra
2011-05-13 15:23 ` Peter Zijlstra
2011-05-13 15:23 ` Peter Zijlstra
2011-05-13 15:55 ` Eric Paris
2011-05-13 15:55 ` Eric Paris
2011-05-13 15:55 ` Eric Paris
2011-05-13 16:29 ` Will Drewry
2011-05-13 16:29 ` Will Drewry
2011-05-13 16:29 ` Will Drewry
2011-05-14 7:30 ` Ingo Molnar
2011-05-14 7:30 ` Ingo Molnar
2011-05-14 7:30 ` Ingo Molnar
2011-05-14 20:57 ` Will Drewry
2011-05-14 20:57 ` Will Drewry
2011-05-14 20:57 ` Will Drewry
2011-05-14 20:57 ` Will Drewry
2011-05-16 12:43 ` Ingo Molnar
2011-05-16 12:43 ` Ingo Molnar
2011-05-16 12:43 ` Ingo Molnar
2011-05-16 15:29 ` Will Drewry
2011-05-16 15:29 ` Will Drewry
2011-05-16 15:29 ` Will Drewry
2011-05-17 12:57 ` Ingo Molnar
2011-05-17 12:57 ` Ingo Molnar
2011-05-17 12:57 ` Ingo Molnar
2011-05-16 0:36 ` James Morris
2011-05-16 0:36 ` James Morris
2011-05-16 0:36 ` James Morris
2011-05-16 15:08 ` Ingo Molnar
2011-05-16 15:08 ` Ingo Molnar
2011-05-16 15:08 ` Ingo Molnar
2011-05-17 2:24 ` James Morris
2011-05-17 2:24 ` James Morris
2011-05-17 2:24 ` James Morris
2011-05-17 13:10 ` Ingo Molnar
2011-05-17 13:10 ` Ingo Molnar
2011-05-17 13:10 ` Ingo Molnar
2011-05-17 13:29 ` James Morris
2011-05-17 13:29 ` James Morris
2011-05-17 13:29 ` James Morris
2011-05-17 13:29 ` James Morris
2011-05-17 18:34 ` Ingo Molnar
2011-05-17 18:34 ` Ingo Molnar
2011-05-17 18:34 ` Ingo Molnar
2011-05-26 6:27 ` Pavel Machek
2011-05-26 6:27 ` Pavel Machek
2011-05-26 6:27 ` Pavel Machek
2011-05-26 8:35 ` Ingo Molnar
2011-05-26 8:35 ` Ingo Molnar
2011-05-26 8:35 ` Ingo Molnar
2011-05-12 12:15 ` Frederic Weisbecker
2011-05-12 12:15 ` Frederic Weisbecker
2011-05-12 12:15 ` Frederic Weisbecker
2011-05-12 11:33 ` James Morris
2011-05-12 11:33 ` James Morris
2011-05-12 11:33 ` James Morris
2011-05-13 19:35 ` Arnd Bergmann
2011-05-13 19:35 ` Arnd Bergmann
2011-05-13 19:35 ` Arnd Bergmann
2011-05-14 20:58 ` Will Drewry
2011-05-14 20:58 ` Will Drewry
2011-05-14 20:58 ` Will Drewry
2011-05-15 6:42 ` Arnd Bergmann
2011-05-15 6:42 ` Arnd Bergmann
2011-05-15 6:42 ` Arnd Bergmann
2011-05-16 12:00 ` Ingo Molnar
2011-05-16 12:00 ` Ingo Molnar
2011-05-16 12:00 ` Ingo Molnar
2011-05-16 15:26 ` Steven Rostedt
2011-05-16 15:26 ` Steven Rostedt
2011-05-16 15:26 ` Steven Rostedt
2011-05-16 15:28 ` Will Drewry
2011-05-16 15:28 ` Will Drewry
2011-05-16 15:28 ` Will Drewry
2011-04-28 19:06 ` [PATCH 3/7] seccomp_filter: " Steven Rostedt
2011-04-28 18:51 ` Serge E. Hallyn
2011-05-03 8:39 ` Avi Kivity
2011-04-28 3:08 ` [PATCH 4/7] seccomp_filter: add process state reporting Will Drewry
2011-04-28 3:21 ` KOSAKI Motohiro
2011-04-28 3:24 ` Will Drewry
2011-04-28 3:40 ` Al Viro
2011-04-28 3:43 ` Will Drewry
2011-04-28 22:54 ` James Morris
2011-05-02 10:08 ` Will Drewry
2011-05-12 3:04 ` [PATCH 4/5] v2 " Will Drewry
2011-04-28 3:08 ` [PATCH 5/7] seccomp_filter: Document what seccomp_filter is and how it works Will Drewry
2011-04-28 7:06 ` Ingo Molnar
2011-04-28 14:56 ` Eric Paris
2011-04-28 18:37 ` Will Drewry
2011-04-29 13:18 ` Frederic Weisbecker
2011-04-29 16:13 ` Will Drewry
2011-05-03 1:29 ` Frederic Weisbecker
2011-05-03 1:47 ` Frederic Weisbecker
2011-05-04 9:15 ` Will Drewry
2011-05-04 9:29 ` Will Drewry
2011-05-04 17:52 ` Frederic Weisbecker
2011-05-04 18:23 ` Steven Rostedt
2011-05-04 18:30 ` Frederic Weisbecker
2011-05-04 18:46 ` Steven Rostedt
2011-05-05 9:21 ` Will Drewry
2011-05-05 13:14 ` Serge E. Hallyn
2011-05-12 3:20 ` Will Drewry
2011-05-06 11:53 ` Steven Rostedt
2011-05-06 13:35 ` Eric Paris
2011-05-07 1:58 ` Will Drewry
2011-05-12 3:04 ` [PATCH 5/5] v2 " Will Drewry
2011-05-06 16:30 ` [PATCH 5/7] " Eric Paris
2011-05-07 2:11 ` Will Drewry
2011-05-04 12:16 ` Steven Rostedt
2011-05-04 15:54 ` Eric Paris
2011-05-04 16:06 ` Steven Rostedt
2011-05-04 16:22 ` Eric Paris
2011-05-04 16:39 ` Steven Rostedt
2011-05-04 18:02 ` Eric Paris
2011-05-04 17:03 ` Frederic Weisbecker
2011-05-04 17:55 ` Eric Paris
2011-04-28 17:43 ` Serge E. Hallyn
2011-04-28 15:46 ` Randy Dunlap
2011-04-28 18:23 ` Will Drewry
2011-04-28 3:08 ` [PATCH 6/7] include/linux/syscalls.h: add __ layer of macros with return types Will Drewry
2011-04-28 3:08 ` [PATCH 7/7] arch/x86: hook int returning system calls Will Drewry
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.LFD.2.02.1105251836030.3078@ionos \
--to=tglx@linutronix.de \
--cc=agl@chromium.org \
--cc=akpm@linux-foundation.org \
--cc=benh@kernel.crashing.org \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=eparis@redhat.com \
--cc=fweisbec@gmail.com \
--cc=heiko.carstens@de.ibm.com \
--cc=hpa@zytor.com \
--cc=jmorris@namei.org \
--cc=jslaby@suse.cz \
--cc=kees.cook@canonical.com \
--cc=lethal@linux-sh.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mips@linux-mips.org \
--cc=linux-s390@vger.kernel.org \
--cc=linux-sh@vger.kernel.org \
--cc=linux390@de.ibm.com \
--cc=linux@arm.linux.org.uk \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mingo@elte.hu \
--cc=mingo@redhat.com \
--cc=mmarek@suse.cz \
--cc=monstr@monstr.eu \
--cc=oleg@redhat.com \
--cc=paulus@samba.org \
--cc=peterz@infradead.org \
--cc=ralf@linux-mips.org \
--cc=rostedt@goodmis.org \
--cc=schwidefsky@de.ibm.com \
--cc=serge@hallyn.com \
--cc=sparclinux@vger.kernel.org \
--cc=tj@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=wad@chromium.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.