From: Kees Cook <keescook@chromium.org>
To: linux-kernel@vger.kernel.org
Cc: Kees Cook <keescook@chromium.org>,
Andy Lutomirski <luto@amacapital.net>,
Oleg Nesterov <oleg@redhat.com>, Will Drewry <wad@chromium.org>,
Julien Tinnes <jln@chromium.org>,
David Drysdale <drysdale@google.com>,
Alexei Starovoitov <ast@plumgrid.com>,
John Johansen <john.johansen@canonical.com>,
Russell King <linux@arm.linux.org.uk>,
Ralf Baechle <ralf@linux-mips.org>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Peter Zijlstra <peterz@infradead.org>,
Arnd Bergmann <arnd@arndb.de>,
James Morris <james.l.morris@oracle.com>,
Andrew Morton <akpm@linux-foundation.org>,
Frederic Weisbecker <fweisbec@gmail.com>,
"David A. Long" <dave.long@lina>
Subject: [PATCH v6 0/9] seccomp: add thread sync ability
Date: Tue, 10 Jun 2014 16:01:45 -0700 [thread overview]
Message-ID: <1402441314-7447-1-git-send-email-keescook@chromium.org> (raw)
This adds the ability for threads to request seccomp filter
synchronization across their thread group (at filter attach time).
For example, for Chrome to make sure graphic driver threads are fully
confined after seccomp filters have been attached.
To support this, locking on seccomp changes is introduced, along with
refactoring of no_new_privs. Races with thread creation/death are handled
via tasklist_lock.
This includes a new syscall (instead of adding a new prctl option),
as suggested by Andy Lutomirski and Michael Kerrisk.
Thanks!
-Kees
v6:
- switch from seccomp-specific lock to thread-group lock to gain atomicity
- implement seccomp syscall across all architectures with seccomp filter
- clean up sparse warnings around locking
v5:
- move includes around (drysdale)
- drop set_nnp return value (luto)
- use smp_load_acquire/store_release (luto)
- merge nnp changes to seccomp always, fewer ifdef (luto)
v4:
- cleaned up locking further, as noticed by David Drysdale
v3:
- added SECCOMP_EXT_ACT_FILTER for new filter install options
v2:
- reworked to avoid clone races
next reply other threads:[~2014-06-10 23:01 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-10 23:01 Kees Cook [this message]
2014-06-10 23:01 ` [PATCH v6 1/9] seccomp: create internal mode-setting function Kees Cook
2014-06-10 23:01 ` [PATCH v6 2/9] seccomp: split filter prep from check and apply Kees Cook
2014-06-10 23:01 ` [PATCH v6 3/9] seccomp: introduce writer locking Kees Cook
2014-06-10 23:01 ` [PATCH v6 4/9] seccomp: move no_new_privs into seccomp Kees Cook
2014-06-10 23:01 ` [PATCH v6 5/9] seccomp: split mode set routines Kees Cook
2014-06-10 23:01 ` [PATCH v6 6/9] seccomp: add "seccomp" syscall Kees Cook
2014-06-10 23:01 ` [PATCH v6 7/9] seccomp: implement SECCOMP_FILTER_FLAG_TSYNC Kees Cook
2014-06-10 23:01 ` [PATCH v6 8/9] ARM: add seccomp syscall Kees Cook
2014-06-10 23:01 ` [PATCH v6 9/9] MIPS: " Kees Cook
-- strict thread matches above, loose matches on Subject: below --
2014-06-11 3:25 [PATCH v6 0/9] seccomp: add thread sync ability Kees Cook
2014-06-11 3:25 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1402441314-7447-1-git-send-email-keescook@chromium.org \
--to=keescook@chromium.org \
--cc=akpm@linux-foundation.org \
--cc=arnd@arndb.de \
--cc=ast@plumgrid.com \
--cc=dave.long@lina \
--cc=drysdale@google.com \
--cc=fweisbec@gmail.com \
--cc=hpa@zytor.com \
--cc=james.l.morris@oracle.com \
--cc=jln@chromium.org \
--cc=john.johansen@canonical.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@arm.linux.org.uk \
--cc=luto@amacapital.net \
--cc=mingo@redhat.com \
--cc=oleg@redhat.com \
--cc=peterz@infradead.org \
--cc=ralf@linux-mips.org \
--cc=tglx@linutronix.de \
--cc=viro@zeniv.linux.org.uk \
--cc=wad@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).