From mboxrd@z Thu Jan 1 00:00:00 1970 From: "H. Peter Anvin" Subject: Re: [PATCH v10 05/11] seccomp: add system call filtering using BPF Date: Tue, 21 Feb 2012 22:32:51 -0800 Message-ID: <4F448C13.1040407@zytor.com> References: <1329845435-2313-1-git-send-email-wad@chromium.org> <1329845435-2313-5-git-send-email-wad@chromium.org> Reply-To: kernel-hardening@lists.openwall.com Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Return-path: List-Post: List-Help: List-Unsubscribe: List-Subscribe: In-Reply-To: <1329845435-2313-5-git-send-email-wad@chromium.org> To: Will Drewry Cc: linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org, linux-doc@vger.kernel.org, kernel-hardening@lists.openwall.com, netdev@vger.kernel.org, x86@kernel.org, arnd@arndb.de, davem@davemloft.net, mingo@redhat.com, oleg@redhat.com, peterz@infradead.org, rdunlap@xenotime.net, mcgrathr@chromium.org, tglx@linutronix.de, luto@mit.edu, eparis@redhat.com, serge.hallyn@canonical.com, djm@mindrot.org, scarybeasts@gmail.com, indan@nul.nu, pmoore@redhat.com, akpm@linux-foundation.org, corbet@lwn.net, eric.dumazet@gmail.com, markus@chromium.org, keescook@chromium.org List-Id: linux-arch.vger.kernel.org On 02/21/2012 09:30 AM, Will Drewry wrote: > + > +/** > + * struct seccomp_data - the format the BPF program executes over. > + * @args: up to 6 system call arguments. When the calling convention is > + * 32-bit, the arguments will still be at each args[X] offset. > + * @instruction_pointer: at the time of the system call. > + * @arch: indicates system call convention as an AUDIT_ARCH_* value > + * as defined in . > + * @nr: the system call number > + */ > +struct seccomp_data { > + __u64 args[6]; > + __u64 instruction_pointer; > + __u32 arch; > + int nr; > +}; > This got flipped around for some reason... that is a problem if we ever need to extend this to more than 6 arguments (I thought we had at least one architecture which supported 7 arguments already, but I could just be delusional.) -hpa -- H. Peter Anvin, Intel Open Source Technology Center I work for Intel. I don't speak on their behalf. From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from terminus.zytor.com ([198.137.202.10]:48569 "EHLO mail.zytor.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751731Ab2BVGeJ (ORCPT ); Wed, 22 Feb 2012 01:34:09 -0500 Message-ID: <4F448C13.1040407@zytor.com> Date: Tue, 21 Feb 2012 22:32:51 -0800 From: "H. Peter Anvin" MIME-Version: 1.0 Subject: Re: [PATCH v10 05/11] seccomp: add system call filtering using BPF References: <1329845435-2313-1-git-send-email-wad@chromium.org> <1329845435-2313-5-git-send-email-wad@chromium.org> In-Reply-To: <1329845435-2313-5-git-send-email-wad@chromium.org> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Sender: linux-arch-owner@vger.kernel.org List-ID: To: Will Drewry Cc: linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org, linux-doc@vger.kernel.org, kernel-hardening@lists.openwall.com, netdev@vger.kernel.org, x86@kernel.org, arnd@arndb.de, davem@davemloft.net, mingo@redhat.com, oleg@redhat.com, peterz@infradead.org, rdunlap@xenotime.net, mcgrathr@chromium.org, tglx@linutronix.de, luto@mit.edu, eparis@redhat.com, serge.hallyn@canonical.com, djm@mindrot.org, scarybeasts@gmail.com, indan@nul.nu, pmoore@redhat.com, akpm@linux-foundation.org, corbet@lwn.net, eric.dumazet@gmail.com, markus@chromium.org, keescook@chromium.org Message-ID: <20120222063251.s02V__2FQmZBSlLaBLzbRYJKol-LH5619P5RYulc4bg@z> On 02/21/2012 09:30 AM, Will Drewry wrote: > + > +/** > + * struct seccomp_data - the format the BPF program executes over. > + * @args: up to 6 system call arguments. When the calling convention is > + * 32-bit, the arguments will still be at each args[X] offset. > + * @instruction_pointer: at the time of the system call. > + * @arch: indicates system call convention as an AUDIT_ARCH_* value > + * as defined in . > + * @nr: the system call number > + */ > +struct seccomp_data { > + __u64 args[6]; > + __u64 instruction_pointer; > + __u32 arch; > + int nr; > +}; > This got flipped around for some reason... that is a problem if we ever need to extend this to more than 6 arguments (I thought we had at least one architecture which supported 7 arguments already, but I could just be delusional.) -hpa -- H. Peter Anvin, Intel Open Source Technology Center I work for Intel. I don't speak on their behalf.