From: Florian Weimer <fweimer@redhat.com>
To: Michael Sammler <msammler@mpi-sws.org>
Cc: Will Drewry <wad@chromium.org>, Kees Cook <keescook@chromium.org>,
linux-api@vger.kernel.org, Ram Pai <linuxram@us.ibm.com>,
Andy Lutomirski <luto@amacapital.net>,
linuxppc-dev@lists.ozlabs.org
Subject: Re: [PATCH] seccomp: Add pkru into seccomp_data
Date: Wed, 24 Oct 2018 20:06:59 +0200 [thread overview]
Message-ID: <87zhv3nrr0.fsf@oldenburg.str.redhat.com> (raw)
In-Reply-To: <20181024153523.10974-1-msammler@mpi-sws.org> (Michael Sammler's message of "Wed, 24 Oct 2018 17:35:23 +0200")
* Michael Sammler:
> Add the current value of the PKRU register to data available for
> seccomp-bpf programs to work on. This allows filters based on the
> currently enabled protection keys.
> diff --git a/include/uapi/linux/seccomp.h b/include/uapi/linux/seccomp.h
> index 9efc0e73..e8b9ecfc 100644
> --- a/include/uapi/linux/seccomp.h
> +++ b/include/uapi/linux/seccomp.h
> @@ -52,12 +52,16 @@
> * @instruction_pointer: at the time of the system call.
> * @args: up to 6 system call arguments always stored as 64-bit values
> * regardless of the architecture.
> + * @pkru: value of the pkru register
> + * @reserved: pad the structure to a multiple of eight bytes
> */
> struct seccomp_data {
> int nr;
> __u32 arch;
> __u64 instruction_pointer;
> __u64 args[6];
> + __u32 pkru;
> + __u32 reserved;
> };
This doesn't cover the POWER implementation. Adding Cc:s.
And I think the kernel shouldn't expose the number of protection keys in
the ABI.
Thanks,
Florian
next parent reply other threads:[~2018-10-24 18:08 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20181024153523.10974-1-msammler@mpi-sws.org>
2018-10-24 18:06 ` Florian Weimer [this message]
2018-10-25 8:39 ` [PATCH] seccomp: Add pkru into seccomp_data Michael Sammler
2018-10-25 9:12 ` Florian Weimer
2018-10-25 16:42 ` Michael Sammler
2018-10-25 23:00 ` Andy Lutomirski
2018-10-26 0:35 ` Kees Cook
2018-10-26 0:49 ` Andy Lutomirski
2018-10-29 22:01 ` Kees Cook
2018-10-26 5:52 ` Ram Pai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87zhv3nrr0.fsf@oldenburg.str.redhat.com \
--to=fweimer@redhat.com \
--cc=keescook@chromium.org \
--cc=linux-api@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=linuxram@us.ibm.com \
--cc=luto@amacapital.net \
--cc=msammler@mpi-sws.org \
--cc=wad@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox