From: Gabriel Krisman Bertazi <krisman@collabora.com>
To: Kees Cook <keescook@chromium.org>, tglx@linutronix.de
Cc: luto@kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org,
linux-api@vger.kernel.org, willy@infradead.org,
linux-kselftest@vger.kernel.org, shuah@kernel.org,
kernel@collabora.com
Subject: Re: [PATCH v6 1/9] kernel: Support TIF_SYSCALL_INTERCEPT flag
Date: Wed, 23 Sep 2020 16:18:26 -0400 [thread overview]
Message-ID: <874kno6yct.fsf@collabora.com> (raw)
In-Reply-To: <202009221243.6BC5635E@keescook> (Kees Cook's message of "Tue, 22 Sep 2020 12:44:21 -0700")
Kees Cook <keescook@chromium.org> writes:
> On Fri, Sep 04, 2020 at 04:31:39PM -0400, Gabriel Krisman Bertazi wrote:
>> Convert TIF_SECCOMP into a generic TI flag for any syscall interception
>> work being done by the kernel. The actual type of work is exposed by a
>> new flag field outside of thread_info. This ensures that the
>> syscall_intercept field is only accessed if struct seccomp has to be
>> accessed already, such that it doesn't incur in a much higher cost to
>> the seccomp path.
>>
>> In order to avoid modifying every architecture at once, this patch has a
>> transition mechanism, such that architectures that define TIF_SECCOMP
>> continue to work by ignoring the syscall_intercept flag, as long as they
>> don't support other syscall interception mechanisms like the future
>> syscall user dispatch. When migrating TIF_SECCOMP to
>> TIF_SYSCALL_INTERCEPT, they should adopt the semantics of checking the
>> syscall_intercept flag, like it is done in the common entry syscall
>> code, or even better, migrate to the common syscall entry code.
>
> Can we "eat" all the other flags like ptrace, audit, etc, too? Doing
> this only for seccomp seems strange.
Hi Kees, Thanks again for the review.
Yes, we can, and I'm happy to follow up with that as part of my TIF
clean up work, but can we not block the current patchset to be merged
waiting for that, as this already grew a lot from the original feature
submission?
Also, Thomas do you mind this approach to reduce the usage of TIF_
flags? I remember you suggested simply expanding the variable to 64
bits at some point.
Thanks,
--
Gabriel Krisman Bertazi
next prev parent reply other threads:[~2020-09-23 20:18 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-04 20:31 [PATCH v6 0/9] Syscall User Dispatch Gabriel Krisman Bertazi
2020-09-04 20:31 ` [PATCH v6 1/9] kernel: Support TIF_SYSCALL_INTERCEPT flag Gabriel Krisman Bertazi
2020-09-07 10:16 ` Christian Brauner
2020-09-08 4:59 ` Gabriel Krisman Bertazi
2020-09-22 19:42 ` Kees Cook
2020-09-23 20:28 ` Gabriel Krisman Bertazi
2020-09-11 9:32 ` peterz
2020-09-11 20:08 ` Gabriel Krisman Bertazi
2020-09-24 11:24 ` Peter Zijlstra
2020-09-22 19:44 ` Kees Cook
2020-09-23 20:18 ` Gabriel Krisman Bertazi [this message]
2020-09-23 20:49 ` Kees Cook
2020-09-25 8:00 ` Thomas Gleixner
2020-09-25 16:15 ` Gabriel Krisman Bertazi
2020-09-25 20:30 ` Kees Cook
2020-09-04 20:31 ` [PATCH v6 2/9] kernel: entry: Support TIF_SYSCAL_INTERCEPT on common entry code Gabriel Krisman Bertazi
2020-09-07 10:16 ` Christian Brauner
2020-09-11 9:35 ` peterz
2020-09-11 20:11 ` Gabriel Krisman Bertazi
2020-09-04 20:31 ` [PATCH v6 3/9] x86: vdso: Expose sigreturn address on vdso to the kernel Gabriel Krisman Bertazi
2020-09-22 19:40 ` Kees Cook
2020-09-04 20:31 ` [PATCH v6 4/9] signal: Expose SYS_USER_DISPATCH si_code type Gabriel Krisman Bertazi
2020-09-07 10:15 ` Christian Brauner
2020-09-22 19:39 ` Kees Cook
2020-09-04 20:31 ` [PATCH v6 5/9] kernel: Implement selective syscall userspace redirection Gabriel Krisman Bertazi
2020-09-05 11:24 ` Matthew Wilcox
2020-09-11 9:44 ` peterz
2020-09-04 20:31 ` [PATCH v6 6/9] kernel: entry: Support Syscall User Dispatch for common syscall entry Gabriel Krisman Bertazi
2020-09-07 10:15 ` Christian Brauner
2020-09-07 14:15 ` Andy Lutomirski
2020-09-07 14:25 ` Christian Brauner
2020-09-07 20:20 ` Andy Lutomirski
2020-09-11 9:46 ` peterz
2020-09-04 20:31 ` [PATCH v6 7/9] x86: Enable Syscall User Dispatch Gabriel Krisman Bertazi
2020-09-22 19:37 ` Kees Cook
2020-09-23 20:23 ` Gabriel Krisman Bertazi
2020-09-04 20:31 ` [PATCH v6 8/9] selftests: Add kselftest for syscall user dispatch Gabriel Krisman Bertazi
2020-09-22 19:35 ` Kees Cook
2020-09-04 20:31 ` [PATCH v6 9/9] doc: Document Syscall User Dispatch Gabriel Krisman Bertazi
2020-09-22 19:35 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=874kno6yct.fsf@collabora.com \
--to=krisman@collabora.com \
--cc=keescook@chromium.org \
--cc=kernel@collabora.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=luto@kernel.org \
--cc=shuah@kernel.org \
--cc=tglx@linutronix.de \
--cc=willy@infradead.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox