Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp682447imm; Thu, 6 Sep 2018 08:32:05 -0700 (PDT) X-Google-Smtp-Source: ANB0VdbFkokXqXvAkQlGxkEL/7pK9ot3Xyx7E/NqhCfOA20vLNyoAibAcKQajIzDQ4+Wkl6A4oKr X-Received: by 2002:a17:902:7447:: with SMTP id e7-v6mr3259372plt.186.1536247925689; Thu, 06 Sep 2018 08:32:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536247925; cv=none; d=google.com; s=arc-20160816; b=LRivIdvIAp9pIAPL1kxQK+P4YevPdN7kZjoq8d0ibgfCL7XYh8mecODU1s7p9LzghH QIkTaa3W1h3XVRogjnRHA7OEOWeWf8bG0LY2YkxHkJlvS0vmdOe4y5two3Th1uJo+5mw rau+N1d5hIiV0KkGJckeIGOSUcD7Z78+uzbry+68lRKmrEz7TitWS3o8144Bs60YZV2S Q3srdKTZFQQG4RzfHeRmCKl5jEZz/AMG52FswlsfqaWkhRSPmGPhnTVxwNZ+hIOuEX4Q eiD4P4VoK01PgshY3X2uG6Z7KSIXBGabSWbIj6NXz/V4+VYEj/NEoQGKms5EQ+E3e9y7 Q6RQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature; bh=+K6Qz8aW96F6EY8yEoynuNIfebVsJabLKEt2J4ZZskM=; b=BWx37YWyXXm7bXAxBSFSNexBvbhLq+YZYj7kjK/m1C/Ui9b4U8u7vHGxaXxMS4nKvU fIXr0vVq6dp9u0vGt/8h5TToLBANV1GW2ySJivLEXdsddrCku32/m5R0/0IkRwUAaHn9 B0iDW1Hd+QuybK59/hobq2K0i605le/Thgmcs7q5yEr9FTqYPngisJCdvzwe5ckbji58 rGJfKtnU3a9NQANCLBC3OrM4ZwVJJ3TTZ551IgWKm7E0qONyzNKtzDoboFUQdjU/YdkN reesjICBDEBAhqwKsGDsVDEcUbD659E67PURYOEQRpKsI+oweEG4g5iXkKmF67PN3Ykf XwIw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@tycho-ws.20150623.gappssmtp.com header.s=20150623 header.b=NUvggGrc; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g2-v6si5699934pgg.83.2018.09.06.08.31.50; Thu, 06 Sep 2018 08:32:05 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@tycho-ws.20150623.gappssmtp.com header.s=20150623 header.b=NUvggGrc; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730287AbeIFUFh (ORCPT + 99 others); Thu, 6 Sep 2018 16:05:37 -0400 Received: from mail-qt0-f193.google.com ([209.85.216.193]:42710 "EHLO mail-qt0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729991AbeIFUFg (ORCPT ); Thu, 6 Sep 2018 16:05:36 -0400 Received: by mail-qt0-f193.google.com with SMTP id z8-v6so12708514qto.9 for ; Thu, 06 Sep 2018 08:29:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tycho-ws.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id; bh=+K6Qz8aW96F6EY8yEoynuNIfebVsJabLKEt2J4ZZskM=; b=NUvggGrcxvh9COX3MkXHhrS+AEZw9BYX91Qws6+60lT/jBil1itK2OQzDhps+5jUBv 36sodK/ehD/kAwyCcWCBvpCpTNoNmAj74eeP/EjT7LDWrKhsVJQVvIUNbQfSIrQtk/dS zz/YRPKL81dJAJVEuWp1Ss+VquekrdIRtEKIAgnPTFuz/vAlzUdk8vcm1+Tb40+5yG8O 0AS9ldFB//yol4wAI4aizTXSr6mUM/ApObcU8pNY+mFYMxnAJqnwORJfRDEu5PQ7+jPB shsXQiDajBoCbQ17KSLFIDR/VCAvOwJx7TbaU16KMwLOcYIRs0oBRqbR9GqApOiOe5tq pVFQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=+K6Qz8aW96F6EY8yEoynuNIfebVsJabLKEt2J4ZZskM=; b=XLeI2DNyXxXdV7din6hhqlS+hB2tYVpt1CjAbM7zPcaxAm9HRziNSpXM9/WNAePWDM Kddq27N+GxqoUF5fNIps3pSepvFn3dK/n0rSzBHCtFfzgrfoP9wOgSyBc8WmuJR0Kciv Lea3t2hQH2T4FMHk21OucptGP3TH0+jK9ZM+kWZgr+4+wcuz9ydOLzyASFBC/0UZds+z DlWQG84tlV/l/xAyhmsqlVKUfmkH5VEoYH1kK8NeicUXVcOEEpu/VedQBI6hPvsai/mc NiC493/tSmiGCQ25kfDieeBAolKbHw0wz08h+6w7wWugVYXafbTJ8qPksvsrSJs2zdxH BDdw== X-Gm-Message-State: APzg51Ck9KihNdvBlJNeNgXDuV6gw+cjM22B4MuWsaDa/3/y+/SvwRR7 5/kqid6yxO4JpYmDZwAjtdxfHw== X-Received: by 2002:ac8:22ac:: with SMTP id f41-v6mr2539451qta.197.1536247773782; Thu, 06 Sep 2018 08:29:33 -0700 (PDT) Received: from localhost.localdomain ([173.38.117.76]) by smtp.gmail.com with ESMTPSA id n8-v6sm3254507qtk.38.2018.09.06.08.29.31 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 06 Sep 2018 08:29:32 -0700 (PDT) From: Tycho Andersen To: Kees Cook Cc: linux-kernel@vger.kernel.org, containers@lists.linux-foundation.org, linux-api@vger.kernel.org, Andy Lutomirski , Oleg Nesterov , "Eric W . Biederman" , "Serge E . Hallyn" , Christian Brauner , Tyler Hicks , Akihiro Suda , Jann Horn , Tycho Andersen Subject: [PATCH v6 0/5] seccomp trap to userspace Date: Thu, 6 Sep 2018 09:28:54 -0600 Message-Id: <20180906152859.7810-1-tycho@tycho.ws> X-Mailer: git-send-email 2.17.1 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi all, Here's a v6 of the seccomp trap to userspace series. v5 [1] was fairly quiet, with Christian reminding me that I had forgotten to update the docs for the ioctl change. Other than that, there are no changes. [1]: https://lkml.org/lkml/2018/8/28/590 Thoughts welcome, Tycho Tycho Andersen (5): seccomp: add a return code to trap to userspace seccomp: make get_nth_filter available outside of CHECKPOINT_RESTORE seccomp: add a way to get a listener fd from ptrace seccomp: add support for passing fds via USER_NOTIF samples: add an example of seccomp user trap Documentation/ioctl/ioctl-number.txt | 1 + .../userspace-api/seccomp_filter.rst | 84 +++ arch/Kconfig | 9 + include/linux/seccomp.h | 18 +- include/uapi/linux/ptrace.h | 2 + include/uapi/linux/seccomp.h | 36 +- kernel/ptrace.c | 4 + kernel/seccomp.c | 538 +++++++++++++++- samples/seccomp/.gitignore | 1 + samples/seccomp/Makefile | 7 +- samples/seccomp/user-trap.c | 312 ++++++++++ tools/testing/selftests/seccomp/seccomp_bpf.c | 587 +++++++++++++++++- 12 files changed, 1586 insertions(+), 13 deletions(-) create mode 100644 samples/seccomp/user-trap.c -- 2.17.1