Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp1252318imm; Fri, 28 Sep 2018 14:59:15 -0700 (PDT) X-Google-Smtp-Source: ACcGV61d0Yo4uoeYIQWsLM/Y4DzDvSXV8dR1LTsCu4ekEtRsx4Y4cRKLJwqbUPWWGPTkvnoJzemt X-Received: by 2002:a17:902:d01:: with SMTP id 1-v6mr477813plu.121.1538171955288; Fri, 28 Sep 2018 14:59:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538171955; cv=none; d=google.com; s=arc-20160816; b=lqvueAfs5QVm3bWljr+yHtiZeMtQuoxc1/qp3ce50244X24ArzHoNE9iHBuf4yAbcU 9vrnChiVDXCob4PJYHkE6qcNRzMeFDKwMsR8bGIMXiofecwRTGUg1DVECt7ddSigh2ww C9bFaYPWrv0IOyo6dlQFGrRHNwFvrtGr54vmPwu7qw/JgB8izwVmNq/o5Utim5OW24F0 P+EAVzAaI9lRNEuXMnH5HFezPYb6ty0Xe4oAh7e/kD4uhqvRBX7eJiDmrJl9oOLfnRcX 2ISKzXhewpLJpRlHBxKI+nRnFE9WgCIWiQVXm1oxzXkIW6hPuu7j8JuQLfDtthiAnu6E Kfww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:to:subject:cc:dkim-signature; bh=9cQa7ak+L9r2UqapgK/q5NeEM1JpHTtVvZGL5jeuVyk=; b=gTg9XsqwtRgowb/FpxKlhPzQL/fEVwezMscm9ihx69X0G2rv+XELRFGl3hYb+5V+/z KOH0kUU4R2l5usI603LSazQ5XrD5RQPwpZW62WxwbqQpkCNr1lfc7KBYhluk6eJeeC73 CQOIdfxJ76fuaXAYnD+tvonVHYaT400/b5n9RKo/O0/rol5Lle24GSkGWU3Ll5CiTk2V UUSSx1fTM3vGx4SdDZn6cUhUAEtwmEd0R1DMKd+lE4uVEnABePZMqu6EPtSZr44RQ8np 9XvHVtks/25zZJ5CJIHmvzUZPuRGpJTT6eaX+THldyrLCFSw3x/s7x5swqz7oTwLJqLi fMbQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=AT9DyV1f; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 34-v6si5664747plm.205.2018.09.28.14.59.00; Fri, 28 Sep 2018 14:59:15 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=AT9DyV1f; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727267AbeI2EX1 (ORCPT + 99 others); Sat, 29 Sep 2018 00:23:27 -0400 Received: from mail-wr1-f66.google.com ([209.85.221.66]:43599 "EHLO mail-wr1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726332AbeI2EX0 (ORCPT ); Sat, 29 Sep 2018 00:23:26 -0400 Received: by mail-wr1-f66.google.com with SMTP id z14-v6so7798859wrs.10; Fri, 28 Sep 2018 14:57:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=cc:subject:to:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=9cQa7ak+L9r2UqapgK/q5NeEM1JpHTtVvZGL5jeuVyk=; b=AT9DyV1fcrf6RvzpBRBrs61PoCzcxAm/sXpelf4lDvwzixcMZqzBmVcHfWM2Cjpby/ SgC52554sz3DsSxiq3dXuXXnwcAj8/BWTSA1S3Na0H1EIuvQyNW4hjzaR25AQEcrkxil VzVUFi6PRJI0fBJK7nkDs6ERq6+MzMJb6jpBSklPD9useUUZKvsdJ6RE0pM/CKpo3Mny N2PImM1YqoPVrYzUvcI7ZNnv+31jUNe31V6q93+xp3km3DZKY9of/v6LZcEkMtRYJ3qY R1/vTCB4T6+fcPwC946MUWSscolGT3+ne88D0Q52GXCPPaoG4nm+aDKRjPysPij3UPvC al5w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:cc:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=9cQa7ak+L9r2UqapgK/q5NeEM1JpHTtVvZGL5jeuVyk=; b=ApGWN1OZOriZ/EXvVOX2G02YnuFeQEOEqj5LbwvHqnaY1yY38uKFsRsI2ZLm8U8RZj AoVwJJkOOBAKexQbA/m6G8Rtgg0Rs5fY/aGN748v7oIlwkBFBLHB6qQX6Dsil75cyD0L dxXDDa9T38zUURQY8nlbDhptWO2g0qqVBlZxEMTV+jBmuk1HdFIVNY6AFvzjXgx/DQ5b y0Cz7eiCuytAlgAZbl0pSh99cfhEucsfjNySlk1A0ksRCXwNNU77YzpqP/wvFbAxUPi2 eBIP//m1HAijGLVD6Zaye8i1tOFB160J8Nl19B8FgXP28srBzGBEqkUJ7YnsZG1OMngP W+pw== X-Gm-Message-State: ABuFfogHxPGok3J1Ve88ZBYIipFalofV5ncIDvYaY7qM859ZKzvdipFm AHxwspPN/hzm8mSV7vSNQOscWUw6wXY= X-Received: by 2002:a5d:6551:: with SMTP id z17-v6mr319421wrv.194.1538171862412; Fri, 28 Sep 2018 14:57:42 -0700 (PDT) Received: from ?IPv6:2001:a61:2453:e300:e539:f1b3:2a96:5f83? ([2001:a61:2453:e300:e539:f1b3:2a96:5f83]) by smtp.gmail.com with ESMTPSA id 200-v6sm6372385wmv.6.2018.09.28.14.57.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 28 Sep 2018 14:57:41 -0700 (PDT) Cc: mtk.manpages@gmail.com, linux-kernel@vger.kernel.org, containers@lists.linux-foundation.org, linux-api@vger.kernel.org, Andy Lutomirski , Oleg Nesterov , "Eric W . Biederman" , "Serge E . Hallyn" , Christian Brauner , Tyler Hicks , Akihiro Suda , Jann Horn , linux-fsdevel@vger.kernel.org Subject: Re: [PATCH v7 0/6] seccomp trap to userspace To: Tycho Andersen , Kees Cook References: <20180927151119.9989-1-tycho@tycho.ws> From: "Michael Kerrisk (man-opages)" Message-ID: <686fe047-16e6-3dfc-6284-ed574d97ad2f@gmail.com> Date: Fri, 28 Sep 2018 23:57:40 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 MIME-Version: 1.0 In-Reply-To: <20180927151119.9989-1-tycho@tycho.ws> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Tycho, On 09/27/2018 05:11 PM, Tycho Andersen wrote: > Hi all, > > Here's v7 of the seccomp trap to userspace set. There are various minor > changes and bug fixes, but two major changes: > > * We now pass fds to the tracee via an ioctl, and do it immediately when > the ioctl is called. For this we needed some help from the vfs, so > I've put the one patch in this series and cc'd fsdevel. This does have > the advantage that the feature is now totally decoupled from the rest > of the set, which is itself useful (thanks Andy!) > > * Instead of putting all of the notification related stuff into the > struct seccomp_filter, it now lives in its own struct notification, > which is pointed to by struct seccomp_filter. This will save a lot of > memory (thanks Tyler!) Is there a documentation (man page) patch for this API change? Thanks, Michael > v6 discussion: https://lkml.org/lkml/2018/9/6/769 > > Thoughts welcome, > > Tycho > > Tycho Andersen (6): > seccomp: add a return code to trap to userspace > seccomp: make get_nth_filter available outside of CHECKPOINT_RESTORE > seccomp: add a way to get a listener fd from ptrace > files: add a replace_fd_files() function > seccomp: add a way to pass FDs via a notification fd > samples: add an example of seccomp user trap > > Documentation/ioctl/ioctl-number.txt | 1 + > .../userspace-api/seccomp_filter.rst | 89 +++ > fs/file.c | 22 +- > include/linux/file.h | 8 + > include/linux/seccomp.h | 14 +- > include/uapi/linux/ptrace.h | 2 + > include/uapi/linux/seccomp.h | 42 +- > kernel/ptrace.c | 4 + > kernel/seccomp.c | 527 ++++++++++++++- > samples/seccomp/.gitignore | 1 + > samples/seccomp/Makefile | 7 +- > samples/seccomp/user-trap.c | 312 +++++++++ > tools/testing/selftests/seccomp/seccomp_bpf.c | 607 +++++++++++++++++- > 13 files changed, 1617 insertions(+), 19 deletions(-) > create mode 100644 samples/seccomp/user-trap.c >