Received: by 2002:ac0:aa62:0:0:0:0:0 with SMTP id w31-v6csp1153375ima;
        Wed, 24 Oct 2018 15:35:52 -0700 (PDT)
X-Google-Smtp-Source: AJdET5dom1GqrMsE6Q7y7iClG0LqCLna3gKZwSKIQpkXVwav2BNYGvMA75PZH42fnWXDg0Ng9swO
X-Received: by 2002:a63:cf4c:: with SMTP id b12-v6mr4150635pgj.418.1540420552755;
        Wed, 24 Oct 2018 15:35:52 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1540420552; cv=none;
        d=google.com; s=arc-20160816;
        b=xpMQmIYCcChiPY1RN/YfAAxIbWhZX45Tg/aw7SHNgy5gpRWV0RywUPsKgsFd+8tG9G
         wuCWq5bXr/Ppi6hACkkBnk+w9eyppayXI7mQI69Uah+bvNOB34VjH4sUcas2oPF0h5mk
         3uLncCbt3iUBazlQ6l05jqjZ9rvcucR3GOtQSjWJbA8FPUdLXR/mfnwFmx2ks+fsFQE7
         yJ6xILwEu+gLxBh64DffH7SlvcsQnLgCtzr57/NeQQKpEBR2AW/T28nNVLKA+TegadpI
         QBcXUaHYbV7UcOJ7YB8IkVeI6NP4dZ8v5rkqeS4wU1z9IzeitPMLnygsc2Q1m3P0W2PO
         nEOw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature;
        bh=6ANNM4CK+o4++gTDNibM1c+Y7POTejQXLCymkEuMr64=;
        b=o2ACEAw0e3Tf8Aug1PemSDIH43NUzwTbdSM2SkGWabqnekwHeTuEYTJByf/2+EX2f+
         6POrLTCSPOrJ3o82RmxsC6nrtmlW/SGX5MlRP1U9eOQGL4DsX0nqivgIIvoaGRTMDT70
         fPobVjGHV52NIoCLtI3k2WpwkxTe9ioEVqTFz4L7rkhplK68y40l6iSPQj/AlmPer3/W
         C+CYZHuaN6BQIRJlhTKrklDJgwVl676Z5haMlVlzOlHA3r/RvmmMg5P8eGmrSODol8xd
         31JHgW2R9XEFqcnZlA3C+feokNC0b8WHOp0PVBDNic0VTH5hijEpnl+E8n0K3N6OvEe9
         8jSA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=BJWkFf+m;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id d37-v6si5844570plb.387.2018.10.24.15.35.25;
        Wed, 24 Oct 2018 15:35:52 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=BJWkFf+m;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726857AbeJYHEr (ORCPT <rfc822;chenhe.dev@gmail.com>
        + 99 others); Thu, 25 Oct 2018 03:04:47 -0400
Received: from mail-yw1-f68.google.com ([209.85.161.68]:41913 "EHLO
        mail-yw1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726317AbeJYHEr (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 25 Oct 2018 03:04:47 -0400
Received: by mail-yw1-f68.google.com with SMTP id 135-v6so2772531ywo.8
        for <linux-kernel@vger.kernel.org>; Wed, 24 Oct 2018 15:34:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=6ANNM4CK+o4++gTDNibM1c+Y7POTejQXLCymkEuMr64=;
        b=BJWkFf+m/AYc4RgUvfApNmmwmpZZ/x7d/vMB1j8X5lSoQ8ASrXf7aIsD5DwhLODC7t
         5mkJwtaADV3gE17XdNOJLSIxYwk7jDx7n7tySGv7DjgqGPeVWnxujomwQ+hWZyiGJijQ
         fNdf3d4SPbe/pERzqrXkjqr4RDIUA7BmcIkw0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=6ANNM4CK+o4++gTDNibM1c+Y7POTejQXLCymkEuMr64=;
        b=NmRoq42U/WCuKkj3U+I6vzyWKdeCz9/jwkSmAmcxHj044EJ2+EBsKJTRzXSN6um5Wt
         RUpYNjG1ji8mJn4k9P2GTOVaAz8kMjuorH0HrXQSgozPHX5jqQQB5ychI056mDf+cvGS
         c72zmUg76NRiSKi7lE6tB6KjzDzbbJjgmHZhcV7b3Z+wNjO079w+CuqNeeEsUb+H0Rd8
         392hBVNfyRaVJ9yfl3KEPOxQL66l3M1hyKwiT/WcNel75KIHanWLwdg4nf01XFpKazpd
         oArwHgB1HIMghflpHIkU8ak+i8tFXBO9EwSvSSOB4bR2p4iKkO7sruoTbbWQgIGneWn3
         B36w==
X-Gm-Message-State: AGRZ1gIZZQXJvwMLSS0t9ECl3C9+IWGlfQ+7twb2zWERUb6D3wtOBSZG
        aSq54PSlYjWoNyL3J2BxVaCrB47nOCg=
X-Received: by 2002:a81:4901:: with SMTP id w1-v6mr3970169ywa.86.1540420490275;
        Wed, 24 Oct 2018 15:34:50 -0700 (PDT)
Received: from mail-yw1-f53.google.com (mail-yw1-f53.google.com. [209.85.161.53])
        by smtp.gmail.com with ESMTPSA id 207-v6sm1505549yww.21.2018.10.24.15.34.46
        for <linux-kernel@vger.kernel.org>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 24 Oct 2018 15:34:47 -0700 (PDT)
Received: by mail-yw1-f53.google.com with SMTP id j75-v6so2774575ywj.10
        for <linux-kernel@vger.kernel.org>; Wed, 24 Oct 2018 15:34:46 -0700 (PDT)
X-Received: by 2002:a81:2cc3:: with SMTP id s186-v6mr4287649yws.168.1540420485724;
 Wed, 24 Oct 2018 15:34:45 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a25:3990:0:0:0:0:0 with HTTP; Wed, 24 Oct 2018 15:34:45
 -0700 (PDT)
In-Reply-To: <CAGXu5jJ7gmVXZE+iksW99c6bHEV2rSOG+boQDRGmMSDa9HOh_A@mail.gmail.com>
References: <CAEn-LTqbEmWovu4t7Rs4C211+GRRU4V3B=+WmW0SOhX_b8db5Q@mail.gmail.com>
 <20181024204036.8799-1-palmer@sifive.com> <20181024204036.8799-3-palmer@sifive.com>
 <CAGXu5jJ7gmVXZE+iksW99c6bHEV2rSOG+boQDRGmMSDa9HOh_A@mail.gmail.com>
From:   Kees Cook <keescook@chromium.org>
Date:   Wed, 24 Oct 2018 15:34:45 -0700
X-Gmail-Original-Message-ID: <CAGXu5j+N5Du=c-dfGd-_rLjE3NEeN+MXTsKjt2APA1U1xwwSag@mail.gmail.com>
Message-ID: <CAGXu5j+N5Du=c-dfGd-_rLjE3NEeN+MXTsKjt2APA1U1xwwSag@mail.gmail.com>
Subject: Re: [PATCH 2/2] RISC-V: Add support for SECCOMP
To:     Palmer Dabbelt <palmer@sifive.com>
Cc:     linux-riscv@lists.infradead.org, Albert Ou <aou@eecs.berkeley.edu>,
        Paul Moore <paul@paul-moore.com>,
        Eric Paris <eparis@redhat.com>,
        Andy Lutomirski <luto@amacapital.net>,
        Will Drewry <wad@chromium.org>,
        Wesley Terpstra <wesley@sifive.com>,
        David Howells <dhowells@redhat.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Philippe Ombredanne <pombredanne@nexb.com>,
        Greg KH <gregkh@linuxfoundation.org>,
        Kate Stewart <kstewart@linuxfoundation.org>,
        LKML <linux-kernel@vger.kernel.org>,
        Linux Audit <linux-audit@redhat.com>,
        david.abdurachmanov@gmail.com
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Oct 24, 2018 at 2:42 PM, Kees Cook <keescook@chromium.org> wrote:
> config HAVE_ARCH_SECCOMP_FILTER
>         bool
>         help
>           An arch should select this symbol if it provides all of these things:
>           - syscall_get_arch()
>           - syscall_get_arguments()
>           - syscall_rollback()
>           - syscall_set_return_value()
>           - SIGSYS siginfo_t support
>           - secure_computing is called from a ptrace_event()-safe context
>           - secure_computing return value is checked and a return value of -1
>             results in the system call being skipped immediately.
>           - seccomp syscall wired up

Oh, and I should add to this list, "passes
tools/testing/selftests/seccomp/seccomp_bpf test". :)

-- 
Kees Cook