Received: by 2002:a25:e7d8:0:0:0:0:0 with SMTP id e207csp64582ybh; Tue, 17 Mar 2020 18:12:58 -0700 (PDT) X-Google-Smtp-Source: ADFU+vtsslm0jyEFqZkKfEk751K5BmNNInicWPGRyEFXzd6UWBysPDuL5R2TouoyFO93NXXl/K97 X-Received: by 2002:a9d:6e01:: with SMTP id e1mr1741642otr.299.1584493978483; Tue, 17 Mar 2020 18:12:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1584493978; cv=none; d=google.com; s=arc-20160816; b=VkUamQBjzqa9JsVXrd7L8WyE9CUWGmQ8iP+OyeQrBT5uKg4d9GYzVcGPaAFff4eMKY y/rMPPH9WnnifeC/fHU4iCHgyw19GRySw/SI2i1F0Jn6oqvMHMGyaeQQ+ypCjrNKptpj zgZHpbeF3jGxuMXZEqtVL7uKt+p09SScOma07o7hhtP50RjQuPqGUBKIgHGa6Faf91fY 43FTDmeXwDIxlBglPbuUzV1yW/8kDGixY8cV/YZmXngZNiR46jIOv1fYHXeABEi+aNzp fikM38TjT9/tDRafKyIAc8d0r8CfgGkPbrAisb7sB1HARwCBcJDI4szg3loSh6wgXoRr IAEw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=YQUxQsKTflSf1jqqu7EXyaCvYDjM7rXV3AdTgILyGLc=; b=dxGpR/JMoXn9wKmCZZ/26Ai3FxCKd5JkXvGJSgpBDOIzVBin1dveYBGd2MDghvMQqI ctBvfYD/HCXqPY85Qdv2fwUhcqgmezFHGrKU+cpb57GQ6I+34dG/H9S2bMK4IstO4Bu9 aYoeCzL6ULpIUKPE3d6QMmkRrSFuGeOxGRIKl8TcrGrrfb/da45cL01nCDa5xpx/q4Kw SEsP1a+voGo8zPTmZ7DLAGGu+ChYvdmiw3Rh1PeLJ68t7v2RYly012aVAX3MvhD8t6aP g8c/GG5qAzenyF1PBz1KZfqa6e/WknImbeZuqTo0CLK0bs+h+DxUz/eXKfLc3aLXnloO NwBA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=Ka9KVMMX; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c19si3221213ots.118.2020.03.17.18.12.46; Tue, 17 Mar 2020 18:12:58 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=Ka9KVMMX; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727517AbgCRBMN (ORCPT + 99 others); Tue, 17 Mar 2020 21:12:13 -0400 Received: from mail-ua1-f67.google.com ([209.85.222.67]:44762 "EHLO mail-ua1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727496AbgCRBMK (ORCPT ); Tue, 17 Mar 2020 21:12:10 -0400 Received: by mail-ua1-f67.google.com with SMTP id a33so8817056uad.11; Tue, 17 Mar 2020 18:12:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=YQUxQsKTflSf1jqqu7EXyaCvYDjM7rXV3AdTgILyGLc=; b=Ka9KVMMXYype3zBtxFLeMETam2trwKLJi84DPgEkEazxab2hIpGlSXAk3szajTm6qm nWmjvC22N441B7WvyYSrdMVA7Y/f4C8IlFanyael2OElgg3YzAi9q4RWSQ2LtfymLiVh 7NqreOoagLOdU9Zldx9NT1IvEvrcKzAg9jdRVBifLdoWOFCm6WUefHck3H7aK46H+RGk SL79LRVqTy/Yr1Z/fJyjjBY6K3Upnlxr4rWiUVeg1AQ7VwHlJcYalAPBaDwiXdxzKYTP YyioKXyiSqKMFBVHDxVSc2fszLWoVxxqEcEBQnfUNW9KbkFe1tKI3N3NCVEMbTj1oA/p dycw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=YQUxQsKTflSf1jqqu7EXyaCvYDjM7rXV3AdTgILyGLc=; b=YQVEhAgm8tyLqws313nOmSY8nV1quRlNMF1yG34NV0GW3/Whm3c5zDA1f+dXi/nynB EInivxPkq2eD92si98ktgL/OFT3aRuXqIK4C4f7R2hnUnV+kHW9oYesyeo7Z+ZyVanAa qmRDYMHkfiDLEKivGscs8PnKjU8WnxOKuGWKORBANmohlDL6Va65qwRy5c8edlopeEvZ NadNrukTD25wwPAGsUeb9Zr0C1/AU30jn2xg+86jhLIUmFOS594pq2Aj4vKkURP1BMQ6 HdsfY/eqjdI19y4fVA5+LjNEiMcUiwmsomQnM3ONw73jQ5G7RFIJEJGrGzcWAC4VTHwW nX6w== X-Gm-Message-State: ANhLgQ1yS5smouGGc25UfFpax6e70oEyKrk1YZMsqVxbY7i7OjMFi4LF q6edWuULt27bMqJ2iP2LV6mOP4AXDxqQOCf1pOc= X-Received: by 2002:a9f:2f08:: with SMTP id x8mr1387838uaj.49.1584493928730; Tue, 17 Mar 2020 18:12:08 -0700 (PDT) MIME-Version: 1.0 References: <20200316163646.2465-1-a.s.protopopov@gmail.com> <202003161423.B51FDA8083@keescook> <202003171314.387F3F187D@keescook> In-Reply-To: <202003171314.387F3F187D@keescook> From: Anton Protopopov Date: Tue, 17 Mar 2020 21:11:57 -0400 Message-ID: Subject: Re: [PATCH] seccomp: allow BPF_MOD ALU instructions To: Kees Cook Cc: Andy Lutomirski , Will Drewry , open list , Daniel Borkmann , bpf Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org =D0=B2=D1=82, 17 =D0=BC=D0=B0=D1=80. 2020 =D0=B3. =D0=B2 16:21, Kees Cook <= keescook@chromium.org>: > > On Mon, Mar 16, 2020 at 06:17:34PM -0400, Anton Protopopov wrote: > > and in every case to walk only a corresponding factor-list. In my case > > I had a list of ~40 syscall numbers and after this change filter > > executed in 17.25 instructions on average per syscall vs. 45 > > instructions for the linear filter (so this removes about 30 > > instructions penalty per every syscall). To replace "mod #4" I > > actually used "and #3", but this obviously doesn't work for > > non-power-of-two divisors. If I would use "mod 5", then it would give > > me about 15.5 instructions on average. > > Gotcha. My real concern is with breaking the ABI here -- using BPF_MOD > would mean a process couldn't run on older kernels without some tricks > on the seccomp side. Yes, I understood. Could you tell what would you do exactly if there was a real need in a new instruction? > Since the syscall list is static for a given filter, why not arrange it > as a binary search? That should get even better average instructions > as O(log n) instead of O(n). Right, thanks! This saves about 4 more instructions for my case and works 1-2 ns faster. > Though frankly I've also been considering an ABI version bump for adding > a syscall bitmap feature: the vast majority of seccomp filters are just > binary yes/no across a list of syscalls. Only the special cases need > special handling (arg inspection, fd notification, etc). Then these > kinds of filters could run as O(1). > > -- > Kees Cook Thanks, Anton