Received: by 2002:a25:d783:0:0:0:0:0 with SMTP id o125csp375936ybg;
        Thu, 19 Mar 2020 01:12:58 -0700 (PDT)
X-Google-Smtp-Source: ADFU+vvH6Jgk5ynW0Ld47ashIJRhwu1bLLZagYSnyn2Fu5dUtqKf3gjChNZDFm7qJ3dG/pIf9u/l
X-Received: by 2002:a05:6808:495:: with SMTP id z21mr1454963oid.149.1584605578362;
        Thu, 19 Mar 2020 01:12:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1584605578; cv=none;
        d=google.com; s=arc-20160816;
        b=fYY5r93msvH0liQKFNq6TPRNSpuwFv28JSC5kiWEo+7zThlkP9F89JJGTWaudZ11Lv
         ++PLp82ZyenfDJnI/KACsGgxFnw6b8si9J8pjtdAlwREjuRoc03NumFm3Bv1DfblPZjr
         LT+usIzaIEuP2H053P5lF9ox1SbvKs7E247gtZJw6jFlhtxvnmvHV29e+RuJHWZHxtw+
         NkadSRWRRc3ESoMf5MR/S8eBMtDAMGHtgz1NkqnoChOEgLJGQCk0P5S3gJQbaM6D0Sov
         PaCpeLTApOV9C0wyyCpIqkgYSV/HBr36tsFhJflosOia+AslBbpJXvhplu5bwEDU8Fm/
         vIyg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:in-reply-to:content-disposition
         :mime-version:references:message-id:subject:cc:to:from:date;
        bh=Hilp7INs6adpaWEAfZBPNa/iku3/oHc2VoL73GlbBM4=;
        b=hdi84CsPJQXGV7OAHS3olZHDQf5S81VviGo3C5caniKB5DI8Rc1fe3bh2qShXxjSZG
         ykZB0P8PUMPH0QXww1YDadWM9OZ4gkbdbvtmtddlnroGbAvV+e/RRTUrMhjXz5pe8D3w
         V9YKqZNDBMJESeWQbxSUdcZcNuo//dsVXvszycnC4Pb6xiFwILCNeLd3c/Ox0DEFK69u
         y40Bi+/MvSU1PPm66XJmAOsdA0cCny/EwwTJ0oF89hvdjEDBQHjiKsLrzkJd5IK5VerK
         2yjIWjlGM/zj5WBkok2CeyQitfOrhhJTpj/AsmofxaPmWm20fLQ4h8YZnDhFtwivrAIQ
         W9QQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id e9si813148otp.267.2020.03.19.01.12.46;
        Thu, 19 Mar 2020 01:12:58 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726658AbgCSILN (ORCPT <rfc822;lans.zhang2008@gmail.com>
        + 99 others); Thu, 19 Mar 2020 04:11:13 -0400
Received: from mout-p-202.mailbox.org ([80.241.56.172]:43130 "EHLO
        mout-p-202.mailbox.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725601AbgCSILN (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 19 Mar 2020 04:11:13 -0400
Received: by mout-p-202.mailbox.org (Postfix, from userid 51)
        id 48jfk71G2BzQlGs; Thu, 19 Mar 2020 08:10:17 +0000 (UTC)
Received: from smtp2.mailbox.org (smtp2.mailbox.org [80.241.60.241])
        (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits))
        (No client certificate requested)
        by mout-p-202.mailbox.org (Postfix) with ESMTPS id 48hb5f6dqzzQlGj;
        Tue, 17 Mar 2020 15:24:22 +0100 (CET)
X-Virus-Scanned: amavisd-new at heinlein-support.de
Received: from smtp2.mailbox.org ([80.241.60.241])
        by spamfilter04.heinlein-hosting.de (spamfilter04.heinlein-hosting.de [80.241.56.122]) (amavisd-new, port 10030)
        with ESMTP id zRiPUP04n628; Tue, 17 Mar 2020 15:24:19 +0100 (CET)
Date:   Wed, 18 Mar 2020 01:23:50 +1100
From:   Aleksa Sarai <cyphar@cyphar.com>
To:     "Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com>
Cc:     Adrian Reber <areber@redhat.com>,
        Christian Brauner <christian.brauner@ubuntu.com>,
        Eric Biederman <ebiederm@xmission.com>,
        Pavel Emelyanov <ovzxemul@gmail.com>,
        Oleg Nesterov <oleg@redhat.com>,
        Dmitry Safonov <0x7f454c46@gmail.com>,
        Andrei Vagin <avagin@gmail.com>,
        lkml <linux-kernel@vger.kernel.org>,
        Mike Rapoport <rppt@linux.ibm.com>,
        Radostin Stoyanov <rstoyanov1@gmail.com>,
        Arnd Bergmann <arnd@arndb.de>,
        Cyrill Gorcunov <gorcunov@openvz.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Linux API <linux-api@vger.kernel.org>
Subject: Re: clone3: allow creation of time namespace with offset
Message-ID: <20200317142350.ssraami3a4vnk5po@yavin>
References: <20200317083043.226593-1-areber@redhat.com>
 <CAKgNAkh7=2Noyn0o3880xbbi4w5oiwqs9ibTYLtheqzxne3mbQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
        protocol="application/pgp-signature"; boundary="iakfd3bjzr4y3tmr"
Content-Disposition: inline
In-Reply-To: <CAKgNAkh7=2Noyn0o3880xbbi4w5oiwqs9ibTYLtheqzxne3mbQ@mail.gmail.com>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


--iakfd3bjzr4y3tmr
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On 2020-03-17, Michael Kerrisk (man-pages) <mtk.manpages@gmail.com> wrote:
> [CC +=3D linux-api; please CC on future versions]
>=20
> On Tue, 17 Mar 2020 at 09:32, Adrian Reber <areber@redhat.com> wrote:
> > Requiring nanoseconds as well as seconds for two clocks during clone3()
> > means that it would require 4 additional members to 'struct clone_args':
> >
> >         __aligned_u64 tls;
> >         __aligned_u64 set_tid;
> >         __aligned_u64 set_tid_size;
> > +       __aligned_u64 boottime_offset_seconds;
> > +       __aligned_u64 boottime_offset_nanoseconds;
> > +       __aligned_u64 monotonic_offset_seconds;
> > +       __aligned_u64 monotonic_offset_nanoseconds;
> >  };
> >
> > To avoid four additional members to 'struct clone_args' this patchset
> > uses another approach:
> >
> >         __aligned_u64 tls;
> >         __aligned_u64 set_tid;
> >         __aligned_u64 set_tid_size;
> > +       __aligned_u64 timens_offset;
> > +       __aligned_u64 timens_offset_size;
> >  };
> >
> > timens_offset is a pointer to an array just as previously done with
> > set_tid and timens_offset_size is the size of the array.
> >
> > The timens_offset array is expected to contain a struct like this:
> >
> > struct set_timens_offset {
> >        int clockid;
> >        struct timespec val;
> > };
> >
> > This way it is possible to pass the information of multiple clocks with
> > seconds and nanonseconds to clone3().
> >
> > To me this seems the better approach, but I am not totally convinced
> > that it is the right thing. If there are other ideas how to pass two
> > clock offsets with seconds and nanonseconds to clone3() I would be happy
> > to hear other ideas.

While I agree this does make the API cleaner, I am a little worried that
it risks killing some of the ideas we discussed for seccomp deep
inspection. In particular, having a pointer to variable-sized data
inside the struct means that now the cBPF program can't just be given a
copy of the struct data from userspace to check.

I'm sure it's a solveable problem (and it was one we were bound to run
into at some point), it'll just mean we'll need a more complicated way
of filtering such syscalls.

--=20
Aleksa Sarai
Senior Software Engineer (Containers)
SUSE Linux GmbH
<https://www.cyphar.com/>

--iakfd3bjzr4y3tmr
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iHUEABYIAB0WIQSxZm6dtfE8gxLLfYqdlLljIbnQEgUCXnDdcwAKCRCdlLljIbnQ
EkDfAP4oqBtz79HrO5K84v1Oc+8BJnHtioYyEbAw6bApHUzizwEA/y+FnNZfg354
lxpGstBAS/4Qjyki4qqo9BOYoQimPwI=
=qITz
-----END PGP SIGNATURE-----

--iakfd3bjzr4y3tmr--