Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp141930pxk; Fri, 11 Sep 2020 02:48:26 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzhSfe72OncQxZzkpMXtpY6Yszi6OOtWZQkRrqzjGy0+QGT83hk3BNyMHmxC3cbcu5P6pdz X-Received: by 2002:a05:6402:48a:: with SMTP id k10mr1135350edv.22.1599817705930; Fri, 11 Sep 2020 02:48:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1599817705; cv=none; d=google.com; s=arc-20160816; b=hPhVxpK48X2Ld47coG2QvSSb5Ej9FgA1/2wp6ryXg9DSgWQMUD7/W1SEHPFe5jjqJ6 +6UKZcMSpjbO90lIynLl4YvT92c9076bRNegD2d/vWPeeDgTenztswq8A6yPdOHDf0f9 FuV02OTCnpFdqXD5Y8MLsyFpSKC5hm4nG3ZUonZ3DDro5Qi+1eUyZFKcch2Ae4q0lsv/ Jmfp009+bfJBCAxQJMKh+4TGCZO7MTZpYFcK4F/oN7xd5H2CKPoKl6c7C8ZA/vJjXAIs Ew1XYK1AIntypXR6gqMb7eDT6k3dR8mXXYNkR1cE3jFAtb8C2kLLNVoFSu9LofqoH0n+ ZsIg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=NEEs3sphOm5r5iiLL/EE/1iKkrXLyqvJjoXYEVBIkeA=; b=R0IOO8kFAZeYdftVaNOz39gwIoe2q2nqkB9vXZMggQ5K8ZL2x0pauAw6HyhjYryyDJ sqFFIeaFyuz6h7mceHAZXxSELywBlAN948w5GNXuhr+V9rdsDsk4SrYaCgeoWB/8e0mF LCAJ+Vd0WGxrBtKySVwdWB52/IXiZkZwu7nvtz/kNrrWef/wvLn6+gDuiX7TLOI8iqdD kfjuAOjGPU8O73Mx5TFXhFNfoiR6JlaLNmJzdqfbInHywSAaWV2pMet/bzdKQ8D28k2a w0Pl2fQ+ANBPN6Qy01/UMTJG6KR6pvgDegKoPiT5MP9/bxaTnvipteiCBVXDZNdeACcp J3WQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@infradead.org header.s=merlin.20170209 header.b=AR8Q0ajz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id bi17si917492edb.582.2020.09.11.02.47.46; Fri, 11 Sep 2020 02:48:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=fail header.i=@infradead.org header.s=merlin.20170209 header.b=AR8Q0ajz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725786AbgIKJqn (ORCPT + 99 others); Fri, 11 Sep 2020 05:46:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37490 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725554AbgIKJqm (ORCPT ); Fri, 11 Sep 2020 05:46:42 -0400 Received: from merlin.infradead.org (merlin.infradead.org [IPv6:2001:8b0:10b:1231::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BCCB3C061573; Fri, 11 Sep 2020 02:46:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=merlin.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=NEEs3sphOm5r5iiLL/EE/1iKkrXLyqvJjoXYEVBIkeA=; b=AR8Q0ajzeTXTHvxHzwx2/HKp6G nYtbzV0y21U6m9kM52QxCp1XYwqxhxJFNapZLNM2uZNUEYq2pCspiNmqyti2WUOiw1MXIjogYTzSB Ry5X9KNf3rQ88rMOf7/BoNucuk/FS5/zy/OIRofIII6eyvn2uX3o3gNuKb/7wrHq1QlZCiUbnRgvP DSHkpt0OrpPIJAv/BDXLMxe8xqKxWekRMHopWL3ZiFbCc83w0ksvAmAbDa0xo/88/r7MVCU58Wren 4s7Gw/g3rNJyVR8F1f6TNSLWTD5j8JVvEmXIq13e2ZxhFkY7CG/CQM4FH1rRfW3XygP3bISzsQdjU szKWpiFg==; Received: from j217100.upc-j.chello.nl ([24.132.217.100] helo=noisy.programming.kicks-ass.net) by merlin.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1kGfdc-0005tL-Eg; Fri, 11 Sep 2020 09:46:36 +0000 Received: from hirez.programming.kicks-ass.net (hirez.programming.kicks-ass.net [192.168.1.225]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by noisy.programming.kicks-ass.net (Postfix) with ESMTPS id F0A96305815; Fri, 11 Sep 2020 11:46:34 +0200 (CEST) Received: by hirez.programming.kicks-ass.net (Postfix, from userid 1000) id DBFD72B06B003; Fri, 11 Sep 2020 11:46:34 +0200 (CEST) Date: Fri, 11 Sep 2020 11:46:34 +0200 From: peterz@infradead.org To: Gabriel Krisman Bertazi Cc: luto@kernel.org, tglx@linutronix.de, keescook@chromium.org, x86@kernel.org, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, willy@infradead.org, linux-kselftest@vger.kernel.org, shuah@kernel.org, kernel@collabora.com Subject: Re: [PATCH v6 6/9] kernel: entry: Support Syscall User Dispatch for common syscall entry Message-ID: <20200911094634.GG1362448@hirez.programming.kicks-ass.net> References: <20200904203147.2908430-1-krisman@collabora.com> <20200904203147.2908430-7-krisman@collabora.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200904203147.2908430-7-krisman@collabora.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Sep 04, 2020 at 04:31:44PM -0400, Gabriel Krisman Bertazi wrote: > Syscall User Dispatch (SUD) must take precedence over seccomp, since the > use case is emulation (it can be invoked with a different ABI) such that > seccomp filtering by syscall number doesn't make sense in the first > place. In addition, either the syscall is dispatched back to userspace, > in which case there is no resource for seccomp to protect, or the > syscall will be executed, and seccomp will execute next. > > Regarding ptrace, I experimented with before and after, and while the > same ABI argument applies, I felt it was easier to debug if I let ptrace > happen for syscalls that are dispatched back to userspace. In addition, > doing it after ptrace makes the code in syscall_exit_work slightly > simpler, since it doesn't require special handling for this feature. I think I'm with Andy that this should be before ptrace(). ptrace() users will attempt to interpret things like they're regular syscalls, and that's definitely not the case.