Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp3290477pxk; Mon, 21 Sep 2020 09:49:26 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwv1tmPCzVO7L3goTDQj5YSqDUAQGdokgmBLzg77EQmP67qRCSqchK/v4qhYarOi213vs6s X-Received: by 2002:a50:8c24:: with SMTP id p33mr572186edp.330.1600706966016; Mon, 21 Sep 2020 09:49:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1600706966; cv=none; d=google.com; s=arc-20160816; b=0U56wIuJAc2PKw4chVeFMLhKA8dMI9H1BSKt1F07V1O74NZxvlibuKMqxlU0NA5gGB RJClSOtu3pMkAR3Ji2rnBu+BXZH/95na1twbY9eHW5ASzTq7Kub3lqwZmy0uIopF/uiZ zN6Et/mqDzeHVPxDi5Rl3HrmGBcB7mx8xeDYczsUgqsPkb2XRqOe5KcNvqvGsjOvgshw n99PNWwgl2cUNra1Pj5DjK3cN2kynGTMbcaJ7OZXDN+WRrEfyMmwaeDfX90ETrLqMP8L hOAEt+k+oozbz8AZg9QCIZBoaoNTqlsP9LlvclYpTJNI+pxjfickE45Zcj+Gj2fQ3x+Y 79Tg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature :dkim-signature; bh=FAKxtc4axvdMTVdc4bHyXqp9LAtvMDocxRFYXXZfBzg=; b=p96K72i5xFrviyCy7o7iIbwcVhYDHEWhs68ecwRmKTxsuyBtjIEcWfGMvS8uebLuQ0 Uk5jGjwFZJm15x0dE7f/KCHGJS8L3vyC2W95VPMfxrZYqZsr1Wi+6rNkHoXI8sGDhKYI cMmPhqDdD9EUBSAlUsTYPEXM2FDHYbfRNty/kAisr/6flbkN3avI0Wi+/zh9uZ5Mq9dp mmgSYNQGa8iwh+eilIzymCNAh0JfOFInPcSiiKW4WkTp8jD2JU+glgA9VEoy1Y8QnBT+ nYGwjTFgqLun6Q296myicdCS0fyNE/bsO8nCAqPWwao1HDWXYWrPAa5+4PwJlJ9thskx wxCg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@tycho.pizza header.s=fm1 header.b=JdtF40if; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=tbW6ec3z; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id pk25si8706940ejb.746.2020.09.21.09.49.01; Mon, 21 Sep 2020 09:49:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@tycho.pizza header.s=fm1 header.b=JdtF40if; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=tbW6ec3z; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728436AbgIUQpz (ORCPT + 99 others); Mon, 21 Sep 2020 12:45:55 -0400 Received: from new2-smtp.messagingengine.com ([66.111.4.224]:37287 "EHLO new2-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728806AbgIUQpU (ORCPT ); Mon, 21 Sep 2020 12:45:20 -0400 X-Greylist: delayed 346 seconds by postgrey-1.27 at vger.kernel.org; Mon, 21 Sep 2020 12:45:20 EDT Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailnew.nyi.internal (Postfix) with ESMTP id 8E7DD580469; Mon, 21 Sep 2020 12:39:21 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Mon, 21 Sep 2020 12:39:21 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tycho.pizza; h= date:from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=fm1; bh=FAKxtc4axvdMTVdc4bHyXqp9LAt vMDocxRFYXXZfBzg=; b=JdtF40ifOvS2VufC+D4Y/DgzsfP5T/+lwIbYsgExRNF uFZygQ712+2ZJOKGfZY9sOf7vGXOEiaMNuVScexUD0xE40TMAXMbhyrI15xSaIU9 3uaYTOXwJTdUlG2E14/ixYUwdx/6hIpxvB3NkysGMM0sBFeJgmTMjh+BAi1v8Sqf 24+7SHEJGaDQjntE1s5t3FJCUX3ZWgkcAUu8pqh6RlAxYFJEUR0aS7k+PLmQlcms KIKA/wEgA1hvgj1zJ+vPOHs9fEB/LWzmFtYOMjvdmSskCLdtARn/rqGTNF/eOj/t 8Z8hF6RoXKEeQgmOB4ZX3H+fMzdALRBkInUTkGSJgOg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=FAKxtc 4axvdMTVdc4bHyXqp9LAtvMDocxRFYXXZfBzg=; b=tbW6ec3zQjwQulgCq04Nbf ODrBjrjXS5VYBZKvtCZBwUYNWCnyz7wHa6Qf+X/SaEIKXF1it/gQp3XVEHjbO8DB CJFLnJVxcy9qbpKTgVHnpJKuLi+0ll8AZZ4N4PsVUxo6Tf7Mqo83D/+3ZU09pgFz vV+xNPW5g4qpOos3aZ3aAGX6RPxDN1aB3fO3LhZ1AFxOs82rBlSthYrd/heyhpTc 5ho4ZS9v9HyMyu/OlAjyLcqhbKpeBvNMEEUB9zAev7flgyZmtIP11g1uExippFxa 2br3iqth9LbwWMelJpi0m1sbT4gZy9wa750I/HArpGlLFxf93RHmCnRi450tFqmw == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedruddvgddutdehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvffukfhfgggtuggjsehttdertddttddvnecuhfhrohhmpefvhigthhho ucetnhguvghrshgvnhcuoehthigthhhosehthigthhhordhpihiiiigrqeenucggtffrrg htthgvrhhnpeegkeefjeegkedtjefgfeduleekueetjeeghffhuefgffefleehgeeifedv gfethfenucfkphepudekgedrudeijedrvddtrdduvdejnecuvehluhhsthgvrhfuihiivg eptdenucfrrghrrghmpehmrghilhhfrhhomhepthihtghhohesthihtghhohdrphhiiiii rg X-ME-Proxy: Received: from cisco (184-167-020-127.res.spectrum.com [184.167.20.127]) by mail.messagingengine.com (Postfix) with ESMTPA id 594E43280067; Mon, 21 Sep 2020 12:39:18 -0400 (EDT) Date: Mon, 21 Sep 2020 10:39:16 -0600 From: Tycho Andersen To: YiFei Zhu Cc: Linux Containers , Andrea Arcangeli , Giuseppe Scrivano , Kees Cook , YiFei Zhu , Tobin Feldman-Fitzthum , Dimitrios Skarlatos , Valentin Rothberg , Hubertus Franke , Jack Chen , Josep Torrellas , bpf@vger.kernel.org, Tianyin Xu , Andy Lutomirski , Will Drewry , Jann Horn , Aleksa Sarai , linux-kernel@vger.kernel.org Subject: Re: [RFC PATCH seccomp 0/2] seccomp: Add bitmap cache of arg-independent filter results that allow syscalls Message-ID: <20200921163916.GE3794348@cisco> References: <20200921135115.GC3794348@cisco> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Sep 21, 2020 at 10:27:56AM -0500, YiFei Zhu wrote: > On Mon, Sep 21, 2020 at 8:51 AM Tycho Andersen wrote: > > One problem with a kernel config setting is that it's for all tasks. > > While docker and systemd may make decsisions based on syscall number, > > other applications may have more nuanced filters, and this cache would > > yield incorrect results. > > > > You could work around this by making this a filter flag instead; > > filter authors would generally know whether their filter results can > > be cached and probably be motivated to opt in if their users are > > complaining about slow syscall execution. > > > > Tycho > > Yielding incorrect results should not be possible. The purpose of the > "emulator" (for the lack of a better term) is to determine whether the > filter reads any syscall arguments. A read from a syscall argument > must go through the BPF_LD | BPF_ABS instruction, where the 32 bit > multiuse field "k" is an offset to struct seccomp_data. I see, I missed this somehow. So is there a reason to hide this behind a config option? Isn't it just always better? Tycho