Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp686495pxk;
        Wed, 23 Sep 2020 13:19:57 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyNQ8c/mnwOhG8qlwt97q+zU2apG16WlD9ACM9cWSv3QqZA5VbAIrv7vvoz9uRWlZKmk436
X-Received: by 2002:a17:906:7f06:: with SMTP id d6mr1271495ejr.553.1600892397260;
        Wed, 23 Sep 2020 13:19:57 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1600892397; cv=none;
        d=google.com; s=arc-20160816;
        b=n1n3rtTD2VPqvPXZe+Ttsl2QEy/Evo4fVMpZ7y2gxzIZptRYQ35Rf4G+9IalZzEcPO
         e9w7cW5o+bm8Uh0zDrgj3J8eVHKd3XawJan7zJSG6PtsU3F1NaV+XXIUxHr2ojwRn4ET
         yTKXO131pHfzH0Q0bkj0YHj8Op94Kj7OglXCSvLHyJbqRms+erdQRYAoklw6SMDtvdwt
         OVeeDuibiXrbZcOucB88XNufunp5riA+bh++6hiGYs9hdtzSfddu5Q0cG91ITs0+pfZX
         QJ8csrwG/8m+49AqI9aIQwYR6bMflrUVGqJRobfX9yeli8JhhpzsVWxVqKDVOX/99+6s
         uf3A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:mime-version:user-agent:message-id:in-reply-to
         :date:references:organization:subject:cc:to:from;
        bh=I85m7G8H+4aYXOjAx/8WIuMQEwHEYgOmPr91cev32zs=;
        b=KryPU53k00VRE8qHBgefiabm6TPie1KiuvhZRwiHknSiPf8klY1a1FPZkgfQ7QbOJG
         2iwER+LiCL3AaNTyHcN6jm7BEh/OKKB5phOKus1lQ8S7m+Cp3MgGGycpkpoxlKqWrcgv
         NVdRy1hcuNYOrW8T0u5Lo9JqHMoWgaR5Odg4Vlqga9f2BxCTM6x7z80AV1YOMiCMH7MJ
         /tW/R68hy397zwbQpGFnYDk8LyJl6DtriRfu3FNl6yIfIb9RxjmYKlfN2S5jM/xS2qhU
         u/G2n6Neukhj3nf2nCJVQNTj1Z7Jd1P++u7O/gvesPGdx5e5ho+kZwmehNCwfU0j4O6Z
         CsRA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=collabora.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id z19si611434edx.205.2020.09.23.13.19.33;
        Wed, 23 Sep 2020 13:19:57 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=collabora.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726621AbgIWUSg (ORCPT <rfc822;0330sisy@gmail.com> + 99 others);
        Wed, 23 Sep 2020 16:18:36 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59194 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726381AbgIWUSg (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 23 Sep 2020 16:18:36 -0400
Received: from bhuna.collabora.co.uk (bhuna.collabora.co.uk [IPv6:2a00:1098:0:82:1000:25:2eeb:e3e3])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C79D7C0613CE;
        Wed, 23 Sep 2020 13:18:35 -0700 (PDT)
Received: from [127.0.0.1] (localhost [127.0.0.1])
        (Authenticated sender: krisman)
        with ESMTPSA id 9B0BA28B795
From:   Gabriel Krisman Bertazi <krisman@collabora.com>
To:     Kees Cook <keescook@chromium.org>, tglx@linutronix.de
Cc:     luto@kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org,
        linux-api@vger.kernel.org, willy@infradead.org,
        linux-kselftest@vger.kernel.org, shuah@kernel.org,
        kernel@collabora.com
Subject: Re: [PATCH v6 1/9] kernel: Support TIF_SYSCALL_INTERCEPT flag
Organization: Collabora
References: <20200904203147.2908430-1-krisman@collabora.com>
        <20200904203147.2908430-2-krisman@collabora.com>
        <202009221243.6BC5635E@keescook>
Date:   Wed, 23 Sep 2020 16:18:26 -0400
In-Reply-To: <202009221243.6BC5635E@keescook> (Kees Cook's message of "Tue, 22
        Sep 2020 12:44:21 -0700")
Message-ID: <874kno6yct.fsf@collabora.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Kees Cook <keescook@chromium.org> writes:

> On Fri, Sep 04, 2020 at 04:31:39PM -0400, Gabriel Krisman Bertazi wrote:
>> Convert TIF_SECCOMP into a generic TI flag for any syscall interception
>> work being done by the kernel.  The actual type of work is exposed by a
>> new flag field outside of thread_info.  This ensures that the
>> syscall_intercept field is only accessed if struct seccomp has to be
>> accessed already, such that it doesn't incur in a much higher cost to
>> the seccomp path.
>> 
>> In order to avoid modifying every architecture at once, this patch has a
>> transition mechanism, such that architectures that define TIF_SECCOMP
>> continue to work by ignoring the syscall_intercept flag, as long as they
>> don't support other syscall interception mechanisms like the future
>> syscall user dispatch.  When migrating TIF_SECCOMP to
>> TIF_SYSCALL_INTERCEPT, they should adopt the semantics of checking the
>> syscall_intercept flag, like it is done in the common entry syscall
>> code, or even better, migrate to the common syscall entry code.
>
> Can we "eat" all the other flags like ptrace, audit, etc, too? Doing
> this only for seccomp seems strange.

Hi Kees, Thanks again for the review.

Yes, we can, and I'm happy to follow up with that as part of my TIF
clean up work, but can we not block the current patchset to be merged
waiting for that, as this already grew a lot from the original feature
submission?

Also, Thomas do you mind this approach to reduce the usage of TIF_
flags?  I remember you suggested simply expanding the variable to 64
bits at some point.

Thanks,


-- 
Gabriel Krisman Bertazi