Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp129049pxk;
        Thu, 24 Sep 2020 01:09:12 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyEVwzDmL4fe8Gm0GGSvzC2cMKJ9QQNdRnfKTUg2x0C5uFbvkRA0TELFg3xm/GxA45VAG4E
X-Received: by 2002:a17:906:4a51:: with SMTP id a17mr3301907ejv.381.1600934951795;
        Thu, 24 Sep 2020 01:09:11 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1600934951; cv=none;
        d=google.com; s=arc-20160816;
        b=AfcnsgUoz7xKZRZIFniGC1kBeKVV2UdajXMcSuEe/SmsmOtGODkggDnq+MZJMVvvs+
         6atcbv2ZJXi07icaqvwSJf9kqZx/1MfqtPrMAGF+Wkv0ecddTakZLG423s2LHtdCVqgf
         qHfSGTGPSVqPMikbpuDdfL4oGhj5gh8miGKZpz/7ekM3Wh1P8LQVZejdYgwG1sxXwW8f
         Ei8xE3z/SGUrJkhlcL4RwFyap5AHjL19k18M0xj3puNKyezKTm1ScPq6yPOJ1+bPNy9I
         LbSguEyb3C8szyx79ZqquRsBPktBdhRfvtXz54CUZWFeaiOasPeVdn7rZSBg2c2WS7Ba
         6mug==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=SREJUM/2T/IFvbNUgYQe7MPC6WtRuEMBlyz8JPh0RI8=;
        b=Qh1RLBQZuoD1EbQVRiCru4Y/xNNpZwtm1z+NzWlUaT7Z+8vA6UV57hixDx6i6NmJ1q
         TbbEz6lE3QitR2nQ+4cZQMDmsz7NNWM4Ze9svP2EO96ptqSiceZICBSIJi35jxZSnH2u
         SIV2c7FYl7rOPzr1+P4iX0frCG+TrL5ZHd7gfuhK04Eewq6XuOKlAt+igdK/qiqL2Oxl
         evEGuUhiT1PKtsufcC7dQiCELcrTqbTb7o+bVUV/5m85sFzJyHq3jmbGojjVVVkXLHEC
         U0M3Jg5PHPVb9WBNJKRgLOVQpOlST0BTjpTW9vgOrLNhOTs1Jgm//ZbXg1995XZX5N3B
         Wc6Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=Mnc+BC6F;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id bo22si1741166edb.187.2020.09.24.01.08.39;
        Thu, 24 Sep 2020 01:09:11 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=Mnc+BC6F;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727235AbgIXIHf (ORCPT <rfc822;0330sisy@gmail.com> + 99 others);
        Thu, 24 Sep 2020 04:07:35 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55210 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1727089AbgIXIHf (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 24 Sep 2020 04:07:35 -0400
Received: from mail-pg1-x541.google.com (mail-pg1-x541.google.com [IPv6:2607:f8b0:4864:20::541])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0814BC0613CE;
        Thu, 24 Sep 2020 01:07:35 -0700 (PDT)
Received: by mail-pg1-x541.google.com with SMTP id d13so1431329pgl.6;
        Thu, 24 Sep 2020 01:07:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=SREJUM/2T/IFvbNUgYQe7MPC6WtRuEMBlyz8JPh0RI8=;
        b=Mnc+BC6FoAz03iKMGZfNCLiJ0hcECAQItB8p3zC7NQkU7aOIjVnu4MQQApiKu8VkdD
         IIbfAI5fACDSFTmNXSY2BP5jYZTYoh+H7Nufn+A/Eyf9JUSMarPYRHf0WfKR6PV9VVKx
         4eVOTx0SJ6tbgYYR8LShT3V6LZo3FywyOvm6gyFSVnHQXucycp1xLdlmQpVE+xxeTpDI
         Vn4OIg5eRiA6sxRTLhmf2rbLQeB8aQS/1mJhff2kWLWxUhDHJToSjCqq8EMjfoFMr/cA
         pRF9+pdALsdYgc/ACOpNS3ZybtsRlnTTs9QRWEoaTCYfEbpqMxB6oCMFuSCQzDotR+Pr
         kI4A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=SREJUM/2T/IFvbNUgYQe7MPC6WtRuEMBlyz8JPh0RI8=;
        b=j3wIq+qnpYM8by/JtOKPSyhKc1TRSu01Cp+cNwddGj6//d6wa/OOou+Lf6IKNNLePl
         e8yni2BcQKbVqn9QM2b4fuOcBqsZtqz56gQpATWvwPrtYz0qzvy5uIG2OBkWXuLxbk6R
         V4YcPqvVYa39fUpUDUQpoiblrFrDY3sS9nsqmbtYHyPGbOQwfQDE0n1qAvm/suv1RmN4
         MFcCJzhfa/8puIoESxnX0PSParb280qLp2AoJirTZsoreNfANkZa3F7ki0hzl4GMTTrt
         Nr/59jMzu/HzoDKGlpLmA9F26m3zilQpEHX4z7tvnSDGsA8++8+gMfelKYqSUZ6bCHlk
         Hy/g==
X-Gm-Message-State: AOAM5330m5V2jgRJd0w6ncOlU9+p+8jbVCI8+bXyLAk4r71eJil6s1Qa
        0/6xtJYpe7IVkGIRhvhfnDSDrmaPnJGPSINTucQ=
X-Received: by 2002:aa7:8645:0:b029:13c:de96:6fde with SMTP id
 a5-20020aa786450000b029013cde966fdemr3426229pfo.14.1600934854466; Thu, 24 Sep
 2020 01:07:34 -0700 (PDT)
MIME-Version: 1.0
References: <20200923232923.3142503-1-keescook@chromium.org>
 <20200923232923.3142503-4-keescook@chromium.org> <CAG48ez0d80fOSTyn5QbH33WPz5UkzJJOo+V8of7YMR8pVQxumw@mail.gmail.com>
 <202009240018.A4D8274F@keescook>
In-Reply-To: <202009240018.A4D8274F@keescook>
From:   YiFei Zhu <zhuyifei1999@gmail.com>
Date:   Thu, 24 Sep 2020 03:07:23 -0500
Message-ID: <CABqSeARV4prXOWf9qOBnm5Mm_aAdjwquqFFLQSuL0EegqeWEkA@mail.gmail.com>
Subject: Re: [PATCH 3/6] seccomp: Implement constant action bitmaps
To:     Kees Cook <keescook@chromium.org>
Cc:     Jann Horn <jannh@google.com>,
        Andrea Arcangeli <aarcange@redhat.com>,
        Giuseppe Scrivano <gscrivan@redhat.com>,
        Will Drewry <wad@chromium.org>, bpf <bpf@vger.kernel.org>,
        YiFei Zhu <yifeifz2@illinois.edu>,
        Linux API <linux-api@vger.kernel.org>,
        Linux Containers <containers@lists.linux-foundation.org>,
        Tobin Feldman-Fitzthum <tobin@ibm.com>,
        Hubertus Franke <frankeh@us.ibm.com>,
        Andy Lutomirski <luto@amacapital.net>,
        Valentin Rothberg <vrothber@redhat.com>,
        Dimitrios Skarlatos <dskarlat@cs.cmu.edu>,
        Jack Chen <jianyan2@illinois.edu>,
        Josep Torrellas <torrella@illinois.edu>,
        Tianyin Xu <tyxu@illinois.edu>,
        kernel list <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Sep 24, 2020 at 2:37 AM Kees Cook <keescook@chromium.org> wrote:
> >
> > This belongs over into patch 1.
>
> Thanks! I was rushing to get this posted so YiFei Zhu wouldn't spend
> time fighting with arch and Kconfig stuff. :) I'll clean this (and the
> other random cruft) up.

Wait, what? I'm sorry. We have already begun fixing the mentioned
issues (mostly the split bitmaps for different arches). Although yes
it's nice to have another implementation to refer to so we get the
best of both worlds (and yes I'm already copying some of the code I
think are better here over there), don't you think it's not nice to
say "Hey I've worked on this in June, it needed rework but I didn't
send the newer version. Now you sent yours so I'll rush mine so your
work is redundant."?

That said, I do think this should be configurable. Users would be free
to experiment with the bitmap on or off, just like users may turn
seccomp off entirely. A choice also allows users to select different
implementations, a few whom I work with have ideas on how to
accelerate / cache argument dependent syscalls, for example.

YiFei Zhu