Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp718947pxk; Thu, 24 Sep 2020 17:18:33 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxy3K/ecY0zX/LN1ScUk3jO5+r8ggu8yjzSpyDXlX/z08cOp7nPkYpo3ThlqZ0tV27XLeZq X-Received: by 2002:a17:906:b285:: with SMTP id q5mr153380ejz.545.1600993112768; Thu, 24 Sep 2020 17:18:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1600993112; cv=none; d=google.com; s=arc-20160816; b=tqA9wJnSufEnb++sMsRecl7PMCJnnkxkZicKfs8JxJhcuthdk15dGFOzbubmKfHJEN ht1Bj1o2VDcU4Ovxe+Jz6tID+GcKiWdl2xCXfa067dstvXaFJ6yZDD9wgwijsBa6kIAH l05FHxWT96rKwGe5iTzNx/tpKZc8OtmE+fmtjh2rpWCXHKUe8df6NBzf6iAAkgvnQydl iaUbCcC9DtBHvBcIKPIJ7ZDpLcg3L115v2Jaj9TPHHZie47takmFWl0NQXiU2dXpOYIV P2f/YVDMe0CaWOIbIcXEkw6VBNtiKJDBzXPz+DMboDalvimrRmXJBOHz+SgsZzDnUhiA xALA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=7xIf+Wd02QlRb8dihS/DiLbBEmJ1zW6xAEVbZ5dS26E=; b=0+GTRZ/TDy7NH+3+Os+XBbBaVewBcKEgeoaZLf/ioV1Kw5GXyNx79v8hjx0jc6hlQl zPPZN5vxeWTbajk3bTgva1YP6DpMYLSnU7D1+sxzgWwOaCK/KkG5qXeQa5DtSC4FefK6 JCeJx5bm2lrN7MssgOtezYL2p1xxoBlWFUrZAOYSX/UXHVIhvKQXJAmfSsptXffklqiE RrQrpZywgamR7Vf3vYuGdX2ZBrma7nF6rb5M2EvSEwO5JR8g66k7t9SWjci9Eqp3ZvnG qHmnwaZdCay7NXNTT6JITs4+xheTNiCYSnOtN6Rcpn0qjyC/aA1Ufx5jLVYUXN8qrS21 qUmQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=F0LNJat7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id yd22si944132ejb.546.2020.09.24.17.18.08; Thu, 24 Sep 2020 17:18:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=F0LNJat7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726718AbgIYAQT (ORCPT + 99 others); Thu, 24 Sep 2020 20:16:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35398 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726676AbgIYAQT (ORCPT ); Thu, 24 Sep 2020 20:16:19 -0400 Received: from mail-ed1-x541.google.com (mail-ed1-x541.google.com [IPv6:2a00:1450:4864:20::541]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9973EC0613D3 for ; Thu, 24 Sep 2020 17:16:18 -0700 (PDT) Received: by mail-ed1-x541.google.com with SMTP id j2so685199eds.9 for ; Thu, 24 Sep 2020 17:16:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=7xIf+Wd02QlRb8dihS/DiLbBEmJ1zW6xAEVbZ5dS26E=; b=F0LNJat78CdDpEaqZQuJ1tqYitJYzbyqPAVCgU18z7GFkfA1gi8abPuI4hVEqqNjrO 7qCIQUkxAI8zgQLp6PDo1dx9GDy0tpvikrn94cKA25Mw9Wd+CoYHKC1yZ9q7T16cQQTP H/U9JPG7AON51/TYdL6xeqM6iEgi+a5lpR/BMpU/gSs626kra6z2IKHMZURbKhbDWw58 6hjmQKMFCy0B2LOAm2Bil0vYBlPkNu7nqxMWYn/VdN+36tDP8DNnEU9pi+Ogx8r10v1s Lg4LyJNKT6TRNahT1JulTgdRE1uBn1YZNSvD0yr2jskQl+ue+H+AxIuqrs1ABIGv450a 0QMg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=7xIf+Wd02QlRb8dihS/DiLbBEmJ1zW6xAEVbZ5dS26E=; b=lfwfYdSJ8LkVixFy95sIsSePVahSLwj5DkT7qts85kJ97VwdyvUZFDOJn2j0IidQ04 IVMH8LRM39wUULnRaxjlv1Gigk6Y1gzc0Ac787RaiqDKIU+YL6Uj0riYqid+HNXTJDvw prd9iwf9/2UDBr7PggUBrTs+r3/OiXeD5dayZMohIENgu7FTk0tb/pdhglEbigg8FmeW mB1UeNA9AAM3zdyvbK2WzsYkct9s2PdMIGDKfSbYI+Jw0p3VbmOxp0WSwjl6NOF9aNft OqwzACCudM+s4TQxzbHyGy8nUJ1Ynj28oPU+EtFLAe0RZri35bjM8BpfyvinHAjJB4Ep gcow== X-Gm-Message-State: AOAM533wFHhk8OFLyg9gl5BDtrYYZYBYb6XrF3h90buY7hp0PvgjLs2D sjEj9hxGmou1Kr2GafVHH70eeu0R8LtsRGdpqUFiuA== X-Received: by 2002:a05:6402:176c:: with SMTP id da12mr1354480edb.386.1600992977013; Thu, 24 Sep 2020 17:16:17 -0700 (PDT) MIME-Version: 1.0 References: <202009241658.A062D6AE@keescook> In-Reply-To: <202009241658.A062D6AE@keescook> From: Jann Horn Date: Fri, 25 Sep 2020 02:15:50 +0200 Message-ID: Subject: Re: [PATCH v2 seccomp 2/6] asm/syscall.h: Add syscall_arches[] array To: Kees Cook Cc: YiFei Zhu , YiFei Zhu , Linux Containers , bpf , kernel list , Aleksa Sarai , Andrea Arcangeli , Andy Lutomirski , Dimitrios Skarlatos , Giuseppe Scrivano , Hubertus Franke , Jack Chen , Josep Torrellas , Tianyin Xu , Tobin Feldman-Fitzthum , Tycho Andersen , Valentin Rothberg , Will Drewry Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Sep 25, 2020 at 2:01 AM Kees Cook wrote: > 2) seccomp needs to handle "multiplexed" tables like x86_x32 (distros > haven't removed CONFIG_X86_X32 widely yet, so it is a reality that > it must be dealt with), which means seccomp's idea of the arch > "number" can't be the same as the AUDIT_ARCH. Sure, distros ship it; but basically nobody uses it, it doesn't have to be fast. As long as we don't *break* it, everything's fine. And if we ignore the existence of X32 in the fastpath, that'll just mean that syscalls with the X32 marker bit always hit the seccomp slowpath (because it'll look like the syscall number is out-of-bounds ) - no problem.