Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp1566162pxk; Fri, 25 Sep 2020 19:50:36 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxw3VJ/kmfo3jLG+RPZqPxQBC7u8NNcUjEi0S71dgpRcsk3TUu70RB6b/i1KD3TGhGvxldZ X-Received: by 2002:a17:906:a4b:: with SMTP id x11mr5985585ejf.368.1601088636522; Fri, 25 Sep 2020 19:50:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1601088636; cv=none; d=google.com; s=arc-20160816; b=mORhRtE12ILXWD7cT1MB6rX+xkfgFO1wcEwygRy3hcvxVLQyXJX8RgOC3T3MQzIjsK avIr0E+VolpzugdyjZ/do8EPK3FUPJKShnTP04yYs/ffew9KT2UjhJV5OAaYw6oWCbk/ ndwiJxZD0DYHuUcVDy6yCWrDf2rIY36qZENrjBPyvj+gEtMeN8EtibYh49or+Q7G16pi nBn9n7l0V75MJFBf9h+3VpwyDIdn3990CMGwsTAe/UMDrc98V/AIXFSIz1BGauLNcenU DDLBvmaVdwsifrnwseS8xFZuMndm97rQMoglfmjJNXGruNzwNFDW8cfIXsvXtLYQPrxG o+Sg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:to:in-reply-to:cc:references:message-id:date :subject:mime-version:from:content-transfer-encoding:dkim-signature; bh=ucCrs5q3YePq0e3RQFFqaDEnUbOvguoKcGVoYbrWhf0=; b=G12s9IId6PExXwCmBeEPbMG5pfPgqac2PnUIXkTu45giWy+pLdTRkakLA+Cvuj7n5a Inu3aNR3xZMwj95W5EpAbAzrDbQavxlOl63XzW7avsd0Bisxs0jjR66XoofgJgp3mz2b 1/VeeMCpa5Meq67vY89808daa6XXufe8auiaLM2YI0I0SNhQJ9axTJ41CuN1xn/svIZd Ib82+9wCV9kkjH3tXqyboV7e0kXPksOIrQVAdyapByrGGBYHaJ7a7OIeJgdujcL4SwFz pY3TrmeQz+Yn3maSU2NQziqJsd/iRuWCn7DQh+EM7TwTVskU0yofebz2n9GQfQZQWkSm 88Pw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=aBg5JtNu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n21si3430815edr.327.2020.09.25.19.50.13; Fri, 25 Sep 2020 19:50:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=aBg5JtNu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729944AbgIZCrv (ORCPT + 99 others); Fri, 25 Sep 2020 22:47:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55532 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729225AbgIZCrv (ORCPT ); Fri, 25 Sep 2020 22:47:51 -0400 Received: from mail-pg1-x542.google.com (mail-pg1-x542.google.com [IPv6:2607:f8b0:4864:20::542]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ED90AC0613D3 for ; Fri, 25 Sep 2020 19:47:50 -0700 (PDT) Received: by mail-pg1-x542.google.com with SMTP id 7so4041585pgm.11 for ; Fri, 25 Sep 2020 19:47:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amacapital-net.20150623.gappssmtp.com; s=20150623; h=content-transfer-encoding:from:mime-version:subject:date:message-id :references:cc:in-reply-to:to; bh=ucCrs5q3YePq0e3RQFFqaDEnUbOvguoKcGVoYbrWhf0=; b=aBg5JtNuxhs1Na7XMPn1DSPQq603igvsgaynA6UcbPZvBw/4AvTXEQr7ToAyohBtYU 1qywQPXmZvtzK+dspR55IISgIuOS4Qq1fGL6qQmGhIKS8cV9U8IeoWPalK4VmbcpnYhK d5N36N9yFdvmOhQOEp0RTQHYdrcGuea0EShsQW3m+eOvKS4BWPaJGtgvlgCMggJM/8OE xwb74dcvYPDRC2+7MODHZF5Coha8XBxos+gDPo3lhfMhV2lhrSOxZLxpkQ4Ej+9E9jwd qtYLkWKpppquHWm/diJRZ6v0Cvsp8tIw6y2pl7dH7P/xMblDpKRC/Q9+ojnC3VumpPxJ X/iQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:content-transfer-encoding:from:mime-version :subject:date:message-id:references:cc:in-reply-to:to; bh=ucCrs5q3YePq0e3RQFFqaDEnUbOvguoKcGVoYbrWhf0=; b=A8G4j67z4KNrfwjaYEXyny5WMM6fPABuzmLL5mUvXhI/QyDSm20KX7+V5o+IBQ5jdc 6q922v0a5Ja0RQ6ivloD1KwbNKMl+JtLyibums7ls532yCGoQOUNA1bU6Yjg70TYUeVp laSB0lc8l4rvRgVmvxn7Fbrv+0YuuFvlNHC9hvPKQdKGsneM7kqRpdfWQ0tRIucaEU9C eENYE4hYRbLYfb5lL/ISRVIHjA9h8/1n93sblAbOOrCZUPAbOVzugzjN+2BzA/W2bKOr 8kwY8zAAV5TXqKsT/PvOKY3VbiBWn1IFf0YinuxISTn+2Yp8C69bbB0RFWAdkJRtmxem igfw== X-Gm-Message-State: AOAM530ytzyh462Xu7DQ/SOhuEQqBJyrOyaThk1R5UaZSCB/LFsdkopE krKhvyg63Goz0dNHmCkIKUv0CdPfDG0B3A== X-Received: by 2002:a63:e444:: with SMTP id i4mr1408075pgk.304.1601088470228; Fri, 25 Sep 2020 19:47:50 -0700 (PDT) Received: from localhost.localdomain (c-67-180-165-146.hsd1.ca.comcast.net. [67.180.165.146]) by smtp.gmail.com with ESMTPSA id 64sm3884252pfz.204.2020.09.25.19.47.49 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 25 Sep 2020 19:47:49 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: Andy Lutomirski Mime-Version: 1.0 (1.0) Subject: Re: [PATCH v2 seccomp 3/6] seccomp/cache: Add "emulator" to check if filter is arg-dependent Date: Fri, 25 Sep 2020 19:47:47 -0700 Message-Id: <05109FF5-65C9-491E-9D9D-2FECE4F8B2B0@amacapital.net> References: Cc: Kees Cook , Linux Containers , YiFei Zhu , bpf , kernel list , Aleksa Sarai , Andrea Arcangeli , Dimitrios Skarlatos , Giuseppe Scrivano , Hubertus Franke , Jack Chen , Jann Horn , Josep Torrellas , Tianyin Xu , Tobin Feldman-Fitzthum , Tycho Andersen , Valentin Rothberg , Will Drewry In-Reply-To: To: YiFei Zhu X-Mailer: iPhone Mail (18A373) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > On Sep 25, 2020, at 6:23 PM, YiFei Zhu wrote: >=20 > =EF=BB=BFOn Fri, Sep 25, 2020 at 4:07 PM Andy Lutomirski wrote: >> We'd need at least three states per syscall: unknown, always-allow, >> and need-to-run-filter. >>=20 >> The downsides are less determinism and a bit of an uglier >> implementation. The upside is that we don't need to loop over all >> syscalls at load -- instead the time that each operation takes is >> independent of the total number of syscalls on the system. And we can >> entirely avoid, say, evaluating the x32 case until the task tries an >> x32 syscall. >=20 > I was really afraid of multiple tasks writing to the bitmaps at once, > hence I used bitmap-per-task. Now I think about it, if this stays > lockless, the worst thing that can happen is that a write undo a bit > set by another task. In this case, if the "known" bit is cleared then > the worst would be the emulation is run many times. But if the "always > allow" is cleared but not "known" bit then we have an issue: the > syscall will always be executed in BPF. >=20 If you interleave the bits, then you can read and write them atomically =E2=80= =94 both bits for any given syscall will be in the same word. > Is it worth holding a spinlock here? >=20 > Though I'll try to get the benchmark numbers for the emulator later tonigh= t. >=20 > YiFei Zhu