Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp4921893pxk; Wed, 30 Sep 2020 15:42:32 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx6llcNI+LRWblSeZIfFv8xEd22bWGMI0+tri91dY7YwqyGLTgAnCm+8DkfqY+0U/461SHx X-Received: by 2002:a17:906:c2c5:: with SMTP id ch5mr5270536ejb.183.1601505751976; Wed, 30 Sep 2020 15:42:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1601505751; cv=none; d=google.com; s=arc-20160816; b=W4z89GaZVYLr0sTsSAMRXGaItqJSPmVrovyx4iocCw96K6NqSHsr4p6GRbmUdLNrm8 9qWVfCPYC3ubIdknR0c4V27dXVWgMN6/X/HjrDdJqdeUj6i4q/R07a4/MAO96TvA/E9p fOlE4j/V5Ou+tGM1QcdFsCdZddBx+71pg3s/U+9JAZIHOa7jmX5veOJEm/unZt/aj2bs vbVKR1tjXA10o5dIjrjv9LGrVyTo2EQKd5fWAsGlgpmu9zPFLXQlGUyLaLJn4VGUcGmp OWuyBnamyAHgOiqEsbeqdLDFRflP3DOi497vlXPJ1N5s/8CuVZ95nSeSOlHNx1lL/I+Q YcPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=auUqGvs0gHMXAey6wH7F9Apr7r/9WxxEyJFZn6Y4ccM=; b=iqykE5afud7CdPshmat+YRFbS0yhjgMoVUvtQkwfYu8t2wz7MR/Gplr2KhC0n5mVhE cYmBdr4LlVmx8GzGoHfbWLYnSXln6/iyujtJRaA/webH+q8Ib+ZPKTX4e3D1F/Nb6dyP EHKPcaqe84ZX6xLESWSuyUBsUgvaXJSaukf/sfh61fAquregdSYGEeP/0hhaHo2lRRO8 SPFhhXNA0PytBY6jp33vAWCxlCOOaMYTu5quZ9qjPa2HpwUVBSChN8tYCZMMdeZs28As fJntangJM8sQzZvltOZbOdKs2DCzrCzciddXu29hF2jl65NdzxQeYMRuGqmF+1gjzofX 0r1Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=jEZZuulT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id qx23si2160228ejb.355.2020.09.30.15.42.09; Wed, 30 Sep 2020 15:42:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=jEZZuulT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728660AbgI3Vdp (ORCPT + 99 others); Wed, 30 Sep 2020 17:33:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42220 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729792AbgI3Vdn (ORCPT ); Wed, 30 Sep 2020 17:33:43 -0400 Received: from mail-ej1-x642.google.com (mail-ej1-x642.google.com [IPv6:2a00:1450:4864:20::642]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 83509C0613D0 for ; Wed, 30 Sep 2020 14:33:43 -0700 (PDT) Received: by mail-ej1-x642.google.com with SMTP id nw23so4984341ejb.4 for ; Wed, 30 Sep 2020 14:33:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=auUqGvs0gHMXAey6wH7F9Apr7r/9WxxEyJFZn6Y4ccM=; b=jEZZuulTAkEP8ra+dIdb67z4FyGG96oF+vkHW7GlTvPFyN0nVCVZIn9qGMllZOit52 xj0H2s8ta9HYmC2xhPb1zHhF4HfH+UhZxwQYGniF7NYVP6OGvTjHST+AO2oYeFOeDzel K80B8lQVwG4BEz/c3n+OhRltgv2kxMciDlkUAu7SwpTzBlHY9YZEb+zGocLMIulaTJ3J E7rnlY8Jfjcr2wvOlQGr2UqSv2R9Lw2k+Fdc+cXBVe0Ad8TjzEjIzvxQ50rU3fUPEfwn gx6czlTmSA/lyvlJ3ErszHDOy3n8+mW25p41M/y9O9bguu9kmnvyQfZQsfnrXknVZngO XeRg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=auUqGvs0gHMXAey6wH7F9Apr7r/9WxxEyJFZn6Y4ccM=; b=YWSH7gCjVzLOJnrxlTHu0+PhZGDpf9MVuV/mntoGKOG/ms1OuayFGfUrfaRZcWc8Ru bxEt8p13KLjgpEUNgWJMhbS/kMZ72BwITXLZBFiDaHs1zyaV7d1GFTLkczt2IdN5N6oX 14TdYGOdIjO70+5x5DHxhHNoZxcdlfHZ6Ln0S0p/4r+lcu79SJnfE9J/oV60B5KaN9Xf N7/lHvPticRoJFhFok1wvk2fIM8QdihDIRHim7WOqKbrr6xcIKDcR63tDdtY7CCXb95o GbNcnZ/tW6mzMMxBOv98Z2OQ94EVr+4i3lUIRZkeCcmuRm8m/hxFFqe0Ji1uIXeIz2nR 0ftA== X-Gm-Message-State: AOAM5316kWZZeHLfEphMY3aTIOdNqUFrOcrDIifd8S3yVwwhOTQ/G+VP JamRoqmS7zZ5GMVTP96yKCn2IDHlDHUeQuqQD1UZvQ== X-Received: by 2002:a17:907:94cf:: with SMTP id dn15mr5042513ejc.114.1601501622005; Wed, 30 Sep 2020 14:33:42 -0700 (PDT) MIME-Version: 1.0 References: <484392624b475cc25d90a787525ede70df9f7d51.1601478774.git.yifeifz2@illinois.edu> <202009301418.20BA0CE33@keescook> In-Reply-To: <202009301418.20BA0CE33@keescook> From: Jann Horn Date: Wed, 30 Sep 2020 23:33:15 +0200 Message-ID: Subject: Re: [PATCH v3 seccomp 1/5] x86: Enable seccomp architecture tracking To: Kees Cook Cc: YiFei Zhu , Linux Containers , YiFei Zhu , bpf , kernel list , Aleksa Sarai , Andrea Arcangeli , Andy Lutomirski , David Laight , Dimitrios Skarlatos , Giuseppe Scrivano , Hubertus Franke , Jack Chen , Josep Torrellas , Tianyin Xu , Tobin Feldman-Fitzthum , Tycho Andersen , Valentin Rothberg , Will Drewry Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Sep 30, 2020 at 11:21 PM Kees Cook wrote: > On Wed, Sep 30, 2020 at 10:19:12AM -0500, YiFei Zhu wrote: > > From: Kees Cook > > > > Provide seccomp internals with the details to calculate which syscall > > table the running kernel is expecting to deal with. This allows for > > efficient architecture pinning and paves the way for constant-action > > bitmaps. > > > > Signed-off-by: Kees Cook > > [YiFei: Removed x32, added macro for nr_syscalls] > > Signed-off-by: YiFei Zhu [...] > But otherwise, yes, looks good to me. For this patch, I think the S-o-b chain is probably more > accurately captured as: > > Signed-off-by: Kees Cook > Co-developed-by: YiFei Zhu > Signed-off-by: YiFei Zhu (Technically, https://www.kernel.org/doc/html/latest/process/submitting-patches.html#when-to-use-acked-by-cc-and-co-developed-by says that "every Co-developed-by: must be immediately followed by a Signed-off-by: of the associated co-author" (and has an example of how that should look).)