Received: by 2002:a05:6a10:6744:0:0:0:0 with SMTP id w4csp4661451pxu; Tue, 13 Oct 2020 04:14:43 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwVgPGP+f4GU5d5j+LnV5tzmEjV9wePKzq9BPdmcl2ZzjOxiQoYZhUD4Uy5wSxz/p2HAJbK X-Received: by 2002:a17:906:557:: with SMTP id k23mr2973521eja.425.1602587683611; Tue, 13 Oct 2020 04:14:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1602587683; cv=none; d=google.com; s=arc-20160816; b=Jf/njkGalD2Prgq0lyHOI8obMS+qMPuMMr1ez/tFfbWmCPGB93waUf51d87mzMxSX/ pAy2TchcUlK+dSuRXxyzkwWoB6R8elaLnmOz/1GiqY3ckI43mYNI45Two1B/koKyuRTM XsGm5n0owA44L2QWfjBBDNxlEwzsrgV/fh/mlDBhsr3sF4dotHd0SfUZF4n1JzaD9S9r m0rsZBoLBI3EwFBdzUf0fQfovBqqJ+LCkbun8OiVVr7FDydfYgr+ImYgURH9BV5JI+lt HH+n+6A0Mz5mpGfJNDrblSiGyZflBgzsZOv1//PcoiPKtuubB7X3Ygucmt4yhXade5qm 6kcw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=RXZNvLUHIPZhcUjRnKBWUfl+DzXXg5MXS7WMTuKeZqY=; b=hPoMjyb3ILnTgG9YWeZQRyxCTPS2ZCIDOAsoIkdr9qJxELN3/3cJB+IaMLqpg9YBQ8 7J5Tx0eYAzO57A122Ll2bidQDJ38fjQSW7xLWeEhO6jiqP6l1BjVPJVL0w7OK6skSYW+ 8V1TrAYNvqCUQy6umsG2QVJIybLpZXZgZzPGUVv9CRv2lsapUd2Eg1lURp0M9CdrKuHL xLzgIQ2ivgN2neklGUUCaVf0qO6NWqwKhItQrImlkZ2uSKvCLIIHk2vQGxbNmq6FwlC8 W3bnY8VCcM5w6Zcw6turGv0vtbKRxiGYSYU3s18NKB1Y4tE3uAKzFA9y5YHk32gOVZr2 BqBg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="EgkGa/BE"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n15si15054685edw.94.2020.10.13.04.14.21; Tue, 13 Oct 2020 04:14:43 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="EgkGa/BE"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727087AbgJMAb1 (ORCPT + 99 others); Mon, 12 Oct 2020 20:31:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47548 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726564AbgJMAb1 (ORCPT ); Mon, 12 Oct 2020 20:31:27 -0400 Received: from mail-pf1-x443.google.com (mail-pf1-x443.google.com [IPv6:2607:f8b0:4864:20::443]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 73E29C0613D0; Mon, 12 Oct 2020 17:31:27 -0700 (PDT) Received: by mail-pf1-x443.google.com with SMTP id e7so6361088pfn.12; Mon, 12 Oct 2020 17:31:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=RXZNvLUHIPZhcUjRnKBWUfl+DzXXg5MXS7WMTuKeZqY=; b=EgkGa/BElavLOO5do8aI/LDI65T4SLmDW8j8GtvnCsMqRBTuzcnVjgwuSdSDywqjvi 68gLb90unNImwgG+pg5B/c302jrN06h2wiOsbrS6lxh8EQjYlmK7IUQnSGU/kv2q8QG+ EWOBIoZOyIobyfZvWYXKxuZwSKTVUMEXBgX4ZSAm7NcGssu/qudmnUEzxRGMANa3Lou5 MjTF8Aw/QRattq1J+RTgiH8N7u0DTN9vVgQp0Ylvdjn8NkAptoEbXZ5eu6oXV79TtK/9 bHTxA8tUDVroDUdUEZK0RaWfRT1RH5IBbwfF+F6lF8u/pZVT/m/Yzov79xfTFFBkwVbg PhPQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=RXZNvLUHIPZhcUjRnKBWUfl+DzXXg5MXS7WMTuKeZqY=; b=h0fCnwrb3Y6jDD9yEabwzibnpPIuzU1L0jCRqE0jKv6y5GEkDz1bGAKLzpX9jBWz0l C5HIHLT4wW99G27KFaDUr8qpOKqRbzzkRArn0n/tcLWVwZ26uTfbOeNndveUgIWglAJ4 /Nlfhib3lRkRE/G5kwwvLyllF1rZtqDBEyQNJY9ttUVSPEzGJyzfsvNnuOygf3DRWhoW pfQUyyHwN3J9f0xMpUFGwDjESx8BC9gkGvpsCFGnsMtzdEOWOEMe4B1tpEcsa3F/fPuW E+J3IBrqU8007SfySQpU8QMtvQucIu+d71AY/4NDKSA55JLGO7PhQwt90v27ZkqsF1Ag aGzw== X-Gm-Message-State: AOAM5305oUzY+mcHMr64wylcS1psWmiaq4avncJJH+qwaxEkm/0QNWTg H0lrBw7ampNDyG1WLbB7RNunKh/GEJRGG59mZJ4= X-Received: by 2002:aa7:8d4c:0:b029:150:f692:4129 with SMTP id s12-20020aa78d4c0000b0290150f6924129mr25657902pfe.11.1602549086984; Mon, 12 Oct 2020 17:31:26 -0700 (PDT) MIME-Version: 1.0 References: <202010091613.B671C86@keescook> <202010121556.1110776B83@keescook> In-Reply-To: <202010121556.1110776B83@keescook> From: YiFei Zhu Date: Mon, 12 Oct 2020 19:31:16 -0500 Message-ID: Subject: Re: [PATCH v4 seccomp 5/5] seccomp/cache: Report cache data through /proc/pid/seccomp_cache To: Kees Cook Cc: Linux Containers , YiFei Zhu , bpf , kernel list , Aleksa Sarai , Andrea Arcangeli , Andy Lutomirski , David Laight , Dimitrios Skarlatos , Giuseppe Scrivano , Hubertus Franke , Jack Chen , Jann Horn , Josep Torrellas , Tianyin Xu , Tobin Feldman-Fitzthum , Tycho Andersen , Valentin Rothberg , Will Drewry Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Oct 12, 2020 at 5:57 PM Kees Cook wrote: > I think it's fine to just have this "dangle" with a help text update of > "if seccomp action caching is supported by the architecture, provide the > /proc/$pid ..." I think it would be weird if someone sees this help text and wonder... "hmm does my architecture support seccomp action caching" and without a clear pointer to how seccomp action cache works, goes and compiles the kernel with this config option on for the purpose of knowing if their arch supports it... Or, is it a common practice in the kernel to leave dangling configs? YiFei Zhu