Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp1000771iob; Fri, 13 May 2022 19:11:09 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxKbNcO49nDwFmh0YonftvlurWt54F+8TUwO6lGahvs8CQLyXcVOFjULWSx1wwCmelWeZ9/ X-Received: by 2002:a05:6000:1a89:b0:20c:613f:da94 with SMTP id f9-20020a0560001a8900b0020c613fda94mr5989820wry.356.1652494269197; Fri, 13 May 2022 19:11:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652494269; cv=none; d=google.com; s=arc-20160816; b=UCGybEig4NPFmSq9Z9toNlwNHt0ry+GLlZ41PpgWGL1KauWaDHa7QwNUg4ESjHXdFW PUp02VhZORuZirzGli8vf2yY8sgC64WuZ6NnGK0gMu8x5dlwI024nKYdRz4rO1+Gj0Of fZwjUEnOjwSsSZ/Gw+IftKXGEftxWfMU8RZIRNjCcXYl7uPgws1iebBaVrwj5nSRQmj9 5hA09gLsNk1FmgXGC26gC9ra9oPYtFNAJu/SnXF4im+7D3d4UtFJvrYf8fvg7jjx1yTU 4InUM9MsUnqInqpw7WQ/WtQhxEPC97g2WqWi4Qa6WTl9lATgDi7daaimbCsEXHXLNGJZ jmHA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=Zmy7mHJDZZzXTf4XQ72JIXdAyHllqo0fOS39D1g/OPw=; b=RkUx+FOTIhO7Gibhq9hd6fPiTNv3ddOSEe/zWAuCQtuWs8lPA/u9QLR//3NXUFwv2C UqF0Y97vrScf65ffolsLtC98sA3Dh7uoMWkC67+xDuO6iJYwNggQMoLf9nw3ins8YNef liO8c+DuqGI6I0AFYWyi7ngBPN/alRZ3O+h+Apvdh2nqQnDqkWwkyM0005MvcsQkiJRI blZvT1f71KJCPcOKtHP0nrOmFBZ4uWnqn688q+Y1UZGQXDX5nVeGUJ+AMlLDCS8oq3l/ lZ8TdA4JFgh+Z7JV8phb5EFYtvPZAYw/GYG0ElXsc+wgkkS9dSG5rHhC/PzjNYHsij7e PpAA== ARC-Authentication-Results: i=1; mx.google.com; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id s10-20020adfdb0a000000b0020aece11ecfsi3501900wri.353.2022.05.13.19.11.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 13 May 2022 19:11:09 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 7AAAC306501; Fri, 13 May 2022 17:29:56 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348048AbiEKVMm (ORCPT + 99 others); Wed, 11 May 2022 17:12:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48176 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348044AbiEKVMj (ORCPT ); Wed, 11 May 2022 17:12:39 -0400 Received: from brightrain.aerifal.cx (brightrain.aerifal.cx [216.12.86.13]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 27F0822922E for ; Wed, 11 May 2022 14:12:34 -0700 (PDT) Date: Wed, 11 May 2022 17:12:32 -0400 From: Rich Felker To: Arnd Bergmann Cc: Christian Brauner , Huacai Chen , Huacai Chen , Andy Lutomirski , Thomas Gleixner , Peter Zijlstra , Andrew Morton , David Airlie , Jonathan Corbet , Linus Torvalds , linux-arch , "open list:DOCUMENTATION" , Linux Kernel Mailing List , Xuefeng Li , Yanteng Si , Guo Ren , Xuerui Wang , Jiaxun Yang , Linux API , GNU C Library , musl@lists.openwall.com Subject: Re: [musl] Re: [PATCH V9 13/24] LoongArch: Add system call support Message-ID: <20220511211231.GG7074@brightrain.aerifal.cx> References: <20220430090518.3127980-1-chenhuacai@loongson.cn> <20220430090518.3127980-14-chenhuacai@loongson.cn> <20220507121104.7soocpgoqkvwv3gc@wittgenstein> <20220509100058.vmrgn5fkk3ayt63v@wittgenstein> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RDNS_NONE, SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, May 11, 2022 at 09:11:56AM +0200, Arnd Bergmann wrote: > On Mon, May 9, 2022 at 12:00 PM Christian Brauner wrote: > ..... > > I can try and move a poc for this up the todo list. > > > > Without an approach like this certain sandboxes will fallback to > > ENOSYSing system calls they can't filter. This is a generic problem > > though with clone3() being one promiment example. > > Thank you for the detailed reply. It sounds to me like this will eventually have > to get solved anyway, so we could move ahead without clone() on loongarch, > and just not have support for Chrome until this is fully solved. > > As both the glibc and musl ports are being proposed for inclusion right > now, we should try to come to a decision so the libc ports can adjust if > necessary. Adding both mailing lists to Cc here, the discussion is archived > at [1]. > > Arnd > > [1] https://lore.kernel.org/linux-arch/20220509100058.vmrgn5fkk3ayt63v@wittgenstein/ Having read about the seccomp issue, I think it's a very strong argument that __NR_clone should be kept permanently for all future archs. Otherwise, at least AIUI, it's impossible to seccomp-sandbox multithreaded programs (since you can't allow the creation of threads without also allowing other unwanted use of clone3). It sounds like there's some interest in extending seccomp to allow filtering of argument blocks like clone3 uses, but some of what I read about was checksum-based (thus a weak hardening measure at best, not a hard privilege boundary) and even if something is eventually created that works, it won't be available right away, and it won't be nearly as easy to use as just allowing thread-creating clone syscalls on existing archs. Rich