Received: by 2002:a05:7208:9594:b0:7e:5202:c8b4 with SMTP id gs20csp1170695rbb; Mon, 26 Feb 2024 00:27:26 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCX3Vtnsjk485Y2n9A4sUwVwePwrqbGCJJsYdrNvt+/rgLNVn5Ht1dQXpDkBTFt1Ecd4AAXJ4+gyiJhSO1i6WXW23B/aVqklU0jNewjSWA== X-Google-Smtp-Source: AGHT+IE9/6WZXTV3hiqyHoX+f/B2Ij9Bc/nzU0ec0h9TEH2EjyXDSby8WkaeM3Q/8/neXqpt92ZQ X-Received: by 2002:a17:906:565a:b0:a3e:6a25:2603 with SMTP id v26-20020a170906565a00b00a3e6a252603mr4185866ejr.33.1708936046461; Mon, 26 Feb 2024 00:27:26 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708936046; cv=pass; d=google.com; s=arc-20160816; b=OovMStez8TeVJC5pmpkItd93Fs7a6lVixPqrl0l7xjVnvBntseyuYmtxcH/bjJf/R7 9bAzlT+HQaBGratJI+wREIDmMU0sksJmYDd0VXCeu5pZOQ2qdcm+pu5gvNk7M3ziZF1X AaKE19F6XvjrjEGX17SA48Hv/W7Q+g8ZHVRYxMLWX+L7KctdGiqiAtvxLVQIELdWaR5P f1uTlHLHP1cyAe2qSWJUzkaF0pkOEXFJeW8IWCvWzGJOui/diqNA5USbLbwu8dl/nwRX RC/qZ3NLd9FOYoduElvToOBMFQbJFhPBj8QNZ61SM6FmXVlJUhDqBk/T4BQIczZfSNdU 6xow== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :references:message-id:subject:cc:to:from:date:dkim-signature; bh=JqzL+r1m8ZQ2IfBSZSIruS3kyRhm89KAJYsKWSrxqXU=; fh=Sh73Vy1KMPNxHfX6VnjLOTvAA7WqZUFrfaNsimhWFFM=; b=GZoH9oxuBmyskr/lAfuD6nZBDWq8JsCn1t5u297okABHVlRo/KXLO6UL86skb7h4ei eZorLABkzYZq7/NBmrnfAP8+JZA8txc97GX4mSP/rUJT37mHDTgqrW306pBPZ11a7r1S EKkRnR1ikjnoEZqUjURUjaBkKG4KNr+s9qmTrHUKhs6WJPfAxlrDAt6hsrX3jtbMB4K3 if8QFiiIjDwULb6jUQ2fJUySOjK8L+UQyvC+NnD2N9ezdUjWsUtE8bbMHGY1Rrz9G94F 7EwRoTFT+ED6UyMt1R72jviXkIiCOivjTgj7kVAjKiWzP5qfRPpObxICH0s0xCBlNQaq TrjQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=gNmznQSW; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-80755-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-80755-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id a16-20020a170906191000b00a3fa46d48d7si1963921eje.612.2024.02.26.00.27.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 26 Feb 2024 00:27:26 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-80755-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=gNmznQSW; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-80755-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-80755-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id C3A141F23FEE for ; Mon, 26 Feb 2024 08:26:53 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 4D55C1CAB7; Mon, 26 Feb 2024 08:26:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="gNmznQSW" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 690E51CA97; Mon, 26 Feb 2024 08:26:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708936005; cv=none; b=FCgf22hHmP0VL5+rJeaohWGcICKIuW6alxOADmmwar5UDKh0AJu4IRVqy6PPum19ZvSvFlVSNdXEhqIq248yBOlhVMYu+JtHmGrq5vWeNUT1D3/WAyfhwpxn+4H3SKLznstB6c/mM5oCHT01jJekxsIVtlfnIlx28bXeMYZD11U= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708936005; c=relaxed/simple; bh=haGI4n0YbA/4IGvdyThAvozbIdXURA6fZt37AbQcuwQ=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=ofgLHtjW3ijlVWOheD4/5aMINbb0KdlIrEjS7WSFmhgfReTT2sj04CeBCuhNm6WPRjTWyFZgmfImBfoKn359HMuTXGbyBLzp/6TU19X+6g2OtcRjbrIYMf4BAGUMy2gtgNKVzynUQtL5Y9DGXTNUcU2qetpcyORMeV1SDX/8JM8= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=gNmznQSW; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 81AF2C433F1; Mon, 26 Feb 2024 08:26:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1708936005; bh=haGI4n0YbA/4IGvdyThAvozbIdXURA6fZt37AbQcuwQ=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=gNmznQSWN2MhRkWhQYUIWP+Q7rle+L3MEZFkSXk5ZDHhsdKwJ3eKwV4yUx2xGVc4I nULj0FswhucxGEgmahSlP9vZQFhLMOChl5XMThaYhBcYOhMGRu9lJmLes4bYQ86Ojr SRE22RvpV0wPnWE+EZnfXbnSj8bp6h0jlq/aw+4smaqf+9FpCLumPKq+4k2ooPltCK est+fM5foWvlrRE+Dikaboekn76SBl4/WXLB2TiOnMt0bWzd0usIgjp3890azDNTm5 chJjME7RTUEGY2OP1CYvdRqhUxiQJABmduh8XNhmVEZXqkPLY1D2ocCrIv5PgV0Yl7 h0lp69Wyrzwmg== Date: Mon, 26 Feb 2024 09:26:38 +0100 From: Christian Brauner To: Icenowy Zheng Cc: Xi Ruoyao , Huacai Chen , WANG Xuerui , linux-api@vger.kernel.org, Arnd Bergmann , Kees Cook , Xuefeng Li , Jianmin Lv , Xiaotian Wu , WANG Rui , Miao Wang , "loongarch@lists.linux.dev" , linux-arch , Linux Kernel Mailing List Subject: Re: Chromium sandbox on LoongArch and statx -- seccomp deep argument inspection again? Message-ID: <20240226-granit-seilschaft-eccc2433014d@brauner> References: <599df4a3-47a4-49be-9c81-8e21ea1f988a@xen0n.name> <24c47463f9b469bdc03e415d953d1ca926d83680.camel@xry111.site> <61c5b883762ba4f7fc5a89f539dcd6c8b13d8622.camel@icenowy.me> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <61c5b883762ba4f7fc5a89f539dcd6c8b13d8622.camel@icenowy.me> On Mon, Feb 26, 2024 at 02:03:48PM +0800, Icenowy Zheng wrote: > 在 2024-02-25星期日的 15:32 +0800,Xi Ruoyao写道: > > On Sun, 2024-02-25 at 14:51 +0800, Icenowy Zheng wrote: > > > > From my point of view, I prefer to "restore fstat", because we > > > > need > > > > to > > > > use the Chrome sandbox everyday (even though it hasn't been > > > > upstream > > > > by now). But I also hope "seccomp deep argument inspection" can > > > > be > > > > solved in the future. > > > > > > My idea is this problem needs syscalls to be designed with deep > > > argument inspection in mind; syscalls before this should be > > > considered > > > as historical error and get fixed by resotring old syscalls. > > > > I'd not consider fstat an error as using statx for fstat has a > > performance impact (severe for some workflows), and Linus has > > concluded > > Sorry for clearance, I mean statx is an error in ABI design, not fstat. We will not be limited arbitrarly in system call design by seccomp being unable to do deep argument inspection. That ship has sailed many years ago. And it's a bit laughable to disalow pointer arguments and structs in system calls because seccomp isn't able to inspect them.