Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932637Ab2EVVHV (ORCPT ); Tue, 22 May 2012 17:07:21 -0400 Received: from zeniv.linux.org.uk ([195.92.253.2]:56205 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932173Ab2EVVHT (ORCPT ); Tue, 22 May 2012 17:07:19 -0400 Date: Tue, 22 May 2012 22:07:05 +0100 From: Al Viro To: Will Drewry Cc: "H. Peter Anvin" , Indan Zupancic , Roland McGrath , Eric Paris , linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, kernel-hardening@lists.openwall.com, mingo@redhat.com, oleg@redhat.com, peterz@infradead.org, rdunlap@xenotime.net, tglx@linutronix.de, luto@mit.edu, eparis@redhat.com, serge.hallyn@canonical.com, pmoore@redhat.com, akpm@linux-foundation.org, corbet@lwn.net, eric.dumazet@gmail.com, markus@chromium.org, coreyb@linux.vnet.ibm.com, keescook@chromium.org Subject: Re: seccomp and ptrace. what is the correct order? Message-ID: <20120522210704.GK11775@ZenIV.linux.org.uk> References: <5d6179f59222155b72d9aa9f171e883c.squirrel@webmail.greenhost.nl> <20120522173942.GJ11775@ZenIV.linux.org.uk> <4FBBF84A.4070308@zytor.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1918 Lines: 36 On Tue, May 22, 2012 at 03:48:40PM -0500, Will Drewry wrote: > On Tue, May 22, 2012 at 3:34 PM, H. Peter Anvin wrote: > > The proposed patch seems to duplicate the functionality in > > . ?Those macros also try to do the right thing in the > > presence of compat. > > That was my first thought too, so I ran a few simple tests. gcc isn't > smart enough to not add ~344 bytes of code to get the number and > arguments for the x86/kernel/ptrace.c case I included (in the > naive-est of integrations). But I don't know that it justifies the > extra patchwork or enforcing shared code across arches. > > Regardless, the syscall entry + trace code can use some attention > across the architectures. I don't know that > one-more-layer-of-abstraction is the right answer (rather than just > fixing the code). The biggest benefit would be having one-true > syscall_trace_entry slow path. That said, the fast paths will be > forever divergent so the opportunity for bugs like the ones pointed > out will still be there. FWIW, I'd prefer to have all that done inside __audit_syscall_entry(), with context->arch = syscall_get_arch(current, regs); context->major = syscall_get_nr(current, regs); syscall_get_arguments(current, regs, 0, 4, context->argv); done instead of initializations from arguments we are doing there now. I seriously doubt that it would lead to worse code than what we currently have. If nothing else, we won't be passing that pile of arguments around. And yes, asm/syscall.h stuff is probably the right approach here. For biarch ones syscall_get_arguments() is saner than doing them one by one... -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/