From: Kees Cook <keescook@chromium.org>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Andy Lutomirski <luto@amacapital.net>,
Oleg Nesterov <oleg@redhat.com>,
James Morris <james.l.morris@oracle.com>,
Stephen Rothwell <sfr@canb.auug.org.au>,
"David S. Miller" <davem@davemloft.net>,
LKML <linux-kernel@vger.kernel.org>,
Will Drewry <wad@chromium.org>, Julien Tinnes <jln@google.com>,
Alexei Starovoitov <ast@plumgrid.com>
Subject: Re: [PATCH v5 0/6] seccomp: add PR_SECCOMP_EXT and SECCOMP_EXT_ACT_TSYNC
Date: Mon, 2 Jun 2014 12:47:41 -0700 [thread overview]
Message-ID: <CAGXu5jLYPbJKCBvhVxfHEUFeCPJO-OBhRFufUSNy6o1N=LJ6UQ@mail.gmail.com> (raw)
In-Reply-To: <1400799936-26499-1-git-send-email-keescook@chromium.org>
Hi Andrew,
Would you be willing to carry this series? Andy Lutomirski appears
happy with it now. (Thanks again for all the feedback Andy!) If so, it
has a relatively small merge conflict with the bpf changes living in
net-next. Would you prefer I rebase against net-next, let sfr handle
it, get carried in net-next, or some other option?
Thanks!
-Kees
On Thu, May 22, 2014 at 4:05 PM, Kees Cook <keescook@chromium.org> wrote:
> This adds the ability for threads to request seccomp filter
> synchronization across their thread group (either at filter attach time
> or later). (For example, for Chrome to make sure graphic driver threads
> are fully confined after seccomp filters have been attached.)
>
> To support this, seccomp locking on writes is introduced, along with
> refactoring of no_new_privs. Races with thread creation are handled via
> the tasklist_list.
>
> I think all the concerns raised during the discussion[1] of the first
> version of this patch have been addressed. However, the races involved
> have tricked me before. :)
>
> Thanks!
>
> -Kees
>
> [1] https://lkml.org/lkml/2014/1/13/795
>
> v5:
> - move includes around (drysdale)
> - drop set_nnp return value (luto)
> - use smp_load_acquire/store_release (luto)
> - merge nnp changes to seccomp always, fewer ifdef (luto)
> v4:
> - cleaned up locking further, as noticed by David Drysdale
> v3:
> - added SECCOMP_EXT_ACT_FILTER for new filter install options
> v2:
> - reworked to avoid clone races
>
--
Kees Cook
Chrome OS Security
next prev parent reply other threads:[~2014-06-02 19:47 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-22 23:05 [PATCH v5 0/6] seccomp: add PR_SECCOMP_EXT and SECCOMP_EXT_ACT_TSYNC Kees Cook
2014-05-22 23:05 ` [PATCH v5 1/6] seccomp: create internal mode-setting function Kees Cook
2014-05-22 23:05 ` [PATCH v5 2/6] seccomp: split filter prep from check and apply Kees Cook
2014-05-22 23:05 ` [PATCH v5 3/6] seccomp: introduce writer locking Kees Cook
2014-05-23 0:28 ` Alexei Starovoitov
2014-05-23 8:49 ` Peter Zijlstra
2014-05-23 21:05 ` Kees Cook
2014-05-22 23:05 ` [PATCH v5 4/6] seccomp: move no_new_privs into seccomp Kees Cook
2014-05-22 23:08 ` Andy Lutomirski
2014-05-22 23:05 ` [PATCH v5 5/6] seccomp: add PR_SECCOMP_EXT and SECCOMP_EXT_ACT_FILTER Kees Cook
2014-05-22 23:05 ` [PATCH v5 6/6] seccomp: add SECCOMP_EXT_ACT_TSYNC and SECCOMP_FILTER_TSYNC Kees Cook
2014-05-22 23:11 ` Andy Lutomirski
2014-05-23 17:05 ` Kees Cook
2014-05-26 19:27 ` Andy Lutomirski
2014-05-27 18:24 ` Kees Cook
2014-05-27 18:40 ` Andy Lutomirski
2014-05-27 18:45 ` Kees Cook
2014-05-27 19:10 ` Andy Lutomirski
2014-05-27 19:23 ` Kees Cook
2014-05-27 19:27 ` Andy Lutomirski
2014-05-27 19:55 ` Kees Cook
2014-06-02 20:53 ` Andy Lutomirski
2014-06-03 0:14 ` Kees Cook
2014-06-03 0:29 ` Andy Lutomirski
2014-06-03 1:09 ` Kees Cook
2014-06-03 1:15 ` Andy Lutomirski
2014-06-03 19:53 ` Kees Cook
2014-06-02 19:47 ` Kees Cook [this message]
2014-06-02 19:59 ` [PATCH v5 0/6] seccomp: add PR_SECCOMP_EXT and SECCOMP_EXT_ACT_TSYNC Andy Lutomirski
2014-06-02 20:06 ` Kees Cook
2014-06-02 21:17 ` Andy Lutomirski
2014-06-02 23:05 ` Kees Cook
2014-06-02 23:08 ` Andy Lutomirski
2014-06-02 23:08 ` Andy Lutomirski
2014-06-03 10:12 ` Michael Kerrisk
2014-06-03 10:12 ` Michael Kerrisk
2014-06-03 23:47 ` Julien Tinnes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAGXu5jLYPbJKCBvhVxfHEUFeCPJO-OBhRFufUSNy6o1N=LJ6UQ@mail.gmail.com' \
--to=keescook@chromium.org \
--cc=akpm@linux-foundation.org \
--cc=ast@plumgrid.com \
--cc=davem@davemloft.net \
--cc=james.l.morris@oracle.com \
--cc=jln@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=oleg@redhat.com \
--cc=sfr@canb.auug.org.au \
--cc=wad@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.