From: Tycho Andersen <tycho@tycho.ws>
To: Kees Cook <keescook@chromium.org>
Cc: Andy Lutomirski <luto@amacapital.net>,
Oleg Nesterov <oleg@redhat.com>,
"Eric W . Biederman" <ebiederm@xmission.com>,
"Serge E . Hallyn" <serge@hallyn.com>,
Christian Brauner <christian@brauner.io>,
Tyler Hicks <tyhicks@canonical.com>,
Akihiro Suda <suda.akihiro@lab.ntt.co.jp>,
Aleksa Sarai <asarai@suse.de>, Jann Horn <jannh@google.com>,
linux-kernel@vger.kernel.org,
containers@lists.linux-foundation.org, linux-api@vger.kernel.org,
Tycho Andersen <tycho@tycho.ws>
Subject: [PATCH v9 0/4] seccomp trap to userspace
Date: Sun, 2 Dec 2018 20:28:23 -0700 [thread overview]
Message-ID: <20181203032827.27978-1-tycho@tycho.ws> (raw)
Hi all,
Here's a v9 of the seccomp trap to userspace series. Major changes are:
* drop the whole SIGNALED flag thing. This was confusing to a number of
people, and Oleg pointed out that it makes it fairly easy to get a
task into an uninterruptible sleep. Now, replies to a task with a
signal will just get ENOENT, indicating that something happened to the
other end.
* refactor the tests so that each test tests only one thing :)
* several other minor bug fixes
Cheers,
Tycho
Link to v8: https://lore.kernel.org/lkml/20181029224031.29809-1-tycho@tycho.ws/T/#u
Tycho Andersen (4):
seccomp: hoist struct seccomp_data recalculation higher
seccomp: switch system call argument type to void *
seccomp: add a return code to trap to userspace
samples: add an example of seccomp user trap
Documentation/ioctl/ioctl-number.txt | 1 +
.../userspace-api/seccomp_filter.rst | 84 ++++
include/linux/seccomp.h | 9 +-
include/uapi/linux/seccomp.h | 40 +-
kernel/seccomp.c | 468 +++++++++++++++++-
samples/seccomp/.gitignore | 1 +
samples/seccomp/Makefile | 7 +-
samples/seccomp/user-trap.c | 375 ++++++++++++++
tools/testing/selftests/seccomp/seccomp_bpf.c | 447 ++++++++++++++++-
9 files changed, 1410 insertions(+), 22 deletions(-)
create mode 100644 samples/seccomp/user-trap.c
--
2.19.1
next reply other threads:[~2018-12-03 3:28 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-03 3:28 Tycho Andersen [this message]
2018-12-03 3:28 ` [PATCH v9 1/4] seccomp: hoist struct seccomp_data recalculation higher Tycho Andersen
2018-12-03 4:53 ` Serge E. Hallyn
2018-12-03 3:28 ` [PATCH v9 2/4] seccomp: switch system call argument type to void * Tycho Andersen
2018-12-03 5:01 ` Serge E. Hallyn
2018-12-04 0:03 ` Paul Moore
2018-12-04 0:03 ` Paul Moore
2018-12-04 2:07 ` kbuild test robot
2018-12-04 2:07 ` kbuild test robot
2018-12-04 2:17 ` Tycho Andersen
2018-12-04 2:34 ` Tycho Andersen
2018-12-03 3:28 ` [PATCH v9 3/4] seccomp: add a return code to trap to userspace Tycho Andersen
2018-12-03 5:26 ` Serge E. Hallyn
2018-12-03 15:52 ` Tycho Andersen
2018-12-04 0:10 ` Serge E. Hallyn
2018-12-03 3:28 ` [PATCH v9 4/4] samples: add an example of seccomp user trap Tycho Andersen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181203032827.27978-1-tycho@tycho.ws \
--to=tycho@tycho.ws \
--cc=asarai@suse.de \
--cc=christian@brauner.io \
--cc=containers@lists.linux-foundation.org \
--cc=ebiederm@xmission.com \
--cc=jannh@google.com \
--cc=keescook@chromium.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=oleg@redhat.com \
--cc=serge@hallyn.com \
--cc=suda.akihiro@lab.ntt.co.jp \
--cc=tyhicks@canonical.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.