From: Linus Torvalds <torvalds@linux-foundation.org> To: Indan Zupancic <indan@nul.nu> Cc: Andi Kleen <andi@firstfloor.org>, Jamie Lokier <jamie@shareable.org>, Andrew Lutomirski <luto@mit.edu>, Oleg Nesterov <oleg@redhat.com>, Will Drewry <wad@chromium.org>, linux-kernel@vger.kernel.org, keescook@chromium.org, john.johansen@canonical.com, serge.hallyn@canonical.com, coreyb@linux.vnet.ibm.com, pmoore@redhat.com, eparis@redhat.com, djm@mindrot.org, segoon@openwall.com, rostedt@goodmis.org, jmorris@namei.org, scarybeasts@gmail.com, avi@redhat.com, penberg@cs.helsinki.fi, viro@zeniv.linux.org.uk, mingo@elte.hu, akpm@linux-foundation.org, khilman@ti.com, borislav.petkov@amd.com, amwang@redhat.com, ak@linux.intel.com, eric.dumazet@gmail.com, gregkh@suse.de, dhowells@redhat.com, daniel.lezcano@free.fr, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, olofj@chromium.org, mhalcrow@google.com, dlaor@redhat.com, Roland McGrath <mcgrathr@chromium.org> Subject: Re: Compat 32-bit syscall entry from 64-bit task!? Date: Wed, 18 Jan 2012 11:31:53 -0800 [thread overview] Message-ID: <CA+55aFzcSVmdDj9Lh_gdbz1OzHyEm6ZrGPBDAJnywm2LF_eVyg@mail.gmail.com> (raw) In-Reply-To: <fd4ccb42a25876131e411299d24d9151.squirrel@webmail.greenhost.nl> [-- Attachment #1: Type: text/plain, Size: 4199 bytes --] On Wed, Jan 18, 2012 at 5:12 AM, Indan Zupancic <indan@nul.nu> wrote: > > So there is this gap and there is no good way to handle it at all for > user space? And even if it's fixed in the kernel, that won't help with > older kernels, so it will stay a problem for a while. Correct. > Can this int 0x80 trick be blocked for ptraced task (preferably always), > pretty please? Nope. Not that I can tell. The "unable to read $pc-2" is a hardware feature, and we cannot stop users from running the "int 0x80" code. The only way to block it is to simply not enable the 32-bit compatibility mode at all, at which point the "int 0x80" interface simply doesn't exist. And sure, we could do something in the kernel (like saying that you cannot do "int 0x80" from 64-bit code by explicitly testing in the ia32_syscall function), but that has the same "even if it's fixed in the kernel" issue. You can test this feature out with a test-program something like this: #include <errno.h> #include <stdlib.h> #include <signal.h> #define _GNU_SOURCE #include <unistd.h> #include <sys/syscall.h> void handler(int sig) { printf("SIGWINCH\n"); } int main(unsigned int argc, char **argv) { signal(SIGWINCH, handler); asm("int $0x80": :"a" (29)); /* sys_pause - 32-bit */ syscall(34); /* sys_pause - 64-bit */ } which does two "pause()" system calls from 64-bit mode, the first one using the legacy system call interface. At least "strace" gets really confused, and will show the first one as shmget(0x1c, 140734112566944, 0) = ? ERESTARTNOHAND (To be restarted) because it assumes that in 64-bit mode, system call number 29 means "shmget". It doesn't even look at $pc-2, which (since this code doesn't try to obfuscate it) would have worked in this case. I actually checked the strace source code. It has # if 0 /* This version analyzes the opcode of a syscall instruction. * (int 0x80 on i386 vs. syscall on x86-64) * It works, but is too complicated. */ unsigned long val, rip, i; if (upeek(tcp, 8*RIP, &rip) < 0) perror("upeek(RIP)"); /* sizeof(syscall) == sizeof(int 0x80) == 2 */ rip -= 2; errno = 0; ... so there is code there that could make it work, but it's #ifdef'ed out. The actually used code just does /* Check CS register value. On x86-64 linux it is: * 0x33 for long mode (64 bit) * 0x23 for compatibility mode (32 bit) * It takes only one ptrace and thus doesn't need * to be cached. */ if (upeek(tcp, 8*CS, &val) < 0) return -1; switch (val) { case 0x23: currpers = 1; break; case 0x33: currpers = 0; break; which is the reasonable and obvious approach. I'm looking at "struct user_regs_struct" and there really isn't any non-architected state there outside of "high bits". There are high bits that we can hide things in outside of orig_ax - we do have 64 bits for "cs" for example - but it all boils down to the same issue: we *will* break something that thinks it knows the details of this. The advantage of "orig_eax" would be that at least it makes conceptual sense there. Using the high bits of 'eflags' might work. Hopefully nobody tests that. IOW, something like the attached might work. It just sets bit#32 in eflags if the system call is a compat call. With that, ptrace would at least be able to tell (assuming a new kernel, of course - it would still need to have the "look at cs" as a fallback) if it's a compat call or not, but it could do something like mode = (eflags >> 32) & 3; switch (mode) { case 0: .. guess it from CS .. case 1: 64-bit case 2: 32-bit default: Oddity. } or something like that. The idea being that you can also see from eflags whether the new feature is supported or not. THIS IS TOTALLY UNTESTED! Linus [-- Attachment #2: patch.diff --] [-- Type: text/x-patch, Size: 934 bytes --] arch/x86/kernel/ptrace.c | 8 +++++++- 1 files changed, 7 insertions(+), 1 deletions(-) diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c index 50267386b766..e7b019cd88d3 100644 --- a/arch/x86/kernel/ptrace.c +++ b/arch/x86/kernel/ptrace.c @@ -353,6 +353,7 @@ static int set_segment_reg(struct task_struct *task, static unsigned long get_flags(struct task_struct *task) { + int bit = 32; unsigned long retval = task_pt_regs(task)->flags; /* @@ -361,7 +362,12 @@ static unsigned long get_flags(struct task_struct *task) if (test_tsk_thread_flag(task, TIF_FORCED_TF)) retval &= ~X86_EFLAGS_TF; - return retval; +#ifdef CONFIG_IA32_EMULATION + /* Set bit 32 for 64-bit system calls, bit 33 for compat system calls */ + bit += (task_thread_info(task)->status & TS_COMPAT) / TS_COMPAT; +#endif + + return retval | (1ul << bit); } static int set_flags(struct task_struct *task, unsigned long value)
WARNING: multiple messages have this Message-ID (diff)
From: Linus Torvalds <torvalds@linux-foundation.org> To: Indan Zupancic <indan@nul.nu> Cc: Andi Kleen <andi@firstfloor.org>, Jamie Lokier <jamie@shareable.org>, Andrew Lutomirski <luto@mit.edu>, Oleg Nesterov <oleg@redhat.com>, Will Drewry <wad@chromium.org>, linux-kernel@vger.kernel.org, keescook@chromium.org, john.johansen@canonical.com, serge.hallyn@canonical.com, coreyb@linux.vnet.ibm.com, pmoore@redhat.com, eparis@redhat.com, djm@mindrot.org, segoon@openwall.com, rostedt@goodmis.org, jmorris@namei.org, scarybeasts@gmail.com, avi@redhat.com, penberg@cs.helsinki.fi, viro@zeniv.linux.org.uk, mingo@elte.hu, akpm@linux-foundation.org, khilman@ti.com, borislav.petkov@amd.com, amwang@redhat.com, ak@linux.intel.com, eric.dumazet@gmail.com, gregkh@suse.de, dhowells@redhat.com, daniel.lezcano@free.fr, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, olofj@chromium.org, mhalcrow@google.com, dlaor@redhat.com, Roland McGrath <mcgrathr@chromium Subject: Re: Compat 32-bit syscall entry from 64-bit task!? Date: Wed, 18 Jan 2012 11:31:53 -0800 [thread overview] Message-ID: <CA+55aFzcSVmdDj9Lh_gdbz1OzHyEm6ZrGPBDAJnywm2LF_eVyg@mail.gmail.com> (raw) In-Reply-To: <fd4ccb42a25876131e411299d24d9151.squirrel@webmail.greenhost.nl> [-- Attachment #1: Type: text/plain, Size: 4199 bytes --] On Wed, Jan 18, 2012 at 5:12 AM, Indan Zupancic <indan@nul.nu> wrote: > > So there is this gap and there is no good way to handle it at all for > user space? And even if it's fixed in the kernel, that won't help with > older kernels, so it will stay a problem for a while. Correct. > Can this int 0x80 trick be blocked for ptraced task (preferably always), > pretty please? Nope. Not that I can tell. The "unable to read $pc-2" is a hardware feature, and we cannot stop users from running the "int 0x80" code. The only way to block it is to simply not enable the 32-bit compatibility mode at all, at which point the "int 0x80" interface simply doesn't exist. And sure, we could do something in the kernel (like saying that you cannot do "int 0x80" from 64-bit code by explicitly testing in the ia32_syscall function), but that has the same "even if it's fixed in the kernel" issue. You can test this feature out with a test-program something like this: #include <errno.h> #include <stdlib.h> #include <signal.h> #define _GNU_SOURCE #include <unistd.h> #include <sys/syscall.h> void handler(int sig) { printf("SIGWINCH\n"); } int main(unsigned int argc, char **argv) { signal(SIGWINCH, handler); asm("int $0x80": :"a" (29)); /* sys_pause - 32-bit */ syscall(34); /* sys_pause - 64-bit */ } which does two "pause()" system calls from 64-bit mode, the first one using the legacy system call interface. At least "strace" gets really confused, and will show the first one as shmget(0x1c, 140734112566944, 0) = ? ERESTARTNOHAND (To be restarted) because it assumes that in 64-bit mode, system call number 29 means "shmget". It doesn't even look at $pc-2, which (since this code doesn't try to obfuscate it) would have worked in this case. I actually checked the strace source code. It has # if 0 /* This version analyzes the opcode of a syscall instruction. * (int 0x80 on i386 vs. syscall on x86-64) * It works, but is too complicated. */ unsigned long val, rip, i; if (upeek(tcp, 8*RIP, &rip) < 0) perror("upeek(RIP)"); /* sizeof(syscall) == sizeof(int 0x80) == 2 */ rip -= 2; errno = 0; ... so there is code there that could make it work, but it's #ifdef'ed out. The actually used code just does /* Check CS register value. On x86-64 linux it is: * 0x33 for long mode (64 bit) * 0x23 for compatibility mode (32 bit) * It takes only one ptrace and thus doesn't need * to be cached. */ if (upeek(tcp, 8*CS, &val) < 0) return -1; switch (val) { case 0x23: currpers = 1; break; case 0x33: currpers = 0; break; which is the reasonable and obvious approach. I'm looking at "struct user_regs_struct" and there really isn't any non-architected state there outside of "high bits". There are high bits that we can hide things in outside of orig_ax - we do have 64 bits for "cs" for example - but it all boils down to the same issue: we *will* break something that thinks it knows the details of this. The advantage of "orig_eax" would be that at least it makes conceptual sense there. Using the high bits of 'eflags' might work. Hopefully nobody tests that. IOW, something like the attached might work. It just sets bit#32 in eflags if the system call is a compat call. With that, ptrace would at least be able to tell (assuming a new kernel, of course - it would still need to have the "look at cs" as a fallback) if it's a compat call or not, but it could do something like mode = (eflags >> 32) & 3; switch (mode) { case 0: .. guess it from CS .. case 1: 64-bit case 2: 32-bit default: Oddity. } or something like that. The idea being that you can also see from eflags whether the new feature is supported or not. THIS IS TOTALLY UNTESTED! Linus [-- Attachment #2: patch.diff --] [-- Type: text/x-patch, Size: 934 bytes --] arch/x86/kernel/ptrace.c | 8 +++++++- 1 files changed, 7 insertions(+), 1 deletions(-) diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c index 50267386b766..e7b019cd88d3 100644 --- a/arch/x86/kernel/ptrace.c +++ b/arch/x86/kernel/ptrace.c @@ -353,6 +353,7 @@ static int set_segment_reg(struct task_struct *task, static unsigned long get_flags(struct task_struct *task) { + int bit = 32; unsigned long retval = task_pt_regs(task)->flags; /* @@ -361,7 +362,12 @@ static unsigned long get_flags(struct task_struct *task) if (test_tsk_thread_flag(task, TIF_FORCED_TF)) retval &= ~X86_EFLAGS_TF; - return retval; +#ifdef CONFIG_IA32_EMULATION + /* Set bit 32 for 64-bit system calls, bit 33 for compat system calls */ + bit += (task_thread_info(task)->status & TS_COMPAT) / TS_COMPAT; +#endif + + return retval | (1ul << bit); } static int set_flags(struct task_struct *task, unsigned long value)
next prev parent reply other threads:[~2012-01-18 19:32 UTC|newest] Thread overview: 409+ messages / expand[flat|nested] mbox.gz Atom feed top 2012-01-11 17:25 [RFC,PATCH 0/2] dynamic seccomp policies (using BPF filters) Will Drewry 2012-01-11 17:25 ` [RFC,PATCH 1/2] seccomp_filters: system call filtering using BPF Will Drewry 2012-01-12 8:53 ` Serge Hallyn 2012-01-12 16:54 ` Will Drewry 2012-01-12 16:54 ` Will Drewry 2012-01-12 14:50 ` Oleg Nesterov 2012-01-12 16:55 ` Will Drewry 2012-01-12 16:55 ` Will Drewry 2012-01-12 15:43 ` Steven Rostedt 2012-01-12 16:14 ` Oleg Nesterov 2012-01-12 16:38 ` Steven Rostedt 2012-01-12 16:47 ` Oleg Nesterov 2012-01-12 17:08 ` Will Drewry 2012-01-12 17:08 ` Will Drewry 2012-01-12 17:30 ` Jamie Lokier 2012-01-12 17:40 ` Steven Rostedt 2012-01-12 17:44 ` Jamie Lokier 2012-01-12 17:56 ` Steven Rostedt 2012-01-12 23:27 ` Alan Cox 2012-01-12 23:38 ` Linus Torvalds 2012-01-12 22:18 ` Will Drewry 2012-01-12 22:18 ` Will Drewry 2012-01-12 23:00 ` Andrew Lutomirski 2012-01-12 23:00 ` Andrew Lutomirski 2012-01-12 16:14 ` Andrew Lutomirski 2012-01-12 16:14 ` Andrew Lutomirski 2012-01-12 16:27 ` Steven Rostedt 2012-01-12 16:51 ` Andrew Lutomirski 2012-01-12 16:51 ` Andrew Lutomirski 2012-01-12 17:09 ` Linus Torvalds 2012-01-12 17:17 ` Steven Rostedt 2012-01-12 18:18 ` Andrew Lutomirski 2012-01-12 18:32 ` Linus Torvalds 2012-01-12 18:32 ` Linus Torvalds 2012-01-12 18:44 ` Andrew Lutomirski 2012-01-12 19:08 ` Kyle Moffett 2012-01-12 19:08 ` Kyle Moffett 2012-01-12 23:05 ` Eric Paris 2012-01-12 23:33 ` Andrew Lutomirski 2012-01-12 23:33 ` Andrew Lutomirski 2012-01-12 19:40 ` Will Drewry 2012-01-12 19:40 ` Will Drewry 2012-01-12 19:42 ` Will Drewry 2012-01-12 19:42 ` Will Drewry 2012-01-12 19:46 ` Andrew Lutomirski 2012-01-12 19:46 ` Andrew Lutomirski 2012-01-12 20:00 ` Linus Torvalds 2012-01-12 20:00 ` Linus Torvalds 2012-01-12 16:59 ` Will Drewry 2012-01-12 16:59 ` Will Drewry 2012-01-12 17:22 ` Jamie Lokier 2012-01-12 17:22 ` Jamie Lokier 2012-01-12 17:35 ` Will Drewry 2012-01-12 17:57 ` Jamie Lokier 2012-01-12 17:57 ` Jamie Lokier 2012-01-12 18:03 ` Will Drewry 2012-01-12 18:03 ` Will Drewry 2012-01-13 1:34 ` Jamie Lokier 2012-01-13 2:44 ` Indan Zupancic 2012-01-13 6:33 ` Chris Evans 2012-01-13 6:33 ` Chris Evans 2012-01-12 17:36 ` Jamie Lokier 2012-01-12 16:18 ` Alan Cox 2012-01-12 17:03 ` Will Drewry 2012-01-12 17:03 ` Will Drewry 2012-01-12 17:11 ` Alan Cox 2012-01-12 17:52 ` Will Drewry 2012-01-12 17:52 ` Will Drewry 2012-01-13 1:31 ` James Morris 2012-01-12 16:22 ` Oleg Nesterov 2012-01-12 17:10 ` Will Drewry 2012-01-12 17:23 ` Oleg Nesterov 2012-01-12 17:23 ` Oleg Nesterov 2012-01-12 17:51 ` Will Drewry 2012-01-12 17:51 ` Will Drewry 2012-01-13 17:31 ` Oleg Nesterov 2012-01-13 17:31 ` Oleg Nesterov 2012-01-13 19:01 ` Will Drewry 2012-01-13 19:01 ` Will Drewry 2012-01-13 23:10 ` Will Drewry 2012-01-13 23:10 ` Will Drewry 2012-01-13 23:12 ` Will Drewry 2012-01-13 23:12 ` Will Drewry 2012-01-13 23:30 ` Eric Paris 2012-01-15 3:40 ` Indan Zupancic 2012-01-16 1:40 ` Will Drewry 2012-01-16 6:49 ` Indan Zupancic 2012-01-16 20:12 ` Will Drewry 2012-01-17 6:46 ` Indan Zupancic 2012-01-17 17:37 ` Will Drewry 2012-01-18 4:06 ` Indan Zupancic 2012-01-18 4:38 ` Will Drewry 2012-01-17 20:34 ` Kees Cook 2012-01-17 20:42 ` Will Drewry 2012-01-17 21:09 ` Will Drewry 2012-01-18 4:47 ` Indan Zupancic 2012-01-16 18:37 ` Oleg Nesterov 2012-01-16 18:37 ` Oleg Nesterov 2012-01-16 20:15 ` Will Drewry 2012-01-16 20:15 ` Will Drewry 2012-01-17 16:45 ` Oleg Nesterov 2012-01-17 16:56 ` Will Drewry 2012-01-17 16:56 ` Will Drewry 2012-01-17 17:01 ` Andrew Lutomirski 2012-01-17 17:01 ` Andrew Lutomirski 2012-01-17 17:05 ` Oleg Nesterov 2012-01-17 17:45 ` Andrew Lutomirski 2012-01-17 17:45 ` Andrew Lutomirski 2012-01-18 0:56 ` Compat 32-bit syscall entry from 64-bit task!? [was: Re: [RFC,PATCH 1/2] seccomp_filters: system call filtering using BPF] Indan Zupancic 2012-01-18 1:01 ` Andrew Lutomirski 2012-01-18 1:01 ` Andrew Lutomirski 2012-01-19 1:06 ` Indan Zupancic 2012-01-19 1:06 ` Indan Zupancic 2012-01-19 1:19 ` Andrew Lutomirski 2012-01-19 1:47 ` Indan Zupancic 2012-01-18 1:07 ` Roland McGrath 2012-01-18 1:47 ` Indan Zupancic 2012-01-18 1:48 ` Jamie Lokier 2012-01-18 1:50 ` Andi Kleen 2012-01-18 2:00 ` Steven Rostedt 2012-01-18 2:04 ` Jamie Lokier 2012-01-18 2:22 ` Andi Kleen 2012-01-18 2:22 ` Andi Kleen 2012-01-18 2:25 ` Andrew Lutomirski 2012-01-18 4:22 ` Indan Zupancic 2012-01-18 4:22 ` Indan Zupancic 2012-01-18 5:23 ` Linus Torvalds 2012-01-18 5:23 ` Linus Torvalds 2012-01-18 6:25 ` Linus Torvalds 2012-01-18 6:25 ` Linus Torvalds 2012-01-18 13:12 ` Compat 32-bit syscall entry from 64-bit task!? Indan Zupancic 2012-01-18 13:12 ` Indan Zupancic 2012-01-18 19:31 ` Linus Torvalds [this message] 2012-01-18 19:31 ` Linus Torvalds 2012-01-18 19:36 ` Andi Kleen 2012-01-18 19:36 ` Andi Kleen 2012-01-18 19:39 ` Linus Torvalds 2012-01-18 19:39 ` Linus Torvalds 2012-01-18 19:44 ` Andi Kleen 2012-01-18 19:44 ` Andi Kleen 2012-01-18 19:47 ` Linus Torvalds 2012-01-18 19:47 ` Linus Torvalds 2012-01-18 19:52 ` Will Drewry 2012-01-18 19:52 ` Will Drewry 2012-01-18 19:58 ` Will Drewry 2012-01-18 19:58 ` Will Drewry 2012-01-18 19:41 ` Martin Mares 2012-01-18 19:41 ` Martin Mares 2012-01-18 19:38 ` Andrew Lutomirski 2012-01-18 19:38 ` Andrew Lutomirski 2012-01-19 16:01 ` Jamie Lokier 2012-01-19 16:01 ` Jamie Lokier 2012-01-19 16:13 ` Andrew Lutomirski 2012-01-19 16:13 ` Andrew Lutomirski 2012-01-19 19:21 ` Linus Torvalds 2012-01-19 19:21 ` Linus Torvalds 2012-01-19 19:30 ` Andrew Lutomirski 2012-01-19 19:30 ` Andrew Lutomirski 2012-01-19 19:37 ` Linus Torvalds 2012-01-19 19:37 ` Linus Torvalds 2012-01-19 19:41 ` Linus Torvalds 2012-01-19 19:41 ` Linus Torvalds 2012-01-19 23:54 ` Jamie Lokier 2012-01-19 23:54 ` Jamie Lokier 2012-01-20 0:05 ` Linus Torvalds 2012-01-20 0:05 ` Linus Torvalds 2012-01-20 15:35 ` Will Drewry 2012-01-20 15:35 ` Will Drewry 2012-01-20 17:56 ` Roland McGrath 2012-01-20 17:56 ` Roland McGrath 2012-01-20 19:45 ` Will Drewry 2012-01-20 19:45 ` Will Drewry 2012-01-18 20:26 ` Linus Torvalds 2012-01-18 20:26 ` Linus Torvalds 2012-01-18 20:55 ` H. Peter Anvin 2012-01-18 20:55 ` H. Peter Anvin 2012-01-18 21:01 ` Linus Torvalds 2012-01-18 21:01 ` Linus Torvalds 2012-01-18 21:04 ` H. Peter Anvin 2012-01-18 21:04 ` H. Peter Anvin 2012-01-18 21:21 ` H. Peter Anvin 2012-01-18 21:21 ` H. Peter Anvin 2012-01-18 21:51 ` Roland McGrath 2012-01-18 21:51 ` Roland McGrath 2012-01-18 21:53 ` H. Peter Anvin 2012-01-18 21:53 ` H. Peter Anvin 2012-01-18 23:28 ` Linus Torvalds 2012-01-18 23:28 ` Linus Torvalds 2012-01-19 0:38 ` H. Peter Anvin 2012-01-19 0:38 ` H. Peter Anvin 2012-01-20 21:51 ` Denys Vlasenko 2012-01-20 21:51 ` Denys Vlasenko 2012-01-20 22:40 ` Roland McGrath 2012-01-20 22:40 ` Roland McGrath 2012-01-20 22:41 ` H. Peter Anvin 2012-01-20 22:41 ` H. Peter Anvin 2012-01-20 23:49 ` Indan Zupancic 2012-01-20 23:49 ` Indan Zupancic 2012-01-20 23:55 ` Roland McGrath 2012-01-20 23:55 ` Roland McGrath 2012-01-20 23:58 ` hpanvin@gmail.com 2012-01-20 23:58 ` hpanvin@gmail.com 2012-01-23 2:14 ` Indan Zupancic 2012-01-23 2:14 ` Indan Zupancic 2012-01-21 0:07 ` Denys Vlasenko 2012-01-21 0:07 ` Denys Vlasenko 2012-01-21 0:10 ` Roland McGrath 2012-01-21 0:10 ` Roland McGrath 2012-01-21 1:23 ` Jamie Lokier 2012-01-21 1:23 ` Jamie Lokier 2012-01-23 2:37 ` Indan Zupancic 2012-01-23 2:37 ` Indan Zupancic 2012-01-23 16:48 ` Oleg Nesterov 2012-01-23 16:48 ` Oleg Nesterov 2012-01-24 8:19 ` Indan Zupancic 2012-01-24 8:19 ` Indan Zupancic 2012-02-06 20:30 ` H. Peter Anvin 2012-02-06 20:30 ` H. Peter Anvin 2012-02-06 20:39 ` Roland McGrath 2012-02-06 20:39 ` Roland McGrath 2012-02-06 20:42 ` H. Peter Anvin 2012-02-06 20:42 ` H. Peter Anvin 2012-01-18 21:26 ` Linus Torvalds 2012-01-18 21:26 ` Linus Torvalds 2012-01-18 21:30 ` H. Peter Anvin 2012-01-18 21:30 ` H. Peter Anvin 2012-01-18 21:42 ` Linus Torvalds 2012-01-18 21:42 ` Linus Torvalds 2012-01-18 21:47 ` H. Peter Anvin 2012-01-18 21:47 ` H. Peter Anvin 2012-01-19 1:45 ` Indan Zupancic 2012-01-19 1:45 ` Indan Zupancic 2012-01-19 2:16 ` H. Peter Anvin 2012-01-19 2:16 ` H. Peter Anvin 2012-02-06 8:32 ` Indan Zupancic 2012-02-06 8:32 ` Indan Zupancic 2012-02-06 17:02 ` H. Peter Anvin 2012-02-06 17:02 ` H. Peter Anvin 2012-02-07 1:52 ` Indan Zupancic 2012-02-07 1:52 ` Indan Zupancic 2012-02-09 0:19 ` H. Peter Anvin 2012-02-09 0:19 ` H. Peter Anvin 2012-02-09 4:20 ` Indan Zupancic 2012-02-09 4:20 ` Indan Zupancic 2012-02-09 4:29 ` H. Peter Anvin 2012-02-09 4:29 ` H. Peter Anvin 2012-02-09 6:03 ` Indan Zupancic 2012-02-09 6:03 ` Indan Zupancic 2012-02-09 14:47 ` H. Peter Anvin 2012-02-09 14:47 ` H. Peter Anvin 2012-02-09 16:00 ` H.J. Lu 2012-02-09 16:00 ` H.J. Lu 2012-02-10 1:09 ` Indan Zupancic 2012-02-10 1:09 ` Indan Zupancic 2012-02-10 1:15 ` H. Peter Anvin 2012-02-10 1:15 ` H. Peter Anvin 2012-02-10 2:29 ` Indan Zupancic 2012-02-10 2:29 ` Indan Zupancic 2012-02-10 2:47 ` H. Peter Anvin 2012-02-10 2:47 ` H. Peter Anvin [not found] ` <cc95fcf4b1c28ee6f73e373d04593634.squirrel@webmail.greenhost.nl> 2012-02-10 15:53 ` H. Peter Anvin 2012-02-10 15:53 ` H. Peter Anvin 2012-02-10 22:42 ` Indan Zupancic 2012-02-10 22:42 ` Indan Zupancic 2012-02-10 22:56 ` H. Peter Anvin 2012-02-10 22:56 ` H. Peter Anvin 2012-02-12 12:07 ` Indan Zupancic 2012-02-12 12:07 ` Indan Zupancic 2012-01-25 19:36 ` Oleg Nesterov 2012-01-25 19:36 ` Oleg Nesterov 2012-01-25 20:20 ` Pedro Alves 2012-01-25 20:20 ` Pedro Alves 2012-01-25 23:36 ` Denys Vlasenko 2012-01-25 23:36 ` Denys Vlasenko 2012-01-25 23:32 ` Denys Vlasenko 2012-01-25 23:32 ` Denys Vlasenko 2012-01-26 0:40 ` Indan Zupancic 2012-01-26 0:40 ` Indan Zupancic 2012-01-26 1:08 ` Jamie Lokier 2012-01-26 1:08 ` Jamie Lokier 2012-01-26 1:22 ` Denys Vlasenko 2012-01-26 1:22 ` Denys Vlasenko 2012-01-26 6:34 ` Indan Zupancic 2012-01-26 6:34 ` Indan Zupancic 2012-01-26 10:31 ` Jamie Lokier 2012-01-26 10:31 ` Jamie Lokier 2012-01-26 10:40 ` Denys Vlasenko 2012-01-26 10:40 ` Denys Vlasenko 2012-01-26 11:01 ` Jamie Lokier 2012-01-26 11:01 ` Jamie Lokier 2012-01-26 14:02 ` Denys Vlasenko 2012-01-26 14:02 ` Denys Vlasenko 2012-01-26 11:19 ` Indan Zupancic 2012-01-26 11:19 ` Indan Zupancic 2012-01-26 11:20 ` Indan Zupancic 2012-01-26 11:20 ` Indan Zupancic 2012-01-26 11:47 ` Jamie Lokier 2012-01-26 11:47 ` Jamie Lokier 2012-01-26 14:05 ` Denys Vlasenko 2012-01-26 14:05 ` Denys Vlasenko 2012-01-27 7:23 ` Indan Zupancic 2012-01-27 7:23 ` Indan Zupancic 2012-02-10 2:02 ` Jamie Lokier 2012-02-10 2:02 ` Jamie Lokier 2012-02-10 3:37 ` Indan Zupancic 2012-02-10 3:37 ` Indan Zupancic 2012-02-10 21:19 ` Denys Vlasenko 2012-02-10 21:19 ` Denys Vlasenko 2012-01-26 1:09 ` Denys Vlasenko 2012-01-26 1:09 ` Denys Vlasenko 2012-01-26 3:47 ` Linus Torvalds 2012-01-26 3:47 ` Linus Torvalds 2012-01-26 18:03 ` Denys Vlasenko 2012-01-26 18:03 ` Denys Vlasenko 2017-03-08 23:41 ` Dmitry V. Levin 2017-03-08 23:41 ` Dmitry V. Levin 2017-03-09 4:39 ` Andrew Lutomirski 2017-03-09 4:39 ` Andrew Lutomirski 2017-03-14 2:57 ` Dmitry V. Levin 2017-03-14 2:57 ` Dmitry V. Levin 2012-01-26 5:57 ` Indan Zupancic 2012-01-26 5:57 ` Indan Zupancic 2012-01-26 0:59 ` Jamie Lokier 2012-01-26 0:59 ` Jamie Lokier 2012-01-26 1:21 ` Denys Vlasenko 2012-01-26 1:21 ` Denys Vlasenko 2012-01-26 8:23 ` Pedro Alves 2012-01-26 8:23 ` Pedro Alves 2012-01-26 8:53 ` Denys Vlasenko 2012-01-26 8:53 ` Denys Vlasenko 2012-01-26 9:51 ` Pedro Alves 2012-01-26 9:51 ` Pedro Alves 2012-01-26 18:44 ` Oleg Nesterov 2012-01-26 18:44 ` Oleg Nesterov 2012-02-10 2:51 ` Jamie Lokier 2012-02-10 2:51 ` Jamie Lokier 2012-01-18 15:04 ` Compat 32-bit syscall entry from 64-bit task!? [was: Re: [RFC,PATCH 1/2] seccomp_filters: system call filtering using BPF] Eric Paris 2012-01-18 15:04 ` Eric Paris 2012-01-18 17:51 ` Linus Torvalds 2012-01-18 17:51 ` Linus Torvalds 2012-01-18 5:43 ` Chris Evans 2012-01-18 5:43 ` Chris Evans 2012-01-18 12:12 ` Indan Zupancic 2012-01-18 12:12 ` Indan Zupancic 2012-01-18 21:13 ` Chris Evans 2012-01-18 21:13 ` Chris Evans 2012-01-19 0:14 ` Indan Zupancic 2012-01-19 0:14 ` Indan Zupancic 2012-01-19 8:16 ` Chris Evans 2012-01-19 8:16 ` Chris Evans 2012-01-19 11:34 ` Indan Zupancic 2012-01-19 11:34 ` Indan Zupancic 2012-01-19 16:11 ` Jamie Lokier 2012-01-19 16:11 ` Jamie Lokier 2012-01-19 15:40 ` Jamie Lokier 2012-01-19 15:40 ` Jamie Lokier 2012-01-18 17:00 ` Oleg Nesterov 2012-01-18 17:00 ` Oleg Nesterov 2012-01-18 17:12 ` Oleg Nesterov 2012-01-18 17:12 ` Oleg Nesterov 2012-01-18 21:09 ` Chris Evans 2012-01-18 21:09 ` Chris Evans 2012-01-23 16:56 ` Oleg Nesterov 2012-01-23 16:56 ` Oleg Nesterov 2012-01-23 22:23 ` Chris Evans 2012-01-23 22:23 ` Chris Evans 2012-02-07 11:45 ` Indan Zupancic 2012-02-07 11:45 ` Indan Zupancic 2012-01-19 0:29 ` Indan Zupancic 2012-01-19 0:29 ` Indan Zupancic 2012-01-18 2:27 ` Linus Torvalds 2012-01-18 2:27 ` Linus Torvalds 2012-01-18 2:31 ` Andi Kleen 2012-01-18 2:31 ` Andi Kleen 2012-01-18 2:46 ` Linus Torvalds 2012-01-18 2:46 ` Linus Torvalds 2012-01-18 14:06 ` Martin Mares 2012-01-18 14:06 ` Martin Mares 2012-01-18 18:24 ` Andi Kleen 2012-01-18 18:24 ` Andi Kleen 2012-01-19 16:04 ` Jamie Lokier 2012-01-19 16:04 ` Jamie Lokier 2012-01-20 0:21 ` Indan Zupancic 2012-01-20 0:21 ` Indan Zupancic 2012-01-20 0:53 ` Linus Torvalds 2012-01-20 0:53 ` Linus Torvalds 2012-01-20 2:02 ` Indan Zupancic 2012-01-20 2:02 ` Indan Zupancic 2012-01-17 17:06 ` [RFC,PATCH 1/2] seccomp_filters: system call filtering using BPF Will Drewry 2012-01-17 17:06 ` Will Drewry 2012-01-17 19:35 ` Will Drewry 2012-01-17 19:35 ` Will Drewry 2012-01-12 17:02 ` Andrew Lutomirski 2012-01-12 17:02 ` Andrew Lutomirski 2012-01-16 20:28 ` Will Drewry 2012-01-16 20:28 ` Will Drewry 2012-01-11 17:25 ` [RFC,PATCH 2/2] Documentation: prctl/seccomp_filter Will Drewry 2012-01-11 20:03 ` Jonathan Corbet 2012-01-11 20:10 ` Will Drewry 2012-01-11 20:10 ` Will Drewry 2012-01-11 23:19 ` [PATCH v2 " Will Drewry 2012-01-12 0:29 ` Will Drewry 2012-01-12 0:29 ` Will Drewry 2012-01-12 18:16 ` Randy Dunlap 2012-01-12 17:23 ` Will Drewry 2012-01-12 17:34 ` Steven Rostedt 2012-01-12 13:13 ` [RFC,PATCH " Łukasz Sowa 2012-01-12 17:25 ` Will Drewry 2012-01-12 17:25 ` Will Drewry
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=CA+55aFzcSVmdDj9Lh_gdbz1OzHyEm6ZrGPBDAJnywm2LF_eVyg@mail.gmail.com \ --to=torvalds@linux-foundation.org \ --cc=ak@linux.intel.com \ --cc=akpm@linux-foundation.org \ --cc=amwang@redhat.com \ --cc=andi@firstfloor.org \ --cc=avi@redhat.com \ --cc=borislav.petkov@amd.com \ --cc=coreyb@linux.vnet.ibm.com \ --cc=daniel.lezcano@free.fr \ --cc=dhowells@redhat.com \ --cc=djm@mindrot.org \ --cc=dlaor@redhat.com \ --cc=eparis@redhat.com \ --cc=eric.dumazet@gmail.com \ --cc=gregkh@suse.de \ --cc=indan@nul.nu \ --cc=jamie@shareable.org \ --cc=jmorris@namei.org \ --cc=john.johansen@canonical.com \ --cc=keescook@chromium.org \ --cc=khilman@ti.com \ --cc=linux-fsdevel@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-security-module@vger.kernel.org \ --cc=luto@mit.edu \ --cc=mcgrathr@chromium.org \ --cc=mhalcrow@google.com \ --cc=mingo@elte.hu \ --cc=oleg@redhat.com \ --cc=olofj@chromium.org \ --cc=penberg@cs.helsinki.fi \ --cc=pmoore@redhat.com \ --cc=rostedt@goodmis.org \ --cc=scarybeasts@gmail.com \ --cc=segoon@openwall.com \ --cc=serge.hallyn@canonical.com \ --cc=viro@zeniv.linux.org.uk \ --cc=wad@chromium.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.