From: Will Drewry <wad@chromium.org>
To: Andrew Lutomirski <luto@mit.edu>
Cc: Oleg Nesterov <oleg@redhat.com>,
linux-kernel@vger.kernel.org, keescook@chromium.org,
john.johansen@canonical.com, serge.hallyn@canonical.com,
coreyb@linux.vnet.ibm.com, pmoore@redhat.com, eparis@redhat.com,
djm@mindrot.org, torvalds@linux-foundation.org,
segoon@openwall.com, rostedt@goodmis.org, jmorris@namei.org,
scarybeasts@gmail.com, avi@redhat.com, penberg@cs.helsinki.fi,
viro@zeniv.linux.org.uk, mingo@elte.hu,
akpm@linux-foundation.org, khilman@ti.com,
borislav.petkov@amd.com, amwang@redhat.com, ak@linux.intel.com,
eric.dumazet@gmail.com, gregkh@suse.de, dhowells@redhat.com,
daniel.lezcano@free.fr, linux-fsdevel@vger.kernel.org,
linux-security-module@vger.kernel.org, olofj@chromium.org,
mhalcrow@google.com, dlaor@redhat.com,
Roland McGrath <mcgrathr@chromium.org>,
Andi Kleen <andi@firstfloor.org>,
indan@nul.nu
Subject: Re: [RFC,PATCH 1/2] seccomp_filters: system call filtering using BPF
Date: Tue, 17 Jan 2012 11:06:59 -0600 [thread overview]
Message-ID: <CABqD9ha+sKCpm4J-B5Ai0aYsvw6oUXz45SmHLQqvJ0d1NjZ0Qg@mail.gmail.com> (raw)
In-Reply-To: <CAObL_7E1gtDF8Bjb9vmFFkVFmxWbx4DrgGU0QPJEd6KXgS7U8A@mail.gmail.com>
On Tue, Jan 17, 2012 at 11:01 AM, Andrew Lutomirski <luto@mit.edu> wrote:
> On Tue, Jan 17, 2012 at 8:56 AM, Will Drewry <wad@chromium.org> wrote:
>> On Tue, Jan 17, 2012 at 10:45 AM, Oleg Nesterov <oleg@redhat.com> wrote:
>>> On 01/16, Will Drewry wrote:
>>>>
>>>> On Mon, Jan 16, 2012 at 12:37 PM, Oleg Nesterov <oleg@redhat.com> wrote:
>>>> >
>>>> > Yes, thanks, I forgot about compat tasks again. But this is easy, just
>>>> > we need regs_64_to_32().
>>>>
>>>> Yup - we could make the assumption that is_compat_task is always
>>>> 32-bit and the pt_regs is always 64-bit, then copy_and_truncate with
>>>> regs_64_to_32. Seems kinda wonky though :/
>>>
>>> much simpler/faster than what regset does to create the artificial
>>> user_regs_struct32.
>>
>> True, I could collapse pt_regs to looks like the exported ABI pt_regs.
>> Then only compat processes would get the copy overhead. That could
>> be tidy and not break ABI. It would mean that I have to assume that
>> if unsigned long == 64-bit and is_compat_task(), then the task is
>> 32-bit. Do you think if we ever add a crazy 128-bit "supercomputer"
>> arch that we will add a is_compat64_task() so that I could properly
>> collapse? :)
>>
>> I like this idea!
>
> FWIW, it's possible for a task to execute in 32-bit mode when
> !is_compat_task or in 64-bit mode when is_compat_task. From earlier
> in the thread, I think you were planning to block the wrong-bitness
> syscall entries, but it's worth double-checking that you don't open up
> a hole when a compat task issues the 64-bit syscall instruction.
Yup - I had to (see below).
> (is_compat_task says whether the executable was marked as 32-bit. The
> actual execution mode is determined by the cs register, which the user
> can control. See the user_64bit_mode function in
> arch/asm/x86/ptrace.h. But maybe it would make more sense to have a
> separate 32-bit and 64-bit BPF program and select which one to use
> based on the entry point.)
So that was my original design, but the problem was with how regviews
decides on the user_regs_struct. It decides using TIF_IA32 while I
can only check the cross-arch is_compat_task() which checks TS_COMPAT
on x86. If I'm just collapsing registers for compat calls (which I am
exploring the viability of right now), then I guess I could re-fork
the filtering to support compat versus non-compat. The nastier bits
there were that I don't want to allow a compat call to be allowed
because a process only defined non-compat. I think that can be made
manage-able though.
I'll finish proving out the possibilities here.
Thanks!
will
WARNING: multiple messages have this Message-ID (diff)
From: Will Drewry <wad@chromium.org>
To: Andrew Lutomirski <luto@mit.edu>
Cc: Oleg Nesterov <oleg@redhat.com>,
linux-kernel@vger.kernel.org, keescook@chromium.org,
john.johansen@canonical.com, serge.hallyn@canonical.com,
coreyb@linux.vnet.ibm.com, pmoore@redhat.com, eparis@redhat.com,
djm@mindrot.org, torvalds@linux-foundation.org,
segoon@openwall.com, rostedt@goodmis.org, jmorris@namei.org,
scarybeasts@gmail.com, avi@redhat.com, penberg@cs.helsinki.fi,
viro@zeniv.linux.org.uk, mingo@elte.hu,
akpm@linux-foundation.org, khilman@ti.com,
borislav.petkov@amd.com, amwang@redhat.com, ak@linux.intel.com,
eric.dumazet@gmail.com, gregkh@suse.de, dhowells@redhat.com,
daniel.lezcano@free.fr, linux-fsdevel@vger.kernel.org,
linux-security-module@vger.kernel.org, olofj@chromium.org,
mhalcrow@google.com, dlaor@redhat.com,
Roland McGrath <mcgrathr@chromium.org>,
Andi Kleen <andi@firstfloor.org>,
indan@nul.nu
Subject: Re: [RFC,PATCH 1/2] seccomp_filters: system call filtering using BPF
Date: Tue, 17 Jan 2012 11:06:59 -0600 [thread overview]
Message-ID: <CABqD9ha+sKCpm4J-B5Ai0aYsvw6oUXz45SmHLQqvJ0d1NjZ0Qg@mail.gmail.com> (raw)
In-Reply-To: <CAObL_7E1gtDF8Bjb9vmFFkVFmxWbx4DrgGU0QPJEd6KXgS7U8A@mail.gmail.com>
On Tue, Jan 17, 2012 at 11:01 AM, Andrew Lutomirski <luto@mit.edu> wrote:
> On Tue, Jan 17, 2012 at 8:56 AM, Will Drewry <wad@chromium.org> wrote:
>> On Tue, Jan 17, 2012 at 10:45 AM, Oleg Nesterov <oleg@redhat.com> wrote:
>>> On 01/16, Will Drewry wrote:
>>>>
>>>> On Mon, Jan 16, 2012 at 12:37 PM, Oleg Nesterov <oleg@redhat.com> wrote:
>>>> >
>>>> > Yes, thanks, I forgot about compat tasks again. But this is easy, just
>>>> > we need regs_64_to_32().
>>>>
>>>> Yup - we could make the assumption that is_compat_task is always
>>>> 32-bit and the pt_regs is always 64-bit, then copy_and_truncate with
>>>> regs_64_to_32. Seems kinda wonky though :/
>>>
>>> much simpler/faster than what regset does to create the artificial
>>> user_regs_struct32.
>>
>> True, I could collapse pt_regs to looks like the exported ABI pt_regs.
>> Then only compat processes would get the copy overhead. That could
>> be tidy and not break ABI. It would mean that I have to assume that
>> if unsigned long == 64-bit and is_compat_task(), then the task is
>> 32-bit. Do you think if we ever add a crazy 128-bit "supercomputer"
>> arch that we will add a is_compat64_task() so that I could properly
>> collapse? :)
>>
>> I like this idea!
>
> FWIW, it's possible for a task to execute in 32-bit mode when
> !is_compat_task or in 64-bit mode when is_compat_task. From earlier
> in the thread, I think you were planning to block the wrong-bitness
> syscall entries, but it's worth double-checking that you don't open up
> a hole when a compat task issues the 64-bit syscall instruction.
Yup - I had to (see below).
> (is_compat_task says whether the executable was marked as 32-bit. The
> actual execution mode is determined by the cs register, which the user
> can control. See the user_64bit_mode function in
> arch/asm/x86/ptrace.h. But maybe it would make more sense to have a
> separate 32-bit and 64-bit BPF program and select which one to use
> based on the entry point.)
So that was my original design, but the problem was with how regviews
decides on the user_regs_struct. It decides using TIF_IA32 while I
can only check the cross-arch is_compat_task() which checks TS_COMPAT
on x86. If I'm just collapsing registers for compat calls (which I am
exploring the viability of right now), then I guess I could re-fork
the filtering to support compat versus non-compat. The nastier bits
there were that I don't want to allow a compat call to be allowed
because a process only defined non-compat. I think that can be made
manage-able though.
I'll finish proving out the possibilities here.
Thanks!
will
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2012-01-17 17:07 UTC|newest]
Thread overview: 409+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-01-11 17:25 [RFC,PATCH 0/2] dynamic seccomp policies (using BPF filters) Will Drewry
2012-01-11 17:25 ` [RFC,PATCH 1/2] seccomp_filters: system call filtering using BPF Will Drewry
2012-01-12 8:53 ` Serge Hallyn
2012-01-12 16:54 ` Will Drewry
2012-01-12 16:54 ` Will Drewry
2012-01-12 14:50 ` Oleg Nesterov
2012-01-12 16:55 ` Will Drewry
2012-01-12 16:55 ` Will Drewry
2012-01-12 15:43 ` Steven Rostedt
2012-01-12 16:14 ` Oleg Nesterov
2012-01-12 16:38 ` Steven Rostedt
2012-01-12 16:47 ` Oleg Nesterov
2012-01-12 17:08 ` Will Drewry
2012-01-12 17:08 ` Will Drewry
2012-01-12 17:30 ` Jamie Lokier
2012-01-12 17:40 ` Steven Rostedt
2012-01-12 17:44 ` Jamie Lokier
2012-01-12 17:56 ` Steven Rostedt
2012-01-12 23:27 ` Alan Cox
2012-01-12 23:38 ` Linus Torvalds
2012-01-12 22:18 ` Will Drewry
2012-01-12 22:18 ` Will Drewry
2012-01-12 23:00 ` Andrew Lutomirski
2012-01-12 23:00 ` Andrew Lutomirski
2012-01-12 16:14 ` Andrew Lutomirski
2012-01-12 16:14 ` Andrew Lutomirski
2012-01-12 16:27 ` Steven Rostedt
2012-01-12 16:51 ` Andrew Lutomirski
2012-01-12 16:51 ` Andrew Lutomirski
2012-01-12 17:09 ` Linus Torvalds
2012-01-12 17:17 ` Steven Rostedt
2012-01-12 18:18 ` Andrew Lutomirski
2012-01-12 18:32 ` Linus Torvalds
2012-01-12 18:32 ` Linus Torvalds
2012-01-12 18:44 ` Andrew Lutomirski
2012-01-12 19:08 ` Kyle Moffett
2012-01-12 19:08 ` Kyle Moffett
2012-01-12 23:05 ` Eric Paris
2012-01-12 23:33 ` Andrew Lutomirski
2012-01-12 23:33 ` Andrew Lutomirski
2012-01-12 19:40 ` Will Drewry
2012-01-12 19:40 ` Will Drewry
2012-01-12 19:42 ` Will Drewry
2012-01-12 19:42 ` Will Drewry
2012-01-12 19:46 ` Andrew Lutomirski
2012-01-12 19:46 ` Andrew Lutomirski
2012-01-12 20:00 ` Linus Torvalds
2012-01-12 20:00 ` Linus Torvalds
2012-01-12 16:59 ` Will Drewry
2012-01-12 16:59 ` Will Drewry
2012-01-12 17:22 ` Jamie Lokier
2012-01-12 17:22 ` Jamie Lokier
2012-01-12 17:35 ` Will Drewry
2012-01-12 17:57 ` Jamie Lokier
2012-01-12 17:57 ` Jamie Lokier
2012-01-12 18:03 ` Will Drewry
2012-01-12 18:03 ` Will Drewry
2012-01-13 1:34 ` Jamie Lokier
2012-01-13 2:44 ` Indan Zupancic
2012-01-13 6:33 ` Chris Evans
2012-01-13 6:33 ` Chris Evans
2012-01-12 17:36 ` Jamie Lokier
2012-01-12 16:18 ` Alan Cox
2012-01-12 17:03 ` Will Drewry
2012-01-12 17:03 ` Will Drewry
2012-01-12 17:11 ` Alan Cox
2012-01-12 17:52 ` Will Drewry
2012-01-12 17:52 ` Will Drewry
2012-01-13 1:31 ` James Morris
2012-01-12 16:22 ` Oleg Nesterov
2012-01-12 17:10 ` Will Drewry
2012-01-12 17:23 ` Oleg Nesterov
2012-01-12 17:23 ` Oleg Nesterov
2012-01-12 17:51 ` Will Drewry
2012-01-12 17:51 ` Will Drewry
2012-01-13 17:31 ` Oleg Nesterov
2012-01-13 17:31 ` Oleg Nesterov
2012-01-13 19:01 ` Will Drewry
2012-01-13 19:01 ` Will Drewry
2012-01-13 23:10 ` Will Drewry
2012-01-13 23:10 ` Will Drewry
2012-01-13 23:12 ` Will Drewry
2012-01-13 23:12 ` Will Drewry
2012-01-13 23:30 ` Eric Paris
2012-01-15 3:40 ` Indan Zupancic
2012-01-16 1:40 ` Will Drewry
2012-01-16 6:49 ` Indan Zupancic
2012-01-16 20:12 ` Will Drewry
2012-01-17 6:46 ` Indan Zupancic
2012-01-17 17:37 ` Will Drewry
2012-01-18 4:06 ` Indan Zupancic
2012-01-18 4:38 ` Will Drewry
2012-01-17 20:34 ` Kees Cook
2012-01-17 20:42 ` Will Drewry
2012-01-17 21:09 ` Will Drewry
2012-01-18 4:47 ` Indan Zupancic
2012-01-16 18:37 ` Oleg Nesterov
2012-01-16 18:37 ` Oleg Nesterov
2012-01-16 20:15 ` Will Drewry
2012-01-16 20:15 ` Will Drewry
2012-01-17 16:45 ` Oleg Nesterov
2012-01-17 16:56 ` Will Drewry
2012-01-17 16:56 ` Will Drewry
2012-01-17 17:01 ` Andrew Lutomirski
2012-01-17 17:01 ` Andrew Lutomirski
2012-01-17 17:05 ` Oleg Nesterov
2012-01-17 17:45 ` Andrew Lutomirski
2012-01-17 17:45 ` Andrew Lutomirski
2012-01-18 0:56 ` Compat 32-bit syscall entry from 64-bit task!? [was: Re: [RFC,PATCH 1/2] seccomp_filters: system call filtering using BPF] Indan Zupancic
2012-01-18 1:01 ` Andrew Lutomirski
2012-01-18 1:01 ` Andrew Lutomirski
2012-01-19 1:06 ` Indan Zupancic
2012-01-19 1:06 ` Indan Zupancic
2012-01-19 1:19 ` Andrew Lutomirski
2012-01-19 1:47 ` Indan Zupancic
2012-01-18 1:07 ` Roland McGrath
2012-01-18 1:47 ` Indan Zupancic
2012-01-18 1:48 ` Jamie Lokier
2012-01-18 1:50 ` Andi Kleen
2012-01-18 2:00 ` Steven Rostedt
2012-01-18 2:04 ` Jamie Lokier
2012-01-18 2:22 ` Andi Kleen
2012-01-18 2:22 ` Andi Kleen
2012-01-18 2:25 ` Andrew Lutomirski
2012-01-18 4:22 ` Indan Zupancic
2012-01-18 4:22 ` Indan Zupancic
2012-01-18 5:23 ` Linus Torvalds
2012-01-18 5:23 ` Linus Torvalds
2012-01-18 6:25 ` Linus Torvalds
2012-01-18 6:25 ` Linus Torvalds
2012-01-18 13:12 ` Compat 32-bit syscall entry from 64-bit task!? Indan Zupancic
2012-01-18 13:12 ` Indan Zupancic
2012-01-18 19:31 ` Linus Torvalds
2012-01-18 19:31 ` Linus Torvalds
2012-01-18 19:36 ` Andi Kleen
2012-01-18 19:36 ` Andi Kleen
2012-01-18 19:39 ` Linus Torvalds
2012-01-18 19:39 ` Linus Torvalds
2012-01-18 19:44 ` Andi Kleen
2012-01-18 19:44 ` Andi Kleen
2012-01-18 19:47 ` Linus Torvalds
2012-01-18 19:47 ` Linus Torvalds
2012-01-18 19:52 ` Will Drewry
2012-01-18 19:52 ` Will Drewry
2012-01-18 19:58 ` Will Drewry
2012-01-18 19:58 ` Will Drewry
2012-01-18 19:41 ` Martin Mares
2012-01-18 19:41 ` Martin Mares
2012-01-18 19:38 ` Andrew Lutomirski
2012-01-18 19:38 ` Andrew Lutomirski
2012-01-19 16:01 ` Jamie Lokier
2012-01-19 16:01 ` Jamie Lokier
2012-01-19 16:13 ` Andrew Lutomirski
2012-01-19 16:13 ` Andrew Lutomirski
2012-01-19 19:21 ` Linus Torvalds
2012-01-19 19:21 ` Linus Torvalds
2012-01-19 19:30 ` Andrew Lutomirski
2012-01-19 19:30 ` Andrew Lutomirski
2012-01-19 19:37 ` Linus Torvalds
2012-01-19 19:37 ` Linus Torvalds
2012-01-19 19:41 ` Linus Torvalds
2012-01-19 19:41 ` Linus Torvalds
2012-01-19 23:54 ` Jamie Lokier
2012-01-19 23:54 ` Jamie Lokier
2012-01-20 0:05 ` Linus Torvalds
2012-01-20 0:05 ` Linus Torvalds
2012-01-20 15:35 ` Will Drewry
2012-01-20 15:35 ` Will Drewry
2012-01-20 17:56 ` Roland McGrath
2012-01-20 17:56 ` Roland McGrath
2012-01-20 19:45 ` Will Drewry
2012-01-20 19:45 ` Will Drewry
2012-01-18 20:26 ` Linus Torvalds
2012-01-18 20:26 ` Linus Torvalds
2012-01-18 20:55 ` H. Peter Anvin
2012-01-18 20:55 ` H. Peter Anvin
2012-01-18 21:01 ` Linus Torvalds
2012-01-18 21:01 ` Linus Torvalds
2012-01-18 21:04 ` H. Peter Anvin
2012-01-18 21:04 ` H. Peter Anvin
2012-01-18 21:21 ` H. Peter Anvin
2012-01-18 21:21 ` H. Peter Anvin
2012-01-18 21:51 ` Roland McGrath
2012-01-18 21:51 ` Roland McGrath
2012-01-18 21:53 ` H. Peter Anvin
2012-01-18 21:53 ` H. Peter Anvin
2012-01-18 23:28 ` Linus Torvalds
2012-01-18 23:28 ` Linus Torvalds
2012-01-19 0:38 ` H. Peter Anvin
2012-01-19 0:38 ` H. Peter Anvin
2012-01-20 21:51 ` Denys Vlasenko
2012-01-20 21:51 ` Denys Vlasenko
2012-01-20 22:40 ` Roland McGrath
2012-01-20 22:40 ` Roland McGrath
2012-01-20 22:41 ` H. Peter Anvin
2012-01-20 22:41 ` H. Peter Anvin
2012-01-20 23:49 ` Indan Zupancic
2012-01-20 23:49 ` Indan Zupancic
2012-01-20 23:55 ` Roland McGrath
2012-01-20 23:55 ` Roland McGrath
2012-01-20 23:58 ` hpanvin@gmail.com
2012-01-20 23:58 ` hpanvin@gmail.com
2012-01-23 2:14 ` Indan Zupancic
2012-01-23 2:14 ` Indan Zupancic
2012-01-21 0:07 ` Denys Vlasenko
2012-01-21 0:07 ` Denys Vlasenko
2012-01-21 0:10 ` Roland McGrath
2012-01-21 0:10 ` Roland McGrath
2012-01-21 1:23 ` Jamie Lokier
2012-01-21 1:23 ` Jamie Lokier
2012-01-23 2:37 ` Indan Zupancic
2012-01-23 2:37 ` Indan Zupancic
2012-01-23 16:48 ` Oleg Nesterov
2012-01-23 16:48 ` Oleg Nesterov
2012-01-24 8:19 ` Indan Zupancic
2012-01-24 8:19 ` Indan Zupancic
2012-02-06 20:30 ` H. Peter Anvin
2012-02-06 20:30 ` H. Peter Anvin
2012-02-06 20:39 ` Roland McGrath
2012-02-06 20:39 ` Roland McGrath
2012-02-06 20:42 ` H. Peter Anvin
2012-02-06 20:42 ` H. Peter Anvin
2012-01-18 21:26 ` Linus Torvalds
2012-01-18 21:26 ` Linus Torvalds
2012-01-18 21:30 ` H. Peter Anvin
2012-01-18 21:30 ` H. Peter Anvin
2012-01-18 21:42 ` Linus Torvalds
2012-01-18 21:42 ` Linus Torvalds
2012-01-18 21:47 ` H. Peter Anvin
2012-01-18 21:47 ` H. Peter Anvin
2012-01-19 1:45 ` Indan Zupancic
2012-01-19 1:45 ` Indan Zupancic
2012-01-19 2:16 ` H. Peter Anvin
2012-01-19 2:16 ` H. Peter Anvin
2012-02-06 8:32 ` Indan Zupancic
2012-02-06 8:32 ` Indan Zupancic
2012-02-06 17:02 ` H. Peter Anvin
2012-02-06 17:02 ` H. Peter Anvin
2012-02-07 1:52 ` Indan Zupancic
2012-02-07 1:52 ` Indan Zupancic
2012-02-09 0:19 ` H. Peter Anvin
2012-02-09 0:19 ` H. Peter Anvin
2012-02-09 4:20 ` Indan Zupancic
2012-02-09 4:20 ` Indan Zupancic
2012-02-09 4:29 ` H. Peter Anvin
2012-02-09 4:29 ` H. Peter Anvin
2012-02-09 6:03 ` Indan Zupancic
2012-02-09 6:03 ` Indan Zupancic
2012-02-09 14:47 ` H. Peter Anvin
2012-02-09 14:47 ` H. Peter Anvin
2012-02-09 16:00 ` H.J. Lu
2012-02-09 16:00 ` H.J. Lu
2012-02-10 1:09 ` Indan Zupancic
2012-02-10 1:09 ` Indan Zupancic
2012-02-10 1:15 ` H. Peter Anvin
2012-02-10 1:15 ` H. Peter Anvin
2012-02-10 2:29 ` Indan Zupancic
2012-02-10 2:29 ` Indan Zupancic
2012-02-10 2:47 ` H. Peter Anvin
2012-02-10 2:47 ` H. Peter Anvin
[not found] ` <cc95fcf4b1c28ee6f73e373d04593634.squirrel@webmail.greenhost.nl>
2012-02-10 15:53 ` H. Peter Anvin
2012-02-10 15:53 ` H. Peter Anvin
2012-02-10 22:42 ` Indan Zupancic
2012-02-10 22:42 ` Indan Zupancic
2012-02-10 22:56 ` H. Peter Anvin
2012-02-10 22:56 ` H. Peter Anvin
2012-02-12 12:07 ` Indan Zupancic
2012-02-12 12:07 ` Indan Zupancic
2012-01-25 19:36 ` Oleg Nesterov
2012-01-25 19:36 ` Oleg Nesterov
2012-01-25 20:20 ` Pedro Alves
2012-01-25 20:20 ` Pedro Alves
2012-01-25 23:36 ` Denys Vlasenko
2012-01-25 23:36 ` Denys Vlasenko
2012-01-25 23:32 ` Denys Vlasenko
2012-01-25 23:32 ` Denys Vlasenko
2012-01-26 0:40 ` Indan Zupancic
2012-01-26 0:40 ` Indan Zupancic
2012-01-26 1:08 ` Jamie Lokier
2012-01-26 1:08 ` Jamie Lokier
2012-01-26 1:22 ` Denys Vlasenko
2012-01-26 1:22 ` Denys Vlasenko
2012-01-26 6:34 ` Indan Zupancic
2012-01-26 6:34 ` Indan Zupancic
2012-01-26 10:31 ` Jamie Lokier
2012-01-26 10:31 ` Jamie Lokier
2012-01-26 10:40 ` Denys Vlasenko
2012-01-26 10:40 ` Denys Vlasenko
2012-01-26 11:01 ` Jamie Lokier
2012-01-26 11:01 ` Jamie Lokier
2012-01-26 14:02 ` Denys Vlasenko
2012-01-26 14:02 ` Denys Vlasenko
2012-01-26 11:19 ` Indan Zupancic
2012-01-26 11:19 ` Indan Zupancic
2012-01-26 11:20 ` Indan Zupancic
2012-01-26 11:20 ` Indan Zupancic
2012-01-26 11:47 ` Jamie Lokier
2012-01-26 11:47 ` Jamie Lokier
2012-01-26 14:05 ` Denys Vlasenko
2012-01-26 14:05 ` Denys Vlasenko
2012-01-27 7:23 ` Indan Zupancic
2012-01-27 7:23 ` Indan Zupancic
2012-02-10 2:02 ` Jamie Lokier
2012-02-10 2:02 ` Jamie Lokier
2012-02-10 3:37 ` Indan Zupancic
2012-02-10 3:37 ` Indan Zupancic
2012-02-10 21:19 ` Denys Vlasenko
2012-02-10 21:19 ` Denys Vlasenko
2012-01-26 1:09 ` Denys Vlasenko
2012-01-26 1:09 ` Denys Vlasenko
2012-01-26 3:47 ` Linus Torvalds
2012-01-26 3:47 ` Linus Torvalds
2012-01-26 18:03 ` Denys Vlasenko
2012-01-26 18:03 ` Denys Vlasenko
2017-03-08 23:41 ` Dmitry V. Levin
2017-03-08 23:41 ` Dmitry V. Levin
2017-03-09 4:39 ` Andrew Lutomirski
2017-03-09 4:39 ` Andrew Lutomirski
2017-03-14 2:57 ` Dmitry V. Levin
2017-03-14 2:57 ` Dmitry V. Levin
2012-01-26 5:57 ` Indan Zupancic
2012-01-26 5:57 ` Indan Zupancic
2012-01-26 0:59 ` Jamie Lokier
2012-01-26 0:59 ` Jamie Lokier
2012-01-26 1:21 ` Denys Vlasenko
2012-01-26 1:21 ` Denys Vlasenko
2012-01-26 8:23 ` Pedro Alves
2012-01-26 8:23 ` Pedro Alves
2012-01-26 8:53 ` Denys Vlasenko
2012-01-26 8:53 ` Denys Vlasenko
2012-01-26 9:51 ` Pedro Alves
2012-01-26 9:51 ` Pedro Alves
2012-01-26 18:44 ` Oleg Nesterov
2012-01-26 18:44 ` Oleg Nesterov
2012-02-10 2:51 ` Jamie Lokier
2012-02-10 2:51 ` Jamie Lokier
2012-01-18 15:04 ` Compat 32-bit syscall entry from 64-bit task!? [was: Re: [RFC,PATCH 1/2] seccomp_filters: system call filtering using BPF] Eric Paris
2012-01-18 15:04 ` Eric Paris
2012-01-18 17:51 ` Linus Torvalds
2012-01-18 17:51 ` Linus Torvalds
2012-01-18 5:43 ` Chris Evans
2012-01-18 5:43 ` Chris Evans
2012-01-18 12:12 ` Indan Zupancic
2012-01-18 12:12 ` Indan Zupancic
2012-01-18 21:13 ` Chris Evans
2012-01-18 21:13 ` Chris Evans
2012-01-19 0:14 ` Indan Zupancic
2012-01-19 0:14 ` Indan Zupancic
2012-01-19 8:16 ` Chris Evans
2012-01-19 8:16 ` Chris Evans
2012-01-19 11:34 ` Indan Zupancic
2012-01-19 11:34 ` Indan Zupancic
2012-01-19 16:11 ` Jamie Lokier
2012-01-19 16:11 ` Jamie Lokier
2012-01-19 15:40 ` Jamie Lokier
2012-01-19 15:40 ` Jamie Lokier
2012-01-18 17:00 ` Oleg Nesterov
2012-01-18 17:00 ` Oleg Nesterov
2012-01-18 17:12 ` Oleg Nesterov
2012-01-18 17:12 ` Oleg Nesterov
2012-01-18 21:09 ` Chris Evans
2012-01-18 21:09 ` Chris Evans
2012-01-23 16:56 ` Oleg Nesterov
2012-01-23 16:56 ` Oleg Nesterov
2012-01-23 22:23 ` Chris Evans
2012-01-23 22:23 ` Chris Evans
2012-02-07 11:45 ` Indan Zupancic
2012-02-07 11:45 ` Indan Zupancic
2012-01-19 0:29 ` Indan Zupancic
2012-01-19 0:29 ` Indan Zupancic
2012-01-18 2:27 ` Linus Torvalds
2012-01-18 2:27 ` Linus Torvalds
2012-01-18 2:31 ` Andi Kleen
2012-01-18 2:31 ` Andi Kleen
2012-01-18 2:46 ` Linus Torvalds
2012-01-18 2:46 ` Linus Torvalds
2012-01-18 14:06 ` Martin Mares
2012-01-18 14:06 ` Martin Mares
2012-01-18 18:24 ` Andi Kleen
2012-01-18 18:24 ` Andi Kleen
2012-01-19 16:04 ` Jamie Lokier
2012-01-19 16:04 ` Jamie Lokier
2012-01-20 0:21 ` Indan Zupancic
2012-01-20 0:21 ` Indan Zupancic
2012-01-20 0:53 ` Linus Torvalds
2012-01-20 0:53 ` Linus Torvalds
2012-01-20 2:02 ` Indan Zupancic
2012-01-20 2:02 ` Indan Zupancic
2012-01-17 17:06 ` Will Drewry [this message]
2012-01-17 17:06 ` [RFC,PATCH 1/2] seccomp_filters: system call filtering using BPF Will Drewry
2012-01-17 19:35 ` Will Drewry
2012-01-17 19:35 ` Will Drewry
2012-01-12 17:02 ` Andrew Lutomirski
2012-01-12 17:02 ` Andrew Lutomirski
2012-01-16 20:28 ` Will Drewry
2012-01-16 20:28 ` Will Drewry
2012-01-11 17:25 ` [RFC,PATCH 2/2] Documentation: prctl/seccomp_filter Will Drewry
2012-01-11 20:03 ` Jonathan Corbet
2012-01-11 20:10 ` Will Drewry
2012-01-11 20:10 ` Will Drewry
2012-01-11 23:19 ` [PATCH v2 " Will Drewry
2012-01-12 0:29 ` Will Drewry
2012-01-12 0:29 ` Will Drewry
2012-01-12 18:16 ` Randy Dunlap
2012-01-12 17:23 ` Will Drewry
2012-01-12 17:34 ` Steven Rostedt
2012-01-12 13:13 ` [RFC,PATCH " Łukasz Sowa
2012-01-12 17:25 ` Will Drewry
2012-01-12 17:25 ` Will Drewry
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CABqD9ha+sKCpm4J-B5Ai0aYsvw6oUXz45SmHLQqvJ0d1NjZ0Qg@mail.gmail.com \
--to=wad@chromium.org \
--cc=ak@linux.intel.com \
--cc=akpm@linux-foundation.org \
--cc=amwang@redhat.com \
--cc=andi@firstfloor.org \
--cc=avi@redhat.com \
--cc=borislav.petkov@amd.com \
--cc=coreyb@linux.vnet.ibm.com \
--cc=daniel.lezcano@free.fr \
--cc=dhowells@redhat.com \
--cc=djm@mindrot.org \
--cc=dlaor@redhat.com \
--cc=eparis@redhat.com \
--cc=eric.dumazet@gmail.com \
--cc=gregkh@suse.de \
--cc=indan@nul.nu \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=keescook@chromium.org \
--cc=khilman@ti.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=luto@mit.edu \
--cc=mcgrathr@chromium.org \
--cc=mhalcrow@google.com \
--cc=mingo@elte.hu \
--cc=oleg@redhat.com \
--cc=olofj@chromium.org \
--cc=penberg@cs.helsinki.fi \
--cc=pmoore@redhat.com \
--cc=rostedt@goodmis.org \
--cc=scarybeasts@gmail.com \
--cc=segoon@openwall.com \
--cc=serge.hallyn@canonical.com \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.