From: Will Drewry <wad@chromium.org> To: Andrew Lutomirski <luto@mit.edu> Cc: Oleg Nesterov <oleg@redhat.com>, linux-kernel@vger.kernel.org, keescook@chromium.org, john.johansen@canonical.com, serge.hallyn@canonical.com, coreyb@linux.vnet.ibm.com, pmoore@redhat.com, eparis@redhat.com, djm@mindrot.org, torvalds@linux-foundation.org, segoon@openwall.com, rostedt@goodmis.org, jmorris@namei.org, scarybeasts@gmail.com, avi@redhat.com, penberg@cs.helsinki.fi, viro@zeniv.linux.org.uk, mingo@elte.hu, akpm@linux-foundation.org, khilman@ti.com, borislav.petkov@amd.com, amwang@redhat.com, ak@linux.intel.com, eric.dumazet@gmail.com, gregkh@suse.de, dhowells@redhat.com, daniel.lezcano@free.fr, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, olofj@chromium.org, mhalcrow@google.com, dlaor@redhat.com, Roland McGrath <mcgrathr@chromium.org>, Andi Kleen <andi@firstfloor.org>, indan@nul.nu Subject: Re: [RFC,PATCH 1/2] seccomp_filters: system call filtering using BPF Date: Tue, 17 Jan 2012 11:06:59 -0600 [thread overview] Message-ID: <CABqD9ha+sKCpm4J-B5Ai0aYsvw6oUXz45SmHLQqvJ0d1NjZ0Qg@mail.gmail.com> (raw) In-Reply-To: <CAObL_7E1gtDF8Bjb9vmFFkVFmxWbx4DrgGU0QPJEd6KXgS7U8A@mail.gmail.com> On Tue, Jan 17, 2012 at 11:01 AM, Andrew Lutomirski <luto@mit.edu> wrote: > On Tue, Jan 17, 2012 at 8:56 AM, Will Drewry <wad@chromium.org> wrote: >> On Tue, Jan 17, 2012 at 10:45 AM, Oleg Nesterov <oleg@redhat.com> wrote: >>> On 01/16, Will Drewry wrote: >>>> >>>> On Mon, Jan 16, 2012 at 12:37 PM, Oleg Nesterov <oleg@redhat.com> wrote: >>>> > >>>> > Yes, thanks, I forgot about compat tasks again. But this is easy, just >>>> > we need regs_64_to_32(). >>>> >>>> Yup - we could make the assumption that is_compat_task is always >>>> 32-bit and the pt_regs is always 64-bit, then copy_and_truncate with >>>> regs_64_to_32. Seems kinda wonky though :/ >>> >>> much simpler/faster than what regset does to create the artificial >>> user_regs_struct32. >> >> True, I could collapse pt_regs to looks like the exported ABI pt_regs. >> Then only compat processes would get the copy overhead. That could >> be tidy and not break ABI. It would mean that I have to assume that >> if unsigned long == 64-bit and is_compat_task(), then the task is >> 32-bit. Do you think if we ever add a crazy 128-bit "supercomputer" >> arch that we will add a is_compat64_task() so that I could properly >> collapse? :) >> >> I like this idea! > > FWIW, it's possible for a task to execute in 32-bit mode when > !is_compat_task or in 64-bit mode when is_compat_task. From earlier > in the thread, I think you were planning to block the wrong-bitness > syscall entries, but it's worth double-checking that you don't open up > a hole when a compat task issues the 64-bit syscall instruction. Yup - I had to (see below). > (is_compat_task says whether the executable was marked as 32-bit. The > actual execution mode is determined by the cs register, which the user > can control. See the user_64bit_mode function in > arch/asm/x86/ptrace.h. But maybe it would make more sense to have a > separate 32-bit and 64-bit BPF program and select which one to use > based on the entry point.) So that was my original design, but the problem was with how regviews decides on the user_regs_struct. It decides using TIF_IA32 while I can only check the cross-arch is_compat_task() which checks TS_COMPAT on x86. If I'm just collapsing registers for compat calls (which I am exploring the viability of right now), then I guess I could re-fork the filtering to support compat versus non-compat. The nastier bits there were that I don't want to allow a compat call to be allowed because a process only defined non-compat. I think that can be made manage-able though. I'll finish proving out the possibilities here. Thanks! will
WARNING: multiple messages have this Message-ID (diff)
From: Will Drewry <wad@chromium.org> To: Andrew Lutomirski <luto@mit.edu> Cc: Oleg Nesterov <oleg@redhat.com>, linux-kernel@vger.kernel.org, keescook@chromium.org, john.johansen@canonical.com, serge.hallyn@canonical.com, coreyb@linux.vnet.ibm.com, pmoore@redhat.com, eparis@redhat.com, djm@mindrot.org, torvalds@linux-foundation.org, segoon@openwall.com, rostedt@goodmis.org, jmorris@namei.org, scarybeasts@gmail.com, avi@redhat.com, penberg@cs.helsinki.fi, viro@zeniv.linux.org.uk, mingo@elte.hu, akpm@linux-foundation.org, khilman@ti.com, borislav.petkov@amd.com, amwang@redhat.com, ak@linux.intel.com, eric.dumazet@gmail.com, gregkh@suse.de, dhowells@redhat.com, daniel.lezcano@free.fr, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, olofj@chromium.org, mhalcrow@google.com, dlaor@redhat.com, Roland McGrath <mcgrathr@chromium.org>, Andi Kleen <andi@firstfloor.org>, indan@nul.nu Subject: Re: [RFC,PATCH 1/2] seccomp_filters: system call filtering using BPF Date: Tue, 17 Jan 2012 11:06:59 -0600 [thread overview] Message-ID: <CABqD9ha+sKCpm4J-B5Ai0aYsvw6oUXz45SmHLQqvJ0d1NjZ0Qg@mail.gmail.com> (raw) In-Reply-To: <CAObL_7E1gtDF8Bjb9vmFFkVFmxWbx4DrgGU0QPJEd6KXgS7U8A@mail.gmail.com> On Tue, Jan 17, 2012 at 11:01 AM, Andrew Lutomirski <luto@mit.edu> wrote: > On Tue, Jan 17, 2012 at 8:56 AM, Will Drewry <wad@chromium.org> wrote: >> On Tue, Jan 17, 2012 at 10:45 AM, Oleg Nesterov <oleg@redhat.com> wrote: >>> On 01/16, Will Drewry wrote: >>>> >>>> On Mon, Jan 16, 2012 at 12:37 PM, Oleg Nesterov <oleg@redhat.com> wrote: >>>> > >>>> > Yes, thanks, I forgot about compat tasks again. But this is easy, just >>>> > we need regs_64_to_32(). >>>> >>>> Yup - we could make the assumption that is_compat_task is always >>>> 32-bit and the pt_regs is always 64-bit, then copy_and_truncate with >>>> regs_64_to_32. Seems kinda wonky though :/ >>> >>> much simpler/faster than what regset does to create the artificial >>> user_regs_struct32. >> >> True, I could collapse pt_regs to looks like the exported ABI pt_regs. >> Then only compat processes would get the copy overhead. That could >> be tidy and not break ABI. It would mean that I have to assume that >> if unsigned long == 64-bit and is_compat_task(), then the task is >> 32-bit. Do you think if we ever add a crazy 128-bit "supercomputer" >> arch that we will add a is_compat64_task() so that I could properly >> collapse? :) >> >> I like this idea! > > FWIW, it's possible for a task to execute in 32-bit mode when > !is_compat_task or in 64-bit mode when is_compat_task. From earlier > in the thread, I think you were planning to block the wrong-bitness > syscall entries, but it's worth double-checking that you don't open up > a hole when a compat task issues the 64-bit syscall instruction. Yup - I had to (see below). > (is_compat_task says whether the executable was marked as 32-bit. The > actual execution mode is determined by the cs register, which the user > can control. See the user_64bit_mode function in > arch/asm/x86/ptrace.h. But maybe it would make more sense to have a > separate 32-bit and 64-bit BPF program and select which one to use > based on the entry point.) So that was my original design, but the problem was with how regviews decides on the user_regs_struct. It decides using TIF_IA32 while I can only check the cross-arch is_compat_task() which checks TS_COMPAT on x86. If I'm just collapsing registers for compat calls (which I am exploring the viability of right now), then I guess I could re-fork the filtering to support compat versus non-compat. The nastier bits there were that I don't want to allow a compat call to be allowed because a process only defined non-compat. I think that can be made manage-able though. I'll finish proving out the possibilities here. Thanks! will -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2012-01-17 17:07 UTC|newest] Thread overview: 409+ messages / expand[flat|nested] mbox.gz Atom feed top 2012-01-11 17:25 [RFC,PATCH 0/2] dynamic seccomp policies (using BPF filters) Will Drewry 2012-01-11 17:25 ` [RFC,PATCH 1/2] seccomp_filters: system call filtering using BPF Will Drewry 2012-01-12 8:53 ` Serge Hallyn 2012-01-12 16:54 ` Will Drewry 2012-01-12 16:54 ` Will Drewry 2012-01-12 14:50 ` Oleg Nesterov 2012-01-12 16:55 ` Will Drewry 2012-01-12 16:55 ` Will Drewry 2012-01-12 15:43 ` Steven Rostedt 2012-01-12 16:14 ` Oleg Nesterov 2012-01-12 16:38 ` Steven Rostedt 2012-01-12 16:47 ` Oleg Nesterov 2012-01-12 17:08 ` Will Drewry 2012-01-12 17:08 ` Will Drewry 2012-01-12 17:30 ` Jamie Lokier 2012-01-12 17:40 ` Steven Rostedt 2012-01-12 17:44 ` Jamie Lokier 2012-01-12 17:56 ` Steven Rostedt 2012-01-12 23:27 ` Alan Cox 2012-01-12 23:38 ` Linus Torvalds 2012-01-12 22:18 ` Will Drewry 2012-01-12 22:18 ` Will Drewry 2012-01-12 23:00 ` Andrew Lutomirski 2012-01-12 23:00 ` Andrew Lutomirski 2012-01-12 16:14 ` Andrew Lutomirski 2012-01-12 16:14 ` Andrew Lutomirski 2012-01-12 16:27 ` Steven Rostedt 2012-01-12 16:51 ` Andrew Lutomirski 2012-01-12 16:51 ` Andrew Lutomirski 2012-01-12 17:09 ` Linus Torvalds 2012-01-12 17:17 ` Steven Rostedt 2012-01-12 18:18 ` Andrew Lutomirski 2012-01-12 18:32 ` Linus Torvalds 2012-01-12 18:32 ` Linus Torvalds 2012-01-12 18:44 ` Andrew Lutomirski 2012-01-12 19:08 ` Kyle Moffett 2012-01-12 19:08 ` Kyle Moffett 2012-01-12 23:05 ` Eric Paris 2012-01-12 23:33 ` Andrew Lutomirski 2012-01-12 23:33 ` Andrew Lutomirski 2012-01-12 19:40 ` Will Drewry 2012-01-12 19:40 ` Will Drewry 2012-01-12 19:42 ` Will Drewry 2012-01-12 19:42 ` Will Drewry 2012-01-12 19:46 ` Andrew Lutomirski 2012-01-12 19:46 ` Andrew Lutomirski 2012-01-12 20:00 ` Linus Torvalds 2012-01-12 20:00 ` Linus Torvalds 2012-01-12 16:59 ` Will Drewry 2012-01-12 16:59 ` Will Drewry 2012-01-12 17:22 ` Jamie Lokier 2012-01-12 17:22 ` Jamie Lokier 2012-01-12 17:35 ` Will Drewry 2012-01-12 17:57 ` Jamie Lokier 2012-01-12 17:57 ` Jamie Lokier 2012-01-12 18:03 ` Will Drewry 2012-01-12 18:03 ` Will Drewry 2012-01-13 1:34 ` Jamie Lokier 2012-01-13 2:44 ` Indan Zupancic 2012-01-13 6:33 ` Chris Evans 2012-01-13 6:33 ` Chris Evans 2012-01-12 17:36 ` Jamie Lokier 2012-01-12 16:18 ` Alan Cox 2012-01-12 17:03 ` Will Drewry 2012-01-12 17:03 ` Will Drewry 2012-01-12 17:11 ` Alan Cox 2012-01-12 17:52 ` Will Drewry 2012-01-12 17:52 ` Will Drewry 2012-01-13 1:31 ` James Morris 2012-01-12 16:22 ` Oleg Nesterov 2012-01-12 17:10 ` Will Drewry 2012-01-12 17:23 ` Oleg Nesterov 2012-01-12 17:23 ` Oleg Nesterov 2012-01-12 17:51 ` Will Drewry 2012-01-12 17:51 ` Will Drewry 2012-01-13 17:31 ` Oleg Nesterov 2012-01-13 17:31 ` Oleg Nesterov 2012-01-13 19:01 ` Will Drewry 2012-01-13 19:01 ` Will Drewry 2012-01-13 23:10 ` Will Drewry 2012-01-13 23:10 ` Will Drewry 2012-01-13 23:12 ` Will Drewry 2012-01-13 23:12 ` Will Drewry 2012-01-13 23:30 ` Eric Paris 2012-01-15 3:40 ` Indan Zupancic 2012-01-16 1:40 ` Will Drewry 2012-01-16 6:49 ` Indan Zupancic 2012-01-16 20:12 ` Will Drewry 2012-01-17 6:46 ` Indan Zupancic 2012-01-17 17:37 ` Will Drewry 2012-01-18 4:06 ` Indan Zupancic 2012-01-18 4:38 ` Will Drewry 2012-01-17 20:34 ` Kees Cook 2012-01-17 20:42 ` Will Drewry 2012-01-17 21:09 ` Will Drewry 2012-01-18 4:47 ` Indan Zupancic 2012-01-16 18:37 ` Oleg Nesterov 2012-01-16 18:37 ` Oleg Nesterov 2012-01-16 20:15 ` Will Drewry 2012-01-16 20:15 ` Will Drewry 2012-01-17 16:45 ` Oleg Nesterov 2012-01-17 16:56 ` Will Drewry 2012-01-17 16:56 ` Will Drewry 2012-01-17 17:01 ` Andrew Lutomirski 2012-01-17 17:01 ` Andrew Lutomirski 2012-01-17 17:05 ` Oleg Nesterov 2012-01-17 17:45 ` Andrew Lutomirski 2012-01-17 17:45 ` Andrew Lutomirski 2012-01-18 0:56 ` Compat 32-bit syscall entry from 64-bit task!? [was: Re: [RFC,PATCH 1/2] seccomp_filters: system call filtering using BPF] Indan Zupancic 2012-01-18 1:01 ` Andrew Lutomirski 2012-01-18 1:01 ` Andrew Lutomirski 2012-01-19 1:06 ` Indan Zupancic 2012-01-19 1:06 ` Indan Zupancic 2012-01-19 1:19 ` Andrew Lutomirski 2012-01-19 1:47 ` Indan Zupancic 2012-01-18 1:07 ` Roland McGrath 2012-01-18 1:47 ` Indan Zupancic 2012-01-18 1:48 ` Jamie Lokier 2012-01-18 1:50 ` Andi Kleen 2012-01-18 2:00 ` Steven Rostedt 2012-01-18 2:04 ` Jamie Lokier 2012-01-18 2:22 ` Andi Kleen 2012-01-18 2:22 ` Andi Kleen 2012-01-18 2:25 ` Andrew Lutomirski 2012-01-18 4:22 ` Indan Zupancic 2012-01-18 4:22 ` Indan Zupancic 2012-01-18 5:23 ` Linus Torvalds 2012-01-18 5:23 ` Linus Torvalds 2012-01-18 6:25 ` Linus Torvalds 2012-01-18 6:25 ` Linus Torvalds 2012-01-18 13:12 ` Compat 32-bit syscall entry from 64-bit task!? Indan Zupancic 2012-01-18 13:12 ` Indan Zupancic 2012-01-18 19:31 ` Linus Torvalds 2012-01-18 19:31 ` Linus Torvalds 2012-01-18 19:36 ` Andi Kleen 2012-01-18 19:36 ` Andi Kleen 2012-01-18 19:39 ` Linus Torvalds 2012-01-18 19:39 ` Linus Torvalds 2012-01-18 19:44 ` Andi Kleen 2012-01-18 19:44 ` Andi Kleen 2012-01-18 19:47 ` Linus Torvalds 2012-01-18 19:47 ` Linus Torvalds 2012-01-18 19:52 ` Will Drewry 2012-01-18 19:52 ` Will Drewry 2012-01-18 19:58 ` Will Drewry 2012-01-18 19:58 ` Will Drewry 2012-01-18 19:41 ` Martin Mares 2012-01-18 19:41 ` Martin Mares 2012-01-18 19:38 ` Andrew Lutomirski 2012-01-18 19:38 ` Andrew Lutomirski 2012-01-19 16:01 ` Jamie Lokier 2012-01-19 16:01 ` Jamie Lokier 2012-01-19 16:13 ` Andrew Lutomirski 2012-01-19 16:13 ` Andrew Lutomirski 2012-01-19 19:21 ` Linus Torvalds 2012-01-19 19:21 ` Linus Torvalds 2012-01-19 19:30 ` Andrew Lutomirski 2012-01-19 19:30 ` Andrew Lutomirski 2012-01-19 19:37 ` Linus Torvalds 2012-01-19 19:37 ` Linus Torvalds 2012-01-19 19:41 ` Linus Torvalds 2012-01-19 19:41 ` Linus Torvalds 2012-01-19 23:54 ` Jamie Lokier 2012-01-19 23:54 ` Jamie Lokier 2012-01-20 0:05 ` Linus Torvalds 2012-01-20 0:05 ` Linus Torvalds 2012-01-20 15:35 ` Will Drewry 2012-01-20 15:35 ` Will Drewry 2012-01-20 17:56 ` Roland McGrath 2012-01-20 17:56 ` Roland McGrath 2012-01-20 19:45 ` Will Drewry 2012-01-20 19:45 ` Will Drewry 2012-01-18 20:26 ` Linus Torvalds 2012-01-18 20:26 ` Linus Torvalds 2012-01-18 20:55 ` H. Peter Anvin 2012-01-18 20:55 ` H. Peter Anvin 2012-01-18 21:01 ` Linus Torvalds 2012-01-18 21:01 ` Linus Torvalds 2012-01-18 21:04 ` H. Peter Anvin 2012-01-18 21:04 ` H. Peter Anvin 2012-01-18 21:21 ` H. Peter Anvin 2012-01-18 21:21 ` H. Peter Anvin 2012-01-18 21:51 ` Roland McGrath 2012-01-18 21:51 ` Roland McGrath 2012-01-18 21:53 ` H. Peter Anvin 2012-01-18 21:53 ` H. Peter Anvin 2012-01-18 23:28 ` Linus Torvalds 2012-01-18 23:28 ` Linus Torvalds 2012-01-19 0:38 ` H. Peter Anvin 2012-01-19 0:38 ` H. Peter Anvin 2012-01-20 21:51 ` Denys Vlasenko 2012-01-20 21:51 ` Denys Vlasenko 2012-01-20 22:40 ` Roland McGrath 2012-01-20 22:40 ` Roland McGrath 2012-01-20 22:41 ` H. Peter Anvin 2012-01-20 22:41 ` H. Peter Anvin 2012-01-20 23:49 ` Indan Zupancic 2012-01-20 23:49 ` Indan Zupancic 2012-01-20 23:55 ` Roland McGrath 2012-01-20 23:55 ` Roland McGrath 2012-01-20 23:58 ` hpanvin@gmail.com 2012-01-20 23:58 ` hpanvin@gmail.com 2012-01-23 2:14 ` Indan Zupancic 2012-01-23 2:14 ` Indan Zupancic 2012-01-21 0:07 ` Denys Vlasenko 2012-01-21 0:07 ` Denys Vlasenko 2012-01-21 0:10 ` Roland McGrath 2012-01-21 0:10 ` Roland McGrath 2012-01-21 1:23 ` Jamie Lokier 2012-01-21 1:23 ` Jamie Lokier 2012-01-23 2:37 ` Indan Zupancic 2012-01-23 2:37 ` Indan Zupancic 2012-01-23 16:48 ` Oleg Nesterov 2012-01-23 16:48 ` Oleg Nesterov 2012-01-24 8:19 ` Indan Zupancic 2012-01-24 8:19 ` Indan Zupancic 2012-02-06 20:30 ` H. Peter Anvin 2012-02-06 20:30 ` H. Peter Anvin 2012-02-06 20:39 ` Roland McGrath 2012-02-06 20:39 ` Roland McGrath 2012-02-06 20:42 ` H. Peter Anvin 2012-02-06 20:42 ` H. Peter Anvin 2012-01-18 21:26 ` Linus Torvalds 2012-01-18 21:26 ` Linus Torvalds 2012-01-18 21:30 ` H. Peter Anvin 2012-01-18 21:30 ` H. Peter Anvin 2012-01-18 21:42 ` Linus Torvalds 2012-01-18 21:42 ` Linus Torvalds 2012-01-18 21:47 ` H. Peter Anvin 2012-01-18 21:47 ` H. Peter Anvin 2012-01-19 1:45 ` Indan Zupancic 2012-01-19 1:45 ` Indan Zupancic 2012-01-19 2:16 ` H. Peter Anvin 2012-01-19 2:16 ` H. Peter Anvin 2012-02-06 8:32 ` Indan Zupancic 2012-02-06 8:32 ` Indan Zupancic 2012-02-06 17:02 ` H. Peter Anvin 2012-02-06 17:02 ` H. Peter Anvin 2012-02-07 1:52 ` Indan Zupancic 2012-02-07 1:52 ` Indan Zupancic 2012-02-09 0:19 ` H. Peter Anvin 2012-02-09 0:19 ` H. Peter Anvin 2012-02-09 4:20 ` Indan Zupancic 2012-02-09 4:20 ` Indan Zupancic 2012-02-09 4:29 ` H. Peter Anvin 2012-02-09 4:29 ` H. Peter Anvin 2012-02-09 6:03 ` Indan Zupancic 2012-02-09 6:03 ` Indan Zupancic 2012-02-09 14:47 ` H. Peter Anvin 2012-02-09 14:47 ` H. Peter Anvin 2012-02-09 16:00 ` H.J. Lu 2012-02-09 16:00 ` H.J. Lu 2012-02-10 1:09 ` Indan Zupancic 2012-02-10 1:09 ` Indan Zupancic 2012-02-10 1:15 ` H. Peter Anvin 2012-02-10 1:15 ` H. Peter Anvin 2012-02-10 2:29 ` Indan Zupancic 2012-02-10 2:29 ` Indan Zupancic 2012-02-10 2:47 ` H. Peter Anvin 2012-02-10 2:47 ` H. Peter Anvin [not found] ` <cc95fcf4b1c28ee6f73e373d04593634.squirrel@webmail.greenhost.nl> 2012-02-10 15:53 ` H. Peter Anvin 2012-02-10 15:53 ` H. Peter Anvin 2012-02-10 22:42 ` Indan Zupancic 2012-02-10 22:42 ` Indan Zupancic 2012-02-10 22:56 ` H. Peter Anvin 2012-02-10 22:56 ` H. Peter Anvin 2012-02-12 12:07 ` Indan Zupancic 2012-02-12 12:07 ` Indan Zupancic 2012-01-25 19:36 ` Oleg Nesterov 2012-01-25 19:36 ` Oleg Nesterov 2012-01-25 20:20 ` Pedro Alves 2012-01-25 20:20 ` Pedro Alves 2012-01-25 23:36 ` Denys Vlasenko 2012-01-25 23:36 ` Denys Vlasenko 2012-01-25 23:32 ` Denys Vlasenko 2012-01-25 23:32 ` Denys Vlasenko 2012-01-26 0:40 ` Indan Zupancic 2012-01-26 0:40 ` Indan Zupancic 2012-01-26 1:08 ` Jamie Lokier 2012-01-26 1:08 ` Jamie Lokier 2012-01-26 1:22 ` Denys Vlasenko 2012-01-26 1:22 ` Denys Vlasenko 2012-01-26 6:34 ` Indan Zupancic 2012-01-26 6:34 ` Indan Zupancic 2012-01-26 10:31 ` Jamie Lokier 2012-01-26 10:31 ` Jamie Lokier 2012-01-26 10:40 ` Denys Vlasenko 2012-01-26 10:40 ` Denys Vlasenko 2012-01-26 11:01 ` Jamie Lokier 2012-01-26 11:01 ` Jamie Lokier 2012-01-26 14:02 ` Denys Vlasenko 2012-01-26 14:02 ` Denys Vlasenko 2012-01-26 11:19 ` Indan Zupancic 2012-01-26 11:19 ` Indan Zupancic 2012-01-26 11:20 ` Indan Zupancic 2012-01-26 11:20 ` Indan Zupancic 2012-01-26 11:47 ` Jamie Lokier 2012-01-26 11:47 ` Jamie Lokier 2012-01-26 14:05 ` Denys Vlasenko 2012-01-26 14:05 ` Denys Vlasenko 2012-01-27 7:23 ` Indan Zupancic 2012-01-27 7:23 ` Indan Zupancic 2012-02-10 2:02 ` Jamie Lokier 2012-02-10 2:02 ` Jamie Lokier 2012-02-10 3:37 ` Indan Zupancic 2012-02-10 3:37 ` Indan Zupancic 2012-02-10 21:19 ` Denys Vlasenko 2012-02-10 21:19 ` Denys Vlasenko 2012-01-26 1:09 ` Denys Vlasenko 2012-01-26 1:09 ` Denys Vlasenko 2012-01-26 3:47 ` Linus Torvalds 2012-01-26 3:47 ` Linus Torvalds 2012-01-26 18:03 ` Denys Vlasenko 2012-01-26 18:03 ` Denys Vlasenko 2017-03-08 23:41 ` Dmitry V. Levin 2017-03-08 23:41 ` Dmitry V. Levin 2017-03-09 4:39 ` Andrew Lutomirski 2017-03-09 4:39 ` Andrew Lutomirski 2017-03-14 2:57 ` Dmitry V. Levin 2017-03-14 2:57 ` Dmitry V. Levin 2012-01-26 5:57 ` Indan Zupancic 2012-01-26 5:57 ` Indan Zupancic 2012-01-26 0:59 ` Jamie Lokier 2012-01-26 0:59 ` Jamie Lokier 2012-01-26 1:21 ` Denys Vlasenko 2012-01-26 1:21 ` Denys Vlasenko 2012-01-26 8:23 ` Pedro Alves 2012-01-26 8:23 ` Pedro Alves 2012-01-26 8:53 ` Denys Vlasenko 2012-01-26 8:53 ` Denys Vlasenko 2012-01-26 9:51 ` Pedro Alves 2012-01-26 9:51 ` Pedro Alves 2012-01-26 18:44 ` Oleg Nesterov 2012-01-26 18:44 ` Oleg Nesterov 2012-02-10 2:51 ` Jamie Lokier 2012-02-10 2:51 ` Jamie Lokier 2012-01-18 15:04 ` Compat 32-bit syscall entry from 64-bit task!? [was: Re: [RFC,PATCH 1/2] seccomp_filters: system call filtering using BPF] Eric Paris 2012-01-18 15:04 ` Eric Paris 2012-01-18 17:51 ` Linus Torvalds 2012-01-18 17:51 ` Linus Torvalds 2012-01-18 5:43 ` Chris Evans 2012-01-18 5:43 ` Chris Evans 2012-01-18 12:12 ` Indan Zupancic 2012-01-18 12:12 ` Indan Zupancic 2012-01-18 21:13 ` Chris Evans 2012-01-18 21:13 ` Chris Evans 2012-01-19 0:14 ` Indan Zupancic 2012-01-19 0:14 ` Indan Zupancic 2012-01-19 8:16 ` Chris Evans 2012-01-19 8:16 ` Chris Evans 2012-01-19 11:34 ` Indan Zupancic 2012-01-19 11:34 ` Indan Zupancic 2012-01-19 16:11 ` Jamie Lokier 2012-01-19 16:11 ` Jamie Lokier 2012-01-19 15:40 ` Jamie Lokier 2012-01-19 15:40 ` Jamie Lokier 2012-01-18 17:00 ` Oleg Nesterov 2012-01-18 17:00 ` Oleg Nesterov 2012-01-18 17:12 ` Oleg Nesterov 2012-01-18 17:12 ` Oleg Nesterov 2012-01-18 21:09 ` Chris Evans 2012-01-18 21:09 ` Chris Evans 2012-01-23 16:56 ` Oleg Nesterov 2012-01-23 16:56 ` Oleg Nesterov 2012-01-23 22:23 ` Chris Evans 2012-01-23 22:23 ` Chris Evans 2012-02-07 11:45 ` Indan Zupancic 2012-02-07 11:45 ` Indan Zupancic 2012-01-19 0:29 ` Indan Zupancic 2012-01-19 0:29 ` Indan Zupancic 2012-01-18 2:27 ` Linus Torvalds 2012-01-18 2:27 ` Linus Torvalds 2012-01-18 2:31 ` Andi Kleen 2012-01-18 2:31 ` Andi Kleen 2012-01-18 2:46 ` Linus Torvalds 2012-01-18 2:46 ` Linus Torvalds 2012-01-18 14:06 ` Martin Mares 2012-01-18 14:06 ` Martin Mares 2012-01-18 18:24 ` Andi Kleen 2012-01-18 18:24 ` Andi Kleen 2012-01-19 16:04 ` Jamie Lokier 2012-01-19 16:04 ` Jamie Lokier 2012-01-20 0:21 ` Indan Zupancic 2012-01-20 0:21 ` Indan Zupancic 2012-01-20 0:53 ` Linus Torvalds 2012-01-20 0:53 ` Linus Torvalds 2012-01-20 2:02 ` Indan Zupancic 2012-01-20 2:02 ` Indan Zupancic 2012-01-17 17:06 ` Will Drewry [this message] 2012-01-17 17:06 ` [RFC,PATCH 1/2] seccomp_filters: system call filtering using BPF Will Drewry 2012-01-17 19:35 ` Will Drewry 2012-01-17 19:35 ` Will Drewry 2012-01-12 17:02 ` Andrew Lutomirski 2012-01-12 17:02 ` Andrew Lutomirski 2012-01-16 20:28 ` Will Drewry 2012-01-16 20:28 ` Will Drewry 2012-01-11 17:25 ` [RFC,PATCH 2/2] Documentation: prctl/seccomp_filter Will Drewry 2012-01-11 20:03 ` Jonathan Corbet 2012-01-11 20:10 ` Will Drewry 2012-01-11 20:10 ` Will Drewry 2012-01-11 23:19 ` [PATCH v2 " Will Drewry 2012-01-12 0:29 ` Will Drewry 2012-01-12 0:29 ` Will Drewry 2012-01-12 18:16 ` Randy Dunlap 2012-01-12 17:23 ` Will Drewry 2012-01-12 17:34 ` Steven Rostedt 2012-01-12 13:13 ` [RFC,PATCH " Łukasz Sowa 2012-01-12 17:25 ` Will Drewry 2012-01-12 17:25 ` Will Drewry
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=CABqD9ha+sKCpm4J-B5Ai0aYsvw6oUXz45SmHLQqvJ0d1NjZ0Qg@mail.gmail.com \ --to=wad@chromium.org \ --cc=ak@linux.intel.com \ --cc=akpm@linux-foundation.org \ --cc=amwang@redhat.com \ --cc=andi@firstfloor.org \ --cc=avi@redhat.com \ --cc=borislav.petkov@amd.com \ --cc=coreyb@linux.vnet.ibm.com \ --cc=daniel.lezcano@free.fr \ --cc=dhowells@redhat.com \ --cc=djm@mindrot.org \ --cc=dlaor@redhat.com \ --cc=eparis@redhat.com \ --cc=eric.dumazet@gmail.com \ --cc=gregkh@suse.de \ --cc=indan@nul.nu \ --cc=jmorris@namei.org \ --cc=john.johansen@canonical.com \ --cc=keescook@chromium.org \ --cc=khilman@ti.com \ --cc=linux-fsdevel@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-security-module@vger.kernel.org \ --cc=luto@mit.edu \ --cc=mcgrathr@chromium.org \ --cc=mhalcrow@google.com \ --cc=mingo@elte.hu \ --cc=oleg@redhat.com \ --cc=olofj@chromium.org \ --cc=penberg@cs.helsinki.fi \ --cc=pmoore@redhat.com \ --cc=rostedt@goodmis.org \ --cc=scarybeasts@gmail.com \ --cc=segoon@openwall.com \ --cc=serge.hallyn@canonical.com \ --cc=torvalds@linux-foundation.org \ --cc=viro@zeniv.linux.org.uk \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.