From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.6 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 61A1FC433E2 for ; Mon, 20 Jul 2020 09:44:45 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 402F02176B for ; Mon, 20 Jul 2020 09:44:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1595238285; bh=TRyr/qp3584qIQrYcl/qGBgEKMgFIlh/mOVW7CCDN+c=; h=Date:From:To:Cc:Subject:References:In-Reply-To:List-ID:From; b=nSNL32Di4Qs/s3xHXX/LIK/sgOj90w8+aL4puk05DQWNaPNiPsXIlRRcMZPS5u7nX UhVCoIQISI84Z7xekORwPPnnYwaHod7OxDbacbeYdHxKHXMBm9EB5NoiBtcS0YsQQz AmdfnLt+ZyELwGF+YpZ5b2fbOcD0Mt5r7x3IHrMM= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728075AbgGTJoo (ORCPT ); Mon, 20 Jul 2020 05:44:44 -0400 Received: from mail.kernel.org ([198.145.29.99]:51344 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727062AbgGTJon (ORCPT ); Mon, 20 Jul 2020 05:44:43 -0400 Received: from willie-the-truck (236.31.169.217.in-addr.arpa [217.169.31.236]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 5EA1F208E4; Mon, 20 Jul 2020 09:44:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1595238283; bh=TRyr/qp3584qIQrYcl/qGBgEKMgFIlh/mOVW7CCDN+c=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=wf/zu+kAnmX1JayuDyY2CAJGv0WvYDIuazTvTk8ZZVlDW8bunpDFa3DrUYJbxpIow +uO76SL7RT88ODVsqB2d7Aj7Mk/2l6ntmxhEeCtBG2x7tDzwn2iTj/qWU4ReS+ss8V UBWSKrqTZi5TdFTyhB9r0mqloqEk7fMeUOtopLTk= Date: Mon, 20 Jul 2020 10:44:38 +0100 From: Will Deacon To: Thomas Gleixner Cc: Andy Lutomirski , Gabriel Krisman Bertazi , LKML , kernel@collabora.com, Matthew Wilcox , Paul Gofman , Kees Cook , "open list:KERNEL SELFTEST FRAMEWORK" , Shuah Khan Subject: Re: [PATCH v4 1/2] kernel: Implement selective syscall userspace redirection Message-ID: <20200720094437.GA11405@willie-the-truck> References: <20200716193141.4068476-1-krisman@collabora.com> <20200716193141.4068476-2-krisman@collabora.com> <874kq2o7zy.fsf@nanos.tec.linutronix.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <874kq2o7zy.fsf@nanos.tec.linutronix.de> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jul 20, 2020 at 11:23:13AM +0200, Thomas Gleixner wrote: > Andy Lutomirski writes: > > On Thu, Jul 16, 2020 at 12:31 PM Gabriel Krisman Bertazi > > wrote: > > The amount of syscall entry wiring that arches need to do is IMO > > already a bit out of hand. Should we instead rename TIF_SECCOMP to > > TIF_SYSCALL_INTERCEPTION and have one generic callback that handles > > seccomp and this new thing? > > The right way to go is to consolidate all the stupidly different > entry/exit work handling implementations and have exactly one in generic > code, i.e. what I posted a few days ago. > > Then we can make new features only available in the generic version by > hiding the new functionality in the core code and not exposing the > functions to architecture implementations. > > Making it easy for architectures to keep their own variant forever just > proliferates the mess we have right now. Couldn't agree more. We recently added PTRACE_SYSEMU to arm64 and I deeply regret doing that now that yet another way to rewrite the syscall number has come along. I only just untangled some of the mess in our entry code for that, so I can't say I'm looking forward to opening it right back up to support this new feature. Much better to do it in the core code instead. Will