linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Christian Brauner <brauner@kernel.org>
To: Icenowy Zheng <uwu@icenowy.me>
Cc: Xi Ruoyao <xry111@xry111.site>,
	Huacai Chen <chenhuacai@kernel.org>,
	 WANG Xuerui <kernel@xen0n.name>,
	linux-api@vger.kernel.org, Arnd Bergmann <arnd@arndb.de>,
	 Kees Cook <keescook@chromium.org>,
	Xuefeng Li <lixuefeng@loongson.cn>,
	 Jianmin Lv <lvjianmin@loongson.cn>,
	Xiaotian Wu <wuxiaotian@loongson.cn>,
	 WANG Rui <wangrui@loongson.cn>,
	Miao Wang <shankerwangmiao@gmail.com>,
	 "loongarch@lists.linux.dev" <loongarch@lists.linux.dev>,
	linux-arch <linux-arch@vger.kernel.org>,
	 Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: Chromium sandbox on LoongArch and statx -- seccomp deep argument inspection again?
Date: Mon, 26 Feb 2024 09:26:38 +0100	[thread overview]
Message-ID: <20240226-granit-seilschaft-eccc2433014d@brauner> (raw)
In-Reply-To: <61c5b883762ba4f7fc5a89f539dcd6c8b13d8622.camel@icenowy.me>

On Mon, Feb 26, 2024 at 02:03:48PM +0800, Icenowy Zheng wrote:
> 在 2024-02-25星期日的 15:32 +0800,Xi Ruoyao写道:
> > On Sun, 2024-02-25 at 14:51 +0800, Icenowy Zheng wrote:
> > > > From my point of view, I prefer to "restore fstat", because we
> > > > need
> > > > to
> > > > use the Chrome sandbox everyday (even though it hasn't been
> > > > upstream
> > > > by now). But I also hope "seccomp deep argument inspection" can
> > > > be
> > > > solved in the future.
> > > 
> > > My idea is this problem needs syscalls to be designed with deep
> > > argument inspection in mind; syscalls before this should be
> > > considered
> > > as historical error and get fixed by resotring old syscalls.
> > 
> > I'd not consider fstat an error as using statx for fstat has a
> > performance impact (severe for some workflows), and Linus has
> > concluded
> 
> Sorry for clearance, I mean statx is an error in ABI design, not fstat.

We will not be limited arbitrarly in system call design by seccomp being
unable to do deep argument inspection. That ship has sailed many years
ago. And it's a bit laughable to disalow pointer arguments and structs
in system calls because seccomp isn't able to inspect them.

      parent reply	other threads:[~2024-02-26  8:26 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-02-21  6:09 Chromium sandbox on LoongArch and statx -- seccomp deep argument inspection again? WANG Xuerui
2024-02-21  6:31 ` Xi Ruoyao
2024-02-21 10:31   ` Xi Ruoyao
2024-02-21 10:49     ` WANG Xuerui
2024-02-21 12:03       ` Xi Ruoyao
2024-02-24 11:51 ` Huacai Chen
2024-02-25  6:51   ` Icenowy Zheng
2024-02-25  7:32     ` Xi Ruoyao
2024-02-26  6:03       ` Icenowy Zheng
2024-02-26  6:56         ` Arnd Bergmann
2024-02-26  7:09           ` Xi Ruoyao
2024-02-26  9:20             ` Arnd Bergmann
2024-02-26 11:57               ` Xi Ruoyao
2024-02-26 12:57                 ` Christian Brauner
2024-02-26 14:33                   ` Rich Felker
2024-02-26 13:32               ` Christian Brauner
2024-02-26 13:46                 ` Arnd Bergmann
2024-02-26 15:40                   ` Christian Brauner
2024-02-26 16:49                     ` Xi Ruoyao
2024-02-26 13:46                 ` Christian Brauner
2024-02-26 14:00                 ` WANG Xuerui
2024-02-26 15:35                   ` Christian Brauner
2024-02-26 17:38                     ` WANG Xuerui
2024-02-26  8:26         ` Christian Brauner [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240226-granit-seilschaft-eccc2433014d@brauner \
    --to=brauner@kernel.org \
    --cc=arnd@arndb.de \
    --cc=chenhuacai@kernel.org \
    --cc=keescook@chromium.org \
    --cc=kernel@xen0n.name \
    --cc=linux-api@vger.kernel.org \
    --cc=linux-arch@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=lixuefeng@loongson.cn \
    --cc=loongarch@lists.linux.dev \
    --cc=lvjianmin@loongson.cn \
    --cc=shankerwangmiao@gmail.com \
    --cc=uwu@icenowy.me \
    --cc=wangrui@loongson.cn \
    --cc=wuxiaotian@loongson.cn \
    --cc=xry111@xry111.site \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).