linux-mips
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [PATCH 2/2] x86-64: seccomp: fix 32/64 syscall hole

from [Markus Gutschke (顧孟勤)] [Permanent Link][Original]
To: Ingo Molnar <mingo@elte.hu>
Subject: Re: [PATCH 2/2] x86-64: seccomp: fix 32/64 syscall hole
From: Markus Gutschke (顧孟勤) <markus@google.com>
Date: Wed, 6 May 2009 15:21:51 -0700
Cc: Linus Torvalds <torvalds@linux-foundation.org>, Roland McGrath <roland@redhat.com>, Andrew Morton <akpm@linux-foundation.org>, x86@kernel.org, linux-kernel@vger.kernel.org, stable@kernel.org, linux-mips@linux-mips.org, sparclinux@vger.kernel.org, linuxppc-dev@ozlabs.org
Dkim-signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1241648513; bh=s5W7Tl6ctMCyFetY68PouBorUZ8=; h=DomainKey-Signature:MIME-Version:In-Reply-To:References:Date: Message-ID:Subject:From:To:Cc:Content-Type: Content-Transfer-Encoding:X-System-Of-Record; b=YTEp78vrxCd44OO1/5 JEextSu6F9sXsu3H85yYYUIs0OsBYoiumy5GWowKyd5CsYBYVII5OCdMMZqH2zt7Qrg g==
Domainkey-signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=mime-version:in-reply-to:references:date:message-id:subject:from:to: cc:content-type:content-transfer-encoding:x-system-of-record; b=K0JOaFQUASKXjiCsQ1IaavIg0qPM1ofMrO8Feot/eWlulMbteumNNp6G8H/BqF0By uZLZe0mvX2PzjYz4IIzBQ==
In-reply-to: <20090506221319.GA11493@elte.hu>
Original-recipient: rfc822;linux-mips@linux-mips.org
References: <20090228030413.5B915FC3DA@magilla.sf.frob.com> <alpine.LFD.2.00.0902271948570.3111@localhost.localdomain> <20090228072554.CFEA6FC3DA@magilla.sf.frob.com> <alpine.LFD.2.00.0902280916470.3111@localhost.localdomain> <904b25810905061146ged374f2se0afd24e9e3c1f06@mail.gmail.com> <20090506212913.GC4861@elte.hu> <904b25810905061446m73c42040nfff47c9b8950bcfa@mail.gmail.com> <20090506215450.GA9537@elte.hu> <904b25810905061508n6d9cb8dbg71de5b1e0332ede7@mail.gmail.com> <20090506221319.GA11493@elte.hu>
Sender: linux-mips-bounce@linux-mips.org 
On Wed, May 6, 2009 at 15:13, Ingo Molnar <mingo@elte.hu> wrote:
> doing a (per arch) bitmap of harmless syscalls and replacing the
> mode1_syscalls[] check with that in kernel/seccomp.c would be a
> pretty reasonable extension. (.config controllable perhaps, for
> old-style-seccomp)
>
> It would probably be faster than the current loop over
> mode1_syscalls[] as well.

This would be a great option to improve performance of our sandbox. I
can detect the availability of the new kernel API dynamically, and
then not intercept the bulk of the system calls. This would allow the
sandbox to work both with existing and with newer kernels.

We'll post a kernel patch for discussion in the next few days,


Markus
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [PATCH 2/2] x86-64: seccomp: fix 32/64 syscall hole, Ingo Molnar
Next by Date:  Re: [PATCH 2/2] x86-64: seccomp: fix 32/64 syscall hole, Nicholas Miell
Previous by Thread:  Re: [PATCH 2/2] x86-64: seccomp: fix 32/64 syscall hole, Ingo Molnar
Next by Thread:  Re: [PATCH 2/2] x86-64: seccomp: fix 32/64 syscall hole, Nicholas Miell
Indexes:  [Date] [Thread] [Top] [All Lists]