lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 21 Sep 2020 18:08:00 -0500 From: YiFei Zhu <zhuyifei1999@...il.com> To: Jann Horn <jannh@...gle.com> Cc: Linux Containers <containers@...ts.linux-foundation.org>, YiFei Zhu <yifeifz2@...inois.edu>, bpf <bpf@...r.kernel.org>, Andrea Arcangeli <aarcange@...hat.com>, Dimitrios Skarlatos <dskarlat@...cmu.edu>, Giuseppe Scrivano <gscrivan@...hat.com>, Hubertus Franke <frankeh@...ibm.com>, Jack Chen <jianyan2@...inois.edu>, Josep Torrellas <torrella@...inois.edu>, Kees Cook <keescook@...omium.org>, Tianyin Xu <tyxu@...inois.edu>, Tobin Feldman-Fitzthum <tobin@....com>, Valentin Rothberg <vrothber@...hat.com>, Andy Lutomirski <luto@...capital.net>, Will Drewry <wad@...omium.org>, Aleksa Sarai <cyphar@...har.com>, kernel list <linux-kernel@...r.kernel.org> Subject: Re: [RFC PATCH seccomp 2/2] seccomp/cache: Cache filter results that allow syscalls On Mon, Sep 21, 2020 at 5:58 PM Jann Horn <jannh@...gle.com> wrote: > > I do agree that an immutable bitmask is faster and easier to reason > > about its correctness. However, I did not find the "code to statically > > evaluate the filter for all syscall numbers" while reading seccomp.c. > > Would you give me a pointer to that and I will see how to best make > > use of it? > > I'm talking about the code you're adding in the other patch ("[RFC > PATCH seccomp 1/2] seccomp/cache: Add "emulator" to check if filter is > arg-dependent"). Sorry, that was a bit unclear. I see, building an immutable accept bitmask when preparing and then just use that when running it. I guess if the arch number issue is resolved this should be more doable. Will do. YiFei Zhu
Powered by blists - more mailing lists