Thread (34 messages) 34 messages, 4 authors, 2018-11-30

Re: [PATCH v8 1/2] seccomp: add a return code to trap to userspace

From: Tycho Andersen <hidden>
Date: 2018-10-30 21:54:12
Also in: lkml

On Tue, Oct 30, 2018 at 02:49:21PM -0700, Kees Cook wrote:
On Mon, Oct 29, 2018 at 3:40 PM, Tycho Andersen [off-list ref] wrote:
quoted
    * switch to a flags based future-proofing mechanism for struct
      seccomp_notif and seccomp_notif_resp, thus avoiding version issues
      with structure length (Kees)
[...]
quoted
+struct seccomp_notif {
+       __u64 id;
+       __u32 pid;
+       __u32 flags;
+       struct seccomp_data data;
+};
+
+struct seccomp_notif_resp {
+       __u64 id;
+       __s64 val;
+       __s32 error;
+       __u32 flags;
+};
Hrm, so, what's the plan for when struct seccomp_data changes size?
I guess my plan was don't ever change the size again, just use flags
and have extra state available via ioctl().
I'm realizing that it might be "too late" for userspace to discover
it's running on a newer kernel. i.e. it gets a user notification, and
discovers flags it doesn't know how to handle. Do we actually need
both flags AND a length? Designing UAPI is frustrating! :)
:). I don't see this as such a big problem -- in fact it's better than
the length mode, where you don't know what you don't know, because it
only copied as much info as you could handle. Older userspace would
simply not use information it didn't know how to use.
Do we need another ioctl to discover the seccomp_data size maybe?
That could be an option as well, assuming we agree that size would
work, which I thought we didn't?

Tycho
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help