Re: [PATCH RFC] seccomp: Implement syscall isolation based on memory areas
From: Gabriel Krisman Bertazi <hidden>
Date: 2020-06-01 17:54:28
Also in:
linux-mm, lkml
Possibly related (same subject, not in this thread)
- 2020-06-01 · Re: [PATCH RFC] seccomp: Implement syscall isolation based on memory areas · Gabriel Krisman Bertazi <hidden>
- 2020-05-31 · Re: [PATCH RFC] seccomp: Implement syscall isolation based on memory areas · Paul Gofman <hidden>
- 2020-05-31 · Re: [PATCH RFC] seccomp: Implement syscall isolation based on memory areas · Matthew Wilcox <willy@infradead.org>
- 2020-05-31 · Re: [PATCH RFC] seccomp: Implement syscall isolation based on memory areas · Paul Gofman <hidden>
- 2020-05-31 · Re: [PATCH RFC] seccomp: Implement syscall isolation based on memory areas · Matthew Wilcox <willy@infradead.org>
Paul Gofman [off-list ref] writes:
On 5/31/20 20:31, Matthew Wilcox wrote:quoted
If it's the cost of the syscall that's the problem, there are ways around that. We'd still want a personality() call to indicate that the syscall handler should look (somewhere) to determine the current personality, but that could be issued at the start of execution rather than when we switch between Windows & Linux code.Sure, we can call personality() at start and specify the location to look at, the only thing is that the location should be thread specific, that is, based on fs: or gs: or whatever else which would allow us to have different threads in different "personality" state. If anything needs to be set up at thread start we can do that also of course. If there will be any proof of concept solution I will be happy to make a proof of concept Wine patch using that and do some testing.
Let me give that a try and share the patches with you, so we can look at how this implementation would look like. -- Gabriel Krisman Bertazi