Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 1 Mar 2012 21:26:23 -0800
From: Kees Cook <keescook@...omium.org>
To: Indan Zupancic <indan@....nu>
Cc: Andrew Morton <akpm@...ux-foundation.org>, Stephen Rothwell <sfr@...b.auug.org.au>, 
	Will Drewry <wad@...omium.org>, linux-kernel@...r.kernel.org, linux-arch@...r.kernel.org, 
	linux-doc@...r.kernel.org, kernel-hardening@...ts.openwall.com, 
	netdev@...r.kernel.org, x86@...nel.org, arnd@...db.de, davem@...emloft.net, 
	hpa@...or.com, mingo@...hat.com, oleg@...hat.com, peterz@...radead.org, 
	rdunlap@...otime.net, mcgrathr@...omium.org, tglx@...utronix.de, luto@....edu, 
	eparis@...hat.com, serge.hallyn@...onical.com, djm@...drot.org, 
	scarybeasts@...il.com, pmoore@...hat.com, corbet@....net, 
	eric.dumazet@...il.com, markus@...omium.org, coreyb@...ux.vnet.ibm.com
Subject: Re: [PATCH v12 01/13] sk_run_filter: add support for custom load_pointer

On Thu, Mar 1, 2012 at 8:04 PM, Indan Zupancic <indan@....nu> wrote:
> On Fri, March 2, 2012 02:19, Andrew Morton wrote:
>> That assumes that we're going to merge this stuff into 3.4 - if we
>> don't, unwrecker gets rewrecked and grumpy.
>>
>> I don't know if we're going to merge it into 3.4?  I haven't been
>> paying a lot of attention and haven't looked at the patches in a while.
>
> I think it should be merged, but I think 3.5 is probably better.
>
> This because we haven't heard anything from the networking people
> about the BPF changes, and I'm also unsure if the current approach
> is the best one: It both increases the filter.o size significantly
> while slowing down sk_run_filter, while the point was to avoid both.
> I'm trying to think of an alternative approach with lower impact.
>
> The ptrace integration may need some more time to settle too, even
> just to make sure the latest version does what needs to be done.
>
> Both directly affect the user space ABI, so I think it's best to
> not be too hasty with pushing this upstream. Waiting one release
> while having a stable final patch gives people the chance to go
> and try to use it for their purposes and thus both test the code
> more and get experience with the ABI.

Well, IIUC, Eric Dumazet Acked the BPF changes. While I see what
you're saying about waiting for 3.5, it seems like the best way to
really see this stabilize is to get this into 3.4. The various
approaches have been discussed for a while now. Having that wider
testing sooner rather than later seems like the better approach to me.
Waiting for 3.5 just means we'll be waiting until then to do that same
testing. Perhaps Andrew Morton can decide?

Regardless, I've updated my seccomp tree with Will's rebase to Linus's
tree so people can pull from it as need be:

        git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git seccomp

-Kees

-- 
Kees Cook
ChromeOS Security

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.