Date: Sat, 13 Aug 2011 19:19:47 +0400 From: Solar Designer <solar@...nwall.com> To: kernel-hardening@...ts.openwall.com Subject: Re: 32/64 bitness restriction for pid namespace Vasiliy, On Sat, Aug 13, 2011 at 07:12:20PM +0400, Vasiliy Kulikov wrote: > Re: slowdown - my assumptions are: > > 1) we don't want any slowdown for legitimate tasks - 64 bit tasks for 64 > bit containers and 32 bit tasks for 32 bit containers. > > 2) slowdown of malicious (or broken) tasks is not important. Right. > /* work to do in syscall_trace_enter() */ > #define _TIF_WORK_SYSCALL_ENTRY \ > (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_EMU | _TIF_SYSCALL_AUDIT | \ > _TIF_SECCOMP | _TIF_SINGLESTEP | _TIF_SYSCALL_TRACEPOINT) > > > So, there is a mask, which is used to identify whether a syscall needs > additional pre/post processing. If divide syscall_trace_enter() into 3 > functions, we'll get what we want. This will result in zero impact on > the legitimate code (relavite to current behaviour). > > One drawback - *tracesys clobbers EAX/RAX, so I still have to patch asm. I haven't looked into the detail of this, but in general I like the approach of reusing a check that is already in the code. Please proceed with this. Thanks, Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.