Re: [PATCH v4 1/2] kernel: Implement selective syscall userspace redirection

On Thu, Jul 16, 2020 at 12:31 PM Gabriel Krisman Bertazi krisman@collabora.com wrote:

This is quite nice. I have a few comments, though:

You mentioned rt_sigreturn(). Should this automatically exempt the kernel-provided signal restorer on architectures (e.g. x86_32) that provide one?

The amount of syscall entry wiring that arches need to do is IMO already a bit out of hand. Should we instead rename TIF_SECCOMP to TIF_SYSCALL_INTERCEPTION and have one generic callback that handles seccomp and this new thing?

+int do_syscall_user_dispatch(struct pt_regs *regs) +{

•   struct syscall_user_dispatch *sd = &current->syscall_dispatch;
  

•   unsigned long ip = instruction_pointer(regs);
  

•   char state;
  

•   if (likely(ip >= sd->dispatcher_start && ip <= sd->dispatcher_end))
  

•           return 0;
  

•   if (likely(sd->selector)) {
  

•           if (unlikely(__get_user(state, sd->selector)))
  

•                   do_exit(SIGSEGV);
  

•           if (likely(state == 0))
  

•                   return 0;
  

•           if (state != 1)
  

•                   do_exit(SIGSEGV);
  

This seems a bit extreme and hard to debug if it ever happens.