Cover Letter Detail
Show a cover letter.
GET /api/covers/1707776/?format=api
{ "id": 1707776, "url": "http://patchwork.ozlabs.org/api/covers/1707776/?format=api", "web_url": "http://patchwork.ozlabs.org/project/linux-um/cover/20221122100759.208290-1-benjamin@sipsolutions.net/", "project": { "id": 60, "url": "http://patchwork.ozlabs.org/api/projects/60/?format=api", "name": "User-mode Linux Development", "link_name": "linux-um", "list_id": "linux-um.lists.infradead.org", "list_email": "linux-um@lists.infradead.org", "web_url": "", "scm_url": "", "webscm_url": "", "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20221122100759.208290-1-benjamin@sipsolutions.net>", "list_archive_url": null, "date": "2022-11-22T10:07:31", "name": "[v2,00/28] Implement SECCOMP based userland", "submitter": { "id": 67525, "url": "http://patchwork.ozlabs.org/api/people/67525/?format=api", "name": "Benjamin Berg", "email": "benjamin@sipsolutions.net" }, "mbox": "http://patchwork.ozlabs.org/project/linux-um/cover/20221122100759.208290-1-benjamin@sipsolutions.net/mbox/", "series": [ { "id": 329466, "url": "http://patchwork.ozlabs.org/api/series/329466/?format=api", "web_url": "http://patchwork.ozlabs.org/project/linux-um/list/?series=329466", "date": "2022-11-22T10:07:37", "name": "Implement SECCOMP based userland", "version": 2, "mbox": "http://patchwork.ozlabs.org/series/329466/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/covers/1707776/comments/", "headers": { "Return-Path": "\n <linux-um-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n spf=none (no SPF record) smtp.mailfrom=lists.infradead.org\n (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;\n envelope-from=linux-um-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;\n receiver=<UNKNOWN>)", "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n secure) header.d=lists.infradead.org header.i=@lists.infradead.org\n header.a=rsa-sha256 header.s=bombadil.20210309 header.b=qBUlWE93;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n secure) header.d=infradead.org header.i=@infradead.org header.a=rsa-sha256\n header.s=desiato.20200630 header.b=peuasRCa;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n secure) header.d=sipsolutions.net header.i=@sipsolutions.net\n header.a=rsa-sha256 header.s=mail header.b=fRZHYG94;\n\tdkim-atps=neutral" ], "Received": [ "from bombadil.infradead.org (bombadil.infradead.org\n [IPv6:2607:7c80:54:3::133])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4NGgRg23rMz23nn\n\tfor <incoming@patchwork.ozlabs.org>; Tue, 22 Nov 2022 21:27:11 +1100 (AEDT)", "from localhost ([::1] helo=bombadil.infradead.org)\n\tby bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux))\n\tid 1oxQUa-007o1a-3Q; Tue, 22 Nov 2022 10:27:04 +0000", "from desiato.infradead.org ([2001:8b0:10b:1:d65d:64ff:fe57:4e05])\n\tby bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux))\n\tid 1oxQTM-007nKg-F3\n\tfor linux-um@bombadil.infradead.org; Tue, 22 Nov 2022 10:25:48 +0000", "from s3.sipsolutions.net ([2a01:4f8:191:4433::2]\n helo=sipsolutions.net)\n\tby desiato.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux))\n\tid 1oxQF1-003P1u-8F\n\tfor linux-um@lists.infradead.org; Tue, 22 Nov 2022 10:11:06 +0000", "by sipsolutions.net with esmtpsa\n (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)\n\t(Exim 4.96)\n\t(envelope-from <benjamin@sipsolutions.net>)\n\tid 1oxQEg-006IGn-1D;\n\tTue, 22 Nov 2022 11:10:38 +0100" ], "DKIM-Signature": [ "v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=lists.infradead.org; s=bombadil.20210309; h=Sender:\n\tContent-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:\n\tList-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc\n\t:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:\n\tResent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:\n\tList-Owner; bh=KZ9ygnjogY6VDK4DXN1QmuywMo+RI/qHwKbGEIbiQq8=; b=qBUlWE93ocOYzP\n\tIc2bk+9nPtz3K+LI7CL53KjDWIl4r1DNK2O9ss5sfGudz13QqiVJ/UiDr/qcfUCojpyDONdyP8Uqh\n\tsFhFvDbiCB8BPjRZUMaiWS5EUMCKn0N9qJAOH1rN/a+d/YOOaDce/7cM3v28CDPPwW38GGfmwnyQ1\n\tyrPLvmtGa98TGI90DvCi0la4Ci22lJPr8wqflmDfrmxo/LroX+LB3m7MT/I7Ow2+V4HC40I+dnOK1\n\ts6H76vzVpu7U8ofSvkMMVC/HPz1wzLOt/Zd50NIGDJN1tgkO0cU5no7pv8/3d9sdDhUXyRHuIsx/h\n\tnkBiPPeeqC4Aks5wNlYA==;", "v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=infradead.org; s=desiato.20200630; h=Content-Transfer-Encoding:MIME-Version\n\t:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID:\n\tContent-Description:In-Reply-To:References;\n\tbh=DNc04u2/z2XeWk5h65EgPG9tu4VgW9enlbCVAWrG8B4=; b=peuasRCaZdQ993BqTPFyzoYKA7\n\t4wbL1HzrAuJ3B8v0AlC8aeWgLjVG3jBHKB2pZhYWFaoMw1JfW2xx8WD7duwpuVOj4fiMY9hoErUEJ\n\tjcIH2Up+tlkH+vxQMUBhceWATdB4hFg6qdAtQFv3VxM5YRTwBKV/D42VOXNQAMtmMZsAzAIsp8VgT\n\tje0B30RL9pdF3402ndBPe4u3OyC0tB7bo3J/8lGlEt55wq/BnxGYEa6GsjM1oeS3q5EHzoUHdcb9J\n\t3EhlgppeWqArPgQuHwLiDAgj8NZKWemUHMpCC0CPCmbXnt6x11aPV+Dl+QoJwFGANO6Uhbsf6Qq+t\n\tnrsboN/A==;", "v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=sipsolutions.net; s=mail; h=Content-Transfer-Encoding:MIME-Version:\n\tMessage-Id:Date:Subject:Cc:To:From:Content-Type:Sender:Reply-To:Content-ID:\n\tContent-Description:Resent-Date:Resent-From:Resent-To:Resent-Cc:\n\tResent-Message-ID:In-Reply-To:References;\n\tbh=DNc04u2/z2XeWk5h65EgPG9tu4VgW9enlbCVAWrG8B4=; t=1669111859; x=1670321459;\n\tb=fRZHYG94mx2GYl49YeknyW7+EcTMbfPC9KaeUaxEHj1JrFov+Madyv19y8fWve0XpqpfAZzaXdq\n\toeDvWTJzKoGEX+BcSNIsQCL30UzLw6Xxo6SitpGf15Q2mgqbYOH4n+BCcpK231z9VcuIdz4819EI3\n\t/camDElrsvBdVXysEAnVw3V2deeAZOiucRqTkWgTyuLqyOeWvl4PvAS7mYODg0wHOEcOcVbECAo0t\n\tQKRPV8k9XdCrU4o87mpnGl8IaGAft/qfdP/T2gKJUHxz1WyzwbW5R0Gc/in73MdTZt5H6KrPwVaMb\n\tx9Ys7mFiCb2PgUPiv/YJWgVJEvQdHbbHyx+w==;" ], "From": "benjamin@sipsolutions.net", "To": "linux-um@lists.infradead.org", "Cc": "Benjamin Berg <benjamin@sipsolutions.net>", "Subject": "[PATCH v2 00/28] Implement SECCOMP based userland", "Date": "Tue, 22 Nov 2022 11:07:31 +0100", "Message-Id": "<20221122100759.208290-1-benjamin@sipsolutions.net>", "X-Mailer": "git-send-email 2.38.1", "MIME-Version": "1.0", "X-CRM114-Version": "20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 ", "X-CRM114-CacheID": "sfid-20221122_101100_332761_F6B7AD9E ", "X-CRM114-Status": "GOOD ( 16.04 )", "X-Spam-Score": "-0.2 (/)", "X-Spam-Report": "Spam detection software,\n running on the system \"desiato.infradead.org\",\n has NOT identified this incoming email as spam. The original\n message has been attached to this so you can view it or label\n similar future email. If you have any questions, see\n the administrator of that system for details.\n Content preview: From: Benjamin Berg <benjamin@sipsolutions.net> Currently\n UML uses ptrace in order to implement userspace processes. This works\n really\n well, however,\n it requires six context switches per pagefault (get faultinfo,\n run syscalls, continue process).\n Content analysis details: (-0.2 points, 5.0 required)\n pts rule name description\n ---- ----------------------\n --------------------------------------------------\n -0.0 SPF_PASS SPF: sender matches SPF record\n -0.0 SPF_HELO_PASS SPF: HELO matches SPF record\n -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from\n author's domain\n -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from\n envelope-from domain\n 0.1 DKIM_SIGNED Message has a DKIM or DK signature,\n not necessarily\n valid\n -0.1 DKIM_VALID Message has at least one valid DKIM or DK\n signature", "X-BeenThere": "linux-um@lists.infradead.org", "X-Mailman-Version": "2.1.34", "Precedence": "list", "List-Id": "<linux-um.lists.infradead.org>", "List-Unsubscribe": "<http://lists.infradead.org/mailman/options/linux-um>,\n <mailto:linux-um-request@lists.infradead.org?subject=unsubscribe>", "List-Archive": "<http://lists.infradead.org/pipermail/linux-um/>", "List-Post": "<mailto:linux-um@lists.infradead.org>", "List-Help": "<mailto:linux-um-request@lists.infradead.org?subject=help>", "List-Subscribe": "<http://lists.infradead.org/mailman/listinfo/linux-um>,\n <mailto:linux-um-request@lists.infradead.org?subject=subscribe>", "Content-Type": "text/plain; charset=\"us-ascii\"", "Content-Transfer-Encoding": "7bit", "Sender": "\"linux-um\" <linux-um-bounces@lists.infradead.org>", "Errors-To": "linux-um-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org" }, "content": "From: Benjamin Berg <benjamin@sipsolutions.net>\n\nCurrently UML uses ptrace in order to implement userspace processes. This\nworks really well, however, it requires six context switches per pagefault\n(get faultinfo, run syscalls, continue process).\n\nBy switching to use SECCOMP, the whole process becomes more collaborative\nas the userspace process can run code, including host syscalls, before\njumping into the kernel and after the kernel returns control. This means\npagefaults only require two context switches to be processed.\n\nIn pagefault heavy scenarios (e.g. fork/exec) the performance increase of\ndoing this can be considerable, with runtimes dropping by 30% or more.\n\nNote that the current syscall filter can easily be abused by a userspace\nprocess to execute arbitrary host syscalls. I think it is possible to\nefficiently detect such attempts and kill the offending processes by\n(ab)using the rt_sigaction syscall in order to set/get a flag that\nuserspace code cannot tamper with.\n\nv2:\n * Fixed FP register store/restore\n * Plenty of other fixes and improvements\n\nBenjamin Berg (28):\n um: Switch printk calls to adhere to correct coding style\n um: Declare fix_range_common as a static function\n um: Drop support for hosts without SYSEMU_SINGLESTEP support\n um: Drop NULL check from start_userspace\n um: Make errors to stop ptraced child fatal during startup\n um: Don't use vfprintf() for os_info()\n um: Do not use printk in SIGWINCH helper thread\n um: Reap winch thread if it fails\n um: Do not use printk in userspace trampoline\n um: Always inline stub functions\n um: Rely on PTRACE_SETREGSET to set FS/GS base registers\n um: Remove unused register save/restore functions\n um: Mark 32bit syscall helpers as clobbering memory\n um: Remove stub-data.h include from common-offsets.h\n um: Create signal stack memory assignment in stub_data\n um: Add generic stub_syscall6 function\n um: Rework syscall handling\n um: Store full CSGSFS and SS register from mcontext\n um: Pass full mm_id to functions creating helper processes\n um: Move faultinfo extraction into userspace routine\n um: Use struct uml_pt_regs for copy_context_skas0\n um: Add UML_SECCOMP configuration option\n um: Add stub side of SECCOMP/futex based process handling\n um: Add helper functions to get/set state for SECCOMP\n um: Add SECCOMP support detection and initialization\n um: Die if a child dies unexpectedly in seccomp mode\n um: Implement kernel side of SECCOMP based process handling\n um: Delay flushing syscalls until the thread is restarted\n\n arch/um/Kconfig | 19 +\n arch/um/drivers/chan_user.c | 42 +-\n arch/um/drivers/line.c | 13 +-\n arch/um/include/asm/processor-generic.h | 1 -\n arch/um/include/shared/as-layout.h | 2 +-\n arch/um/include/shared/common-offsets.h | 14 +-\n arch/um/include/shared/kern_util.h | 3 +-\n arch/um/include/shared/os.h | 33 +-\n arch/um/include/shared/ptrace_user.h | 41 --\n arch/um/include/shared/registers.h | 2 -\n arch/um/include/shared/skas/mm_id.h | 1 +\n arch/um/include/shared/skas/skas.h | 7 +\n arch/um/include/shared/skas/stub-data.h | 41 +-\n arch/um/include/shared/user.h | 8 +\n arch/um/kernel/exec.c | 10 +-\n arch/um/kernel/process.c | 12 +-\n arch/um/kernel/ptrace.c | 2 -\n arch/um/kernel/signal.c | 12 -\n arch/um/kernel/skas/Makefile | 4 +-\n arch/um/kernel/skas/clone.c | 33 +-\n arch/um/kernel/skas/mmu.c | 16 +-\n arch/um/kernel/skas/process.c | 8 +\n arch/um/kernel/skas/stub.c | 101 ++++\n arch/um/kernel/tlb.c | 54 +-\n arch/um/os-Linux/process.c | 40 ++\n arch/um/os-Linux/registers.c | 24 +-\n arch/um/os-Linux/signal.c | 7 +\n arch/um/os-Linux/skas/mem.c | 288 +++++----\n arch/um/os-Linux/skas/process.c | 749 ++++++++++++++++--------\n arch/um/os-Linux/start_up.c | 244 +++++---\n arch/um/os-Linux/util.c | 19 +-\n arch/x86/um/Makefile | 2 +-\n arch/x86/um/asm/elf.h | 4 +-\n arch/x86/um/asm/processor_64.h | 3 -\n arch/x86/um/ldt.c | 47 +-\n arch/x86/um/os-Linux/Makefile | 1 -\n arch/x86/um/os-Linux/mcontext.c | 153 ++++-\n arch/x86/um/os-Linux/prctl.c | 12 -\n arch/x86/um/ptrace_32.c | 24 -\n arch/x86/um/ptrace_64.c | 26 -\n arch/x86/um/shared/sysdep/mcontext.h | 9 +\n arch/x86/um/shared/sysdep/ptrace_32.h | 4 -\n arch/x86/um/shared/sysdep/ptrace_user.h | 12 +-\n arch/x86/um/shared/sysdep/stub-data.h | 12 +\n arch/x86/um/shared/sysdep/stub.h | 4 +\n arch/x86/um/shared/sysdep/stub_32.h | 78 ++-\n arch/x86/um/shared/sysdep/stub_64.h | 57 +-\n arch/x86/um/stub_32.S | 56 --\n arch/x86/um/stub_64.S | 50 --\n arch/x86/um/syscalls_64.c | 62 +-\n arch/x86/um/tls_64.c | 2 +-\n 51 files changed, 1500 insertions(+), 968 deletions(-)\n create mode 100644 arch/um/kernel/skas/stub.c\n delete mode 100644 arch/x86/um/os-Linux/prctl.c\n create mode 100644 arch/x86/um/shared/sysdep/stub-data.h\n delete mode 100644 arch/x86/um/stub_32.S\n delete mode 100644 arch/x86/um/stub_64.S" }