On Wed, Sep 14, 2016 at 3:14 PM, Mickaël Salaün <m...@digikod.net> wrote: > > On 14/09/2016 20:29, Andy Lutomirski wrote: >> On Wed, Sep 14, 2016 at 12:24 AM, Mickaël Salaün <m...@digikod.net> wrote: >>> This third origin of hook call should cover all possible trigger paths >>> (e.g. page fault). Landlock eBPF programs can then take decisions >>> accordingly. >>> >>> Signed-off-by: Mickaël Salaün <m...@digikod.net> >>> Cc: Alexei Starovoitov <a...@kernel.org> >>> Cc: Andy Lutomirski <l...@amacapital.net> >>> Cc: Daniel Borkmann <dan...@iogearbox.net> >>> Cc: Kees Cook <keesc...@chromium.org> >>> --- >> >> >>> >>> + if (unlikely(in_interrupt())) { >> >> IMO security hooks have no business being called from interrupts. >> Aren't they all synchronous things done by tasks? Interrupts are >> driver things. >> >> Are you trying to check for page faults and such? > > Yes, that was the idea you did put in my mind. Not sure how to deal with > this. >
It's not so easy, unfortunately. The easiest reliable way might be to set a TS_ flag on all syscall entries when TIF_SECCOMP or similar is set. --Andy