On Wed, Sep 14, 2016 at 6:19 PM, Andy Lutomirski <l...@amacapital.net> wrote: > On Wed, Sep 14, 2016 at 3:14 PM, Mickaël Salaün <m...@digikod.net> wrote: >> >> On 14/09/2016 20:29, Andy Lutomirski wrote: >>> On Wed, Sep 14, 2016 at 12:24 AM, Mickaël Salaün <m...@digikod.net> wrote: >>>> This third origin of hook call should cover all possible trigger paths >>>> (e.g. page fault). Landlock eBPF programs can then take decisions >>>> accordingly. >>>> >>>> Signed-off-by: Mickaël Salaün <m...@digikod.net> >>>> Cc: Alexei Starovoitov <a...@kernel.org> >>>> Cc: Andy Lutomirski <l...@amacapital.net> >>>> Cc: Daniel Borkmann <dan...@iogearbox.net> >>>> Cc: Kees Cook <keesc...@chromium.org> >>>> --- >>> >>> >>>> >>>> + if (unlikely(in_interrupt())) { >>> >>> IMO security hooks have no business being called from interrupts. >>> Aren't they all synchronous things done by tasks? Interrupts are >>> driver things. >>> >>> Are you trying to check for page faults and such? >> >> Yes, that was the idea you did put in my mind. Not sure how to deal with >> this. >> > > It's not so easy, unfortunately. The easiest reliable way might be to > set a TS_ flag on all syscall entries when TIF_SECCOMP or similar is > set.
For making this series smaller, let's leave the idea idea of interrupt hooks out -- the intention is for stricter syscall filtering, yes? Once things are more well established and there's a use-case for this, it can be added back in. -Kees -- Kees Cook Nexus Security