From: Rich Felker <dalias@libc.org>
To: musl@lists.openwall.com
Subject: Re: Using direct socket syscalls on x86_32 where available?
Date: Sun, 26 Jul 2015 12:59:07 -0400 [thread overview]
Message-ID: <20150726165907.GM16376@brightrain.aerifal.cx> (raw)
In-Reply-To: <CALCETrX_b68Ex+i4Aq=Nep-ADvSD=VDmj-K8XEaUB+4JNba2Tw@mail.gmail.com>
On Sat, Jul 25, 2015 at 10:54:28AM -0700, Andy Lutomirski wrote:
> On x86_32, the only way to call socket(2), etc is using socketcall.
> This is slated to change in Linux 4.3:
>
> https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?h=x86/asm&id=9dea5dc921b5f4045a18c63eb92e84dc274d17eb
>
> If userspace adapts by preferring the direct syscalls when available,
> it'll make it easier for seccomp to filter new userspace programs
> (and, ideally, eventually disallow socketcall for sandbox-aware code).
>
> Would musl be willing to detect these syscalls and use them if available?
>
> (Code to do this probably shouldn't be committed until that change
> lands in Linus' tree, just in case the syscall numbers change in the
> mean time.)
My preference would be not to do this, since it seems to be enlarging
the code and pessimizing normal usage for the sake of a very special
usage scenario. At the very least there would be at least one extra
syscall to probe at first usage, and that probe could generate a
termination on existing seccomp setups. :-p So far we don't probe and
store results for any fallbacks though; we just do the fallback on
error every time. This is because all of the existing fallbacks are in
places where we actually want new functionality a new syscall offers,
and the old ones are not able to provide it precisely but require poor
emulation, and in these cases it's expected that the user not be using
old kernels that can't give correct semantics. But in the case of
these socket calls there's no semantic difference or reason for us to
be preferring the 'new' calls. It's just a duplicate API for the same
thing.
Rich
next prev parent reply other threads:[~2015-07-26 16:59 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-25 17:54 Andy Lutomirski
2015-07-25 18:35 ` Szabolcs Nagy
2015-07-26 16:33 ` Justin Cormack
2015-07-26 16:59 ` Rich Felker [this message]
2015-07-27 23:56 ` Andy Lutomirski
2015-07-28 0:45 ` Rich Felker
2015-07-28 1:04 ` Andy Lutomirski
2015-07-28 1:21 ` Rich Felker
2015-07-28 1:38 ` Andy Lutomirski
2015-07-28 12:05 ` Szabolcs Nagy
2015-07-28 7:44 ` Alexander Larsson
2015-07-29 12:51 ` Justin Cormack
2015-07-29 18:32 ` Andy Lutomirski
2015-07-29 23:14 ` Justin Cormack
2015-07-31 23:13 ` Brad Conroy
2015-08-01 0:02 ` Rich Felker
2015-08-01 3:32 ` Brad Conroy
2015-08-01 3:47 ` Rich Felker
2015-08-01 11:24 ` u-wsnj
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150726165907.GM16376@brightrain.aerifal.cx \
--to=dalias@libc.org \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).