On 14/09/2016 20:29, Andy Lutomirski wrote:
> On Wed, Sep 14, 2016 at 12:24 AM, Mickaël Salaün <mic@xxxxxxxxxxx> wrote:
>> This third origin of hook call should cover all possible trigger paths
>> (e.g. page fault). Landlock eBPF programs can then take decisions
>> accordingly.
>>
>> Signed-off-by: Mickaël Salaün <mic@xxxxxxxxxxx>
>> Cc: Alexei Starovoitov <ast@xxxxxxxxxx>
>> Cc: Andy Lutomirski <luto@xxxxxxxxxxxxxx>
>> Cc: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
>> Cc: Kees Cook <keescook@xxxxxxxxxxxx>
>> ---
>
>
>>
>> + if (unlikely(in_interrupt())) {
>
> IMO security hooks have no business being called from interrupts.
> Aren't they all synchronous things done by tasks? Interrupts are
> driver things.
>
> Are you trying to check for page faults and such?
Yes, that was the idea you did put in my mind. Not sure how to deal with
this.
Attachment:
signature.asc
Description: OpenPGP digital signature
