On 04/24/2014 08:19 PM, Paul Moore wrote:
> On Tuesday, April 22, 2014 03:40:36 PM Markos Chandras wrote:
>> A MIPS64 kernel may support ELF files for all 3 MIPS ABIs
>> (O32, N32, N64). Furthermore, the AUDIT_ARCH_MIPS{,EL}64 token
>> does not provide enough information about the ABI for the 64-bit
>> process. As a result of which, userland needs to use complex
>> seccomp filters to decide whether a syscall belongs to the o32 or n32
>> or n64 ABI. Therefore, a new arch token for MIPS64/n32 is added so it
>> can be used by seccomp to explicitely set syscall filters for this ABI.
>>
>> Link: http://sourceforge.net/p/libseccomp/mailman/message/32239040/
>> Cc: Andy Lutomirski <luto@xxxxxxxxxxxxxx>
>> Cc: Eric Paris <eparis@xxxxxxxxxx>
>> Cc: Paul Moore <pmoore@xxxxxxxxxx>
>> Cc: Ralf Baechle <ralf@xxxxxxxxxxxxxx>
>> Signed-off-by: Markos Chandras <markos.chandras@xxxxxxxxxx>
>> ---
>> Ralf, can we please have this in 3.15 (Assuming it's ACK'd)?
>>
>> Thanks a lot!
>> ---
>> arch/mips/include/asm/syscall.h | 2 ++
>> include/uapi/linux/audit.h | 12 ++++++++++++
>> 2 files changed, 14 insertions(+)
>
> I'm far from qualified to ACK any MIPS specific patches, but I do want to add
> my support for this patch. As Markos states above, without this patch any
> seccomp BPF code will be more complex than necessary (see x32 for an idea) and
> projects that try to abstract away the arch/ABI specific nature of the BPF
> seccomp filters will be have to do a lot more work. Please merge this patch,
> or something similar, along with the MIPS BPF seccomp filters in 3.15; waiting
> until 3.16 will be too late.
>
> I also don't want to speak for the audit folks (Eric?), but I think you'll
> hear that this patch makes life much easier for them as well.
>
> Thanks,
> -Paul
Ralf ping? Can we please have this in 3.15 so userspace application get
the updated token instead of using the AUDIT_ARCH_MIPS{,EL}64 for both
n32 and n64? It may be harder to change it once 3.15 is released (ABI
break).
--
markos
