libseccomp icon indicating copy to clipboard operation
libseccomp copied to clipboard
verified publisher icon seccomp

RFE: add vgetrandom_alloc()

Open zx2c4 opened this issue 3 years ago • 4 comments

This is required to use vDSO-accelerated getrandom().

Don't merge this yet. It hasn't landed upstream, and as of writing is at v17: https://lore.kernel.org/lkml/[email protected]/

zx2c4 avatar Nov 24 '22 19:11 zx2c4

Per @zx2c4's comment, I'm moving this to draft. @zx2c4 - feel free to move this back to "ready to review" when it lands upstream. Thanks

drakenclimber avatar Dec 30 '22 19:12 drakenclimber

@drakenclimber @zx2c4 given the (relative) ease of updating the libseccomp syscall tables these days, one might as well do a full syscall table update instead of adding just a single syscall.

For example, the following can be used to update the syscall table for the kernel sources checked out in <kernel_source_dir>. The only gotcha is that syscalls that are not universally supported on all arches need a manual PNR define in "include/seccomp-syscalls.h".

% make check-build
% cd src
% ./arch-syscall-validate -c syscall.csv <kernel_source_dir>

pcmoore avatar Feb 06 '23 22:02 pcmoore

@zx2c4 any updates on this? I'm tempted to close this out as it looks like it still hasn't landed in Linus' tree and we would normally just pick this up via the usual syscall update process, but it would be nice to hear from you first.

pcmoore avatar Mar 31 '23 19:03 pcmoore

No not yet. I'll let you know when it is.

zx2c4 avatar Mar 31 '23 19:03 zx2c4

The syscall side of things wasn't required in the end.

zx2c4 avatar Jul 29 '24 14:07 zx2c4

Thanks for this regardless. It ended up just being a new mmap() flag, yes?

pcmoore avatar Jul 29 '24 14:07 pcmoore

https://lwn.net/SubscriberLink/983186/d37da11dfd53f1c4/

zx2c4 avatar Jul 29 '24 15:07 zx2c4