Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S965163AbbFCRMQ (ORCPT ); Wed, 3 Jun 2015 13:12:16 -0400 Received: from mail-lb0-f170.google.com ([209.85.217.170]:35894 "EHLO mail-lb0-f170.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756452AbbFCRMF (ORCPT ); Wed, 3 Jun 2015 13:12:05 -0400 MIME-Version: 1.0 In-Reply-To: <20150603164121.GA19189@redhat.com> References: <1433186918-9626-1-git-send-email-tycho.andersen@canonical.com> <20150602182829.GA23449@redhat.com> <20150603144303.GC3160@smitten> <20150603164121.GA19189@redhat.com> From: Andy Lutomirski Date: Wed, 3 Jun 2015 10:11:43 -0700 Message-ID: Subject: Re: [PATCH] seccomp: add ptrace commands for suspend/resume To: Oleg Nesterov Cc: Tycho Andersen , "linux-kernel@vger.kernel.org" , Linux API , Kees Cook , Will Drewry , Roland McGrath , Pavel Emelyanov , "Serge E. Hallyn" Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2235 Lines: 62 On Wed, Jun 3, 2015 at 9:41 AM, Oleg Nesterov wrote: > On 06/03, Tycho Andersen wrote: >> >> On Tue, Jun 02, 2015 at 08:28:29PM +0200, Oleg Nesterov wrote: >> > On 06/01, Tycho Andersen wrote: >> > > >> > > --- a/include/linux/seccomp.h >> > > +++ b/include/linux/seccomp.h >> > > @@ -25,6 +25,9 @@ struct seccomp_filter; >> > > struct seccomp { >> > > int mode; >> > > struct seccomp_filter *filter; >> > > +#ifdef CONFIG_CHECKPOINT_RESTORE >> > > + bool suspended; >> > > +#endif >> > >> > Then afaics you need to change copy_seccomp() to clear ->suspended. >> > At least if the child is not traced. >> >> Yes, thank you. > > And if we really need to play with TIF_NOTSC, then copy_seccomp() should > set it too if SUSPEND has cleared in parent's flags. > >> > But why do we bother to play with TIF_NOTSC, could you explain? >> >> The procedure for restoring is to call seccomp suspend, restore the >> seccomp filters (and potentially other stuff), and then resume them at >> the end. If the other stuff happens to use RDTSC, the process gets >> killed because TIF_NOTSC has been set. > > This is clear, just I thought that CRIU doesn't use rdtsc on behalf of > the traced task... > >> We can work around this in criu by doing the seccomp restore as the >> very last thing before the final sigreturn, > > Not sure I understand... You need to suspend at "dump" time too afaics, > otherwise, say, syscall_seized() can fail because this syscall is nacked > by seccomp? > >> but that seems like the >> seccomp suspend API is incomplete, IMO. However, since both you and >> Andy complained, perhaps I should remove it :) > > Well, this is up to you ;) > > But. Note that a process can also disable TSC via PR_SET_TSC. So if > dump or restore can't work without enabling TSC you probably want to > handle this case too. > > And this makes me think that this needs a separate interface. I dunno. > True. Or we could keep track of all the reasons the TSC is off. --Andy -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/