Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757982AbcLPVBM (ORCPT ); Fri, 16 Dec 2016 16:01:12 -0500 Received: from mail-db5eur01on0055.outbound.protection.outlook.com ([104.47.2.55]:15680 "EHLO EUR01-DB5-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1754105AbcLPVBF (ORCPT ); Fri, 16 Dec 2016 16:01:05 -0500 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=cmetcalf@mellanox.com; Subject: Re: Questions on the task isolation patches To: yunhong jiang References: <20161201142812.369f23f8@jnakajim-build> <5dd4cbf7-d0c0-074a-c5bc-e2e09ec3dc75@mellanox.com> <20161206134355.193c752b@jnakajim-build> CC: "linux-kernel@vger.kernel.org" , Paolo Bonzini From: Chris Metcalf Message-ID: Date: Fri, 16 Dec 2016 16:00:48 -0500 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1 MIME-Version: 1.0 In-Reply-To: <20161206134355.193c752b@jnakajim-build> Content-Type: text/plain; charset="windows-1252"; format=flowed Content-Transfer-Encoding: 7bit X-Originating-IP: [12.216.194.146] X-ClientProxiedBy: MWHPR11CA0029.namprd11.prod.outlook.com (10.175.56.143) To AM4PR0501MB2754.eurprd05.prod.outlook.com (10.172.216.10) X-MS-Office365-Filtering-Correlation-Id: 5474158c-cd2e-432c-2968-08d425f6a4b5 X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:AM4PR0501MB2754; X-Microsoft-Exchange-Diagnostics: 1;AM4PR0501MB2754;3:c2GW9FyaUccAGyqHb/huyGGekY26d7M1mZ6yujaOugRIISJxwedsObQeuvSdFpY1x1dCScRORpM7Nie/z1EMON32dsaOQu87fz0OQuWkpmrJHVnDJAm9myyKxJKlAXi6uerlW+bXr004U3VioJslnDp+1IX2d0R0h6Hojf943siv8kfkl6Lin5PwEz4nhvBCUmT57UuAn77vGEbAS1SsykceTmXjQKQS0CxM8LROQ1dNU47YXJNaIbKT/ZNU+TG0NMrlTF/9S2Vn7Z4k5BeQBA== X-Microsoft-Exchange-Diagnostics: 1;AM4PR0501MB2754;25:yXAR41JgrXZFzggd2OcA9gKRbGIpByr3aGVUg7PVY1yi97YtK8wdNYt3o+zfJovekrndtoNRD/uXt7C79CvCCdb+PHVWu8ZrVvJhRxmz6dSmv8rXS4ZubRlp1QP+dvuozOmluD4cwEy9/Fk+FphuvjuQQe/hLv1eTgQLCBkmxNd4JadfGYATDw+dkeazvmxfTn3jH8OGb8s10B3KZEEwL/94J4o2M4RMklTIlaJ8OK8CiB5n8ZNBjT7EzmY+M+iY1KqjmxH13eGojBplUStCoA0vC39QulWRJk9+/zISjLnjaDLYhIvio36zH3NMIhZ0gCcr7bVvFlXpcj9v9NHISDOv+7IanFtCNG23ojsZCuAMw8yEd+qblpe7cg14LoziBZzbXKYx5vgU7wC+Ip3bvpYxvobR85at/7x4wpycsklOp4Md7NqPYB7FkTOPdO529hGGaimI9AW3xD9ib/GZAu2dHosRWA46qp8byg3QT17ICRoDJM+kJcZ7DdV533aQnmDXpsQC0bEjzipNIBDcXzzhun1YplFUyTGiDwBCFcD/s9LhWiyVo5N3ZcpMQTY5gZ995sgiYRbNQz1B4QmmpZ89R2yB08hzvWLjkUNqVPp6odr4NsgqBOHOllulWG3oe05I4SCAYce1xtw8YRvDFtiXARjY6l0fwaahqBN5cLPBMf068QATFphK4P7HCPjRQxCtWZ6MS9GFRXKh43aVXICAGoawFy0gVMFSjMutlhTv1RO6vadCzvTUtUpkYbGBGfmYfEY6PryMG0s/2AFUOjopM4k4dZ4FL/QQmXBjxX6rHdyMgiNdF4It7kCKjoR03FzS48i7slPPcbpyOtqyurQ3xHLwuEEEI2MmhWa91NBc+xwmat3I7zczIyPOaIzazakNfyfG5j6eeFL8C00YFw== X-Microsoft-Exchange-Diagnostics: 1;AM4PR0501MB2754;31:wsI4ddL5Luciz+kX6mLGEI8dvZ2J+QDnYTj17UVVowvr3BT0q5DPBpXXMHecZOFwwXSwltXEzEjaB9kNWiOI3ZcWUUb+JcK1OVZWMlwY6+bUa7gzQY3ClalfclJtVTrOUB2lK1yhWyK80JcMEISt2aW/+kRAIMQEmvZUTA53B1tP7s8YbpN+jAh1A+dK/Iom/oMFtdvljO1d7foG9KwzH0CER2vfWYa7VxC683OjTF0pnBnieTd6dbDLzGdCrHR97Gig7VrAeuzyrvDL5ay/+w==;20:NiIw96vmCU6b8WZwHb6NHnDUYPddTPjD/XMJg4Hq3lyLCsK/RqbYda3CMksz3PEqyOHIwj1UNrCRjFSAcWfnqUc3fUeiUrr6JGf5gHczZ+FTWWNEpiohWuCfdDVF30Ce/nu4kdfoIc/+7+seILPpQyrr+FJve4CjGERaZpUCsUbr+q/NZYA72zyZ8o3wwMc2Cyi1DFpeK6fij66Bpc7rKvRj1p5X1e7P7eJApoXJYOu0a0UQfD7nRZGnbct1tpSLdFh7FVabnehGMLE43fUFXONgrd42g9+YXZMgPSWKtzUwi4bL8PJoIslieB/LXiNgXdWWJaAYT+Sl/r4pGSDYsogK39yFk5e/B93o/AYBlq7eB26cMQ38hT2FIqwQvwygMGvgqvVHZyT0vHioQCP0Wh4NZ4D1kfgio27uW1mlbZJJR7hXVNlbbhbjVjgHIoLz3ezZQK+B9eq2Tt/4jUiXGKTVWOqfd89RkzNMSvxGqNg0tvrqF8sElupiijE/vb8X X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(171992500451332); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040375)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6055026)(6041248)(20161123562025)(20161123560025)(20161123555025)(20161123564025)(6072148);SRVR:AM4PR0501MB2754;BCL:0;PCL:0;RULEID:;SRVR:AM4PR0501MB2754; X-Microsoft-Exchange-Diagnostics: 1;AM4PR0501MB2754;4:JgpyyG4eR4rBcDqB6lBHLb/bdBsNVyjgJugzb3UPgGBH2w1BWwNBKIo2brGC62fnbpty3EP5hIvayUYUu9Z0zA8w4qq4dHf1/jsp5ZRXWpiFzZhaQYwkPkMgcOGT7PQYXD6hbmmpolhajIQDFnHx+J+cnVhJHJueTcyFaJAXTBEdx/5TJ8nz1VycG/qEXNKKMxZfCjBLDbHwKRPm+qTnAVcrfJBANuB54CMxt2d90jUu/DN24vx2MHApBZd0pZlSHFfGeOnDWkMpjUk6F7RRkksHewmB3VLPkgCTpez4vyfZ5vesuEHGZ7RfDUcmP8AqcoVQLDi7SSFuDdGKj00Kog/ks5LE97dKsEjNri4cQ3JYvNeszeUV9ApvoUZQyyr3YnP0iO0LjdIF/1RnnoGqhqTUS/U4TBc9p7bULX/Q1VOvYkgqljT+Fq8/82Z456/D8XVes66DMzr6xLl2CfEJEbDBJXIxIahaaHJVLTZOvZvbqjA/ocq62iThMzp+4gfphy/8jxI4uGp/FOyEg6AOV7U2/4TlWeb+1plUWzelf8oKSbXquoolln4RkJbs5cHUAfzoltuRyAAyxc6kFASX3vwyOClB2dFz7Wjl4Bw/CwSpG8BFOL+9aMzlCFCGmFgWt/61Pf/LWG/LqCIMbQKTkg== X-Forefront-PRVS: 01583E185C X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4630300001)(6049001)(6009001)(7916002)(39860400002)(39850400002)(39840400002)(39450400003)(39410400002)(377454003)(189002)(24454002)(199003)(51444003)(36756003)(230700001)(189998001)(86362001)(54356999)(50466002)(106356001)(105586002)(42186005)(6666003)(38730400001)(2950100002)(4326007)(6916009)(6486002)(31686004)(110136003)(90366009)(92566002)(68736007)(31696002)(229853002)(83506001)(33646002)(77096006)(76176999)(7736002)(305945005)(50986999)(25786008)(65956001)(97736004)(81166006)(6116002)(3846002)(5660300001)(65826007)(81156014)(65806001)(8676002)(4001350100001)(101416001)(64126003)(23746002)(2906002)(66066001)(47776003)(18886065003);DIR:OUT;SFP:1101;SCL:1;SRVR:AM4PR0501MB2754;H:[10.15.7.185];FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?Windows-1252?Q?1;AM4PR0501MB2754;23:uZJlNZpenWB83ak2Sa9E5YQkv2oyLEX5AZ5?= =?Windows-1252?Q?cbQ19NVzq/eJkrsR0worWpNPy0E8pdvaToTJy6thmSTzZoOSq1TGxkSl?= =?Windows-1252?Q?14fl2aFRB258779UsoFDLGAROP1YB7V6UvNEzPPgd5eBmadh7kqhrozf?= =?Windows-1252?Q?XZXN5sQDwTNeVYjaNJIFbXWn5i/Ak8q77gZLmsf/6vmRhXe6nRiOievD?= =?Windows-1252?Q?BzSjjy6k99ZAO8LlFq+CADtx+ZXKpFD7HgH02g+bJ44xZKP/ZXL2JZ/d?= =?Windows-1252?Q?QaX1yuxQ5Fhj3RTFarUzclRssV3My9W+TYCcF6licl3HjLwYBzL0T1Fb?= =?Windows-1252?Q?goDop03lWVe2JQxKZ88dJsY3zfXPHXbw0JIU7oeuOmx/+XUA4ncJ0UiD?= =?Windows-1252?Q?EKm2oLfIcN3UGUZ7y1q1giOJHqN2dUYz9DlwZnUCkMpLOpG/eUGsU5mk?= =?Windows-1252?Q?Dtb6Dc35u5nMFh5NfARLFTxxNowNh5fDrpId/M2ugbIddczJ8YBpZ+IE?= =?Windows-1252?Q?/iFzP4rIWRagxbZRLM1/KmrYUFV3FKo9jlrDdYJO1Vr1lrRvGCMSB25I?= =?Windows-1252?Q?jcxUsbYRbs6I3PgclnbjO2O9hNB4y7biIgU9JLC5ZKw4B+ciCx1diir7?= =?Windows-1252?Q?uFAG3s5jR1nOPxalt2Is2GvtpbglOugpFZ6/g2g/dxCbukGdCaQG94YF?= =?Windows-1252?Q?0N57xm9RgdUYmt8aUS6NWU/LYILmTzn4OVvpC214hpz8M+pnfP/eJHHm?= =?Windows-1252?Q?Ul52zECSFU1kwx3XWv8WuOKKSVZTK2B4ssJb9R2lSoQ+HBaExIcZSlBj?= =?Windows-1252?Q?KNkfb/VvEKBm73b+xtIvZhAnbueTYwbddGl+PU/FLJha4IpxZ7O1xg33?= =?Windows-1252?Q?lHFHibthNZjRrIzUY6pXLcPEeFa3ABR8t4nJKkuFG2AxEjsbaojp3FXY?= =?Windows-1252?Q?XHwYwHZNjMdC+j6G5W2WKZF8bTW7KMsP8UyMSrLddH1pvqvTOvzyafZJ?= =?Windows-1252?Q?ZfMo5FB90fdsukhb8VUaOKVswZoSiew7IuOKe4SCJrrMaRV/yXApvd3C?= =?Windows-1252?Q?0w/awp6qEJPiyaSv06USjnNlSsONa4YkGh01xjq7K6dgdQcbLI4R9dyM?= =?Windows-1252?Q?lV71e4qKUuovaGMPRZeti5byAvIXlVhGlg8H2TwAnCcHejCfNlxNYtZp?= =?Windows-1252?Q?seC7M1BaBMS+tkEtHWAOtj7LwqMFI7yBrUGAt5nAfpE3kqBnsPXSiULC?= =?Windows-1252?Q?rz2eIkSBwgVnObasnFuEoSTw0QlK3cg45imwJVPJOrXDb30s7JKMa1zF?= =?Windows-1252?Q?eVlT3pIIsQwV3XXlPj30VcFrFB3g70D8bicymx4BBRBEPpurccFRBWHf?= =?Windows-1252?Q?z7NeYhaJLriiJEJs4uA3CBGq4N4itSP6pHo4ETmQFu/EUAhjj+GsNWiy?= =?Windows-1252?Q?ym19K8uPot2udxnPyC9yixWNzx5OjABaWGvpAnbACTmMxZS3oFmTQ6+j?= =?Windows-1252?Q?/d9dG+9JJ9G5joDgEV3RrsfIFz8rzA8QEkdz1CkDdMpLn9u7XecXpJuP?= =?Windows-1252?Q?/JeFLSlZDroije2tY7qjE3P8/gWF9eqr1J/Z0zWp3urtDtPSxuaVzDpA?= =?Windows-1252?Q?3O6/pH5o0B/MxIXDxy3RTru8=3D?= X-Microsoft-Exchange-Diagnostics: 1;AM4PR0501MB2754;6:bMFV4Prm45BGCVsPBQxBl/JRiYSo8/LY9ST43K5RWYTA8Sci+RZ1fBycPGoDjuWXwZxIA06txzkj5b7/oNYIrFtRxFpxNLKxceMCHVmazsizHnT/bNVu59tqGAEodlC9dTW3l0D+wW7lF/Tw6XFLlKJzguaD+omeNmCJB1qXXYEDchpVsmkLvn1wrxfmdrcPHEQOhoR1h9lJd6GmY9ZHCLtddf/+pPFUVceJGOqU1k/U+8q1q4GXR7TLg8zLWJ/KC4T3r/B/H/f0rqSCgoxnsvFN/C+dnXsbKfui3dxHACLDaxdQJRDHcI6srz4aaSeGtaHsya2MgUZYOFOWy2YgmYs3PZ0KFCCKbyX1svq817sy11mR01ACpt0g4iX1pdmBSK2vPXw3Px1vYur58ZBh9Jrz3l+vppIu38E3tc2gJwuAKOHnJ/Pfw1W1YfD+Fx7zJaU8fMBdnLIOidqmqpGU6A==;5:Rr9AUze6bgiz4yPYjK2SydehRIyOq5vjcZBfEe0LIG3Bn8nzLuC/S2EY+6oakV73NbI9urPq+o9x5PtZMa+wpc/jfRDf/6VN/NzlPLVQWUuk2jV1bfyZz9w/tOcqi4kPMVNSTlykXa/FJl8Ce120gg==;24:rbpyhZr0X/Z5weuz1fT6jxRhoNHOgHbKT6LDN5dDf9bM03Gn7JzZOtcFP+LX+TAfL1RpxcPVFM5zdLYaR+lHp4jb9DFf1UO53UFq2TkoBss= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;AM4PR0501MB2754;7:zVGxUwqfR5r5Na5JyUpBWSlnBZvgez22OTeG089DWP1aQ5KIBYIbeq2ScBdzpDJrYc17aFreHU9Wn9h7N8NBRMBsj1VNgSYvgbrXeNzf/bFKgMenLYZHkGFh6t5ip3oDPxqdXKh18ge5A/Ux75kf7jxd5iEp042p8IUCwAZcCoD0cBxh+GTLFmS4MEoGbia9/auFNJABjQonD0nghlc7e19ToNLpWBBl+EeaAaoF2NLDl9f3MBbQrXA7hJpTftTcPPlWfq3u5btmut0Ey88gkDrwj8me79Gr23ngSXi/s+sk20hAJ6vgYDtA1pvo9ybVdPRulRIqsO8EpNNdemnkfldzayieCJ2C7W+Sw2hvFrpkQGIXSEz30Rrgmhs1QJQ+j+ILE7JYOmYmAn81OUeIR2DnfSoWJ2TO4jXTQkLUnUi6E/Co9gU1uw9gEfn+a6ll1Ini5Ye9w6IJB+ppZbio9w== X-OriginatorOrg: Mellanox.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Dec 2016 21:01:00.9370 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0501MB2754 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2612 Lines: 49 Sorry for the slow response - I have been busy with some other things. On 12/6/2016 4:43 PM, yunhong jiang wrote: > On Fri, 2 Dec 2016 13:58:08 -0500 > Chris Metcalf wrote: > >> On 12/1/2016 5:28 PM, yunhong jiang wrote: >>> a) If the task isolation need prctl to mark itself as isolated, >>> possibly the vCPU thread can't achieve it. First, the vCPU thread >>> may need system service during OS booting time, also it's the >>> application, instead of the vCPU thread to decide if the vCPU >>> thread should be isolated. So possibly we need a mechanism so that >>> another process can set the vCPU thread's task isolation? >> These are good questions. I think that the we would probably want to >> add a KVM mode that did the prctl() before transitioning back to the > Would prctl() when back to guest be too heavy? It's a good question; it can be heavy. But the design for task isolation is that the task isolated process is always running in userspace anyway. If you are transitioning in and out of the guest or host kernels frequently, you probably should not be using task isolation, but just regular NOHZ_FULL. >> guest. But then, in the same way that we currently allow another >> prctl() from a task-isolated userspace process, we'd probably need to > You mean currently in your patch we alraedy can do the prctl from 3rd party > process to task-isolate a userspace process? Sorry that I didn't notice that > part. Sorry, I think I wasn't clear. Normally when you are running task isolated and you enter the kernel, you will get a fatal signal. The exception is if you call prctl itself (or exit), the kernel tolerates it without a signal, since obviously that's how you need to cleanly tell the kernel you are done with task isolation. My point in the previous email was that we might need to similarly tolerate a guest exit without causing a fatal signal to the userspace process. But as I think about it, that's probably not true; we probably would want to notify the guest kernel of the task isolation violation and have it kill the userspace process just as if it had entered the guest kernel. Perhaps the way to drive this is to have task isolation be triggered from the guest's prctl up to the host, so there's some kind of KVM exit to the host that indicates that the guest has a userspace process that wants to run task isolated, at which point qemu invokes task isolation on behalf of the guest then returns to the guest to set up its own virtualized task isolation. It does get confusing! -- Chris Metcalf, Mellanox Technologies http://www.mellanox.com