Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp1936932ybv;
        Fri, 21 Feb 2020 06:02:18 -0800 (PST)
X-Google-Smtp-Source: APXvYqyFCsXEQnJdu1zyur4kuGY5O3s1jWoLkH4hoodZKYtQCsuakH09+16dESUmyqcgBzcX8yxz
X-Received: by 2002:aca:5dc3:: with SMTP id r186mr2112357oib.137.1582293738256;
        Fri, 21 Feb 2020 06:02:18 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1582293738; cv=none;
        d=google.com; s=arc-20160816;
        b=OKjR3tfC6TfE25sGkq+zInBaRKCn7bp0ep5sAP489ZadcGmUKjOloJntgVsKbQSYyr
         FIvc6CPrOApmhIF7asPSpXcXkA+JglHF32UHOuSsKnEH39zyScDZgfmGIG7rBN6kWVrb
         FVgG6S7Rt/YYH69PYmFJ5nzqNluPY7xlxhEZpzlr0EVVRRPFLOJvQ1/n5QkV5ONxcKMS
         WqMGIakjMg8NAfxhkbxyUh0NKDYfLVGtK4Jhoo4+u+4+F0iG1x8LbMIh56AiJym5b56l
         llnY8fXoYn+uFzSrQ1pLXNksXLgU8x6Cs1np8Ntm1JRA92JJcODaxRbCLCKl7cyuUMmE
         S2UA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:message-id:date:references
         :in-reply-to:subject:cc:to:from;
        bh=StpGVrRWn5HB09XZhsudtrlVCba8PVWTJqfn9NJSpjo=;
        b=eUAvibhZHdgkGKqYMRZi1s3HP8aYcKIIX6UtqUHK762mTjzs5HDLE6yL1kRNiiqmEc
         CekIOPoObOYbkbvjLtaPmpxVCaazx/Wh4DnkZVm9F7jnLhwFSi0Bj2AiDHmBrjtnn55T
         bVYfSVqCyBo4Yw9UgUxsU2KaUtMHz+dYxfunJVGtw88MNKZLHkg+t+j2DDZvPFQ1x6bE
         BxiPrVl4CP8wbVQhc/9w+XHcAll4oGKgKVzfYQC+JSRprX71R2m93vzmpm3qn7fqYyuM
         FnY9ysMxwdhIf8DKAOyld8luoUbQxPcJZ+qCX/W/8bGo4xoqExinTfVfvdDYQ9/t06EY
         WDDQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id i15si810660oik.46.2020.02.21.06.01.37;
        Fri, 21 Feb 2020 06:02:18 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728704AbgBUOBb (ORCPT <rfc822;tanxianhu@gmail.com> + 99 others);
        Fri, 21 Feb 2020 09:01:31 -0500
Received: from Galois.linutronix.de ([193.142.43.55]:45886 "EHLO
        Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1727876AbgBUOBb (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 21 Feb 2020 09:01:31 -0500
Received: from p5de0bf0b.dip0.t-ipconnect.de ([93.224.191.11] helo=nanos.tec.linutronix.de)
        by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)
        (Exim 4.80)
        (envelope-from <tglx@linutronix.de>)
        id 1j58rP-0003Ct-I7; Fri, 21 Feb 2020 15:00:55 +0100
Received: by nanos.tec.linutronix.de (Postfix, from userid 1000)
        id BC53B100EA2; Fri, 21 Feb 2020 15:00:54 +0100 (CET)
From:   Thomas Gleixner <tglx@linutronix.de>
To:     Kees Cook <keescook@chromium.org>
Cc:     Vinicius Costa Gomes <vinicius.gomes@intel.com>,
        LKML <linux-kernel@vger.kernel.org>,
        David Miller <davem@davemloft.net>, bpf@vger.kernel.org,
        netdev@vger.kernel.org, Alexei Starovoitov <ast@kernel.org>,
        Daniel Borkmann <daniel@iogearbox.net>,
        Sebastian Sewior <bigeasy@linutronix.de>,
        Peter Zijlstra <peterz@infradead.org>,
        Clark Williams <williams@redhat.com>,
        Steven Rostedt <rostedt@goodmis.org>,
        Juri Lelli <juri.lelli@redhat.com>,
        Ingo Molnar <mingo@kernel.org>, Will Drewry <wad@chromium.org>,
        Andy Lutomirski <luto@kernel.org>
Subject: Re: [RFC patch 09/19] bpf: Use BPF_PROG_RUN_PIN_ON_CPU() at simple call sites.
In-Reply-To: <202002201616.21FA55E@keescook>
References: <20200214133917.304937432@linutronix.de> <20200214161503.804093748@linutronix.de> <87a75ftkwu.fsf@linux.intel.com> <875zg3q7cn.fsf@nanos.tec.linutronix.de> <202002201616.21FA55E@keescook>
Date:   Fri, 21 Feb 2020 15:00:54 +0100
Message-ID: <87lfownip5.fsf@nanos.tec.linutronix.de>
MIME-Version: 1.0
Content-Type: text/plain
X-Linutronix-Spam-Score: -1.0
X-Linutronix-Spam-Level: -
X-Linutronix-Spam-Status: No , -1.0 points, 5.0 required,  ALL_TRUSTED=-1,SHORTCIRCUIT=-0.0001
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Kees Cook <keescook@chromium.org> writes:
> On Wed, Feb 19, 2020 at 10:00:56AM +0100, Thomas Gleixner wrote:
>> Vinicius Costa Gomes <vinicius.gomes@intel.com> writes:
>> > More a question really, isn't the behavior changing here? i.e. shouldn't
>> > migrate_disable()/migrate_enable() be moved to outside the loop? Or is
>> > running seccomp filters on different cpus not a problem?
>> 
>> In my understanding this is a list of filters and they are independent
>> of each other.
>> 
>> Kees, Will. Andy?
>
> They're technically independent, but they are related to each
> other. (i.e. order matters, process hierarchy matters, etc). There's no
> reason I can see that we can't switch CPUs between running them, though.
> (AIUI, nothing here would suddenly make these run in parallel, right?)

Of course not. If we'd run the same thread on multiple CPUs in parallel
the ordering of your BPF programs would be the least of your worries.

> As long as "current" is still "current", and they run in the same order,
> we'll get the same final result as far as seccomp is concerned.

Right.

Thanks,

        tglx