Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp1403503pxj; Fri, 21 May 2021 13:24:46 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxpe1a3pyKobJSrjFfKdBsHMkmtcj/pDHRXKc7yOoBhgt2ZkE8Zl7zWiydPuLJggD2ODYER X-Received: by 2002:a05:6402:12cf:: with SMTP id k15mr12885397edx.332.1621628686690; Fri, 21 May 2021 13:24:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1621628686; cv=none; d=google.com; s=arc-20160816; b=qRZ0Wx+uJ4UcDcVQn13KlCMB+erHAy40ZCNigyALVLaD7GWPIBeiSQ/zl9a32B+Ot+ LU+f6k7Z6tPizJfkzD2mTHYD2rYAe6H5JXPt3HxbGGdddTDQWlNsXWglDR+vGsWK1pPk +YY8tyHYhCkDPivNNGKBHZw867NnmpOT9/HlyJHAt9H4gYynPeasm9ZKwZ7XwcXnGD7B 97fAJ6TfK5b6U96PRVASMuIF44svGd2VVo8WnXOH+MWS5lhNnv2WWoDD2fctRuaM69k+ 59yn+o3tNzs0OxbllbkXaKkQ6wrQPXyypHyRfuYgMmUYRu9kOdE8RxTEs28ILbF8vwkq 76AQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:subject:mime-version:user-agent:message-id :in-reply-to:date:references:cc:to:from; bh=/BlOpTiNBeJJ9w3f/6g/aURzUUQ1Vw2kr6xoIdsaW5s=; b=EQg7nSxl9clWgsN8hVtJB90xae3UWu880RFSHpDUUk3nfCv8kGie1NGW0qtJ1/TUg3 BCfeB2jE1CKzPC1bu8I3Kg8a/ep0xVbOD487w3YNc0s7i30SLN7Xk3ehUh21azDu+B5k 9JHu4KpA1P/sUyjf9UxbRSSUCamoKl8soXTAocp0OY2JRM2j2eV/9MkTpD8F2IakrDqU 41UXXYNORnmka2A+7O3IOReW2YpZ73s4ZrQg84Wh1n8FYKhFYeul2DNIudvLrWfrtDAg Qe0jRbDkgpajSOplMqwkjPLMRN96g5hgVvchb9ju6sTrGbmIkx8+Rv2vEH5wxTxPdtne FF3Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=xmission.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y21si6091833ejp.635.2021.05.21.13.24.23; Fri, 21 May 2021 13:24:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=xmission.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236483AbhEUQlF (ORCPT + 99 others); Fri, 21 May 2021 12:41:05 -0400 Received: from out01.mta.xmission.com ([166.70.13.231]:51388 "EHLO out01.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233011AbhEUQlF (ORCPT ); Fri, 21 May 2021 12:41:05 -0400 Received: from in02.mta.xmission.com ([166.70.13.52]) by out01.mta.xmission.com with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.93) (envelope-from ) id 1lk8BX-000zLU-Nh; Fri, 21 May 2021 10:39:39 -0600 Received: from ip68-227-160-95.om.om.cox.net ([68.227.160.95] helo=fess.xmission.com) by in02.mta.xmission.com with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.93) (envelope-from ) id 1lk8BW-00Ahr4-PK; Fri, 21 May 2021 10:39:39 -0600 From: ebiederm@xmission.com (Eric W. Biederman) To: Sargun Dhillon Cc: Linux Containers , LKML , Kees Cook , Christian Brauner , Andy Lutomirski , Tycho Andersen , Giuseppe Scrivano , Rodrigo Campos , Mauricio =?utf-8?Q?V=C3=A1squez?= Bernal References: Date: Fri, 21 May 2021 11:39:27 -0500 In-Reply-To: (Sargun Dhillon's message of "Fri, 21 May 2021 09:23:52 -0700") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-XM-SPF: eid=1lk8BW-00Ahr4-PK;;;mid=;;;hst=in02.mta.xmission.com;;;ip=68.227.160.95;;;frm=ebiederm@xmission.com;;;spf=neutral X-XM-AID: U2FsdGVkX1/Qtp8BV6nWzxx0wp6SUitiWRpy1wcXxlk= X-SA-Exim-Connect-IP: 68.227.160.95 X-SA-Exim-Mail-From: ebiederm@xmission.com X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on sa06.xmission.com X-Spam-Level: X-Spam-Status: No, score=-0.2 required=8.0 tests=ALL_TRUSTED,BAYES_50, DCC_CHECK_NEGATIVE,T_TM2_M_HEADER_IN_MSG autolearn=disabled version=3.4.2 X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.4336] * 0.0 T_TM2_M_HEADER_IN_MSG BODY: No description available. * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC * [sa06 1397; Body=1 Fuz1=1 Fuz2=1] X-Spam-DCC: XMission; sa06 1397; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: ;Sargun Dhillon X-Spam-Relay-Country: X-Spam-Timing: total 389 ms - load_scoreonly_sql: 0.33 (0.1%), signal_user_changed: 12 (3.1%), b_tie_ro: 10 (2.6%), parse: 0.99 (0.3%), extract_message_metadata: 12 (3.1%), get_uri_detail_list: 1.29 (0.3%), tests_pri_-1000: 12 (3.2%), tests_pri_-950: 1.31 (0.3%), tests_pri_-900: 1.08 (0.3%), tests_pri_-90: 67 (17.3%), check_bayes: 66 (16.9%), b_tokenize: 6 (1.6%), b_tok_get_all: 7 (1.9%), b_comp_prob: 2.2 (0.6%), b_tok_touch_all: 47 (12.1%), b_finish: 0.76 (0.2%), tests_pri_0: 270 (69.4%), check_dkim_signature: 0.82 (0.2%), check_dkim_adsp: 2.2 (0.6%), poll_dns_idle: 0.56 (0.1%), tests_pri_10: 2.2 (0.6%), tests_pri_500: 6 (1.7%), rewrite_mail: 0.00 (0.0%) Subject: Re: Preemption Signal Management X-SA-Exim-Version: 4.2.1 (built Sat, 08 Feb 2020 21:53:50 +0000) X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Sargun Dhillon writes: > Andy pointed out that we need a mechanism to determine whether or > notifications are preempted. He suggested we use EPOLLPRI to indicate > whether or not notifications are preempted. My outstanding question is > whether or not we need to be able to get insight of what caused the > preemption, and to which notification. Can I have some context please? Perhaps links to the previous conversations? The subject sounds like you are talking about those things that are delivered as the result of kill(2) but the rest does not. What are notification ids? Is this a seccomp design choice? > In the past, Christian has suggested just background polling > notification IDs for validity, which is a fine mechanism to determine > that preemption has occurred. We could raise EPOLLPRI whenever a > notification has changed into the preempted state, but that would > require an O(n) operations across all outstanding notifications to > determine which one was preempted, and in addition, it doesn't give a > lot of information as to why the preemption occurred (fatal signal, > preemption?). > > In order to try to break this into small parts, I suggest: > 1. We make it so EPOLLPRI is raised (always) on preempted notifications > 2. We allow the user to set a flag to "track" notifications. If they > specify this flag, they can then run a "stronger" ioctl -- let's say > SECCOMP_IOCTL_NOTIF_STATUS, which, if the flag was specified upon > receiving the notification will return the current state of the > notification and if a signal preempted it, it will always do that. > > --- > Alternatively (and this is my preference), we add another filter flag, > like SECCOMP_FILTER_FLAG_NOTIF_PREEMPT, which changes the behaviour > to: > 1. Raise EPOLLPRI on preempted notifications > 2. All preemption notifications must be cleared via > SECCOMP_IOCTL_NOTIF_RECV_STATUS. > > Opinions?