Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp4915859pxj; Tue, 25 May 2021 21:06:24 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwgSMxW91/tfrXYT6jmJM0/I5D+ZGNB6bnCae1cwxbOpZhUip0whqWgkBUswKyBZOAZCPMM X-Received: by 2002:a17:907:3f28:: with SMTP id hq40mr32212285ejc.283.1622001983870; Tue, 25 May 2021 21:06:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1622001983; cv=none; d=google.com; s=arc-20160816; b=n+8ponlhY9fi2gWoL4IqrSxxTIB1IiI+y2jQVimUrXRfSzTm84bi6ThuW+4Eg64WRO dpBHQhOfz8sR0aBya4cz/RTNOp+k9bIG2xd7KZwlADUT5+71GjHqlqr5isDtS8fN/Hku Hfoc1vyjiOlQ7Wil2bjUNU8IDVzq4nj2bfdo3lkRrFtaTV9ZIY2Hng0cHgyubt84hFyr rwmVSTj+ZOwmf+FtDPUq/Hm/bBxcEQBkc2H5GVyX3Bus+ZwhOC6P+8u5PI/QJfelGK5/ 7ZZMfffOIojLgtucj765AP8EX2eZuvPvTjQZkAD7wDCqMLtIqi6IzvkPLKudKdGAzj9W qSPA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:dkim-signature; bh=47pBNwoRmll379sH8+W9WzWFRhPX2tPASTkBc+/BT2g=; b=zrReaWyk7WDl0MDblFE4kxiZAV7SfKMvPNYFGVFXnppI2xMWEaKbENb261HH+0mZdu uve2O+EJ/+fXzEdjCVdWqNx7uaYzdheZH89ma755fUfypp+uc+Lda3cl2Gyia8Ucs+MO rZrgL3SGG0JH68gIoTVWpWqVdgzICcFpkOocVXfhEZmcBukKzxqiyUfLGBqnoxgKCzYq sOmzRmt7g+LVsm0NnVvNPC/882uN7T7bB3ke4LXKBGcUncsC5A+RBJ7vFcTTXRBYMtUw DYIGv2Vyyr7JrITi6KUKW/ye6IGQ7yoyWjjDYedTM5xorqxXRGdgy6pN/lp69Wnf6MrB z3Bg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=fkm9ndfD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id cx5si16951173edb.473.2021.05.25.21.06.00; Tue, 25 May 2021 21:06:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=fkm9ndfD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232514AbhEZAlV (ORCPT + 99 others); Tue, 25 May 2021 20:41:21 -0400 Received: from mail.kernel.org ([198.145.29.99]:49208 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230106AbhEZAlV (ORCPT ); Tue, 25 May 2021 20:41:21 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 3E86B61417; Wed, 26 May 2021 00:39:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1621989590; bh=3zgyZ7zoBJ+hkeHoXCzHp9CwIXm2cdXOf80HROm53hY=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=fkm9ndfDupj8s5n/4/6rrAbb+eXW8zopJv1M6OxIOCLl0dR0AJSykkdvHQxT+jJ0Z ciVWVIBJURvGSJ6DNr1baOyoLzh2SwFOgpv9W7HTmsHop4Uf09bysR6SxtUyDbq2Zh knYV2NZc6y94jO2lvi0j0SnP8g249qvncNbZRL+v3ajjvJo7CZbzODOixOr8kiopth ghq/iBkPoGZI0ZfIldDGx3zIEtXu1vYGfwgTQDjJrJOcj2jK+SBbD1rn1xBOGV0OrM rUpSUYqWnokjh1aUMK69iHloimM14dWIuG6A2wX6v71YZizpcQUF+u6ze/ww2LNGHA cDc3UlqUmYe8A== Subject: Re: Preemption Signal Management To: Sargun Dhillon , Linux Containers , LKML Cc: Kees Cook , Christian Brauner , Tycho Andersen , Giuseppe Scrivano , Rodrigo Campos , =?UTF-8?Q?Mauricio_V=c3=a1squez_Bernal?= References: From: Andy Lutomirski Message-ID: Date: Tue, 25 May 2021 17:39:49 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.10.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 5/21/21 9:23 AM, Sargun Dhillon wrote: > Andy pointed out that we need a mechanism to determine whether or > notifications are preempted. He suggested we use EPOLLPRI to indicate > whether or not notifications are preempted. My outstanding question is > whether or not we need to be able to get insight of what caused the > preemption, and to which notification. > > In the past, Christian has suggested just background polling > notification IDs for validity, which is a fine mechanism to determine > that preemption has occurred. We could raise EPOLLPRI whenever a > notification has changed into the preempted state, but that would > require an O(n) operations across all outstanding notifications to > determine which one was preempted, and in addition, it doesn't give a > lot of information as to why the preemption occurred (fatal signal, > preemption?). > > In order to try to break this into small parts, I suggest: > 1. We make it so EPOLLPRI is raised (always) on preempted notifications > 2. We allow the user to set a flag to "track" notifications. If they > specify this flag, they can then run a "stronger" ioctl -- let's say > SECCOMP_IOCTL_NOTIF_STATUS, which, if the flag was specified upon > receiving the notification will return the current state of the > notification and if a signal preempted it, it will always do that. > > --- > Alternatively (and this is my preference), we add another filter flag, > like SECCOMP_FILTER_FLAG_NOTIF_PREEMPT, which changes the behaviour > to: > 1. Raise EPOLLPRI on preempted notifications > 2. All preemption notifications must be cleared via > SECCOMP_IOCTL_NOTIF_RECV_STATUS. This seems sensible, except I don't think "preempted" is the right word. The state machine is pretty simple: live -> signaled -> killed (and we can go straight from live to killed, too.) So EPOLLPRI could be signaled if any notification changes state, and a new ioctl could read the list of notifications that have changed state. --Andy