Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp51903pxj; Wed, 26 May 2021 15:53:57 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzzkZ42dmq1At4hd2TLiJPOMX1w/6DW+LbpyU4H8XHhaoRudMm94c22xmJ+EW+nMP6oOKC6 X-Received: by 2002:a5e:9515:: with SMTP id r21mr475484ioj.19.1622069637182; Wed, 26 May 2021 15:53:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1622069637; cv=none; d=google.com; s=arc-20160816; b=R1RbY4YLl97c8HqDWZv4bEA3trGi/uXM0b/Xzh2YR/HqJDEUn79mFEche6XO8Qwhf7 Sgmrvv28tvOyn8plDEWyJ5EJ03ypv8ermlIlEL1VFwpNbfMERSbR8yq62aL6IIg8zK3v 7VyqwoLrVcOrsdx5oGoS22uDDSi+eCau3YnUwODiBOP0tQlZCSPzhf9bE9M07/szHNN8 oEMqHWkO4v9qeorPkvsmKH0fZ8uTWECr94n19jyGove0Tr2NTac0SHHvlVhxTjLsLxiP qu79zmvyqNSLsWNmeYu3b5OcJzXYQ/doDOcEtHYXLPwNawKOi5rNUc8PKQf4A3TzZTCj 999Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=Lp+LykRHbHVLDQDnmvkx/LGZgQHDlof4Ycqm3uJ5WO0=; b=sclTl0wOpKglrY2feUQ0bdYm4W7VSgvV/HAyZ+/wopgXKlybbXHbY9JEPyriojnC89 PFeiIIhjBNihHdmpMNMQh+mdaZg2UuFLv0075F0fbENJJLQYxD2VUAuoJHJoAk6Kbaxx 7qz2CXv+nxoL9Jj+zfuRJOydtmuY3hWH7r1pk+KygWx+bKDSc1yPYmLjEgZRhGR/dVqt TalCxF9JSSiFi81dX95IomyMkC6AgR9qY0uqQyKmvO4TKs5uFGHbdyryySvcdYVrlGMu ty9BDrfRuz0iST0EAKsSpIGwQu6uh4l5tMy8m0g54aT2MrThR0GI6k6uhXYGtKQRDxJz NalQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id o67si634972jao.17.2021.05.26.15.53.39; Wed, 26 May 2021 15:53:57 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234473AbhEZRyS (ORCPT + 99 others); Wed, 26 May 2021 13:54:18 -0400 Received: from mail.kernel.org ([198.145.29.99]:57178 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234147AbhEZRyS (ORCPT ); Wed, 26 May 2021 13:54:18 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 675D26139A; Wed, 26 May 2021 17:52:43 +0000 (UTC) Date: Wed, 26 May 2021 19:52:40 +0200 From: Christian Brauner To: Andy Lutomirski Cc: Sargun Dhillon , Linux Containers , LKML , Kees Cook , Tycho Andersen , Giuseppe Scrivano , Rodrigo Campos , Mauricio =?utf-8?Q?V=C3=A1squez?= Bernal Subject: Re: Preemption Signal Management Message-ID: <20210526175240.dyyvnxcvyuauah7h@wittgenstein> References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, May 25, 2021 at 05:39:49PM -0700, Andy Lutomirski wrote: > On 5/21/21 9:23 AM, Sargun Dhillon wrote: > > Andy pointed out that we need a mechanism to determine whether or > > notifications are preempted. He suggested we use EPOLLPRI to indicate > > whether or not notifications are preempted. My outstanding question is > > whether or not we need to be able to get insight of what caused the > > preemption, and to which notification. > > > > In the past, Christian has suggested just background polling > > notification IDs for validity, which is a fine mechanism to determine > > that preemption has occurred. We could raise EPOLLPRI whenever a > > notification has changed into the preempted state, but that would > > require an O(n) operations across all outstanding notifications to > > determine which one was preempted, and in addition, it doesn't give a > > lot of information as to why the preemption occurred (fatal signal, > > preemption?). > > > > In order to try to break this into small parts, I suggest: > > 1. We make it so EPOLLPRI is raised (always) on preempted notifications > > 2. We allow the user to set a flag to "track" notifications. If they > > specify this flag, they can then run a "stronger" ioctl -- let's say > > SECCOMP_IOCTL_NOTIF_STATUS, which, if the flag was specified upon > > receiving the notification will return the current state of the > > notification and if a signal preempted it, it will always do that. > > > > --- > > Alternatively (and this is my preference), we add another filter flag, In general this sounds good to me. > > like SECCOMP_FILTER_FLAG_NOTIF_PREEMPT, which changes the behaviour And make it combinable with SECCOMP_FILTER_FLAG_NEW_LISTENER, I like that. > > to: > > 1. Raise EPOLLPRI on preempted notifications > > 2. All preemption notifications must be cleared via > > SECCOMP_IOCTL_NOTIF_RECV_STATUS. > > This seems sensible, except I don't think "preempted" is the right word. > The state machine is pretty simple: > > live -> signaled -> killed > > (and we can go straight from live to killed, too.) So EPOLLPRI could be > signaled if any notification changes state, and a new ioctl could read > the list of notifications that have changed state. A common case is will likely be to just rely the status to the supervised task and not even perform some complicated action in the supervisor. So I think a way to optionally combine recv+send at the same time might be a good idea. Either another ioctl which is a combined recv+send or a flag on the SECCOMP_IOCTL_NOTIF_RECV_STATUS. Christian