Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp4383556pxv; Tue, 27 Jul 2021 06:11:48 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxlYYbYyCArX4Xaa8k/SwqSORp4XRGHVmAgnbrlAVpf+PGc+w7xMLb1VrWrXZToDnq7dyhr X-Received: by 2002:a17:906:3a19:: with SMTP id z25mr21878095eje.536.1627391508108; Tue, 27 Jul 2021 06:11:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1627391508; cv=none; d=google.com; s=arc-20160816; b=cPBiyKjwthdnwnZlu1aOtM2wq1+wzz3todSu32W3YBadWIBFBOYp8wkM4nexMqOQCe I+TCbaj0T3cJUA0hcWYPBjsoh9siN3FaB7HtPVJyuyoY2W3HFsa0wQsM0hfndi61zHhF WKSnaxEFNRXvPw9zWjcBJ4DBvrSIXxBnRpnOUchblqyYUnLL4fD9/keA0IwCQ4CJKIQY qSS3mj096tutP8z5m9/G9aNkqKn1vEcy7QuP/zKYuXl5L9xqGXjkW5lF2FdGfRmIV6ny jxtj7FFGRjfzEJuCPGh5Bs9aERB4oxCdecMVf4hsSb/KBDOPRZ4wZ+Zwvma2/hPKCdFE T1bg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=y2YNbnjzJ0d2TQ1zUXiafGQl1VKee2L9WeO7rx85Wns=; b=DAb+4+YnfrQpmKPTvDKt15TssBJmnHvHaChCLjNbfgHBJPr954eQ0WJdR4xmhLBjaI cb1gIJwzCT7Poign4gYJn7S42oNKi1v0Cktpw28gnuDIb/KbAOFmVtrcZ1yEiEaCP7GS iDClfXCIqfbVrX9v1empCirM053TZfX1S7GzSCbJ4MnuTxg0rH51wU5IZsSTo6+qpw5w 5AJFGF5RI+kpgVHvfJJNhTmWWQjCMIc+uyD9KlY9PK9a14NPNcF8ekGlnFY/wsO2Yaeg fve+l3CxgbRzvM/xGPw7Xt8zybwG/PzUSaXZ9qi5I5NRaE1HQdbTFEsDeB9KjaPdpdaF sPqQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=CwtOyKI9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id rn6si1848376ejb.16.2021.07.27.06.11.02; Tue, 27 Jul 2021 06:11:48 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=CwtOyKI9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236559AbhG0NJd (ORCPT + 99 others); Tue, 27 Jul 2021 09:09:33 -0400 Received: from mail.kernel.org ([198.145.29.99]:53944 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232123AbhG0NJc (ORCPT ); Tue, 27 Jul 2021 09:09:32 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 29B5A6128E; Tue, 27 Jul 2021 13:09:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1627391372; bh=cnOCxpBWFy1ZSQIeT84x/eo5g+Ecsp8pOFOwNxv9+eI=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=CwtOyKI9p04aB4SNAeQkELSUmSJwOoIZrNoAg7oCvnJ/1+EZdfaZZiMwd0VegjzcU klOfQwKU/eJEEYoQQKAaWZUUOCU+JuLrvX7pJlgTvQcIVfhE5JFO7FDOF4HlUXJ5E6 w5TMoUI8wb4sEc9LtsZ7wBIURIwpxAG8IZ/C0eevkOybw5c3zKHG1AI1y8lTrsk/9Q AYyMUxXg/ShXJfLnTDjgJn6sVItf7vth4b6PaDt2erpcjtOq1/1QxZGN7vCEx5qwjw 7kBm7PXUUQAb9/lqP3ifm/o5JOTEfaRDI1YIEu466lD9RSGcm81VaWHumwIk7xZ9+Q ZdkBO9Au0+EAQ== Date: Tue, 27 Jul 2021 15:09:30 +0200 From: Frederic Weisbecker To: nsaenzju@redhat.com, Marcelo Tosatti Cc: linux-kernel@vger.kernel.org, Nitesh Lal , Christoph Lameter , Juri Lelli , Peter Zijlstra , Alex Belits , Peter Xu , Thomas Gleixner Subject: Re: [patch 1/4] add basic task isolation prctl interface Message-ID: <20210727130930.GB283787@lothringen> References: <20210727103803.464432924@fuller.cnet> <20210727104119.551607458@fuller.cnet> <7b2d6bf91d30c007e19a7d2cbddcb2460e72d163.camel@redhat.com> <20210727110050.GA502360@fuller.cnet> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jul 27, 2021 at 02:38:15PM +0200, nsaenzju@redhat.com wrote: > Hi Marcelo, > > On Tue, 2021-07-27 at 08:00 -0300, Marcelo Tosatti wrote: > OK, sorry if I'm being thick, but what is the benefit of having a distincnt > PR_ISOL_MODE instead expressing everything as PR_ISOL_FEATURES. > > PR_ISOL_MODE_NONE == Empty PR_ISOL_FEATURES bitmap > > PR_ISOL_MODE_NORMAL == Bitmap of commonly used PR_ISOL_FEATURES > (we could introduce a define) > > PR_ISOL_MODE_NORMAL+PR_ISOL_VSYSCALLS == Custom bitmap > > Other than that, my rationale is that if you extend PR_ISOL_MODE_NORMAL's > behaviour as new features are merged, wouldn't you be potentially breaking > userspace (i.e. older applications might not like the new default)? I agree with Nicolas, and that was Thomas request too. Let's leave policy implementation to userspace and take only the individual isolation features to the kernel. CPU/Task isolation is a relatively young feature and many users don't communicate much about their needs. We don't know exactly how finegrained the ABI will need to be so let's not make too many high level assumptions. It's easy for userspace to set all isolation bits by itself. Besides, those bits will be implemented one by one over time, this means that a prctl() bit saying "isolate everything" will have a different behaviour as those features get integrated. And we really want well defined behaviours. Thanks.