Date:   Wed, 25 Jan 2023 20:30:32 -0500
From:   Gregory Price <gregory.price@memverge.com>
To:     Oleg Nesterov <oleg@redhat.com>
Cc:     Gregory Price <gourry.memverge@gmail.com>,
        linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org,
        avagin@gmail.com, peterz@infradead.org, luto@kernel.org,
        krisman@collabora.com, tglx@linutronix.de, corbet@lwn.net,
        shuah@kernel.org
Subject: Re: [PATCH v6 1/2] ptrace,syscall_user_dispatch: Implement Syscall
 User Dispatch Suspension
Message-ID: <Y9HXuF95LeqSWTB9@memverge.com>
References: <20230125025126.787431-1-gregory.price@memverge.com>
 <20230125025126.787431-2-gregory.price@memverge.com>
 <20230126003008.GA31684@redhat.com>
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20230126003008.GA31684@redhat.com>
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?44/xvCWfUkfGhflQaLz/SErdsXWTGqaf8tLmco+wUn8qdjjsfQIHrT/7nBo+?=
 =?us-ascii?Q?gU3iRT3yFHB2P/9w2HHqA31tZ+fIzl1Wz+37UAYx/aNKuWwoBaMPtzRm9Mpb?=
 =?us-ascii?Q?pGf6UMp5ALHbhUqoTpAdMALoq1wliiq+8p7luYcc7MseBko/IiFgT4unMxec?=
 =?us-ascii?Q?Oa2VR5s5VwRt+YxkIQcjtkaCTwL8n3drREAQM86qkLq14Kl/jRiZIcOUXBbV?=
 =?us-ascii?Q?eAadoYhVy2j9GUb9Pwnz4RIZT3tU9elFR/3L8TxvGDtuvnKSrQJnk73Hur1H?=
 =?us-ascii?Q?mxO/WyimZut41Ab8/TVj3CeMwSf1FBpGL/QMTk6+mSloRLK8clYbbaeYa3Sl?=
 =?us-ascii?Q?Bi95U64+Dz8MBUMa8xKmRWjfHeqjM3DoUXXsEkk5BAZw+UVPGDMhYdgVLoV1?=
 =?us-ascii?Q?/W21PDP3cRQBU1QqeYPdEjrt052QxQj+czBcDRgl6pxAwDw+MarLhlTDm2dp?=
 =?us-ascii?Q?/ovPoInTlMCTChWs0YDeVYEcUIIDTGo/L0oMgUOC/kTHe1hltzl98ug/4CGN?=
 =?us-ascii?Q?27My0QKV/opZPvLLsnmOUcRTyPIyHvb9v+fR8UP39wfNDHYianHKdzJ/doy9?=
 =?us-ascii?Q?6B5GO6GuZiuF23V3vVpBC0EfPJVBFIX9kGCygIPpu7FD9Igy2f10oh40G8us?=
 =?us-ascii?Q?0QsoY/avpZLrAYwlwXcZdAWR4SwS2uUvgYDu/yIRYdgDgZAVuTNtBbuuYEQl?=
 =?us-ascii?Q?FTRTBjkp+YLFqyzzxrv5evq/hIjke9zwkr9aSHiWBWK1W+9AfQkwOdnT+PNT?=
 =?us-ascii?Q?ctBSzJUyqi3Vn9Ib1Toe+X2KTmy7FyO7QVw8oRw+f1ks3G7CGu8lL6ne5TNx?=
 =?us-ascii?Q?SBN+Qo1s5TXNB8iql5VpDG62axy7bNxHNs1LZq8ipemR/FOeeLXEgFbfsd5t?=
 =?us-ascii?Q?bTbNtytFPkyjT010oYp0PgA9uQyR04A1eKbywpVnds5CXf0PRfguVaVWoOk8?=
 =?us-ascii?Q?wk7dRFG4m6wB/PY7lLl1y/gLwcecZixOSVPOVQ8uXUo55G1/9tf0wh+7/Uv4?=
 =?us-ascii?Q?VeUiE3K8s9wTXHtIhRTR9mDb6DPcIHvvd6JcBCdcxE+kc6HCEQAnv4Aupvjz?=
 =?us-ascii?Q?Tl4sS+St1t0aA/VkTQQ3IwuzJTBzSOarmmMI+vuBsZDPOxsc9f2Rk7S28kHC?=
 =?us-ascii?Q?WG2WsVmhoEV5J6Sech4pbnfzdGN5OeDPMHejc/aTsbfF0eLpkplDSmk1YZ0e?=
 =?us-ascii?Q?sT9l/oCrPCsunk0jFbzfxa3LLb/DFbUmfMMZpnvgVjV2W+IdQqUtBMVOIwEi?=
 =?us-ascii?Q?dmQREcy0Xo8pa+Rnv8YER0CDUq3ST4NaS6moNkn0XWwbKQKx8/9ohNjP2XZ+?=
 =?us-ascii?Q?ymwdsjJCVRxOLHZ9t42aYCxR8kSUyfSc/KvXWPhtvegDDPZOv4Jtqs7E+cOz?=
 =?us-ascii?Q?xMbdY0tRtPteMg085RkRDRfJZ/t1/A2RURNfjdo/UU6owpljIEskd096wdr4?=
 =?us-ascii?Q?9Ik0ct0TpVzj5944rJSUikwAKpWF5Qbx4AebWQvPmahW+KHU4cSmuXaif0ZU?=
 =?us-ascii?Q?RaWixLum7aGPlFTCuSHbtr4kr5gGxqtRypJfH6Nnw6neZWsFT6UZEjqfbUQj?=
 =?us-ascii?Q?A7ox0GvIKq129T5PaqFm5zi4/nzZoEt5icqSnlez2JJDjWivy6zQY3+ZuOyJ?=
 =?us-ascii?Q?aQ=3D=3D?=
X-OriginatorOrg: memverge.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8d0d2673-10a1-4e51-b7f9-08daff3cf0ae
X-MS-Exchange-CrossTenant-AuthSource: BN6PR17MB3121.namprd17.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2023 01:30:42.9636
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 5c90cb59-37e7-4c81-9c07-00473d5fb682
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: hVBEH0ORLFVa/gwpmK0srKilv3byqiMdhaKrJtSomT2LJRsXkJDOg9SsZX/JVABqofZ1X+6KRQPtbQ9YBZw4IAvocbItV9VsaS4IUt2Kt/Q=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR17MB4542
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Jan 26, 2023 at 01:30:08AM +0100, Oleg Nesterov wrote:
> On 01/24, Gregory Price wrote:
> >
> > Adds PTRACE_O_SUSPEND_SYSCALL_USER_DISPATCH to ptrace options, and
> > modify Syscall User Dispatch to suspend interception when enabled.
> >
> > This is modeled after the SUSPEND_SECCOMP feature, which suspends
> > SECCOMP interposition.  Without doing this, software like CRIU will
> > inject system calls into a process and be intercepted by Syscall
> > User Dispatch, either causing a crash (due to blocked signals) or
> > the delivery of those signals to a ptracer (not the intended behavior).
> 
> Cough... Gregory, I am sorry ;)
> 
> but can't we drop this patch to ?
> 
> CRIU needs to do PTRACE_SET_SYSCALL_USER_DISPATCH_CONFIG and check
> config->mode anyway as we discussed.
> 
> Then it can simply set *config->selector = SYSCALL_DISPATCH_FILTER_ALLOW
> with the same effect, no?
> 
> Oleg.
> 

The selector is optional, but the core idea seems reasonable.

Though I think this complicates the quiesce vs checkpoint phases a bit.

My best understanding of CRIU is there are (at least) two checkpoint
phases: quiesce and checkpoint. The intent of patch 1/2 is to aid the
quiesce phase, not the checkpoint phase.

In both phases the `compel` code is used to inject system calls, so
turning SUD off is required.  That can obviously be achieved via saving
with get_config, and just clearing it entirely with set_config.

I'm NOT sure whether the `compel` code can save settings that the
`cr-check` code then saves to disc, or if `compel` is standalone. I will
go check this and report back.

The only other concern is one of how it's restored, and in what order
compared to SECCOMP - for the absolute insane case of someone running a
SUD task inside a locked down cgroup? Technically possible (TM)!

We may find that the suspend flag is "just easier" but not required.

I do think more-simple-is-more-better, though, so I will investigate.

~Gregory