Message ID | 20230110213010.2683185-1-avagin@google.com |
---|---|
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp2978321wrt; Tue, 10 Jan 2023 13:32:26 -0800 (PST) X-Google-Smtp-Source: AMrXdXvwyrMJVb84qulD32vJbdbHias5W82qmAkuiy7yMUDsLnXAUy9XI4rRcJBpO/F2+KXyeUye X-Received: by 2002:aa7:c6c2:0:b0:46b:aedf:f328 with SMTP id b2-20020aa7c6c2000000b0046baedff328mr58884756eds.20.1673386345985; Tue, 10 Jan 2023 13:32:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1673386345; cv=none; d=google.com; s=arc-20160816; b=irReJ8v/3uhx+ABUvZ+lCW7zPDN+dZWj3QK6ofcwVZQviFURtTj5f6wzE6TqS4bshC Dw2UTRcTfl0/5KVCNX2dcCIWXgOjyt9TQv3DXK7b3vXNbZuvAoBPUc+KF8K8uDseSnMw PW8xqP6v3iUIheC4q56TO7YiMhP8fKpKspL80he1PsXh0FlODaPE9ozxcsye2F4HFHi6 zcA0zDVELrwCvNxGHhKjs1Qh0KbxkISiEHFKKMqx+tvdokkT/lVWuoMAJKeqKLz0fItz /wogptjRSeIJTaFMEZ4Z0cxo9WiNrhvHe+5NgyiVu3RFf0WDSjQCeNt2hPQKwEyTdvnO qNMw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:from:subject :message-id:mime-version:date:dkim-signature; bh=kR7E5lKTXGCIxIfu8WA7EkUmjLuM6fKOUzhK6YsIuhE=; b=JpJwo3WmJNeOoHcR7JTM1qExYNckcoFRboQtkzTTIaM5DPZJQtkXBeMBzmwVc9SH98 cj/omGrKVZHBafBMPEBott1H0IugdSYXRI2pYst0rdOb3pr6minMmQ9pIGDBvFcji8rw D7IL9kMgpJhXoc4Bgp86Jc3TViaYQZCuzB3kTiCpdrLtMv3PzJU31syfGry3dW5vC/rf I3wIuynhvG6j0w+Oi8GbHX2WdbkyceOcQrdpaKPK2HjrzkPHD8X+GbCpuiVIXIN3yjXo nP1O13wAyyZsfXLSgKLJiZXxlvZFvmwVwJah0Mfc44omglu7oqLqWK5ERDJqRffmQkGV kbfg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=U0vOf0BG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ds13-20020a0564021ccd00b004775e6e0511si12857118edb.445.2023.01.10.13.32.02; Tue, 10 Jan 2023 13:32:25 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=U0vOf0BG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233118AbjAJVbT (ORCPT <rfc822;syz17693488234@gmail.com> + 99 others); Tue, 10 Jan 2023 16:31:19 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41106 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234562AbjAJVaS (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Tue, 10 Jan 2023 16:30:18 -0500 Received: from mail-pl1-x64a.google.com (mail-pl1-x64a.google.com [IPv6:2607:f8b0:4864:20::64a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F0D9063395 for <linux-kernel@vger.kernel.org>; Tue, 10 Jan 2023 13:30:17 -0800 (PST) Received: by mail-pl1-x64a.google.com with SMTP id n1-20020a170902e54100b00192cc6850ffso9176876plf.18 for <linux-kernel@vger.kernel.org>; Tue, 10 Jan 2023 13:30:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=content-transfer-encoding:cc:to:from:subject:message-id :mime-version:date:from:to:cc:subject:date:message-id:reply-to; bh=kR7E5lKTXGCIxIfu8WA7EkUmjLuM6fKOUzhK6YsIuhE=; b=U0vOf0BGKvhCP7pKH7UBvRVAOBoVvHGWrq1IH/IgkCmbZCucOkfHG2cgyi3w0M3S31 d1hVJ9WAUpxce+9HpybH0qgBtL++HpMxBdhAkx70EfjwJ31A0uAjm42l9I6aIZFSve8w wtf47yDgbxGwXSmASNCJMqBJD0ZYeGmOxJ2fWsGo9dmoWDrcuCTq6eScCuSpW2g+MFCU LdrIFKuy8SMyInFJnUsFugLrtIVUEsUod/UAmhro/LP2EIndNOiZAXoKcRgOQFG+qdRp XCe6kSj6FmCFHLZvIa6GsiM+O+LCQMMXix2uNmxZ9/6UAN5/KySv66cBv+Q1VuKo60Jv 0lRA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:cc:to:from:subject:message-id :mime-version:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=kR7E5lKTXGCIxIfu8WA7EkUmjLuM6fKOUzhK6YsIuhE=; b=k2eD68FdRi4YLsRMSFMiBj9Szmd4N6XfoqEMGjmAiSn6i5YRKo8VpERS9jl0NGcRuq mPJ7htSEzcBcoxi5/ffeVt7InD6kVMgxiAruRDC1IimPK/iCYbaumNXvKByW6hKwpiBV ZB5O8g6Crhpkk6ke+f3FJlVba11l7Mo++OVH4dzhaeg/Ko6kvPyEjVH6b+BWlnfRj9pO 0hVjGDEEaLEdd+xkUapbwx9V7nVndQKosTWmL1GJLgGwgcuV2nRvBt5c2Da75Sd8QGkD mHtrVGGZlpZhc8JmLqjpcAgeXeyV8IFg3CEF840TvAWMraJ5DePIoq1M8hOC+usCOgij N1dg== X-Gm-Message-State: AFqh2kpiFwrmmxSGfPlgIMtc9rN+jysS/MCaNKotuyd2sXR3+RHlKS9G E4x1Bc9BlAZK6r/g92dgzqWBmUinxu0= X-Received: from avagin.kir.corp.google.com ([2620:0:1008:11:6203:13b5:2d85:b75c]) (user=avagin job=sendgmr) by 2002:a17:902:b613:b0:193:37c2:89d1 with SMTP id b19-20020a170902b61300b0019337c289d1mr627749pls.80.1673386217384; Tue, 10 Jan 2023 13:30:17 -0800 (PST) Date: Tue, 10 Jan 2023 13:30:05 -0800 Mime-Version: 1.0 X-Mailer: git-send-email 2.39.0.314.g84b9a713c41-goog Message-ID: <20230110213010.2683185-1-avagin@google.com> Subject: [PATCH 0/5 v3 RESEND] seccomp: add the synchronous mode for seccomp_unotify From: Andrei Vagin <avagin@google.com> To: Peter Zijlstra <peterz@infradead.org>, Ingo Molnar <mingo@redhat.com>, Vincent Guittot <vincent.guittot@linaro.org>, Dietmar Eggemann <dietmar.eggemann@arm.com> Cc: linux-kernel@vger.kernel.org, Kees Cook <keescook@chromium.org>, Christian Brauner <brauner@kernel.org>, Andrei Vagin <avagin@gmail.com>, Andy Lutomirski <luto@amacapital.net>, Juri Lelli <juri.lelli@redhat.com>, Peter Oskolkov <posk@google.com>, Tycho Andersen <tycho@tycho.pizza>, Will Drewry <wad@chromium.org> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1754672760590047971?= X-GMAIL-MSGID: =?utf-8?q?1754672760590047971?= |
Series |
seccomp: add the synchronous mode for seccomp_unotify
|
|
Message
Andrei Vagin
Jan. 10, 2023, 9:30 p.m. UTC
From: Andrei Vagin <avagin@gmail.com>
seccomp_unotify allows more privileged processes do actions on behalf
of less privileged processes.
In many cases, the workflow is fully synchronous. It means a target
process triggers a system call and passes controls to a supervisor
process that handles the system call and returns controls back to the
target process. In this context, "synchronous" means that only one
process is running and another one is waiting.
The new WF_CURRENT_CPU flag advises the scheduler to move the wakee to
the current CPU. For such synchronous workflows, it makes context
switches a few times faster.
Right now, each interaction takes 12µs. With this patch, it takes about
3µs.
v2: clean up the first patch and add the test.
v3: update commit messages and a few fixes suggested by Kees Cook.
Kees is ready to take this patch set, but wants to get Acks from the
sched folks.
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Christian Brauner <brauner@kernel.org>
Cc: Dietmar Eggemann <dietmar.eggemann@arm.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Juri Lelli <juri.lelli@redhat.com>
Cc: Peter Oskolkov <posk@google.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Tycho Andersen <tycho@tycho.pizza>
Cc: Will Drewry <wad@chromium.org>
Cc: Vincent Guittot <vincent.guittot@linaro.org>
Andrei Vagin (4):
seccomp: don't use semaphore and wait_queue together
sched: add a few helpers to wake up tasks on the current cpu
seccomp: add the synchronous mode for seccomp_unotify
selftest/seccomp: add a new test for the sync mode of
seccomp_user_notify
Peter Oskolkov (1):
sched: add WF_CURRENT_CPU and externise ttwu
include/linux/completion.h | 1 +
include/linux/swait.h | 1 +
include/linux/wait.h | 3 +
include/uapi/linux/seccomp.h | 4 +
kernel/sched/completion.c | 12 +++
kernel/sched/core.c | 5 +-
kernel/sched/fair.c | 4 +
kernel/sched/sched.h | 13 +--
kernel/sched/swait.c | 11 +++
kernel/sched/wait.c | 5 ++
kernel/seccomp.c | 72 +++++++++++++--
tools/testing/selftests/seccomp/seccomp_bpf.c | 88 +++++++++++++++++++
12 files changed, 204 insertions(+), 15 deletions(-)