Message ID | 20230124234156.211569-1-avagin@google.com |
---|---|
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2429502wrn; Tue, 24 Jan 2023 15:44:59 -0800 (PST) X-Google-Smtp-Source: AMrXdXtfXQZs6XCqdO2dg4ytbBsJO81VbHu2R6zPYHMWWgHSoT1YvP8iFmTsMcPlSbyiHFTEtWyg X-Received: by 2002:a17:90a:5410:b0:226:de98:ee43 with SMTP id z16-20020a17090a541000b00226de98ee43mr30904088pjh.43.1674603899082; Tue, 24 Jan 2023 15:44:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674603899; cv=none; d=google.com; s=arc-20160816; b=Om19SrqA8CkDhL2zJD/Ga+NnTJ8EgOkJqW+uCdPku3pvJkUuwkGaZ1GQBwYfqg91m/ 0/FlgS8J5f40cJBPeoyoaC0ooDLrrwhXUByhxHXyKTW/LZ89asEtwSiTX5ynvgmRz9FQ kwjg3ejw67t1InliCrzBSuH/ysHH6LS8hYYP4lQucDfrMLhktyMuWQjAOAV2XyWfuhxL 3ESLvY27bp3OByGFf4oV0U5+2tylADH2TX82981mDgGAD6IZ/J+HQ0trq72yCIAtG9Cb r2C/3EJhyb8UDd5GGVaJTo7+J7iX7nr+5+a6Lt/+A666SdhLHb82pYy1K8XJQwo41+Up b5xQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:from:subject :message-id:mime-version:date:dkim-signature; bh=hkhD0Tw+OGmOLT92C/MUl6CgkknkQumZIN+qYMh4b14=; b=H972yaseVqMF8vpZWUXfjdGxYndrTMuxALTC7RGJ0+G7XrfiK3dnWtq7TT7btpP9xe Gp0bPkCjSey/4DwX6rvBt5xXxveqEmF7Up8R3jzPpQf9IXBi39M2b9zNO0Sm32A5ften V0wNrbYFfJp3Byjk2MJJDk1IXdPxslRQNRLJRHXoffRq1RgB/Gj7tWQNDLiAg+rI6SBl c8WGa9tNi2rPiVW3olcfG9b7Q9IuYqVV75wB5CzIAFlxTUvwhCINWne97o/thN6jiaad vwBoReK4eaiOS6TJDCNiphhcGx4745cX/d6ZFtjRLuEM7gH0Bef2oLeke17w+2t/wWPY fJ7g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=rpxhqe6M; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id g13-20020a17090a7d0d00b0022bb9ac7a5asi262155pjl.122.2023.01.24.15.44.46; Tue, 24 Jan 2023 15:44:59 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=rpxhqe6M; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230469AbjAXXmF (ORCPT <rfc822;rust.linux@gmail.com> + 99 others); Tue, 24 Jan 2023 18:42:05 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39722 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229545AbjAXXmD (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Tue, 24 Jan 2023 18:42:03 -0500 Received: from mail-pj1-x104a.google.com (mail-pj1-x104a.google.com [IPv6:2607:f8b0:4864:20::104a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 84939366AD for <linux-kernel@vger.kernel.org>; Tue, 24 Jan 2023 15:42:02 -0800 (PST) Received: by mail-pj1-x104a.google.com with SMTP id gn18-20020a17090ac79200b0022bef1f49c9so1330129pjb.0 for <linux-kernel@vger.kernel.org>; Tue, 24 Jan 2023 15:42:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=content-transfer-encoding:cc:to:from:subject:message-id :mime-version:date:from:to:cc:subject:date:message-id:reply-to; bh=hkhD0Tw+OGmOLT92C/MUl6CgkknkQumZIN+qYMh4b14=; b=rpxhqe6MCriifM80NUUvU2aDSKqKs8WddMRwE/ftpPTXaoGRZr2NxeJBrBZjCFbimD Po2hXKdAwNgq2sQ79QGoT6/FgjNb1u71+505eeIpOj9PyExY9NSGj5DswGU3tt66+U5c IbX9qcAHswmWI6TQcm/FcEZ7wDgRdu6jTLf1/dnO9L7Vk0ynwYpj281qV2QsEIHEIKDa RlvWoPvOw5qsmAOGSVfOz1vC7rr9GJw/kR6cYBqS5c3JMqvTTkA4gug3xXBksN1JZipH 0gk8ZwOAjqGRlgD2RX+GFh01D4zMBg38VczOz6/kVhwF6xxfnDsIVIRnB8BzR0coU0d4 wEVw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:cc:to:from:subject:message-id :mime-version:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=hkhD0Tw+OGmOLT92C/MUl6CgkknkQumZIN+qYMh4b14=; b=V1tjhJvPms5IyO9Dl7VjQ+N4aa76JkPtGXdYyusYg9SMu4nJ+AsFzpZaOdrYl/qonY YoUBrbFdcsiFCUT+ht6j7lne4tjE+aXbU9ZhqmKOhXPUfSINzzGPYpp8NwASoAE/Obpp PEbx31UeWXDMTGOWdEiD9AxvYGGfw2hECK545CNpImlxxLqlDDluKMoIKM4GsjjZRTAg egc8VSEZtVZXWU2KdnR0vqoSdoRfLcAQ4xEVqVynhMDaV7s8bRDLg1t7a59M/trDjN/w Hg0DYp02yCNZfiL/dtnCVahlwsl2/k1YabPJL//t+mdh8Dtcalc5DboDdrbIHVc5qBvx cdOQ== X-Gm-Message-State: AFqh2koZkThH3rJyZAmdzx8uBrgNWiKcQG2UbJ4c4Kisve6ge59EJsUI AMuS4Iw4w5hAyI7mAat/kxolWRtED0U= X-Received: from avagin.kir.corp.google.com ([2620:0:1008:11:cf1b:2f7f:3ca1:6488]) (user=avagin job=sendgmr) by 2002:a17:90a:9b8c:b0:228:d2c5:5b35 with SMTP id g12-20020a17090a9b8c00b00228d2c55b35mr2732741pjp.98.1674603721876; Tue, 24 Jan 2023 15:42:01 -0800 (PST) Date: Tue, 24 Jan 2023 15:41:50 -0800 Mime-Version: 1.0 X-Mailer: git-send-email 2.39.1.405.gd4c25cc71f-goog Message-ID: <20230124234156.211569-1-avagin@google.com> Subject: [PATCH 0/6 v4] seccomp: add the synchronous mode for seccomp_unotify From: Andrei Vagin <avagin@google.com> To: Peter Zijlstra <peterz@infradead.org> Cc: linux-kernel@vger.kernel.org, Kees Cook <keescook@chromium.org>, Christian Brauner <brauner@kernel.org>, Chen Yu <yu.c.chen@intel.com>, Andrei Vagin <avagin@gmail.com>, Andy Lutomirski <luto@amacapital.net>, Dietmar Eggemann <dietmar.eggemann@arm.com>, Ingo Molnar <mingo@redhat.com>, Juri Lelli <juri.lelli@redhat.com>, Peter Oskolkov <posk@google.com>, Tycho Andersen <tycho@tycho.pizza>, Will Drewry <wad@chromium.org>, Vincent Guittot <vincent.guittot@linaro.org> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755949458165254428?= X-GMAIL-MSGID: =?utf-8?q?1755949458165254428?= |
Series |
seccomp: add the synchronous mode for seccomp_unotify
|
|
Message
Andrei Vagin
Jan. 24, 2023, 11:41 p.m. UTC
From: Andrei Vagin <avagin@gmail.com>
seccomp_unotify allows more privileged processes do actions on behalf
of less privileged processes.
In many cases, the workflow is fully synchronous. It means a target
process triggers a system call and passes controls to a supervisor
process that handles the system call and returns controls back to the
target process. In this context, "synchronous" means that only one
process is running and another one is waiting.
The new WF_CURRENT_CPU flag advises the scheduler to move the wakee to
the current CPU. For such synchronous workflows, it makes context
switches a few times faster.
Right now, each interaction takes 12µs. With this patch, it takes about
3µs.
v2: clean up the first patch and add the test.
v3: update commit messages and a few fixes suggested by Kees Cook.
v4: update the third patch to avoid code duplications (suggested by
Peter Zijlstra)
Add the benchmark to the perf bench set.
Kees is ready to take this patch set, but wants to get Acks from the
sched folks.
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Christian Brauner <brauner@kernel.org>
Cc: Dietmar Eggemann <dietmar.eggemann@arm.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Juri Lelli <juri.lelli@redhat.com>
Cc: Peter Oskolkov <posk@google.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Tycho Andersen <tycho@tycho.pizza>
Cc: Will Drewry <wad@chromium.org>
Cc: Vincent Guittot <vincent.guittot@linaro.org>
Andrei Vagin (4):
seccomp: don't use semaphore and wait_queue together
sched: add a few helpers to wake up tasks on the current cpu
seccomp: add the synchronous mode for seccomp_unotify
selftest/seccomp: add a new test for the sync mode of
seccomp_user_notify
Peter Oskolkov (1):
sched: add WF_CURRENT_CPU and externise ttwu
include/linux/completion.h | 1 +
include/linux/swait.h | 2 +-
include/linux/wait.h | 3 +
include/uapi/linux/seccomp.h | 4 +
kernel/sched/completion.c | 26 ++-
kernel/sched/core.c | 5 +-
kernel/sched/fair.c | 4 +
kernel/sched/sched.h | 13 +-
kernel/sched/swait.c | 8 +-
kernel/sched/wait.c | 5 +
kernel/seccomp.c | 72 +++++++-
tools/arch/x86/include/uapi/asm/unistd_32.h | 3 +
tools/arch/x86/include/uapi/asm/unistd_64.h | 3 +
tools/perf/bench/Build | 1 +
tools/perf/bench/bench.h | 1 +
tools/perf/bench/sched-seccomp-notify.c | 167 ++++++++++++++++++
tools/perf/builtin-bench.c | 1 +
tools/testing/selftests/seccomp/seccomp_bpf.c | 55 ++++++
18 files changed, 346 insertions(+), 28 deletions(-)
create mode 100644 tools/perf/bench/sched-seccomp-notify.c
Comments
On Tue, Jan 24, 2023, Andrei Vagin wrote:
> From: Andrei Vagin <avagin@gmail.com>
Is attributing your personal email intentional, or is user.email in your git config
misconfigured? Quite a few folks use non-corp accounts, but I don't think I've
ever seen a case where someone intentionally posts from their corp email on behalf
of a personal account.
I don't mean to be the SoB police, this just stood out as being very odd.
On Wed, Jan 25, 2023 at 9:46 AM Sean Christopherson <seanjc@google.com> wrote: > > On Tue, Jan 24, 2023, Andrei Vagin wrote: > > From: Andrei Vagin <avagin@gmail.com> > > Is attributing your personal email intentional, or is user.email in your git config > misconfigured? Quite a few folks use non-corp accounts, but I don't think I've > ever seen a case where someone intentionally posts from their corp email on behalf > of a personal account. > > I don't mean to be the SoB police, this just stood out as being very odd. I was more often working on kernel changes unrelated to my work at Google. They were around the CRIU project. It is why I used my personal email in the kernel git config. I will fix that. Thanks, Andrei