[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <m1eee0xcqo.fsf@fess.ebiederm.org>
Date: Fri, 21 May 2021 11:39:27 -0500
From: ebiederm@...ssion.com (Eric W. Biederman)
To: Sargun Dhillon <sargun@...gun.me>
Cc: Linux Containers <containers@...ts.linux.dev>,
LKML <linux-kernel@...r.kernel.org>,
Kees Cook <keescook@...omium.org>,
Christian Brauner <christian.brauner@...ntu.com>,
Andy Lutomirski <luto@...nel.org>,
Tycho Andersen <tycho@...ho.pizza>,
Giuseppe Scrivano <gscrivan@...hat.com>,
Rodrigo Campos <rodrigo@...volk.io>,
Mauricio Vásquez Bernal <mauricio@...volk.io>
Subject: Re: Preemption Signal Management
Sargun Dhillon <sargun@...gun.me> writes:
> Andy pointed out that we need a mechanism to determine whether or
> notifications are preempted. He suggested we use EPOLLPRI to indicate
> whether or not notifications are preempted. My outstanding question is
> whether or not we need to be able to get insight of what caused the
> preemption, and to which notification.
Can I have some context please? Perhaps links to the previous
conversations?
The subject sounds like you are talking about those things that are
delivered as the result of kill(2) but the rest does not. What are
notification ids?
Is this a seccomp design choice?
> In the past, Christian has suggested just background polling
> notification IDs for validity, which is a fine mechanism to determine
> that preemption has occurred. We could raise EPOLLPRI whenever a
> notification has changed into the preempted state, but that would
> require an O(n) operations across all outstanding notifications to
> determine which one was preempted, and in addition, it doesn't give a
> lot of information as to why the preemption occurred (fatal signal,
> preemption?).
>
> In order to try to break this into small parts, I suggest:
> 1. We make it so EPOLLPRI is raised (always) on preempted notifications
> 2. We allow the user to set a flag to "track" notifications. If they
> specify this flag, they can then run a "stronger" ioctl -- let's say
> SECCOMP_IOCTL_NOTIF_STATUS, which, if the flag was specified upon
> receiving the notification will return the current state of the
> notification and if a signal preempted it, it will always do that.
>
> ---
> Alternatively (and this is my preference), we add another filter flag,
> like SECCOMP_FILTER_FLAG_NOTIF_PREEMPT, which changes the behaviour
> to:
> 1. Raise EPOLLPRI on preempted notifications
> 2. All preemption notifications must be cleared via
> SECCOMP_IOCTL_NOTIF_RECV_STATUS.
>
> Opinions?
Powered by blists - more mailing lists