| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 2 Dec 2021 18:44:34 +0100
From: Frederic Weisbecker <frederic@...nel.org>
To: Marcelo Tosatti <mtosatti@...hat.com>
Cc: linux-kernel@...r.kernel.org, Nitesh Lal <nilal@...hat.com>,
Nicolas Saenz Julienne <nsaenzju@...hat.com>,
Christoph Lameter <cl@...ux.com>,
Juri Lelli <juri.lelli@...hat.com>,
Peter Zijlstra <peterz@...radead.org>,
Alex Belits <abelits@...its.com>, Peter Xu <peterx@...hat.com>,
Thomas Gleixner <tglx@...utronix.de>,
Daniel Bristot de Oliveira <bristot@...hat.com>
Subject: Re: [patch v7 02/10] add prctl task isolation prctl docs and samples
On Mon, Nov 29, 2021 at 12:19:24PM -0300, Marcelo Tosatti wrote:
> On Tue, Nov 23, 2021 at 03:37:26PM +0100, Frederic Weisbecker wrote:
> > On Fri, Nov 12, 2021 at 09:35:33AM -0300, Marcelo Tosatti wrote:
> > > + - ``I_CFG_INHERIT``:
> > > + Set inheritance configuration when a new task
> > > + is created via fork and clone.
> > > +
> > > + The ``(int *)arg4`` argument is a pointer to::
> > > +
> > > + struct task_isol_inherit_control {
> > > + __u8 inherit_mask;
> > > + __u8 pad[7];
> > > + };
> > > +
> > > + inherit_mask is a bitmask that specifies which part
> > > + of task isolation should be inherited:
> > > +
> > > + - Bit ISOL_INHERIT_CONF: Inherit task isolation configuration.
> > > + This is the state written via prctl(PR_ISOL_CFG_SET, ...).
> > > +
> > > + - Bit ISOL_INHERIT_ACTIVE: Inherit task isolation activation
> > > + (requires ISOL_INHERIT_CONF to be set). The new task
> > > + should behave, after fork/clone, in the same manner
> > > + as the parent task after it executed:
> > > +
> > > + prctl(PR_ISOL_ACTIVATE_SET, &mask, ...);
> >
> > I'm confused, what is the purpose of ISOL_INHERIT_CONF?
>
> When ISOL_INHERIT_CONF is set, task isolation configuration (everything
> configured through PR_ISOL_CFG_SET) is copied across fork/clone
> (but not activation) so one can:
>
> 1) configure task isolation (with chisol, for example).
> 2) activate task isolation from the latency sensitive app:
>
> +This is a snippet of code to activate task isolation if
> +it has been previously configured (by chisol for example)::
> +
> + #include <sys/prctl.h>
> + #include <linux/types.h>
> +
> + #ifdef PR_ISOL_CFG_GET
> + unsigned long long fmask;
> +
> + ret = prctl(PR_ISOL_CFG_GET, I_CFG_FEAT, 0, &fmask, 0);
> + if (ret != -1 && fmask != 0) {
> + ret = prctl(PR_ISOL_ACTIVATE_SET, &fmask, 0, 0, 0);
> + if (ret == -1) {
> + perror("prctl PR_ISOL_ACTIVATE_SET");
> + return ret;
> + }
> + }
> + #endif
>
> Regarding the 3 possible modes of operation and their relation
> to ISOL_INHERIT_CONF / ISOL_INHERIT_ACTIVE:
>
> +This results in three combinations:
> +
> +1. Both configuration and activation performed by the
> +latency sensitive application.
> +Allows fine grained control of what task isolation
> +features are enabled and when (see samples section below).
>
> inherit_mask = 0
>
> +2. Only activation can be performed by the latency sensitive app
> +(and configuration performed by chisol).
> +This allows the admin/user to control task isolation parameters,
> +and applications have to be modified only once.
>
> inherit_mask = ISOL_INHERIT_CONF
>
> +3. Configuration and activation performed by an external tool.
> +This allows unmodified applications to take advantage of
> +task isolation. Activation is performed by the "-a" option
> +of chisol.
>
> inherit_mask = ISOL_INHERIT_ACTIVE
>
Doh yes of course, I read it too fast but it was actually clear.
Thanks!
Powered by blists - more mailing lists