Re: [PATCH 0/5 v3] seccomp: add the synchronous mode for seccomp_unotify

From: Andrei Vagin
Date: Tue Dec 06 2022 - 01:53:10 EST

Next message: Jiri Slaby: "Re: [PATCH v3 2/2] earlycon: Increase options size"
Previous message: Artem Chernyshev: "Re: [PATCH v3] net: vmw_vsock: vmci: Check memcpy_from_msg()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Nov 21, 2022 at 11:52 PM Andrei Vagin <avagin@xxxxxxxxx> wrote:
>
> On Fri, Nov 18, 2022 at 2:38 PM Kees Cook <keescook@xxxxxxxxxxxx> wrote:
> >
> > On Thu, Nov 10, 2022 at 11:31:49PM -0800, Andrei Vagin wrote:
> > > From: Andrei Vagin <avagin@xxxxxxxxx>
> > >
> > > seccomp_unotify allows more privileged processes do actions on behalf
> > > of less privileged processes.
> > >
> > > In many cases, the workflow is fully synchronous. It means a target
> > > process triggers a system call and passes controls to a supervisor
> > > process that handles the system call and returns controls back to the
> > > target process. In this context, "synchronous" means that only one
> > > process is running and another one is waiting.
> > >
> > > The new WF_CURRENT_CPU flag advises the scheduler to move the wakee to
> > > the current CPU. For such synchronous workflows, it makes context
> > > switches a few times faster.
> > >
> > > Right now, each interaction takes 12盜. With this patch, it takes about
> > > 3盜.
> > >
> > > v2: clean up the first patch and add the test.
> > > v3: update commit messages and a few fixes suggested by Kees Cook.
> >
> > Thanks for the update! If I can get Acks from the sched folks, I think
> > this looks good to take.
>
> Peter, Ingo, could you take a look at this series?

Friendly ping

>
> Thanks,
> Andrei

Next message: Jiri Slaby: "Re: [PATCH v3 2/2] earlycon: Increase options size"
Previous message: Artem Chernyshev: "Re: [PATCH v3] net: vmw_vsock: vmci: Check memcpy_from_msg()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]