From: Chris Metcalf <cmetcalf@mellanox.com>
To: Andy Lutomirski <luto@amacapital.net>, Kees Cook <keescook@chromium.org>
Cc: Thomas Gleixner <tglx@linutronix.de>,
Christoph Lameter <cl@linux.com>,
Andrew Morton <akpm@linux-foundation.org>,
Viresh Kumar <viresh.kumar@linaro.org>,
Ingo Molnar <mingo@kernel.org>,
Steven Rostedt <rostedt@goodmis.org>, Tejun Heo <tj@kernel.org>,
Gilad Ben Yossef <giladb@ezchip.com>,
Will Deacon <will.deacon@arm.com>, Rik van Riel <riel@redhat.com>,
Frederic Weisbecker <fweisbec@gmail.com>,
"Paul E. McKenney" <paulmck@linux.vnet.ibm.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
X86 ML <x86@kernel.org>, "H. Peter Anvin" <hpa@zytor.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Peter Zijlstra <peterz@infradead.org>
Subject: Re: [PATCH v10 09/12] arch/x86: enable task isolation functionality
Date: Wed, 9 Mar 2016 16:05:53 -0500 [thread overview]
Message-ID: <56E09031.8050007@mellanox.com> (raw)
In-Reply-To: <CALCETrVfKRZKV0ZQQn_ca0T7Ts5a6h2+4GEyoEFh31JOyg4XQw@mail.gmail.com>
On 3/9/2016 3:58 PM, Andy Lutomirski wrote:
>> My preference would be not to have to require all task-isolation users
>> >to also figure out all the complexities of creating BPF programs, so
>> >my intention is to have task isolation automatically generate a BPF
>> >program (just allowing prctl/exit/exit_group and failing everything
>> >else with SIGSYS). To support having it work this way, I open up
>> >the seccomp stuff a little so that kernel clients can effectively
>> >push/pop a BPF program into seccomp:
> That sounds like a great use case for the new libtaskisolation that
> someone is surely writing:)
Happily, task isolation is so simple an API that all that is needed is a prctl().
... Unless somehow a requirement to inflict a huge blob of eBPF into the kernel
just to use task isolation safely is added, of course :-)
--
Chris Metcalf, Mellanox Technologies
http://www.mellanox.com
next prev parent reply other threads:[~2016-03-09 21:06 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-02 20:09 [PATCH v10 00/12] support "task_isolation" mode Chris Metcalf
2016-03-02 20:09 ` Chris Metcalf
2016-03-02 20:09 ` [PATCH v10 01/12] vmstat: add quiet_vmstat_sync function Chris Metcalf
2016-03-02 20:09 ` [PATCH v10 02/12] vmstat: add vmstat_idle function Chris Metcalf
2016-03-02 20:09 ` [PATCH v10 03/12] lru_add_drain_all: factor out lru_add_drain_needed Chris Metcalf
2016-03-02 20:09 ` Chris Metcalf
2016-03-02 20:09 ` [PATCH v10 04/12] task_isolation: add initial support Chris Metcalf
2016-03-02 20:09 ` Chris Metcalf
2016-03-02 20:09 ` [PATCH v10 05/12] task_isolation: support CONFIG_TASK_ISOLATION_ALL Chris Metcalf
2016-03-03 18:34 ` Andi Kleen
2016-03-03 19:40 ` Chris Metcalf
2016-03-03 20:04 ` Andi Kleen
2016-03-05 12:31 ` Ingo Molnar
2016-03-02 20:09 ` [PATCH v10 06/12] task_isolation: support PR_TASK_ISOLATION_STRICT mode Chris Metcalf
2016-03-02 20:09 ` Chris Metcalf
2016-03-02 20:09 ` [PATCH v10 07/12] task_isolation: add debug boot flag Chris Metcalf
2016-03-02 20:37 ` Peter Zijlstra
2016-03-02 20:56 ` Chris Metcalf
2016-03-02 20:09 ` [PATCH v10 08/12] arm, tile: turn off timer tick for oneshot_stopped state Chris Metcalf
2016-03-02 20:09 ` [PATCH v10 09/12] arch/x86: enable task isolation functionality Chris Metcalf
2016-03-03 0:36 ` Andy Lutomirski
2016-03-03 19:52 ` Chris Metcalf
2016-03-03 23:46 ` Andy Lutomirski
2016-03-07 20:51 ` Chris Metcalf
2016-03-07 20:55 ` Andy Lutomirski
2016-03-08 20:40 ` Chris Metcalf
2016-03-09 20:58 ` Andy Lutomirski
2016-03-09 21:05 ` Chris Metcalf [this message]
2016-03-09 21:07 ` Andy Lutomirski
2016-03-09 21:13 ` Chris Metcalf
2016-03-09 21:10 ` Kees Cook
2016-03-09 21:18 ` Andy Lutomirski
2016-03-09 21:25 ` Kees Cook
2016-03-09 21:57 ` Andy Lutomirski
2016-03-02 20:09 ` [PATCH v10 10/12] arch/tile: " Chris Metcalf
2016-03-02 20:09 ` [PATCH v10 11/12] arm64: factor work_pending state machine to C Chris Metcalf
2016-03-02 20:09 ` Chris Metcalf
2016-03-04 16:38 ` Will Deacon
2016-03-04 16:38 ` Will Deacon
2016-03-04 20:02 ` Chris Metcalf
2016-03-04 20:02 ` Chris Metcalf
2016-03-14 10:29 ` Mark Rutland
2016-03-14 10:29 ` Mark Rutland
2016-03-02 20:09 ` [PATCH v10 12/12] arch/arm64: enable task isolation functionality Chris Metcalf
2016-03-02 20:09 ` Chris Metcalf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56E09031.8050007@mellanox.com \
--to=cmetcalf@mellanox.com \
--cc=akpm@linux-foundation.org \
--cc=catalin.marinas@arm.com \
--cc=cl@linux.com \
--cc=fweisbec@gmail.com \
--cc=giladb@ezchip.com \
--cc=hpa@zytor.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mingo@kernel.org \
--cc=paulmck@linux.vnet.ibm.com \
--cc=peterz@infradead.org \
--cc=riel@redhat.com \
--cc=rostedt@goodmis.org \
--cc=tglx@linutronix.de \
--cc=tj@kernel.org \
--cc=viresh.kumar@linaro.org \
--cc=will.deacon@arm.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.