Re: [PATCH v6 1/2] ptrace,syscall_user_dispatch: Implement Syscall User Dispatch Suspension

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Gregory Price <gregory.price@memverge.com>
To: Oleg Nesterov <oleg@redhat.com>
Cc: Gregory Price <gourry.memverge@gmail.com>,
	linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org,
	avagin@gmail.com, peterz@infradead.org, luto@kernel.org,
	krisman@collabora.com, tglx@linutronix.de, corbet@lwn.net,
	shuah@kernel.org
Subject: Re: [PATCH v6 1/2] ptrace,syscall_user_dispatch: Implement Syscall User Dispatch Suspension
Date: Wed, 25 Jan 2023 20:30:32 -0500	[thread overview]
Message-ID: <Y9HXuF95LeqSWTB9@memverge.com> (raw)
In-Reply-To: <20230126003008.GA31684@redhat.com>

On Thu, Jan 26, 2023 at 01:30:08AM +0100, Oleg Nesterov wrote:
> On 01/24, Gregory Price wrote:
> >
> > Adds PTRACE_O_SUSPEND_SYSCALL_USER_DISPATCH to ptrace options, and
> > modify Syscall User Dispatch to suspend interception when enabled.
> >
> > This is modeled after the SUSPEND_SECCOMP feature, which suspends
> > SECCOMP interposition.  Without doing this, software like CRIU will
> > inject system calls into a process and be intercepted by Syscall
> > User Dispatch, either causing a crash (due to blocked signals) or
> > the delivery of those signals to a ptracer (not the intended behavior).
> 
> Cough... Gregory, I am sorry ;)
> 
> but can't we drop this patch to ?
> 
> CRIU needs to do PTRACE_SET_SYSCALL_USER_DISPATCH_CONFIG and check
> config->mode anyway as we discussed.
> 
> Then it can simply set *config->selector = SYSCALL_DISPATCH_FILTER_ALLOW
> with the same effect, no?
> 
> Oleg.
> 

The selector is optional, but the core idea seems reasonable.

Though I think this complicates the quiesce vs checkpoint phases a bit.

My best understanding of CRIU is there are (at least) two checkpoint
phases: quiesce and checkpoint. The intent of patch 1/2 is to aid the
quiesce phase, not the checkpoint phase.

In both phases the `compel` code is used to inject system calls, so
turning SUD off is required.  That can obviously be achieved via saving
with get_config, and just clearing it entirely with set_config.

I'm NOT sure whether the `compel` code can save settings that the
`cr-check` code then saves to disc, or if `compel` is standalone. I will
go check this and report back.

The only other concern is one of how it's restored, and in what order
compared to SECCOMP - for the absolute insane case of someone running a
SUD task inside a locked down cgroup? Technically possible (TM)!

We may find that the suspend flag is "just easier" but not required.

I do think more-simple-is-more-better, though, so I will investigate.

~Gregory

next prev parent reply	other threads:[~2023-01-26  1:30 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-01-25  2:51 [PATCH v6 0/2] Gregory Price
2023-01-25  2:51 ` [PATCH v6 1/2] ptrace,syscall_user_dispatch: Implement Syscall User Dispatch Suspension Gregory Price
2023-01-26  0:30   ` Oleg Nesterov
2023-01-26  1:30     ` Gregory Price [this message]
2023-01-26  4:43     ` Gregory Price
     [not found]     ` <CANaxB-xn0wW5xA_CT7bA5=jig+td__EDKPBWSpZdfgMgVOezCg@mail.gmail.com>
2023-01-26  5:26       ` Gregory Price
2023-01-26 15:10         ` Oleg Nesterov
2023-01-26 18:09         ` Andrei Vagin
2023-01-26 15:07       ` Oleg Nesterov
2023-01-26 17:45         ` Andrei Vagin
2023-01-26 17:52           ` Gregory Price
2023-01-26 18:30             ` Andrei Vagin
2023-01-26 18:30           ` Oleg Nesterov
2023-01-26 18:46             ` Gregory Price
2023-01-26 18:53             ` Andrei Vagin
2023-01-26 19:01               ` Gregory Price
2023-01-25  2:51 ` [PATCH v6 2/2] ptrace,syscall_user_dispatch: add a getter/setter for sud configuration Gregory Price
2023-01-25  7:14   ` kernel test robot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Y9HXuF95LeqSWTB9@memverge.com \
    --to=gregory.price@memverge.com \
    --cc=avagin@gmail.com \
    --cc=corbet@lwn.net \
    --cc=gourry.memverge@gmail.com \
    --cc=krisman@collabora.com \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@kernel.org \
    --cc=oleg@redhat.com \
    --cc=peterz@infradead.org \
    --cc=shuah@kernel.org \
    --cc=tglx@linutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.