Post-merge-window ping (Re: [PATCH v4 0/5] x86: two-phase syscall tracing and seccomp fastpath)

Post-merge-window ping (Re: [PATCH v4 0/5] x86: two-phase syscall tracing and seccomp fastpath)

[Andy Lutomirski]

On Mon, Jul 28, 2014 at 8:38 PM, Andy Lutomirski <luto@amacapital.net> wrote:
> This applies to:
> git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git seccomp-fastpath
>
> Gitweb:
> https://git.kernel.org/cgit/linux/kernel/git/kees/linux.git/log/?h=seccomp/fastpath

Hi all-

AFAIK the only thing that's changed since I submitted it is that the
3.17 merge window is closed.  Kees rebased the tree this applies to,
but I think the patches all still apply.  What, if anything, do I need
to do to help this along for 3.18?

--Andy

>
> This is both a cleanup and a speedup.  It reduces overhead due to
> installing a trivial seccomp filter by 87%.  The speedup comes from
> avoiding the full syscall tracing mechanism for filters that don't
> return SECCOMP_RET_TRACE.
>
> This series depends on splitting the seccomp hooks into two phases.
> The first phase evaluates the filter; it can skip syscalls, allow
> them, kill the calling task, or pass a u32 to the second phase.  The
> second phase requires a full tracing context, and it sends ptrace
> events if necessary.  The seccomp core part is in Kees' seccomp/fastpath
> tree.
>
> These patches implement a similar split for the x86 syscall
> entry work.  The C callback is invoked in two phases: the first has
> only a partial frame, and it can request phase 2 processing with a
> full frame.
>
> Finally, I switch the 64-bit system_call code to use the new split
> entry work.  This is a net deletion of assembly code: it replaces
> all of the audit entry muck.
>
> In the process, I fixed some bugs.
>
> If this is acceptable, someone can do the same tweak for the
> ia32entry and entry_32 code.
>
> This passes all seccomp tests that I know of.
>
> Changes from v3:
>  - Dropped the core seccomp changes from the email -- Kees has applied them.
>  - Add patch 2 (the TIF_NOHZ change).
>  - Fix TIF_NOHZ in the two-phase entry code (thanks, Oleg).
>
> Changes from v2:
>  - Fixed 32-bit x86 build (and the tests pass).
>  - Put the doc patch where it belongs.
>
> Changes from v1:
>  - Rebased on top of Kees' shiny new seccomp tree (no effect on the x86
>    part).
>  - Improved patch 6 vs patch 7 split (thanks Alexei!)
>  - Fixed bogus -ENOSYS in patch 5 (thanks Kees!)
>  - Improved changelog message in patch 6.
>
> Changes from RFC version:
>  - The first three patches are more or less the same
>  - The rest is more or less a rewrite
>
>
> Andy Lutomirski (5):
>   x86,x32,audit: Fix x32's AUDIT_ARCH wrt audit
>   x86,entry: Only call user_exit if TIF_NOHZ
>   x86: Split syscall_trace_enter into two phases
>   x86_64,entry: Treat regs->ax the same in fastpath and slowpath
>     syscalls
>   x86_64,entry: Use split-phase syscall_trace_enter for 64-bit syscalls
>
>  arch/x86/include/asm/calling.h |   6 +-
>  arch/x86/include/asm/ptrace.h  |   5 ++
>  arch/x86/kernel/entry_64.S     |  51 +++++--------
>  arch/x86/kernel/ptrace.c       | 159 ++++++++++++++++++++++++++++++++++-------
>  4 files changed, 161 insertions(+), 60 deletions(-)
>
> --
> 1.9.3
>



-- 
Andy Lutomirski
AMA Capital Management, LLC

Re: Post-merge-window ping (Re: [PATCH v4 0/5] x86: two-phase syscall tracing and seccomp fastpath)

[Alexei Starovoitov]

On Tue, Aug 26, 2014 at 6:32 PM, Andy Lutomirski <luto@amacapital.net> wrote:
> On Mon, Jul 28, 2014 at 8:38 PM, Andy Lutomirski <luto@amacapital.net> wrote:
>> This applies to:
>> git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git seccomp-fastpath
>>
>> Gitweb:
>> https://git.kernel.org/cgit/linux/kernel/git/kees/linux.git/log/?h=seccomp/fastpath
>
> Hi all-
>
> AFAIK the only thing that's changed since I submitted it is that the
> 3.17 merge window is closed.  Kees rebased the tree this applies to,
> but I think the patches all still apply.  What, if anything, do I need
> to do to help this along for 3.18?
>

+1
I think it's not just an optimization of seccomp path, but I feel
in the future it will help me speedup syscall tracepoints which
are quite slow right now comparing to kprobes...

Re: Post-merge-window ping (Re: [PATCH v4 0/5] x86: two-phase syscall tracing and seccomp fastpath)

[H. Peter Anvin]

On 08/26/2014 06:32 PM, Andy Lutomirski wrote:
> On Mon, Jul 28, 2014 at 8:38 PM, Andy Lutomirski <luto@amacapital.net> wrote:
>> This applies to:
>> git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git seccomp-fastpath
>>
>> Gitweb:
>> https://git.kernel.org/cgit/linux/kernel/git/kees/linux.git/log/?h=seccomp/fastpath
> 
> Hi all-
> 
> AFAIK the only thing that's changed since I submitted it is that the
> 3.17 merge window is closed.  Kees rebased the tree this applies to,
> but I think the patches all still apply.  What, if anything, do I need
> to do to help this along for 3.18?
> 

Just put this stuff in a branch and running through my personal test
battery now.

	-hpa

Re: Post-merge-window ping (Re: [PATCH v4 0/5] x86: two-phase syscall tracing and seccomp fastpath)

[H. Peter Anvin]

On 09/05/2014 01:07 PM, H. Peter Anvin wrote:
> On 08/26/2014 06:32 PM, Andy Lutomirski wrote:
>> On Mon, Jul 28, 2014 at 8:38 PM, Andy Lutomirski <luto@amacapital.net> wrote:
>>> This applies to:
>>> git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git seccomp-fastpath
>>>
>>> Gitweb:
>>> https://git.kernel.org/cgit/linux/kernel/git/kees/linux.git/log/?h=seccomp/fastpath
>>
>> Hi all-
>>
>> AFAIK the only thing that's changed since I submitted it is that the
>> 3.17 merge window is closed.  Kees rebased the tree this applies to,
>> but I think the patches all still apply.  What, if anything, do I need
>> to do to help this along for 3.18?
>>
> 
> Just put this stuff in a branch and running through my personal test
> battery now.
> 

... and they fail build testing.  Specifically, both i386 and x86-64
allnoconfig fail with:

arch/x86/kernel/ptrace.c: In function ‘syscall_trace_enter_phase2’:
  LD      fs/quota/built-in.o
../arch/x86/kernel/ptrace.c:1579:2: error: implicit declaration of
function ‘seccomp_phase2’ [-Werror=implicit-function-declaration]
  if (phase1_result > 1 && seccomp_phase2(phase1_result)) {
  ^
cc1: some warnings being treated as errors
  CC      arch/x86/kernel/step.o
make[4]: *** [arch/x86/kernel/ptrace.o] Error 1

	-hpa

Re: Post-merge-window ping (Re: [PATCH v4 0/5] x86: two-phase syscall tracing and seccomp fastpath)

[Andy Lutomirski]

On Fri, Sep 5, 2014 at 1:43 PM, H. Peter Anvin <hpa@zytor.com> wrote:
> On 09/05/2014 01:07 PM, H. Peter Anvin wrote:
>> On 08/26/2014 06:32 PM, Andy Lutomirski wrote:
>>> On Mon, Jul 28, 2014 at 8:38 PM, Andy Lutomirski <luto@amacapital.net> wrote:
>>>> This applies to:
>>>> git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git seccomp-fastpath
>>>>
>>>> Gitweb:
>>>> https://git.kernel.org/cgit/linux/kernel/git/kees/linux.git/log/?h=seccomp/fastpath
>>>
>>> Hi all-
>>>
>>> AFAIK the only thing that's changed since I submitted it is that the
>>> 3.17 merge window is closed.  Kees rebased the tree this applies to,
>>> but I think the patches all still apply.  What, if anything, do I need
>>> to do to help this along for 3.18?
>>>
>>
>> Just put this stuff in a branch and running through my personal test
>> battery now.
>>
>
> ... and they fail build testing.  Specifically, both i386 and x86-64
> allnoconfig fail with:

OK, that's embarrassing.  Also, this has been sitting on
git.kernel.org forever and kbuild never spotted it either.  Hmm.

Anyway, updates coming.

--Andy

>
> arch/x86/kernel/ptrace.c: In function ‘syscall_trace_enter_phase2’:
>   LD      fs/quota/built-in.o
> ../arch/x86/kernel/ptrace.c:1579:2: error: implicit declaration of
> function ‘seccomp_phase2’ [-Werror=implicit-function-declaration]
>   if (phase1_result > 1 && seccomp_phase2(phase1_result)) {
>   ^
> cc1: some warnings being treated as errors
>   CC      arch/x86/kernel/step.o
> make[4]: *** [arch/x86/kernel/ptrace.o] Error 1
>
>         -hpa
>
>



-- 
Andy Lutomirski
AMA Capital Management, LLC