Re: [patch 1/4] add basic task isolation prctl interface
From: Frederic Weisbecker
Date: Wed Jul 28 2021 - 17:22:52 EST
On Wed, Jul 28, 2021 at 10:21:34AM -0300, Marcelo Tosatti wrote:
> > > ISOL_FEATURES is just the "command" type (which you can get and set).
> > >
> > > The bitmask would include ISOL_F_QUIESCE_ON_URET, so:
> > >
> > > - bitmask = ISOL_F_QUIESCE_ON_URET;
> > > - prctl(PR_ISOL_SET, ISOL_FEATURES, bitmask, 0, 0) enables the features in
> > > the bitmask.
> > But does it quiesce once or for every further uret?
> For every uret, while ISOL_F_QUIESCE_ON_URET is enabled through
> prctl(PR_ISOL_ENABLE, enabled_bitmask, 0, 0, 0).
> > > - quiesce_bitmap = prctl(PR_ISOL_GET, PR_ISOL_SUP_QUIESCE_CFG, 0, 0, 0)
> > > (1)
> > >
> > > (returns the supported actions to be quiesced).
> > >
> > > - prctl(PR_ISOL_SET, PR_ISOL_QUIESCE_CFG, quiesce_bitmask, 0, 0) _sets_
> > > the actions to be quiesced (2)
> > >
> > > If an application does not modify "quiesce_bitmask" between
> > > points (1) and (2) above, it will enable quiescing of all
> > > "features" the kernel supports.
> > I don't get the difference between ISOL_FEATURES and PR_ISOL_QUIESCE_CFG.
> prctl(PR_ISOL_SET, cmd, ...) is intented to accept different types of "command"
> variables (including ones for new features which are not known at this
> - prctl(PR_ISOL_SET, ISOL_FEATURES, bitmask, 0, 0) enables the features in
> the bitmask
> (which might now be superceded by
> prctl(PR_ISOL_ENABLE, ISOL_F_QUIESCE_ON_URET, 0, 0, 0))
> - prctl(PR_ISOL_SET, PR_ISOL_QUIESCE_CFG, bitmask, 0, 0) configures
> quiescing of which subsystem/feature is performed:
> #define ISOL_F_QUIESCE_VMSTAT_SYNC (1<<0)
> #define ISOL_F_QUIESCE_NOHZ_FULL (1<<1)
> #define ISOL_F_QUIESCE_DEFER_TLB_FLUSH (1<<2)
Ok but...I still don't get the difference between ISOL_FEATURES and
> > So PR_ISOL_ENABLE is a way to perform action when some sort of kernel entry
> > happens. Then we take actions when that happens (signal, warn, etc...).
> > I guess we'll need to define what kind of kernel entry, and what kind of
> > response need to happen. Ok that's a whole issue of its own that we'll need
> > to handle seperately.
> > Thanks.
> In fact, why one can't use SECCOMP for syscall blocking?
Heh! Good point!