NothingOSS/android_kernel_msm-6.1_nothing_sm7635
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_msm-6.1_noth.../include
History
Sargun Dhillon c2aa2dfef2 seccomp: Add wait_killable semantic to seccomp user notifier 
This introduces a per-filter flag (SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV)
that makes it so that when notifications are received by the supervisor the
notifying process will transition to wait killable semantics. Although wait
killable isn't a set of semantics formally exposed to userspace, the
concept is searchable. If the notifying process is signaled prior to the
notification being received by the userspace agent, it will be handled as
normal.

One quirk about how this is handled is that the notifying process
only switches to TASK_KILLABLE if it receives a wakeup from either
an addfd or a signal. This is to avoid an unnecessary wakeup of
the notifying task.

The reasons behind switching into wait_killable only after userspace
receives the notification are:
* Avoiding unncessary work - Often, workloads will perform work that they
  may abort (request racing comes to mind). This allows for syscalls to be
  aborted safely prior to the notification being received by the
  supervisor. In this, the supervisor doesn't end up doing work that the
  workload does not want to complete anyways.
* Avoiding side effects - We don't want the syscall to be interruptible
  once the supervisor starts doing work because it may not be trivial
  to reverse the operation. For example, unmounting a file system may
  take a long time, and it's hard to rollback, or treat that as
  reentrant.
* Avoid breaking runtimes - Various runtimes do not GC when they are
  during a syscall (or while running native code that subsequently
  calls a syscall). If many notifications are blocked, and not picked
  up by the supervisor, this can get the application into a bad state.

Signed-off-by: Sargun Dhillon <sargun@sargun.me>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220503080958.20220-2-sargun@sargun.me
2022-05-03 14:11:58 -07:00
..
acpi ACPI: bus: Eliminate acpi_bus_get_device() 2022-04-05 19:49:26 +02:00
asm-generic arm64 fixes for -rc2 2022-04-08 07:09:17 -10:00
clocksource clocksource/drivers/arm_arch_timer: Use event stream scaling when available 2022-03-07 18:27:22 +01:00
crypto Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2022-03-21 16:02:36 -07:00
drm drm-misc-next for v5.18: 2022-03-04 13:41:57 +10:00
dt-bindings RTC for 5.18 2022-04-01 09:37:18 -07:00
keys KEYS: Introduce link restriction for machine keys 2022-03-08 13:55:52 +02:00
kunit
kvm Merge branch kvm-arm64/psci-1.1 into kvmarm-master/next 2022-02-25 13:49:48 +00:00
linux seccomp: Add wait_killable semantic to seccomp user notifier 2022-05-03 14:11:58 -07:00
math-emu
media media: m5mols: Convert to use GPIO descriptors 2022-03-04 09:36:26 +02:00
memory
misc
net mctp: Use output netdev to allocate skb headroom 2022-04-01 12:04:15 +01:00
pcmcia
ras mm/memory-failure.c: fix race with changing page compound again 2022-03-22 15:57:07 -07:00
rdma
scsi SCSI misc on 20220324 2022-03-24 19:37:53 -07:00
soc drm for 5.18-rc1 2022-03-24 16:19:43 -07:00
sound sound fixes for 5.18-rc1 2022-04-01 10:32:46 -07:00
target scsi: target: Add iscsi/cpus_allowed_list in configfs 2022-03-14 23:40:36 -04:00
trace NFS client bugfixes for Linux 5.18 2022-04-08 07:39:17 -10:00
uapi seccomp: Add wait_killable semantic to seccomp user notifier 2022-05-03 14:11:58 -07:00
vdso
video drm/exynos: fimd: add BGR support for exynos4/5 2022-03-04 17:13:52 +09:00
xen xen/grant-table: remove readonly parameter from functions 2022-03-15 20:34:40 -05:00