From: Florian Weimer <fweimer@redhat.com>
To: Jann Horn <jannh@google.com>
Cc: Andrei Vagin <avagin@gmail.com>,
kernel list <linux-kernel@vger.kernel.org>,
Linux API <linux-api@vger.kernel.org>,
linux-um@lists.infradead.org, criu@openvz.org,
Andrei Vagin <avagin@google.com>,
Andrew Morton <akpm@linux-foundation.org>,
Andy Lutomirski <luto@kernel.org>,
Anton Ivanov <anton.ivanov@cambridgegreys.com>,
Christian Brauner <christian.brauner@ubuntu.com>,
Dmitry Safonov <0x7f454c46@gmail.com>,
Ingo Molnar <mingo@redhat.com>, Jeff Dike <jdike@addtoit.com>,
Mike Rapoport <rppt@linux.ibm.com>,
Michael Kerrisk <mtk.manpages@gmail.com>,
Oleg Nesterov <oleg@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
Richard Weinberger <richard@nod.at>,
Thomas Gleixner <tglx@linutronix.de>
Subject: Re: [PATCH 0/4 POC] Allow executing code and syscalls in another address space
Date: Wed, 14 Apr 2021 14:20:48 +0200 [thread overview]
Message-ID: <874kg99hwf.fsf@oldenburg.str.redhat.com> (raw)
In-Reply-To: <CAG48ez2z0a4x2GfHv9L0HmO1-uzsKtfOF40erPb8ADR-m+itbg@mail.gmail.com> (Jann Horn's message of "Wed, 14 Apr 2021 13:24:30 +0200")
* Jann Horn:
> On Wed, Apr 14, 2021 at 12:27 PM Florian Weimer <fweimer@redhat.com> wrote:
>>
>> * Andrei Vagin:
>>
>> > We already have process_vm_readv and process_vm_writev to read and write
>> > to a process memory faster than we can do this with ptrace. And now it
>> > is time for process_vm_exec that allows executing code in an address
>> > space of another process. We can do this with ptrace but it is much
>> > slower.
>> >
>> > = Use-cases =
>>
>> We also have some vaguely related within the same address space: running
>> code on another thread, without modifying its stack, while it has signal
>> handlers blocked, and without causing system calls to fail with EINTR.
>> This can be used to implement certain kinds of memory barriers.
>
> That's what the membarrier() syscall is for, right? Unless you don't
> want to register all threads for expedited membarrier use?
membarrier is not sufficiently powerful for revoking biased locks, for
example.
For the EINTR issue, <https://github.com/golang/go/issues/38836> is an
example. I believe CIFS has since seen a few fixes (after someone
reported that tar on CIFS wouldn't work because the SIGCHLD causing
utimensat to fail—and there isn't even a signal handler for SIGCHLD!),
but the time it took to get to this point doesn't give me confidence
that it is safe to send signals to a thread that is running unknown
code.
But as you explained regarding the set*id broadcast, it seems that if we
had this run-on-another-thread functionality, we would likely encounter
issues similar to those with SA_RESTART. We don't see the issue with
set*id today because it's a rare operation, and multi-threaded file
servers that need to change credentials frequently opt out of the set*id
broadcast anyway. (What I have in mind is a future world where any
printf call, any malloc call, can trigger such a broadcast.)
The cross-VM CRIU scenario would probably somewhere in between (not
quite the printf/malloc level, but more frequent than set*id).
Thanks,
Florian
next prev parent reply other threads:[~2021-04-14 12:20 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-14 5:52 [PATCH 0/4 POC] Allow executing code and syscalls in another address space Andrei Vagin
2021-04-14 5:52 ` [PATCH 1/4] signal: add a helper to restore a process state from sigcontex Andrei Vagin
2021-04-14 5:52 ` [PATCH 2/4] arch/x86: implement the process_vm_exec syscall Andrei Vagin
2021-04-14 17:09 ` Oleg Nesterov
2021-04-23 6:59 ` Andrei Vagin
2021-06-28 16:13 ` Jann Horn
2021-06-28 16:30 ` Andy Lutomirski
2021-06-28 17:14 ` Jann Horn
2021-06-28 18:18 ` Eric W. Biederman
2021-06-29 1:01 ` Andrei Vagin
2021-07-02 6:22 ` Andrei Vagin
2021-07-02 11:51 ` Jann Horn
2021-07-02 20:40 ` Andy Lutomirski
2021-07-02 8:51 ` Peter Zijlstra
2021-07-02 22:21 ` Andrei Vagin
2021-07-02 20:56 ` Jann Horn
2021-07-02 22:48 ` Andrei Vagin
2021-04-14 5:52 ` [PATCH 3/4] arch/x86: allow to execute syscalls via process_vm_exec Andrei Vagin
2021-04-14 5:52 ` [PATCH 4/4] selftests: add tests for process_vm_exec Andrei Vagin
2021-04-14 6:46 ` [PATCH 0/4 POC] Allow executing code and syscalls in another address space Jann Horn
2021-04-14 22:10 ` Andrei Vagin
2021-07-02 6:57 ` Andrei Vagin
2021-07-02 15:12 ` Jann Horn
2021-07-18 0:38 ` Andrei Vagin
2021-04-14 7:22 ` Anton Ivanov
2021-04-14 7:34 ` Johannes Berg
2021-04-14 9:24 ` Benjamin Berg
2021-04-14 10:27 ` Florian Weimer
2021-04-14 11:24 ` Jann Horn
2021-04-14 12:20 ` Florian Weimer [this message]
2021-04-14 13:58 ` Jann Horn
2021-04-16 19:29 ` Kirill Smelkov
2021-04-17 16:28 ` sbaugh
2021-07-02 22:44 ` Andy Lutomirski
2021-07-18 1:34 ` Andrei Vagin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=874kg99hwf.fsf@oldenburg.str.redhat.com \
--to=fweimer@redhat.com \
--cc=0x7f454c46@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=anton.ivanov@cambridgegreys.com \
--cc=avagin@gmail.com \
--cc=avagin@google.com \
--cc=christian.brauner@ubuntu.com \
--cc=criu@openvz.org \
--cc=jannh@google.com \
--cc=jdike@addtoit.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-um@lists.infradead.org \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=mtk.manpages@gmail.com \
--cc=oleg@redhat.com \
--cc=peterz@infradead.org \
--cc=richard@nod.at \
--cc=rppt@linux.ibm.com \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).