All of lore.kernel.org
 help / color / mirror / Atom feed
* [Qemu-devel] [PULL 0/1] seccomp branch queue
@ 2018-07-12 13:25 Eduardo Otubo
  2018-07-12 13:25 ` [Qemu-devel] [PULL 1/1] seccomp: allow sched_setscheduler() with SCHED_IDLE policy Eduardo Otubo
  2018-07-12 14:57 ` [Qemu-devel] [PULL 0/1] seccomp branch queue Peter Maydell
  0 siblings, 2 replies; 3+ messages in thread
From: Eduardo Otubo @ 2018-07-12 13:25 UTC (permalink / raw)
  To: qemu-devel; +Cc: peter.maydell, marcandre.lureau

The following changes since commit c447afd5783b9237fa51b7a85777007d8d568bfc:

  Update version for v3.0.0-rc0 release (2018-07-10 18:19:50 +0100)

are available in the Git repository at:

  https://github.com/otubo/qemu.git tags/pull-seccomp-20180712

for you to fetch changes up to 056de1e894155fbb99e7b43c1c4382d4920cf437:

  seccomp: allow sched_setscheduler() with SCHED_IDLE policy (2018-07-12 14:52:39 +0200)

----------------------------------------------------------------
pull-seccomp-20180712

----------------------------------------------------------------
Marc-André Lureau (1):
      seccomp: allow sched_setscheduler() with SCHED_IDLE policy

 qemu-seccomp.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

-- 
2.17.1

^ permalink raw reply	[flat|nested] 3+ messages in thread
* [Qemu-devel] [PULL 1/1] seccomp: allow sched_setscheduler() with SCHED_IDLE policy
  2018-07-12 13:25 [Qemu-devel] [PULL 0/1] seccomp branch queue Eduardo Otubo
@ 2018-07-12 13:25 ` Eduardo Otubo
  2018-07-12 14:57 ` [Qemu-devel] [PULL 0/1] seccomp branch queue Peter Maydell
  1 sibling, 0 replies; 3+ messages in thread
From: Eduardo Otubo @ 2018-07-12 13:25 UTC (permalink / raw)
  To: qemu-devel; +Cc: peter.maydell, marcandre.lureau

From: Marc-André Lureau <marcandre.lureau@redhat.com>

Current and upcoming mesa releases rely on a shader disk cash. It uses
a thread job queue with low priority, set with
sched_setscheduler(SCHED_IDLE). However, that syscall is rejected by
the "resourcecontrol" seccomp qemu filter.

Since it should be safe to allow lowering thread priority, let's allow
scheduling thread to idle policy.

Related to:
https://bugzilla.redhat.com/show_bug.cgi?id=1594456

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: Eduardo Otubo <otubo@redhat.com>
---
 qemu-seccomp.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index 148e4c6f24..9cd8eb9499 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -34,6 +34,12 @@
 struct QemuSeccompSyscall {
     int32_t num;
     uint8_t set;
+    uint8_t narg;
+    const struct scmp_arg_cmp *arg_cmp;
+};
+
+const struct scmp_arg_cmp sched_setscheduler_arg[] = {
+    SCMP_A1(SCMP_CMP_NE, SCHED_IDLE)
 };
 
 static const struct QemuSeccompSyscall blacklist[] = {
@@ -92,7 +98,8 @@ static const struct QemuSeccompSyscall blacklist[] = {
     { SCMP_SYS(setpriority),            QEMU_SECCOMP_SET_RESOURCECTL },
     { SCMP_SYS(sched_setparam),         QEMU_SECCOMP_SET_RESOURCECTL },
     { SCMP_SYS(sched_getparam),         QEMU_SECCOMP_SET_RESOURCECTL },
-    { SCMP_SYS(sched_setscheduler),     QEMU_SECCOMP_SET_RESOURCECTL },
+    { SCMP_SYS(sched_setscheduler),     QEMU_SECCOMP_SET_RESOURCECTL,
+      ARRAY_SIZE(sched_setscheduler_arg), sched_setscheduler_arg },
     { SCMP_SYS(sched_getscheduler),     QEMU_SECCOMP_SET_RESOURCECTL },
     { SCMP_SYS(sched_setaffinity),      QEMU_SECCOMP_SET_RESOURCECTL },
     { SCMP_SYS(sched_getaffinity),      QEMU_SECCOMP_SET_RESOURCECTL },
@@ -118,7 +125,8 @@ static int seccomp_start(uint32_t seccomp_opts)
             continue;
         }
 
-        rc = seccomp_rule_add(ctx, SCMP_ACT_KILL, blacklist[i].num, 0);
+        rc = seccomp_rule_add_array(ctx, SCMP_ACT_KILL, blacklist[i].num,
+                                    blacklist[i].narg, blacklist[i].arg_cmp);
         if (rc < 0) {
             goto seccomp_return;
         }
-- 
2.17.1

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [Qemu-devel] [PULL 0/1] seccomp branch queue
  2018-07-12 13:25 [Qemu-devel] [PULL 0/1] seccomp branch queue Eduardo Otubo
  2018-07-12 13:25 ` [Qemu-devel] [PULL 1/1] seccomp: allow sched_setscheduler() with SCHED_IDLE policy Eduardo Otubo
@ 2018-07-12 14:57 ` Peter Maydell
  1 sibling, 0 replies; 3+ messages in thread
From: Peter Maydell @ 2018-07-12 14:57 UTC (permalink / raw)
  To: Eduardo Otubo; +Cc: QEMU Developers, Marc-André Lureau

On 12 July 2018 at 14:25, Eduardo Otubo <otubo@redhat.com> wrote:
> The following changes since commit c447afd5783b9237fa51b7a85777007d8d568bfc:
>
>   Update version for v3.0.0-rc0 release (2018-07-10 18:19:50 +0100)
>
> are available in the Git repository at:
>
>   https://github.com/otubo/qemu.git tags/pull-seccomp-20180712
>
> for you to fetch changes up to 056de1e894155fbb99e7b43c1c4382d4920cf437:
>
>   seccomp: allow sched_setscheduler() with SCHED_IDLE policy (2018-07-12 14:52:39 +0200)
>
> ----------------------------------------------------------------
> pull-seccomp-20180712
>
> ----------------------------------------------------------------
> Marc-André Lureau (1):
>       seccomp: allow sched_setscheduler() with SCHED_IDLE policy
>
>  qemu-seccomp.c | 12 ++++++++++--
>  1 file changed, 10 insertions(+), 2 deletions(-)


Applied, thanks.

-- PMM

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-07-12 14:58 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-07-12 13:25 [Qemu-devel] [PULL 0/1] seccomp branch queue Eduardo Otubo
2018-07-12 13:25 ` [Qemu-devel] [PULL 1/1] seccomp: allow sched_setscheduler() with SCHED_IDLE policy Eduardo Otubo
2018-07-12 14:57 ` [Qemu-devel] [PULL 0/1] seccomp branch queue Peter Maydell

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.