From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A1E88C433ED for ; Wed, 14 Apr 2021 07:34:55 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 84D31613E5 for ; Wed, 14 Apr 2021 07:34:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1349697AbhDNHfO (ORCPT ); Wed, 14 Apr 2021 03:35:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55646 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1347823AbhDNHfM (ORCPT ); Wed, 14 Apr 2021 03:35:12 -0400 Received: from sipsolutions.net (s3.sipsolutions.net [IPv6:2a01:4f8:191:4433::2]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 72989C061574; Wed, 14 Apr 2021 00:34:51 -0700 (PDT) Received: by sipsolutions.net with esmtpsa (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.94) (envelope-from ) id 1lWa2r-00BW2q-RV; Wed, 14 Apr 2021 09:34:42 +0200 Message-ID: <9f8280540bbc6f3c857ac5749eeafcd145577da3.camel@sipsolutions.net> Subject: Re: [PATCH 0/4 POC] Allow executing code and syscalls in another address space From: Johannes Berg To: Anton Ivanov , Andrei Vagin , linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, Benjamin Berg Cc: linux-um@lists.infradead.org, criu@openvz.org, avagin@google.com, Andrew Morton , Andy Lutomirski , Christian Brauner , Dmitry Safonov <0x7f454c46@gmail.com>, Ingo Molnar , Jeff Dike , Mike Rapoport , Michael Kerrisk , Oleg Nesterov , Peter Zijlstra , Richard Weinberger , Thomas Gleixner Date: Wed, 14 Apr 2021 09:34:40 +0200 In-Reply-To: <78cdee11-1923-595f-90d2-e236efbafa6a@cambridgegreys.com> References: <20210414055217.543246-1-avagin@gmail.com> <78cdee11-1923-595f-90d2-e236efbafa6a@cambridgegreys.com> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.38.4 (3.38.4-1.fc33) MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-malware-bazaar: not-scanned Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 2021-04-14 at 08:22 +0100, Anton Ivanov wrote: > On 14/04/2021 06:52, Andrei Vagin wrote: > > We already have process_vm_readv and process_vm_writev to read and write > > to a process memory faster than we can do this with ptrace. And now it > > is time for process_vm_exec that allows executing code in an address > > space of another process. We can do this with ptrace but it is much > > slower. > > > > = Use-cases = > > > > Here are two known use-cases. The first one is “application kernel” > > sandboxes like User-mode Linux and gVisor. In this case, we have a > > process that runs the sandbox kernel and a set of stub processes that > > are used to manage guest address spaces. Guest code is executed in the > > context of stub processes but all system calls are intercepted and > > handled in the sandbox kernel. Right now, these sort of sandboxes use > > PTRACE_SYSEMU to trap system calls, but the process_vm_exec can > > significantly speed them up. > > Certainly interesting, but will require um to rework most of its memory > management and we will most likely need extra mm support to make use of > it in UML. We are not likely to get away just with one syscall there. Might help the seccomp mode though: https://patchwork.ozlabs.org/project/linux-um/list/?series=231980 johannes From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from s3.sipsolutions.net ([2a01:4f8:191:4433::2] helo=sipsolutions.net) by bombadil.infradead.org with esmtps (Exim 4.94 #2 (Red Hat Linux)) id 1lWa35-007Zl2-WE for linux-um@lists.infradead.org; Wed, 14 Apr 2021 07:34:57 +0000 Message-ID: <9f8280540bbc6f3c857ac5749eeafcd145577da3.camel@sipsolutions.net> Subject: Re: [PATCH 0/4 POC] Allow executing code and syscalls in another address space From: Johannes Berg Date: Wed, 14 Apr 2021 09:34:40 +0200 In-Reply-To: <78cdee11-1923-595f-90d2-e236efbafa6a@cambridgegreys.com> References: <20210414055217.543246-1-avagin@gmail.com> <78cdee11-1923-595f-90d2-e236efbafa6a@cambridgegreys.com> MIME-Version: 1.0 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Sender: "linux-um" Errors-To: linux-um-bounces+geert=linux-m68k.org@lists.infradead.org To: Anton Ivanov , Andrei Vagin , linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, Benjamin Berg Cc: linux-um@lists.infradead.org, criu@openvz.org, avagin@google.com, Andrew Morton , Andy Lutomirski , Christian Brauner , Dmitry Safonov <0x7f454c46@gmail.com>, Ingo Molnar , Jeff Dike , Mike Rapoport , Michael Kerrisk , Oleg Nesterov , Peter Zijlstra , Richard Weinberger , Thomas Gleixner T24gV2VkLCAyMDIxLTA0LTE0IGF0IDA4OjIyICswMTAwLCBBbnRvbiBJdmFub3Ygd3JvdGU6Cj4g T24gMTQvMDQvMjAyMSAwNjo1MiwgQW5kcmVpIFZhZ2luIHdyb3RlOgo+ID4gV2UgYWxyZWFkeSBo YXZlIHByb2Nlc3Nfdm1fcmVhZHYgYW5kIHByb2Nlc3Nfdm1fd3JpdGV2IHRvIHJlYWQgYW5kIHdy aXRlCj4gPiB0byBhIHByb2Nlc3MgbWVtb3J5IGZhc3RlciB0aGFuIHdlIGNhbiBkbyB0aGlzIHdp dGggcHRyYWNlLiBBbmQgbm93IGl0Cj4gPiBpcyB0aW1lIGZvciBwcm9jZXNzX3ZtX2V4ZWMgdGhh dCBhbGxvd3MgZXhlY3V0aW5nIGNvZGUgaW4gYW4gYWRkcmVzcwo+ID4gc3BhY2Ugb2YgYW5vdGhl ciBwcm9jZXNzLiBXZSBjYW4gZG8gdGhpcyB3aXRoIHB0cmFjZSBidXQgaXQgaXMgbXVjaAo+ID4g c2xvd2VyLgo+ID4gCj4gPiA9IFVzZS1jYXNlcyA9Cj4gPiAKPiA+IEhlcmUgYXJlIHR3byBrbm93 biB1c2UtY2FzZXMuIFRoZSBmaXJzdCBvbmUgaXMg4oCcYXBwbGljYXRpb24ga2VybmVs4oCdCj4g PiBzYW5kYm94ZXMgbGlrZSBVc2VyLW1vZGUgTGludXggYW5kIGdWaXNvci4gSW4gdGhpcyBjYXNl LCB3ZSBoYXZlIGEKPiA+IHByb2Nlc3MgdGhhdCBydW5zIHRoZSBzYW5kYm94IGtlcm5lbCBhbmQg YSBzZXQgb2Ygc3R1YiBwcm9jZXNzZXMgdGhhdAo+ID4gYXJlIHVzZWQgdG8gbWFuYWdlIGd1ZXN0 IGFkZHJlc3Mgc3BhY2VzLiBHdWVzdCBjb2RlIGlzIGV4ZWN1dGVkIGluIHRoZQo+ID4gY29udGV4 dCBvZiBzdHViIHByb2Nlc3NlcyBidXQgYWxsIHN5c3RlbSBjYWxscyBhcmUgaW50ZXJjZXB0ZWQg YW5kCj4gPiBoYW5kbGVkIGluIHRoZSBzYW5kYm94IGtlcm5lbC4gUmlnaHQgbm93LCB0aGVzZSBz b3J0IG9mIHNhbmRib3hlcyB1c2UKPiA+IFBUUkFDRV9TWVNFTVUgdG8gdHJhcCBzeXN0ZW0gY2Fs bHMsIGJ1dCB0aGUgcHJvY2Vzc192bV9leGVjIGNhbgo+ID4gc2lnbmlmaWNhbnRseSBzcGVlZCB0 aGVtIHVwLgo+IAo+IENlcnRhaW5seSBpbnRlcmVzdGluZywgYnV0IHdpbGwgcmVxdWlyZSB1bSB0 byByZXdvcmsgbW9zdCBvZiBpdHMgbWVtb3J5IAo+IG1hbmFnZW1lbnQgYW5kIHdlIHdpbGwgbW9z dCBsaWtlbHkgbmVlZCBleHRyYSBtbSBzdXBwb3J0IHRvIG1ha2UgdXNlIG9mIAo+IGl0IGluIFVN TC4gV2UgYXJlIG5vdCBsaWtlbHkgdG8gZ2V0IGF3YXkganVzdCB3aXRoIG9uZSBzeXNjYWxsIHRo ZXJlLgoKTWlnaHQgaGVscCB0aGUgc2VjY29tcCBtb2RlIHRob3VnaDoKCmh0dHBzOi8vcGF0Y2h3 b3JrLm96bGFicy5vcmcvcHJvamVjdC9saW51eC11bS9saXN0Lz9zZXJpZXM9MjMxOTgwCgpqb2hh bm5lcwoKCgpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXwps aW51eC11bSBtYWlsaW5nIGxpc3QKbGludXgtdW1AbGlzdHMuaW5mcmFkZWFkLm9yZwpodHRwOi8v bGlzdHMuaW5mcmFkZWFkLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2xpbnV4LXVtCg==