[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 9a1565: seccomp: don't kill process for resou
From: |
Peter Maydell |
Subject: |
[Qemu-commits] [qemu/qemu] 9a1565: seccomp: don't kill process for resource control s... |
Date: |
Thu, 28 Mar 2019 05:39:17 -0700 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: 9a1565a03b79d80b236bc7cc2dbce52a2ef3a1b8
https://github.com/qemu/qemu/commit/9a1565a03b79d80b236bc7cc2dbce52a2ef3a1b8
Author: Daniel P. Berrangé <address@hidden>
Date: 2019-03-27 (Wed, 27 Mar 2019)
Changed paths:
M qemu-seccomp.c
Log Message:
-----------
seccomp: don't kill process for resource control syscalls
The Mesa library tries to set process affinity on some of its threads in
order to optimize its performance. Currently this results in QEMU being
immediately terminated when seccomp is enabled.
Mesa doesn't consider failure of the process affinity settings to be
fatal to its operation, but our seccomp policy gives it no choice in
gracefully handling this denial.
It is reasonable to consider that malicious code using the resource
control syscalls to be a less serious attack than if they were trying
to spawn processes or change UIDs and other such things. Generally
speaking changing the resource control setting will "merely" affect
quality of service of processes on the host. With this in mind, rather
than kill the process, we can relax the policy for these syscalls to
return the EPERM errno value. This allows callers to detect that QEMU
does not want them to change resource allocations, and apply some
reasonable fallback logic.
The main downside to this is for code which uses these syscalls but does
not check the return value, blindly assuming they will always
succeeed. Returning an errno could result in sub-optimal behaviour.
Arguably though such code is already broken & needs fixing regardless.
Signed-off-by: Daniel P. Berrangé <address@hidden>
Reviewed-by: Marc-André Lureau <address@hidden>
Signed-off-by: Eduardo Otubo <address@hidden>
Commit: 035121d23abcafcc2f346627d48132073d2e71d7
https://github.com/qemu/qemu/commit/035121d23abcafcc2f346627d48132073d2e71d7
Author: Daniel P. Berrangé <address@hidden>
Date: 2019-03-27 (Wed, 27 Mar 2019)
Changed paths:
M qemu-seccomp.c
Log Message:
-----------
seccomp: report more useful errors from seccomp
Most of the seccomp functions return errnos as a negative return
value. The code is currently ignoring these and reporting a generic
error message for all seccomp failure scenarios making debugging
painful. Report a more precise error from each failed call and include
errno if it is available.
Signed-off-by: Daniel P. Berrangé <address@hidden>
Reviewed-by: Marc-André Lureau <address@hidden>
Signed-off-by: Eduardo Otubo <address@hidden>
Commit: 12f067cc14b90aef60b2b7d03e1df74cc50a0459
https://github.com/qemu/qemu/commit/12f067cc14b90aef60b2b7d03e1df74cc50a0459
Author: Peter Maydell <address@hidden>
Date: 2019-03-28 (Thu, 28 Mar 2019)
Changed paths:
M qemu-seccomp.c
Log Message:
-----------
Merge remote-tracking branch 'remotes/otubo/tags/pull-seccomp-20190327' into
staging
pull-seccomp-20190327
# gpg: Signature made Wed 27 Mar 2019 12:12:39 GMT
# gpg: using RSA key DF32E7C0F0FFF9A2
# gpg: Good signature from "Eduardo Otubo (Senior Software Engineer)
<address@hidden>" [full]
# Primary key fingerprint: D67E 1B50 9374 86B4 0723 DBAB DF32 E7C0 F0FF F9A2
* remotes/otubo/tags/pull-seccomp-20190327:
seccomp: report more useful errors from seccomp
seccomp: don't kill process for resource control syscalls
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/84bdc58c06c8...12f067cc14b9
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] 9a1565: seccomp: don't kill process for resource control s...,
Peter Maydell <=