On 5/23/22 19:00, Daniel P. Berrangé wrote: > On Mon, May 09, 2022 at 05:02:13PM +0200, Michal Privoznik wrote: >> Since its 5.14 release the Linux kernel allows userspace to >> define trusted groups of processes/threads that can run on >> sibling Hyper Threads (HT) at the same time. This is to mitigate >> side channel attacks like L1TF or MDS. If there are no tasks to >> fully utilize all HTs, then a HT will idle instead of running a >> task from another (un-)trusted group. >> >> On low level, this is implemented by cookies (effectively an UL >> value): processes in the same trusted group share the same cookie >> and cookie is unique to the group. There are four basic >> operations: >> >> 1) PR_SCHED_CORE_GET -- get cookie of given PID, >> 2) PR_SCHED_CORE_CREATE -- create a new unique cookie for PID, >> 3) PR_SCHED_CORE_SHARE_TO -- push cookie of the caller onto >> another PID, >> 4) PR_SCHED_CORE_SHARE_FROM -- pull cookie of another PID into >> the caller. >> >> Since a system where the code is built can be different to the >> one where the code is ran let's provide declaration of some >> values. It's not unusual for distros to ship older linux-headers >> than the actual kernel. >> >> Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx> >> --- >> src/libvirt_private.syms | 4 ++ >> src/util/virprocess.c | 124 +++++++++++++++++++++++++++++++++++++++ >> src/util/virprocess.h | 8 +++ >> 3 files changed, 136 insertions(+) > > Reviewed-by: Daniel P. Berrangé <berrange@xxxxxxxxxx> > > >> diff --git a/src/util/virprocess.c b/src/util/virprocess.c >> index 36d7df050a..cd4f3fc7e7 100644 >> --- a/src/util/virprocess.c >> +++ b/src/util/virprocess.c >> @@ -57,6 +57,10 @@ >> # include <windows.h> >> #endif >> >> +#if WITH_CAPNG > > This feels odd - what relation has CAPNG got with prctl ? Nothing, it's a blind copy from virutil.c O:-) Consider changed to #ifdef __linux__ Michal
