This is somewhat of a respin of "Handle seccomp notification preemption" but without the controversial parts. This patchset addresses a race condition we've dealt with recently with seccomp. Specifically programs interrupting syscalls while they're in progress. This was exacerbated by Golang's recent adoption of "async preemption", in which they try to interrupt any syscall that's been running for more than 10ms during GC. During certain syscalls, it's non-trivial to write them in a reetrant manner in userspace (socket). It focuses on one use cases, which is adding file descriptors to a process "atomically" during the seccomp reply, as opposed to discretizing the calls which may result in a potential file descriptor leak and inconsistent program state. Changes since v1: * Clarifcation to commit comments Rodrigo Campos (2): seccomp: Support atomic "addfd + send reply" selftests/seccomp: Add test for atomic addfd+send Sargun Dhillon (2): Documentation: seccomp: Fix user notification documentation seccomp: Refactor notification handler to prepare for new semantics .../userspace-api/seccomp_filter.rst | 28 +++++-- include/uapi/linux/seccomp.h | 1 + kernel/seccomp.c | 79 ++++++++++++++----- tools/testing/selftests/seccomp/seccomp_bpf.c | 38 +++++++++ 4 files changed, 120 insertions(+), 26 deletions(-) -- 2.25.1
