[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] libseccomp: add cacheflush to whitelist
|
From: |
Peter Maydell |
|
Subject: |
Re: [Qemu-devel] [PATCH] libseccomp: add cacheflush to whitelist |
|
Date: |
Thu, 24 Sep 2015 06:58:08 -0700 |
On 24 September 2015 at 06:50, Andrew Jones <address@hidden> wrote:
> Short answer: The lowest priority is definitely correct.
>
> Long answer:
>
> I ran strace while installing a new guest, of 3.6 million syscalls,
> only 5 were cacheflush. Of course the syscalls used (and their frequency)
> is host-type, qemu machine-type, config (qemu command line), and guest
> workload specific. So, ideally, qemu machine-types would register their
> own whitelists, possibly modified by host-type. For example, I ran the
> mach-virt machine-type on both a midway and a mustang. In both cases it
> was a basic guest config and an install-type workload. For the mustang,
> over 55% of the syscalls were ioctl, but, for the midway, ioctls were
> 16% and 43% were clock_gettime. I generated a most-used-first list for
> each. Neither list really matched up well with seccomp_whitelist (except
> for futex).
This is strongly dependent on host CPU and what you're doing.
If you build QEMU for 64-bit ARM then we should be able to do
the cache ops from userspace without syscalls. If you're running
KVM then we probably only flush the cache a few times at startup
when we load the ROM images and so on. If you're using TCG
emulation I would expect that we do quite a lot of cache ops...
You could reasonably argue that anybody who cares about seccomp
is going to be running with KVM, of course.
thanks
-- PMM