On 24 September 2015 at 06:50, Andrew Jones <drjo...@redhat.com> wrote: > Short answer: The lowest priority is definitely correct. > > Long answer: > > I ran strace while installing a new guest, of 3.6 million syscalls, > only 5 were cacheflush. Of course the syscalls used (and their frequency) > is host-type, qemu machine-type, config (qemu command line), and guest > workload specific. So, ideally, qemu machine-types would register their > own whitelists, possibly modified by host-type. For example, I ran the > mach-virt machine-type on both a midway and a mustang. In both cases it > was a basic guest config and an install-type workload. For the mustang, > over 55% of the syscalls were ioctl, but, for the midway, ioctls were > 16% and 43% were clock_gettime. I generated a most-used-first list for > each. Neither list really matched up well with seccomp_whitelist (except > for futex).
This is strongly dependent on host CPU and what you're doing. If you build QEMU for 64-bit ARM then we should be able to do the cache ops from userspace without syscalls. If you're running KVM then we probably only flush the cache a few times at startup when we load the ROM images and so on. If you're using TCG emulation I would expect that we do quite a lot of cache ops... You could reasonably argue that anybody who cares about seccomp is going to be running with KVM, of course. thanks -- PMM
