Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp182738pxj; Wed, 9 Jun 2021 20:38:25 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzOw+LwYTkUnHcLbSfsxP7b2YCdP4E5sXp7VNOhLRhzegLE5YLz7ZnyrrJQwVic+Qq6KYZ7 X-Received: by 2002:a05:6402:b76:: with SMTP id cb22mr2627932edb.112.1623296304872; Wed, 09 Jun 2021 20:38:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1623296304; cv=none; d=google.com; s=arc-20160816; b=JetSxHwJ4uHi2rTqU4gyeMmdz0Df6ZGmJmQDajAKBh198hQatqJ8maG/lOQ4JlgMkK W4W/mkD9jM7aWwUSw9Kfx7RDYZJvC0sOSu0QI1H5KNE68w/jJ882tGYK9pZUEUftwCKE NJQv9PipbetHNSmSAgeEYcGJcW7U9NhajxSmtog+lnHrgbZFa7yKO2iP0j7NlrelGUP6 lsSKUOj8h0IPgyJTjZbfWubKuRot2FOi1KWjGk8oU6iPido433nrvtTvbKZOcw7Y8gE0 twPy1IDFFuHz1OKSFmt7mlgIQ3c6OFyh2MpbYSgXLiH4PNj2H4TTequ27Ok9SvC64UT2 2jpw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=3SI2Cs/KC3jzMc8VUYVE4yg+hAWb5g2oHwl9sJaeR1I=; b=JssDL7zWBPqJWzNU9mjoVgk6qu4Eys/mJwZjdJjhARLdaSg1bWmz2tZXgJvNnZoY6P hO1348t1dlBdH/qNvWnpb20irgfSJzgQuhj9BwYBdz0wPsgSGUuSmPQa7V1FhVKDsFHU xPC0a09OdQ65x+nZCag8qT6z97rKmTHyQm2F/gK6SS4khxXHvZBrRD/ZN8UaVcEA4nhM Mip+GGnPnakbZ9OHcLBODIfcWWW6SHOYTwVHM7Jt8CxHUr989jyNcGTBxQ69h7x6njSj lDP5MPNTsUsddLVzVxG23CLheAhttGH+ASBTlTkEl8i0Jkge6Mv/1chaFQWkDp33tuea Q55g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=qowBlqPy; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id o12si1161978edc.382.2021.06.09.20.38.01; Wed, 09 Jun 2021 20:38:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=qowBlqPy; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229865AbhFJDhT (ORCPT + 99 others); Wed, 9 Jun 2021 23:37:19 -0400 Received: from mail-lf1-f52.google.com ([209.85.167.52]:39463 "EHLO mail-lf1-f52.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229655AbhFJDhS (ORCPT ); Wed, 9 Jun 2021 23:37:18 -0400 Received: by mail-lf1-f52.google.com with SMTP id p17so729945lfc.6 for ; Wed, 09 Jun 2021 20:35:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=3SI2Cs/KC3jzMc8VUYVE4yg+hAWb5g2oHwl9sJaeR1I=; b=qowBlqPyceTtChCMAiT4qQyWnPbybMtSZiQgEPmQxgIYeHV802/3qRtz+w1EoHHCH6 LPWDNXhD0+ErBL35VygsDvBiRzxoj+ucwz8q6JUFxXc8f2CQcF1/0uMGYdqpIivEnR/l XT7BRJUzQI4mTCOyxGLr/MFi1Ziohsl646mnIBQmrzBqbaaLAwtok0tvYoFcmj7o1mPj fLFIEQq8saXAlH/xJq4PDzj5sV7WevQ9EKbRCtETYmfF1vh24GMom5Rdq3a1VsVWl7CR 0bSDkgqmEk0mYrVvj8frTqTKIcDywD/995y5c52G2cntTTPSW9iTlwJKiJVxkjaB3MCd 4Khw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=3SI2Cs/KC3jzMc8VUYVE4yg+hAWb5g2oHwl9sJaeR1I=; b=POFlnF/xcN2dWnnZ0bYG8Q/qiKxaYCYlB+SpDSIOrp4e0EFehbruRWTbLYM7LZejJ5 p8QrmQXNct2cMsPbLzbFgifQwacyyrYawvj97ej/+ddLWF1j61U/BggeAW6uMJv0m+lE KJK7No1CIi1NGSDTXcSZGOOqQgIAnd6IaNc38uFJMHzpIpEpB2egetsZ2db6v3MeXZ2c rK1bDmIulcOkIA8/3wknMtW2+gU3CIZnWQVEGnBYzViwVB1/zv0WJ7c2ViNHOT0od4lA Ut6vyMk9yofNwj5WXvF9XDCJTCunb2DqOOjxOf0Qmhk/DVwLXTzkFplCIy5M/5xuLXmN JxqQ== X-Gm-Message-State: AOAM530h2BgnBaz5qFF4DI+qjh/R2qK0job5Vt7Iv6NmPWjk0cLhhVUl ZsTm6rp0IQ0lTayRhi2XQ+5xECaUWgJ8dwGh9Lg= X-Received: by 2002:ac2:4d93:: with SMTP id g19mr540781lfe.622.1623296048728; Wed, 09 Jun 2021 20:34:08 -0700 (PDT) MIME-Version: 1.0 References: <20210609175901.1423553-1-qperret@google.com> In-Reply-To: <20210609175901.1423553-1-qperret@google.com> From: Xuewen Yan Date: Thu, 10 Jun 2021 11:33:04 +0800 Message-ID: Subject: Re: [PATCH] sched: Make uclamp changes depend on CAP_SYS_NICE To: Quentin Perret Cc: Ingo Molnar , Peter Zijlstra , Vincent Guittot , Dietmar Eggemann , Qais Yousef , rickyiu@google.com, wvw@google.com, Patrick Bellasi , linux-kernel , kernel-team@android.com Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jun 10, 2021 at 2:16 AM Quentin Perret wrote: > > There is currently nothing preventing tasks from changing their per-task > clamp values in anyway that they like. The rationale is probably that > systems administrator are still able to limit those clamps thanks to the > cgroup interface. However, this causes pain in a system where both > per-task and per-cgroup clamps values are expected to be under the > control of core system components (as is the case for Android). > > To fix this, let's require CAP_SYS_NICE to increase per-task clamp > values. This allows unprivileged tasks to lower their requests, but not > increase them, which is consistent with the existing behaviour for nice > values. > > Signed-off-by: Quentin Perret > --- > kernel/sched/core.c | 48 ++++++++++++++++++++++++++++++++++++++------- > 1 file changed, 41 insertions(+), 7 deletions(-) > > diff --git a/kernel/sched/core.c b/kernel/sched/core.c > index 1d4aedbbcf96..1e5f9ae441a0 100644 > --- a/kernel/sched/core.c > +++ b/kernel/sched/core.c > @@ -1430,6 +1430,11 @@ static int uclamp_validate(struct task_struct *p, > if (util_min != -1 && util_max != -1 && util_min > util_max) > return -EINVAL; > > + return 0; > +} > + > +static void uclamp_enable(void) > +{ > /* > * We have valid uclamp attributes; make sure uclamp is enabled. > * > @@ -1438,8 +1443,25 @@ static int uclamp_validate(struct task_struct *p, > * scheduler locks. > */ > static_branch_enable(&sched_uclamp_used); > +} > > - return 0; > +static bool uclamp_reduce(struct task_struct *p, const struct sched_attr *attr) > +{ > + int util_min, util_max; > + > + if (attr->sched_flags & SCHED_FLAG_UTIL_CLAMP_MIN) { > + util_min = p->uclamp_req[UCLAMP_MIN].value; > + if (attr->sched_util_min > util_min) > + return false; > + } > + > + if (attr->sched_flags & SCHED_FLAG_UTIL_CLAMP_MAX) { > + util_max = p->uclamp_req[UCLAMP_MAX].value; > + if (attr->sched_util_max > util_max) > + return false; when the attr->sched_util_max = -1, and the util_max < 1024, here may should return false, but it would return ture. Thanks xuewen > + } > + > + return true; > } > > static bool uclamp_reset(const struct sched_attr *attr, > @@ -1580,6 +1602,11 @@ static inline int uclamp_validate(struct task_struct *p, > { > return -EOPNOTSUPP; > } > +static inline void uclamp_enable(void) { } > +static bool uclamp_reduce(struct task_struct *p, const struct sched_attr *attr) > +{ > + return true; > +} > static void __setscheduler_uclamp(struct task_struct *p, > const struct sched_attr *attr) { } > static inline void uclamp_fork(struct task_struct *p) { } > @@ -6116,6 +6143,13 @@ static int __sched_setscheduler(struct task_struct *p, > (rt_policy(policy) != (attr->sched_priority != 0))) > return -EINVAL; > > + /* Update task specific "requested" clamps */ > + if (attr->sched_flags & SCHED_FLAG_UTIL_CLAMP) { > + retval = uclamp_validate(p, attr); > + if (retval) > + return retval; > + } > + > /* > * Allow unprivileged RT tasks to decrease priority: > */ > @@ -6165,6 +6199,10 @@ static int __sched_setscheduler(struct task_struct *p, > /* Normal users shall not reset the sched_reset_on_fork flag: */ > if (p->sched_reset_on_fork && !reset_on_fork) > return -EPERM; > + > + /* Can't increase util-clamps */ > + if (attr->sched_flags & SCHED_FLAG_UTIL_CLAMP && !uclamp_reduce(p, attr)) > + return -EPERM; > } > > if (user) { > @@ -6176,12 +6214,8 @@ static int __sched_setscheduler(struct task_struct *p, > return retval; > } > > - /* Update task specific "requested" clamps */ > - if (attr->sched_flags & SCHED_FLAG_UTIL_CLAMP) { > - retval = uclamp_validate(p, attr); > - if (retval) > - return retval; > - } > + if (attr->sched_flags & SCHED_FLAG_UTIL_CLAMP) > + uclamp_enable(); > > if (pi) > cpuset_read_lock(); > -- > 2.32.0.272.g935e593368-goog >