Received: by 2002:a6b:fb09:0:0:0:0:0 with SMTP id h9csp6162925iog; Thu, 23 Jun 2022 12:40:22 -0700 (PDT) X-Google-Smtp-Source: AGRyM1vRiz/iissm02W/r3xCGeIKKYMTfBbNQieAvlKyfFpmxPtBpDiImgCNPANt1/Fse5aZbZNo X-Received: by 2002:a17:902:f091:b0:16a:7e5:494f with SMTP id p17-20020a170902f09100b0016a07e5494fmr32780946pla.34.1656013221855; Thu, 23 Jun 2022 12:40:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1656013221; cv=none; d=google.com; s=arc-20160816; b=DfYhR9yP0wVqJFSkrLK2C/V0xIOE64o65icudiDneG0FHhNhxTLo3fY/FaHDEp276O h2+TE/QsELklcW8sWFlPPqPDC7XsRNYHt3LHRjoePa7toag9bbZ8ct1qKVdoh876fjM/ 6gL5em9PRgo2ci5lQ2meduMA4HOHyRAQ1QJSwJgDqAlRJHnvqOLh/ppFW+P6msaWfIGZ zL4nWc31fexAob8E6JbvKS8T2u8TZ4Uq5sfrNjH7k3i/ksEpAw8HHK610MUj59fPo4wr j+LkgSVRLotgFSvT8r5TTneygrHAL0hepHfOEyB8EUmH4nAfONe/X5jR9EH4cNxGT2XR SQ2A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=636D/XRoEUnQhXwCEpL4spRdQ6LF5SX4zYskRSw7REM=; b=yotBgKQjbZxdlkhjvAjyKU0uSOkD2u/uyaG23NQjd5jyWYHobhpTOSbWR59wTWXqbP yh/UCAtHVBJX2+wLKARXUPSSA8CPS3kSOlcL7Kq7/RIG5PP8KC/6EOzQTltmm/DCuO1k NcJNYk/ggBTl49kJAQF/d4jokaNRG4SUX0JPEftPGfNQn7lHHvGLJytfBOPTxpDXbDkW l4J2NQf4SBUkMrRJcquOYgPOo9UVFX0wu3HunWdPS4NEWDp4+NbCzQa4sFJzzkP3y2rZ fw4cJuWeMS+ZcmSSP6Wd1sFkTRU7Yz4+fRR6r6fhgbf+bSqby29Ix+FmPCuE05PNOMPe bVUA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=DCkN3eNi; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id g22-20020aa796b6000000b005191e154399si38597pfk.258.2022.06.23.12.40.10; Thu, 23 Jun 2022 12:40:21 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=DCkN3eNi; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229737AbiFWT0z (ORCPT + 99 others); Thu, 23 Jun 2022 15:26:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45124 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230369AbiFWT0e (ORCPT ); Thu, 23 Jun 2022 15:26:34 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 8F6817A6DE for ; Thu, 23 Jun 2022 11:44:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1656009878; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=636D/XRoEUnQhXwCEpL4spRdQ6LF5SX4zYskRSw7REM=; b=DCkN3eNioJHvYqFi3ug/jWJ8h1gF7ZrKCcPZpNP5D88bkjO9lU9ehjYoFv0HnE/S/r8KMY QG6svtjzOd1Np/X+hHQcqIgCJsFKWoHyH3udmuB/Xo+yRN7xsFzXW60+4cVnuDRoePg2rd HFaVc45SUwoHa6wxzWwuxSkjgR88YF4= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-91-IATsXzMENHiQai9JgaNilQ-1; Thu, 23 Jun 2022 14:44:34 -0400 X-MC-Unique: IATsXzMENHiQai9JgaNilQ-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 4F9DE3810786; Thu, 23 Jun 2022 18:44:34 +0000 (UTC) Received: from [10.22.9.91] (unknown [10.22.9.91]) by smtp.corp.redhat.com (Postfix) with ESMTP id ADC48141510C; Thu, 23 Jun 2022 18:44:33 +0000 (UTC) Message-ID: Date: Thu, 23 Jun 2022 14:44:33 -0400 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.9.1 Subject: Re: [RFC PATCH] cpuset: Allow setscheduler regardless of manipulated task Content-Language: en-US To: =?UTF-8?Q?Michal_Koutn=c3=bd?= , cgroups@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Tejun Heo , Zefan Li , Johannes Weiner References: <20220623124944.2753-1-mkoutny@suse.com> From: Waiman Long In-Reply-To: <20220623124944.2753-1-mkoutny@suse.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7 X-Spam-Status: No, score=-3.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A, RCVD_IN_DNSWL_LOW,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 6/23/22 08:49, Michal Koutný wrote: > When we migrate a task between two cgroups, one of the checks is a > verification that we can modify task's scheduler settings > (cap_task_setscheduler()). > > An implicit migration occurs also when enabling a controller on the > unified hierarchy (think of parent to child migration). The > aforementioned check may be problematic if the caller of the migration > (enabling a controller) has no permissions over migrated tasks. > For instance, user's cgroup that ends up running a process of a > different user. Although cgroup permissions are configured favorably, > the enablement fails due to the foreign process [1]. > > Change the behavior by relaxing the permissions check on the unified > hierarchy (or in v2 mode). This is in accordance with unified hierarchy > attachment behavior when permissions of the source to target cgroups are > decisive whereas the migrated task is opaque (for contrast, see more > restrictive check in __cgroup1_procs_write()). > > [1] https://github.com/systemd/systemd/issues/18293#issuecomment-831205649 > > Reasons for RFC: > > 1) The unified hierarchy attachment behavior -- is that the > right/consented model that migrated objects don't matter? > > 2) If 1) is true, have I missed any danger in allowing cpuset'ing a > possibly privileged processes? That could be an issue. > 2.2) cpuset may be in v2 mode even on v1 hierarchy with different > migration control rules (but checking migratee's creds in v1 > eliminates effect of this patch). > > 3) Alternative approach would be to allow cpuset migrations only when > nothing effectively changes (which is the case for parent->child > migration upon controller enablement). What do you mean by nothing effectively changes? > > 4) This is just idea draft, not tested in the real case. Since the check is done on a taskset level, if only one of the tasks in the taskset fails, the whole taskset fails. Maybe we should consider an option for task based migration. So all the tasks that can be migrated will be migrated and the rests will be left behind in the original cpuset. Just a thought. Cheers, Longman