Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp7961991rwl; Thu, 23 Mar 2023 10:45:27 -0700 (PDT) X-Google-Smtp-Source: AK7set82GzDWp2xGzCxbjajZ5sFczCkwq/YgrcdsgElweilGnFaRAfScLGWalzb2RJu8goZEWRWI X-Received: by 2002:a05:6a20:691f:b0:db:152b:486a with SMTP id q31-20020a056a20691f00b000db152b486amr3492520pzj.1.1679593527266; Thu, 23 Mar 2023 10:45:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1679593527; cv=none; d=google.com; s=arc-20160816; b=CIyJjz4PqwR9SlADEJNNEu6LGsu813SwCNPt5Bvr/YbXYTfqKmAYwSE58vjN5UTpoF 990SOUbq7njHKztgRbAEYTuPb9s0XJ2/m8ym2OET67vyWFwmWmj9Aw4gpCTMEJX+ahGF 3hU7O3Rq3SFg0d8Us8QmSI7chBOZcEGfW/oXsHRU4O8joyOsFX7jqANIJi2Gp/OZTJvw 3NXWKSV1mvpOukxXizQREISo9CYsiDsNuO1RXPsX99ufCGUmnWHynJ9/ndKTQbOp3SWc Av87Mu5vYJeD1hyniUxzXCayZXvBnQHFd/8hhVsEDEBaI0z/+S8Rhy3JJ2h0Q8XgZ9CY yISw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=+aviwg+yLbOH7NuEkcwn79zl3PJ/u1Tvv20Vv8v5PYI=; b=vxZd5QnbAvFAWEyIvowHe5qv0oWZo9ZREhMK7Gtm+RpID3ZeVM+72/Y6ySPqzl7iQq Dbvc4HG/f89bFJQ+9sIOpvgCYrAY/xKKBvTOlL8jrclqw4bRwckYABYi61TEYevZQDIp bQzov38QTD9I6j2SgtR4yhZTQ7SU5I7rFcVsDtO3ESt+SL5NeUDAbw/drDPZadkocq6Z fwapsugHLgypl2faLAyUHJmC47gHbG4DiBatOXT2c4T9sJW25TD4hDOx9eNrfyx9Pjm+ e2TOJmdANnsxjMxro1IWhYM3pYWRV1vRvE431tFC05zyfec4Sw8M2tgMdFagrmFuARXl iyiA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@cmpxchg-org.20210112.gappssmtp.com header.s=20210112 header.b="Ug+/n7OA"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=cmpxchg.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id x5-20020a654145000000b00503005a4f2fsi18212382pgp.857.2023.03.23.10.45.14; Thu, 23 Mar 2023 10:45:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@cmpxchg-org.20210112.gappssmtp.com header.s=20210112 header.b="Ug+/n7OA"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=cmpxchg.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229954AbjCWRpG (ORCPT + 99 others); Thu, 23 Mar 2023 13:45:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44966 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229499AbjCWRpE (ORCPT ); Thu, 23 Mar 2023 13:45:04 -0400 Received: from mail-qt1-x82a.google.com (mail-qt1-x82a.google.com [IPv6:2607:f8b0:4864:20::82a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 32FA63AAE for ; Thu, 23 Mar 2023 10:45:02 -0700 (PDT) Received: by mail-qt1-x82a.google.com with SMTP id c19so27507599qtn.13 for ; Thu, 23 Mar 2023 10:45:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cmpxchg-org.20210112.gappssmtp.com; s=20210112; t=1679593501; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:from:to :cc:subject:date:message-id:reply-to; bh=+aviwg+yLbOH7NuEkcwn79zl3PJ/u1Tvv20Vv8v5PYI=; b=Ug+/n7OA7vIk6CMZwgcqzI8bs9/jzQ3aXxHAVSn71Uha9aPr5cP43W/yGEGYZ4aVzI nRzr/OWkG/p2AJRdrEfK7jt+QefO3dqFLZmzC2o7yDGU+eUA+gz/kjs2L8B0La1Gc1LI 8Mzwnbvz3LDcgFSxBb1Q7jKVWFW8rkARg4KvaCfrbTJ8liGMgclWK5Pk5niHuHDFwMnD u9q8AHabM1aK6ChvRLnkzzKwu0Htxjo1KFvkhUcEQdJMugteLph0g3FhvvndniQUUqSQ Z5Gdia1v5GVX/4DbUzkEgsYnh7/39YANHFHyUYRc0uiZodcF7XKErFZO2QQi21jP4rgN 6M6Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1679593501; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=+aviwg+yLbOH7NuEkcwn79zl3PJ/u1Tvv20Vv8v5PYI=; b=Nx9NygfbNl5ky0hJMbUBvxuwisBGWXV9FnYTcIqIC2SA/Es6io8mv4ByQL8AyG3DFF pFkLM5v2mHeOpbsX+Y/X/B/eZxiklUuEfbrZRAop39UtWw+7bYpDC0HJ1gBHRjvoU2xd xkK68iw2QpZRBUh/76yxXvG3U8z/1XilGwMnHcaJcn3kLf1cDtTUpcCxWdrfpObMOwTV GWFpjavazUif69TYj+X3vqxEuHKejbw3DkbGcLnxgP+/6LwbzTXzqhmzWs3JXaKIXnZF jNffP1MFyO6PEtXFo5bS+OB8QHHk2/lKfFEJtr1OsiR6HvNRg0L3k2F2+riRcmpcmbS7 pU7g== X-Gm-Message-State: AO0yUKUd1fWdZgA1gu7iL5qRAk2OvzsmkEY9bluAYIaCtZBb/zfVMG7o rAnFYz2s9eKQ7D2IDj0X87JFLg== X-Received: by 2002:a05:622a:28d:b0:3de:6964:7bff with SMTP id z13-20020a05622a028d00b003de69647bffmr10942384qtw.20.1679593501062; Thu, 23 Mar 2023 10:45:01 -0700 (PDT) Received: from localhost ([2620:10d:c091:400::5:62db]) by smtp.gmail.com with ESMTPSA id e16-20020ac86710000000b003ba2a15f93dsm5321291qtp.26.2023.03.23.10.45.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Mar 2023 10:45:00 -0700 (PDT) Date: Thu, 23 Mar 2023 13:44:59 -0400 From: Johannes Weiner To: Suren Baghdasaryan Cc: Domenico Cerasuolo , linux-kernel@vger.kernel.org, peterz@infradead.org, brauner@kernel.org, chris@chrisdown.name Subject: Re: [PATCH v2 3/3] sched/psi: allow unprivileged polling of N*2s period Message-ID: <20230323174459.GH739026@cmpxchg.org> References: <20230323103350.40569-1-cerasuolodomenico@gmail.com> <20230323103350.40569-4-cerasuolodomenico@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Spam-Status: No, score=0.0 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Mar 23, 2023 at 09:55:11AM -0700, Suren Baghdasaryan wrote: > On Thu, Mar 23, 2023 at 3:34 AM Domenico Cerasuolo > > @@ -1254,16 +1262,19 @@ int psi_show(struct seq_file *m, struct psi_group *group, enum psi_res res) > > } > > > > struct psi_trigger *psi_trigger_create(struct psi_group *group, > > - char *buf, enum psi_res res) > > + char *buf, enum psi_res res, struct file *file) > > { > > struct psi_trigger *t; > > enum psi_states state; > > u32 threshold_us; > > + bool privileged; > > u32 window_us; > > > > if (static_branch_likely(&psi_disabled)) > > return ERR_PTR(-EOPNOTSUPP); > > > > + privileged = cap_raised(file->f_cred->cap_effective, CAP_SYS_RESOURCE); > > I missed one detail here. We are moving the cap check from open() to > write(). That might break potential users which open the file from a > process with that cap and then pass that FD to an unprivileged process > to create the trigger by writing to that file. I'm not aware of any > use of such a pattern but it is possible there are such users. > With this change such users would have to delegate trigger creation to > the privileged process too and the received FD would be used only for > polling. IMHO that's a safer pattern because triggers are created by > the privileged process. Oh, it's checking file->f_cred, which is set up at open(). So if the opener is privileged, the write can be delegated to an unprivileged process. But I agree that this is subtle and could use a comment. This was a usecase specifically requested by Christian, actually.