Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp20452048rwd; Thu, 29 Jun 2023 02:26:28 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ505ZPHUofL6824cvsoGLRoQLaO/CSKT01PVfEW1hZlLndMUEW9MM7aRsVl6Rc2GJrqmysM X-Received: by 2002:a05:6a00:2184:b0:666:a46b:63c9 with SMTP id h4-20020a056a00218400b00666a46b63c9mr24806456pfi.11.1688030788319; Thu, 29 Jun 2023 02:26:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688030788; cv=none; d=google.com; s=arc-20160816; b=xWyKWVM16JHOuoG+zhsmjfT83IDkRKsOpI9Fb3orrlUt7ROCHMVOcN6e3fP6OCNgEE SLt+wd9ddgH1MXGfHwrQXYzBV91zPx5b8NwMHc03N1GVa6/k8P+lvLAomgAs4t9B8wHF MvUrr1oCaWDtz5goc0FDK61LuWOXB0pzY2c2O4VMyq0hdWAQlYQqhOxD/wc52rtsLWPI vIv7P8ViMp3I9PLzLkzQbZrneLRI8JqatFM4RIu3+IZd5MOhhru2498oSG0xRLVcG2Te c/YMkbrAgZ74PZRYthLsmImyuRc8fkxOxeiwJXWc+V4UqWkvDsAtdWVOa2zM4ScTzFe7 nwyg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=rVojEtuYagGizr3yOGYD8YaQfsrGlsFwyzHuPXma3hE=; fh=W9YjB8LblKMI9BlzaYswLs++QP273lsG58/F27dOPSw=; b=YNvQVFcYczX7K9dY0fbo4JhUYvrwyStF4RzTpYnyy7eX2gO6MwVhato9PaU+Yy7mE8 FkyHRKv86ECPp/n7P8lULU2YuF1JHQ9jyK41okiIMGKyVisC82zf7lPGjmoGoACeu/Ys 9GnbKk1RKuddHMz+5fd+gPBubAwIp3Mc/qse8gHdB+VkjKyuRQYQfK4JpcMbh1x/J/sS BzskOdzs39PLeqV9ejNQBUUYvlvTVb3rimVbq1pvq/bygA9SgIb10vSF5mjASOLPEiCh vI9NCbEuOLvoxUNpzVhXHrw7lkEd8DtTMagaiwCs2iACYG2sxkOLXizrn+jv/wsM07V5 YpzA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=ugtZ80ey; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j10-20020a056a00234a00b00666e1259fa4si10007873pfj.141.2023.06.29.02.26.13; Thu, 29 Jun 2023 02:26:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=ugtZ80ey; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232361AbjF2JMF (ORCPT + 99 others); Thu, 29 Jun 2023 05:12:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33912 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232086AbjF2JL4 (ORCPT ); Thu, 29 Jun 2023 05:11:56 -0400 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 68D1F1FE8; Thu, 29 Jun 2023 02:11:54 -0700 (PDT) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 196521F8CD; Thu, 29 Jun 2023 09:11:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1688029913; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=rVojEtuYagGizr3yOGYD8YaQfsrGlsFwyzHuPXma3hE=; b=ugtZ80eyRtri7lltfb1GdP7NUGyS3mL8m4KGwhqsepHiDIi40YmHj8mOuYrb6/FAleP5ZI aEAvafObNr5a+n0pR/lOObP+oOJmWQ3vDOvPF4AP+GjNY7/+tgN7kC+hMZU1CUSTFuskgT fx7lnKLSExwrqgZQ1CH5/wG3R0QC/xg= Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id E68F913A43; Thu, 29 Jun 2023 09:11:52 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id AHRtN9hKnWSMdQAAMHmgww (envelope-from ); Thu, 29 Jun 2023 09:11:52 +0000 From: =?UTF-8?q?Michal=20Koutn=C3=BD?= To: linux-kernel@vger.kernel.org, cgroups@vger.kernel.org, linux-kselftest@vger.kernel.org Cc: Waiman Long , Zefan Li , Tejun Heo , Johannes Weiner , Shuah Khan Subject: [PATCH 1/3] cpuset: Allow setscheduler regardless of manipulated task Date: Thu, 29 Jun 2023 11:11:44 +0200 Message-ID: <20230629091146.28801-2-mkoutny@suse.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230629091146.28801-1-mkoutny@suse.com> References: <20230629091146.28801-1-mkoutny@suse.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org When we migrate a task between two cgroups, one of the checks is a verification whether we can modify task's scheduler settings (cap_task_setscheduler()). An implicit migration occurs also when enabling a controller on the unified hierarchy (think of parent to child migration). The aforementioned check may be problematic if the caller of the migration (enabling a controller) has no permissions over migrated tasks. For instance, a user's cgroup that ends up running a process of a different user. Although cgroup permissions are configured favorably, the enablement fails due to the foreign process [1]. Change the behavior by relaxing the permissions check on the unified hierarchy (or in v2 mode). This is in accordance with unified hierarchy attachment behavior when permissions of the source to target cgroups are decisive whereas the migrated task is opaque (as opposed to more restrictive check in __cgroup1_procs_write()). [1] https://github.com/systemd/systemd/issues/18293#issuecomment-831205649 Signed-off-by: Michal Koutný --- kernel/cgroup/cpuset.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/kernel/cgroup/cpuset.c b/kernel/cgroup/cpuset.c index e4ca2dd2b764..3b5f87a9a150 100644 --- a/kernel/cgroup/cpuset.c +++ b/kernel/cgroup/cpuset.c @@ -2495,6 +2495,13 @@ static int cpuset_can_attach(struct cgroup_taskset *tset) ret = task_can_attach(task, cs->effective_cpus); if (ret) goto out_unlock; + + /* + * Skip rights over task check in v2, migration permission derives + * from hierarchy ownership in cgroup_procs_write_permission()). + */ + if (is_in_v2_mode()) + continue; ret = security_task_setscheduler(task); if (ret) goto out_unlock; -- 2.41.0