From: Christian Brauner <christian.brauner@ubuntu.com>
To: Tejun Heo <tj@kernel.org>
Cc: linux-api@vger.kernel.org, linux-kernel@vger.kernel.org,
Ingo Molnar <mingo@redhat.com>, Oleg Nesterov <oleg@redhat.com>,
Johannes Weiner <hannes@cmpxchg.org>,
Li Zefan <lizefan@huawei.com>,
Peter Zijlstra <peterz@infradead.org>,
cgroups@vger.kernel.org
Subject: Re: [PATCH v2 2/3] clone3: allow spawning processes into cgroups
Date: Thu, 16 Jan 2020 13:29:44 +0100 [thread overview]
Message-ID: <20200116122944.nj3e66eusxu6sb44@wittgenstein> (raw)
In-Reply-To: <20200108180906.l4mvtdmh7nm2z7sc@wittgenstein>
On Wed, Jan 08, 2020 at 07:09:07PM +0100, Christian Brauner wrote:
> On Tue, Jan 07, 2020 at 08:32:04AM -0800, Tejun Heo wrote:
> > On Mon, Dec 23, 2019 at 07:15:03AM +0100, Christian Brauner wrote:
> > > +static struct cgroup *cgroup_get_from_file(struct file *f)
> > > +{
> > > + struct cgroup_subsys_state *css;
> > > + struct cgroup *cgrp;
> > > +
> > > + css = css_tryget_online_from_dir(f->f_path.dentry, NULL);
> > > + if (IS_ERR(css))
> > > + return ERR_CAST(css);
> > > +
> > > + cgrp = css->cgroup;
> > > + if (!cgroup_on_dfl(cgrp)) {
> > > + cgroup_put(cgrp);
> > > + return ERR_PTR(-EBADF);
> > > + }
> > > +
> > > + return cgrp;
> > > +}
> >
> > It's minor but can you put this refactoring into a separate patch?
>
> Yep, will do.
>
> >
> > ...
> > > +static int cgroup_css_set_fork(struct task_struct *parent,
> > > + struct kernel_clone_args *kargs)
> > > + __acquires(&cgroup_mutex) __acquires(&cgroup_threadgroup_rwsem)
> > > +{
> > > + int ret;
> > > + struct cgroup *dst_cgrp = NULL, *src_cgrp;
> > > + struct css_set *cset;
> > > + struct super_block *sb;
> > > + struct file *f;
> > > +
> > > + if (kargs->flags & CLONE_INTO_CGROUP) {
> > > + ret = mutex_lock_killable(&cgroup_mutex);
> > > + if (ret)
> > > + return ret;
> > > + }
> >
> > I don't think this is necessary. cgroup_mutex should always only be
> > held for a finite enough time; otherwise, processes would get stuck on
> > random cgroupfs accesses or even /proc/self/cgroup.
>
> Ok, so a simple mutex_lock() should suffice then.
>
> >
> > ...
> > > + spin_lock_irq(&css_set_lock);
> > > + src_cgrp = task_cgroup_from_root(parent, &cgrp_dfl_root);
> > > + spin_unlock_irq(&css_set_lock);
> >
> > You can simply do cset->dfl_root here, which is consistent with other
> > code paths which know that they want the dfl cgroup.
>
> Ah, great!
>
> >
> > > + ret = cgroup_attach_permissions(src_cgrp, dst_cgrp, sb,
> > > + !!(kargs->flags & CLONE_THREAD));
> > > + if (ret)
> > > + goto err;
> >
> > So, the existing perm check depends on the fact that for the write
> > operation to have started, it already should have passed write perm
> > check on the destination cgroup.procs file. We're missing that here,
> > so we prolly need to check that explicitly.
>
> I need to look into this before I can say yay or nay. :)
Could it be that you misread cgroup_attach_permissions()? Because it
does check for write permissions on the destination cgroup.procs file.
That's why I've added the cgroup_get_from_file() helper. :) See:
static int cgroup_attach_permissions(struct cgroup *src_cgrp,
struct cgroup *dst_cgrp,
struct super_block *sb, bool thread)
{
int ret = 0;
ret = cgroup_procs_write_permission(src_cgrp, dst_cgrp, sb);
if (ret)
return ret;
ret = cgroup_migrate_vet_dst(dst_cgrp);
if (ret)
return ret;
if (thread &&
!cgroup_same_domain(src_cgrp->dom_cgrp, dst_cgrp->dom_cgrp))
ret = -EOPNOTSUPP;
return ret;
}
Maybe I'm misunderstanding though. :)
Thanks!
Christian
WARNING: multiple messages have this Message-ID (diff)
From: Christian Brauner <christian.brauner-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org>
To: Tejun Heo <tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
Cc: linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Ingo Molnar <mingo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Oleg Nesterov <oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Johannes Weiner <hannes-druUgvl0LCNAfugRpC6u6w@public.gmane.org>,
Li Zefan <lizefan-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>,
Peter Zijlstra <peterz-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org>,
cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: [PATCH v2 2/3] clone3: allow spawning processes into cgroups
Date: Thu, 16 Jan 2020 13:29:44 +0100 [thread overview]
Message-ID: <20200116122944.nj3e66eusxu6sb44@wittgenstein> (raw)
In-Reply-To: <20200108180906.l4mvtdmh7nm2z7sc@wittgenstein>
On Wed, Jan 08, 2020 at 07:09:07PM +0100, Christian Brauner wrote:
> On Tue, Jan 07, 2020 at 08:32:04AM -0800, Tejun Heo wrote:
> > On Mon, Dec 23, 2019 at 07:15:03AM +0100, Christian Brauner wrote:
> > > +static struct cgroup *cgroup_get_from_file(struct file *f)
> > > +{
> > > + struct cgroup_subsys_state *css;
> > > + struct cgroup *cgrp;
> > > +
> > > + css = css_tryget_online_from_dir(f->f_path.dentry, NULL);
> > > + if (IS_ERR(css))
> > > + return ERR_CAST(css);
> > > +
> > > + cgrp = css->cgroup;
> > > + if (!cgroup_on_dfl(cgrp)) {
> > > + cgroup_put(cgrp);
> > > + return ERR_PTR(-EBADF);
> > > + }
> > > +
> > > + return cgrp;
> > > +}
> >
> > It's minor but can you put this refactoring into a separate patch?
>
> Yep, will do.
>
> >
> > ...
> > > +static int cgroup_css_set_fork(struct task_struct *parent,
> > > + struct kernel_clone_args *kargs)
> > > + __acquires(&cgroup_mutex) __acquires(&cgroup_threadgroup_rwsem)
> > > +{
> > > + int ret;
> > > + struct cgroup *dst_cgrp = NULL, *src_cgrp;
> > > + struct css_set *cset;
> > > + struct super_block *sb;
> > > + struct file *f;
> > > +
> > > + if (kargs->flags & CLONE_INTO_CGROUP) {
> > > + ret = mutex_lock_killable(&cgroup_mutex);
> > > + if (ret)
> > > + return ret;
> > > + }
> >
> > I don't think this is necessary. cgroup_mutex should always only be
> > held for a finite enough time; otherwise, processes would get stuck on
> > random cgroupfs accesses or even /proc/self/cgroup.
>
> Ok, so a simple mutex_lock() should suffice then.
>
> >
> > ...
> > > + spin_lock_irq(&css_set_lock);
> > > + src_cgrp = task_cgroup_from_root(parent, &cgrp_dfl_root);
> > > + spin_unlock_irq(&css_set_lock);
> >
> > You can simply do cset->dfl_root here, which is consistent with other
> > code paths which know that they want the dfl cgroup.
>
> Ah, great!
>
> >
> > > + ret = cgroup_attach_permissions(src_cgrp, dst_cgrp, sb,
> > > + !!(kargs->flags & CLONE_THREAD));
> > > + if (ret)
> > > + goto err;
> >
> > So, the existing perm check depends on the fact that for the write
> > operation to have started, it already should have passed write perm
> > check on the destination cgroup.procs file. We're missing that here,
> > so we prolly need to check that explicitly.
>
> I need to look into this before I can say yay or nay. :)
Could it be that you misread cgroup_attach_permissions()? Because it
does check for write permissions on the destination cgroup.procs file.
That's why I've added the cgroup_get_from_file() helper. :) See:
static int cgroup_attach_permissions(struct cgroup *src_cgrp,
struct cgroup *dst_cgrp,
struct super_block *sb, bool thread)
{
int ret = 0;
ret = cgroup_procs_write_permission(src_cgrp, dst_cgrp, sb);
if (ret)
return ret;
ret = cgroup_migrate_vet_dst(dst_cgrp);
if (ret)
return ret;
if (thread &&
!cgroup_same_domain(src_cgrp->dom_cgrp, dst_cgrp->dom_cgrp))
ret = -EOPNOTSUPP;
return ret;
}
Maybe I'm misunderstanding though. :)
Thanks!
Christian
next prev parent reply other threads:[~2020-01-16 12:29 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-23 6:15 [PATCH v2 0/3] clone3 & cgroups: allow spawning processes into cgroups Christian Brauner
2019-12-23 6:15 ` [PATCH v2 1/3] cgroup: unify attach permission checking Christian Brauner
2019-12-23 6:15 ` [PATCH v2 2/3] clone3: allow spawning processes into cgroups Christian Brauner
2020-01-07 16:32 ` Tejun Heo
2020-01-08 18:09 ` Christian Brauner
2020-01-16 12:29 ` Christian Brauner [this message]
2020-01-16 12:29 ` Christian Brauner
2020-01-17 16:53 ` Tejun Heo
2020-01-17 16:53 ` Tejun Heo
2020-01-17 17:12 ` Christian Brauner
2020-01-17 17:12 ` Christian Brauner
2020-01-08 16:01 ` Michal Koutný
2020-01-08 18:10 ` Christian Brauner
2020-01-08 18:10 ` Christian Brauner
2020-01-16 23:57 ` Christian Brauner
2020-01-16 23:57 ` Christian Brauner
2020-01-16 23:57 ` Christian Brauner
2019-12-23 6:15 ` [PATCH v2 3/3] selftests/cgroup: add tests for cloning " Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200116122944.nj3e66eusxu6sb44@wittgenstein \
--to=christian.brauner@ubuntu.com \
--cc=cgroups@vger.kernel.org \
--cc=hannes@cmpxchg.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lizefan@huawei.com \
--cc=mingo@redhat.com \
--cc=oleg@redhat.com \
--cc=peterz@infradead.org \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.