* [PATCH v2] psi: allow unprivileged users with CAP_SYS_RESOURCE to write psi files
@ 2021-04-02 2:58 Josh Hunt
2021-04-02 17:53 ` Johannes Weiner
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Josh Hunt @ 2021-04-02 2:58 UTC (permalink / raw)
To: Ingo Molnar, Peter Zijlstra, linux-kernel, ebiederm, keescook, hannes
Cc: Josh Hunt
Currently only root can write files under /proc/pressure. Relax this to
allow tasks running as unprivileged users with CAP_SYS_RESOURCE to be
able to write to these files.
Signed-off-by: Josh Hunt <johunt@akamai.com>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
---
kernel/sched/psi.c | 20 ++++++++++++++------
1 file changed, 14 insertions(+), 6 deletions(-)
diff --git a/kernel/sched/psi.c b/kernel/sched/psi.c
index b1b00e9bd7ed..d1212f17a898 100644
--- a/kernel/sched/psi.c
+++ b/kernel/sched/psi.c
@@ -1061,19 +1061,27 @@ static int psi_cpu_show(struct seq_file *m, void *v)
return psi_show(m, &psi_system, PSI_CPU);
}
+static int psi_open(struct file *file, int (*psi_show)(struct seq_file *, void *))
+{
+ if (file->f_mode & FMODE_WRITE && !capable(CAP_SYS_RESOURCE))
+ return -EPERM;
+
+ return single_open(file, psi_show, NULL);
+}
+
static int psi_io_open(struct inode *inode, struct file *file)
{
- return single_open(file, psi_io_show, NULL);
+ return psi_open(file, psi_io_show);
}
static int psi_memory_open(struct inode *inode, struct file *file)
{
- return single_open(file, psi_memory_show, NULL);
+ return psi_open(file, psi_memory_show);
}
static int psi_cpu_open(struct inode *inode, struct file *file)
{
- return single_open(file, psi_cpu_show, NULL);
+ return psi_open(file, psi_cpu_show);
}
struct psi_trigger *psi_trigger_create(struct psi_group *group,
@@ -1353,9 +1361,9 @@ static int __init psi_proc_init(void)
{
if (psi_enable) {
proc_mkdir("pressure", NULL);
- proc_create("pressure/io", 0, NULL, &psi_io_proc_ops);
- proc_create("pressure/memory", 0, NULL, &psi_memory_proc_ops);
- proc_create("pressure/cpu", 0, NULL, &psi_cpu_proc_ops);
+ proc_create("pressure/io", 0666, NULL, &psi_io_proc_ops);
+ proc_create("pressure/memory", 0666, NULL, &psi_memory_proc_ops);
+ proc_create("pressure/cpu", 0666, NULL, &psi_cpu_proc_ops);
}
return 0;
}
--
2.17.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH v2] psi: allow unprivileged users with CAP_SYS_RESOURCE to write psi files
2021-04-02 2:58 [PATCH v2] psi: allow unprivileged users with CAP_SYS_RESOURCE to write psi files Josh Hunt
@ 2021-04-02 17:53 ` Johannes Weiner
2021-04-02 18:11 ` Kees Cook
2021-04-09 11:24 ` [tip: sched/core] " tip-bot2 for Josh Hunt
2 siblings, 0 replies; 4+ messages in thread
From: Johannes Weiner @ 2021-04-02 17:53 UTC (permalink / raw)
To: Josh Hunt; +Cc: Ingo Molnar, Peter Zijlstra, linux-kernel, ebiederm, keescook
On Thu, Apr 01, 2021 at 10:58:33PM -0400, Josh Hunt wrote:
> Currently only root can write files under /proc/pressure. Relax this to
> allow tasks running as unprivileged users with CAP_SYS_RESOURCE to be
> able to write to these files.
>
> Signed-off-by: Josh Hunt <johunt@akamai.com>
> Acked-by: Johannes Weiner <hannes@cmpxchg.org>
v2 looks good to me. Thanks
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH v2] psi: allow unprivileged users with CAP_SYS_RESOURCE to write psi files
2021-04-02 2:58 [PATCH v2] psi: allow unprivileged users with CAP_SYS_RESOURCE to write psi files Josh Hunt
2021-04-02 17:53 ` Johannes Weiner
@ 2021-04-02 18:11 ` Kees Cook
2021-04-09 11:24 ` [tip: sched/core] " tip-bot2 for Josh Hunt
2 siblings, 0 replies; 4+ messages in thread
From: Kees Cook @ 2021-04-02 18:11 UTC (permalink / raw)
To: Josh Hunt; +Cc: Ingo Molnar, Peter Zijlstra, linux-kernel, ebiederm, hannes
On Thu, Apr 01, 2021 at 10:58:33PM -0400, Josh Hunt wrote:
> Currently only root can write files under /proc/pressure. Relax this to
> allow tasks running as unprivileged users with CAP_SYS_RESOURCE to be
> able to write to these files.
>
> Signed-off-by: Josh Hunt <johunt@akamai.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
--
Kees Cook
^ permalink raw reply [flat|nested] 4+ messages in thread
* [tip: sched/core] psi: allow unprivileged users with CAP_SYS_RESOURCE to write psi files
2021-04-02 2:58 [PATCH v2] psi: allow unprivileged users with CAP_SYS_RESOURCE to write psi files Josh Hunt
2021-04-02 17:53 ` Johannes Weiner
2021-04-02 18:11 ` Kees Cook
@ 2021-04-09 11:24 ` tip-bot2 for Josh Hunt
2 siblings, 0 replies; 4+ messages in thread
From: tip-bot2 for Josh Hunt @ 2021-04-09 11:24 UTC (permalink / raw)
To: linux-tip-commits
Cc: Josh Hunt, Peter Zijlstra (Intel), Johannes Weiner, x86, linux-kernel
The following commit has been merged into the sched/core branch of tip:
Commit-ID: 6db12ee0456d0e369c7b59788d46e15a56ad0294
Gitweb: https://git.kernel.org/tip/6db12ee0456d0e369c7b59788d46e15a56ad0294
Author: Josh Hunt <johunt@akamai.com>
AuthorDate: Thu, 01 Apr 2021 22:58:33 -04:00
Committer: Peter Zijlstra <peterz@infradead.org>
CommitterDate: Thu, 08 Apr 2021 23:09:44 +02:00
psi: allow unprivileged users with CAP_SYS_RESOURCE to write psi files
Currently only root can write files under /proc/pressure. Relax this to
allow tasks running as unprivileged users with CAP_SYS_RESOURCE to be
able to write to these files.
Signed-off-by: Josh Hunt <johunt@akamai.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Link: https://lkml.kernel.org/r/20210402025833.27599-1-johunt@akamai.com
---
kernel/sched/psi.c | 20 ++++++++++++++------
1 file changed, 14 insertions(+), 6 deletions(-)
diff --git a/kernel/sched/psi.c b/kernel/sched/psi.c
index b1b00e9..d1212f1 100644
--- a/kernel/sched/psi.c
+++ b/kernel/sched/psi.c
@@ -1061,19 +1061,27 @@ static int psi_cpu_show(struct seq_file *m, void *v)
return psi_show(m, &psi_system, PSI_CPU);
}
+static int psi_open(struct file *file, int (*psi_show)(struct seq_file *, void *))
+{
+ if (file->f_mode & FMODE_WRITE && !capable(CAP_SYS_RESOURCE))
+ return -EPERM;
+
+ return single_open(file, psi_show, NULL);
+}
+
static int psi_io_open(struct inode *inode, struct file *file)
{
- return single_open(file, psi_io_show, NULL);
+ return psi_open(file, psi_io_show);
}
static int psi_memory_open(struct inode *inode, struct file *file)
{
- return single_open(file, psi_memory_show, NULL);
+ return psi_open(file, psi_memory_show);
}
static int psi_cpu_open(struct inode *inode, struct file *file)
{
- return single_open(file, psi_cpu_show, NULL);
+ return psi_open(file, psi_cpu_show);
}
struct psi_trigger *psi_trigger_create(struct psi_group *group,
@@ -1353,9 +1361,9 @@ static int __init psi_proc_init(void)
{
if (psi_enable) {
proc_mkdir("pressure", NULL);
- proc_create("pressure/io", 0, NULL, &psi_io_proc_ops);
- proc_create("pressure/memory", 0, NULL, &psi_memory_proc_ops);
- proc_create("pressure/cpu", 0, NULL, &psi_cpu_proc_ops);
+ proc_create("pressure/io", 0666, NULL, &psi_io_proc_ops);
+ proc_create("pressure/memory", 0666, NULL, &psi_memory_proc_ops);
+ proc_create("pressure/cpu", 0666, NULL, &psi_cpu_proc_ops);
}
return 0;
}
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-04-09 11:24 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-02 2:58 [PATCH v2] psi: allow unprivileged users with CAP_SYS_RESOURCE to write psi files Josh Hunt
2021-04-02 17:53 ` Johannes Weiner
2021-04-02 18:11 ` Kees Cook
2021-04-09 11:24 ` [tip: sched/core] " tip-bot2 for Josh Hunt
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.