From: Tejun Heo <tj@kernel.org>
To: "Michal Koutný" <mkoutny@suse.com>
Cc: cgroups@vger.kernel.org, linux-kernel@vger.kernel.org,
Zefan Li <lizefan.x@bytedance.com>,
Johannes Weiner <hannes@cmpxchg.org>,
Waiman Long <longman@redhat.com>
Subject: Re: [RFC PATCH] cpuset: Allow setscheduler regardless of manipulated task
Date: Sat, 25 Jun 2022 13:20:30 +0900 [thread overview]
Message-ID: <YraNDoxU9IZaP3RV@mtj.duckdns.org> (raw)
In-Reply-To: <20220623124944.2753-1-mkoutny@suse.com>
Hello,
On Thu, Jun 23, 2022 at 02:49:44PM +0200, Michal Koutný wrote:
> 1) The unified hierarchy attachment behavior -- is that the
> right/consented model that migrated objects don't matter?
Yes.
> 2) If 1) is true, have I missed any danger in allowing cpuset'ing a
> possibly privileged processes?
Given that the someone who has write perm on the cgroup or its
ancestors are allowed to change cpuset config itself, I have a hard
time imagining that check being all that useful as a security
mechanism.
> 2.2) cpuset may be in v2 mode even on v1 hierarchy with different
> migration control rules (but checking migratee's creds in v1
> eliminates effect of this patch).
Yeah, it should be fine to apply the change only to v2.
> 3) Alternative approach would be to allow cpuset migrations only when
> nothing effectively changes (which is the case for parent->child
> migration upon controller enablement).
>
> 4) This is just idea draft, not tested in the real case.
Unless I'm missing something obvious, I don't see a reason to keep the
check, so please feel free to test and send a SOB'd patch.
Thanks.
--
tejun
WARNING: multiple messages have this Message-ID (diff)
From: Tejun Heo <tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
To: "Michal Koutný" <mkoutny-IBi9RG/b67k@public.gmane.org>
Cc: cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Zefan Li <lizefan.x-EC8Uxl6Npydl57MIdRCFDg@public.gmane.org>,
Johannes Weiner <hannes-druUgvl0LCNAfugRpC6u6w@public.gmane.org>,
Waiman Long <longman-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Subject: Re: [RFC PATCH] cpuset: Allow setscheduler regardless of manipulated task
Date: Sat, 25 Jun 2022 13:20:30 +0900 [thread overview]
Message-ID: <YraNDoxU9IZaP3RV@mtj.duckdns.org> (raw)
In-Reply-To: <20220623124944.2753-1-mkoutny-IBi9RG/b67k@public.gmane.org>
Hello,
On Thu, Jun 23, 2022 at 02:49:44PM +0200, Michal Koutný wrote:
> 1) The unified hierarchy attachment behavior -- is that the
> right/consented model that migrated objects don't matter?
Yes.
> 2) If 1) is true, have I missed any danger in allowing cpuset'ing a
> possibly privileged processes?
Given that the someone who has write perm on the cgroup or its
ancestors are allowed to change cpuset config itself, I have a hard
time imagining that check being all that useful as a security
mechanism.
> 2.2) cpuset may be in v2 mode even on v1 hierarchy with different
> migration control rules (but checking migratee's creds in v1
> eliminates effect of this patch).
Yeah, it should be fine to apply the change only to v2.
> 3) Alternative approach would be to allow cpuset migrations only when
> nothing effectively changes (which is the case for parent->child
> migration upon controller enablement).
>
> 4) This is just idea draft, not tested in the real case.
Unless I'm missing something obvious, I don't see a reason to keep the
check, so please feel free to test and send a SOB'd patch.
Thanks.
--
tejun
next prev parent reply other threads:[~2022-06-25 4:20 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-23 12:49 [RFC PATCH] cpuset: Allow setscheduler regardless of manipulated task Michal Koutný
2022-06-23 12:49 ` Michal Koutný
2022-06-23 18:44 ` Waiman Long
2022-06-23 18:44 ` Waiman Long
2022-06-24 12:43 ` Michal Koutný
2022-06-24 12:43 ` Michal Koutný
2022-06-25 4:20 ` Tejun Heo [this message]
2022-06-25 4:20 ` Tejun Heo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YraNDoxU9IZaP3RV@mtj.duckdns.org \
--to=tj@kernel.org \
--cc=cgroups@vger.kernel.org \
--cc=hannes@cmpxchg.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lizefan.x@bytedance.com \
--cc=longman@redhat.com \
--cc=mkoutny@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.