From: Juri Lelli <juri.lelli@redhat.com>
To: Patrick Bellasi <patrick.bellasi@arm.com>
Cc: linux-kernel@vger.kernel.org, linux-pm@vger.kernel.org,
Ingo Molnar <mingo@redhat.com>,
Peter Zijlstra <peterz@infradead.org>, Tejun Heo <tj@kernel.org>,
"Rafael J . Wysocki" <rafael.j.wysocki@intel.com>,
Viresh Kumar <viresh.kumar@linaro.org>,
Vincent Guittot <vincent.guittot@linaro.org>,
Paul Turner <pjt@google.com>,
Quentin Perret <quentin.perret@arm.com>,
Dietmar Eggemann <dietmar.eggemann@arm.com>,
Morten Rasmussen <morten.rasmussen@arm.com>,
Todd Kjos <tkjos@google.com>, Joel Fernandes <joelaf@google.com>,
Steve Muckle <smuckle@google.com>,
Suren Baghdasaryan <surenb@google.com>
Subject: Re: [PATCH v4 14/16] sched/core: uclamp: request CAP_SYS_ADMIN by default
Date: Tue, 4 Sep 2018 15:47:48 +0200 [thread overview]
Message-ID: <20180904134748.GA4974@localhost.localdomain> (raw)
In-Reply-To: <20180828135324.21976-15-patrick.bellasi@arm.com>
Hi,
On 28/08/18 14:53, Patrick Bellasi wrote:
> The number of clamp groups supported is limited and defined at compile
> time. However, a malicious user can currently ask for many different
Even if not malicious.. :-)
> clamp values thus consuming all the available clamp groups.
>
> Since on properly configured systems we expect only a limited set of
> different clamp values, the previous problem can be mitigated by
> allowing access to clamp groups configuration only to privileged tasks.
> This should still allow a System Management Software to properly
> pre-configure the system.
>
> Let's restrict the tuning of utilization clamp values, by default, to
> tasks with CAP_SYS_ADMIN capabilities.
>
> Whenever this should be considered too restrictive and/or not required
> for a specific platforms, a kernel boot option is provided to change
> this default behavior thus allowing non privileged tasks to change their
> utilization clamp values.
>
> Signed-off-by: Patrick Bellasi <patrick.bellasi@arm.com>
> Cc: Ingo Molnar <mingo@redhat.com>
> Cc: Peter Zijlstra <peterz@infradead.org>
> Cc: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
> Cc: Paul Turner <pjt@google.com>
> Cc: Suren Baghdasaryan <surenb@google.com>
> Cc: Todd Kjos <tkjos@google.com>
> Cc: Joel Fernandes <joelaf@google.com>
> Cc: Steve Muckle <smuckle@google.com>
> Cc: Juri Lelli <juri.lelli@redhat.com>
> Cc: Quentin Perret <quentin.perret@arm.com>
> Cc: Dietmar Eggemann <dietmar.eggemann@arm.com>
> Cc: Morten Rasmussen <morten.rasmussen@arm.com>
> Cc: linux-kernel@vger.kernel.org
> Cc: linux-pm@vger.kernel.org
>
> ---
> Changes in v4:
> Others:
> - new patch added in this version
> - rebased on v4.19-rc1
> ---
> .../admin-guide/kernel-parameters.txt | 3 +++
> kernel/sched/core.c | 22 ++++++++++++++++---
> 2 files changed, 22 insertions(+), 3 deletions(-)
>
> diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> index 9871e649ffef..481f8214ea9a 100644
> --- a/Documentation/admin-guide/kernel-parameters.txt
> +++ b/Documentation/admin-guide/kernel-parameters.txt
> @@ -4561,6 +4561,9 @@
> <port#>,<js1>,<js2>,<js3>,<js4>,<js5>,<js6>,<js7>
> See also Documentation/input/devices/joystick-parport.rst
>
> + uclamp_user [KNL] Enable task-specific utilization clamping tuning
> + also from tasks without CAP_SYS_ADMIN capability.
> +
> udbg-immortal [PPC] When debugging early kernel crashes that
> happen after console_init() and before a proper
> console driver takes over, this boot options might
> diff --git a/kernel/sched/core.c b/kernel/sched/core.c
> index 222397edb8a7..8341ce580a9a 100644
> --- a/kernel/sched/core.c
> +++ b/kernel/sched/core.c
> @@ -1510,14 +1510,29 @@ static inline int alloc_uclamp_sched_group(struct task_group *tg,
> static inline void free_uclamp_sched_group(struct task_group *tg) { }
> #endif /* CONFIG_UCLAMP_TASK_GROUP */
>
> +static bool uclamp_user_allowed __read_mostly;
> +static int __init uclamp_user_allow(char *str)
> +{
> + uclamp_user_allowed = true;
> +
> + return 0;
> +}
> +early_param("uclamp_user", uclamp_user_allow);
> +
> static inline int __setscheduler_uclamp(struct task_struct *p,
> - const struct sched_attr *attr)
> + const struct sched_attr *attr,
> + bool user)
Wondering if you want to fold the check below inside the
if (user && !capable(CAP_SYS_NICE)) {
...
}
block. It would also save you from adding another parameter to the
function.
> {
> int group_id[UCLAMP_CNT] = { UCLAMP_NOT_VALID };
> int lower_bound, upper_bound;
> struct uclamp_se *uc_se;
> int result = 0;
>
> + if (!capable(CAP_SYS_ADMIN) &&
> + user && !uclamp_user_allowed) {
> + return -EPERM;
> + }
> +
Best,
- Juri
next prev parent reply other threads:[~2018-09-04 13:47 UTC|newest]
Thread overview: 80+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-28 13:53 [PATCH v4 00/16] Add utilization clamping support Patrick Bellasi
2018-08-28 13:53 ` [PATCH v4 01/16] sched/core: uclamp: extend sched_setattr to support utilization clamping Patrick Bellasi
2018-09-05 11:01 ` Juri Lelli
2018-08-28 13:53 ` [PATCH v4 02/16] sched/core: uclamp: map TASK's clamp values into CPU's clamp groups Patrick Bellasi
2018-09-05 10:45 ` Juri Lelli
2018-09-06 13:48 ` Patrick Bellasi
2018-09-06 14:13 ` Juri Lelli
2018-09-06 8:17 ` Juri Lelli
2018-09-06 14:00 ` Patrick Bellasi
2018-09-08 23:47 ` Suren Baghdasaryan
2018-09-12 10:32 ` Patrick Bellasi
2018-09-12 13:49 ` Peter Zijlstra
2018-09-12 15:56 ` Patrick Bellasi
2018-09-12 16:12 ` Peter Zijlstra
2018-09-12 17:35 ` Patrick Bellasi
2018-09-12 17:42 ` Peter Zijlstra
2018-09-12 17:52 ` Patrick Bellasi
2018-09-13 19:14 ` Peter Zijlstra
2018-09-14 8:51 ` Patrick Bellasi
2018-09-12 16:24 ` Peter Zijlstra
2018-09-12 17:42 ` Patrick Bellasi
2018-09-13 19:20 ` Peter Zijlstra
2018-09-14 8:47 ` Patrick Bellasi
2018-08-28 13:53 ` [PATCH v4 03/16] sched/core: uclamp: add CPU's clamp groups accounting Patrick Bellasi
2018-09-12 17:34 ` Peter Zijlstra
2018-09-12 17:44 ` Patrick Bellasi
2018-09-13 19:12 ` Peter Zijlstra
2018-09-14 9:07 ` Patrick Bellasi
2018-09-14 11:52 ` Peter Zijlstra
2018-09-14 13:41 ` Patrick Bellasi
2018-08-28 13:53 ` [PATCH v4 04/16] sched/core: uclamp: update CPU's refcount on clamp changes Patrick Bellasi
2018-08-28 13:53 ` [PATCH v4 05/16] sched/core: uclamp: enforce last task UCLAMP_MAX Patrick Bellasi
2018-08-28 13:53 ` [PATCH v4 06/16] sched/cpufreq: uclamp: add utilization clamping for FAIR tasks Patrick Bellasi
2018-09-14 9:32 ` Peter Zijlstra
2018-09-14 13:19 ` Patrick Bellasi
2018-09-14 13:36 ` Peter Zijlstra
2018-09-14 13:57 ` Patrick Bellasi
2018-09-27 10:23 ` Quentin Perret
2018-08-28 13:53 ` [PATCH v4 07/16] sched/core: uclamp: extend cpu's cgroup controller Patrick Bellasi
2018-08-28 18:29 ` Randy Dunlap
2018-08-29 8:53 ` Patrick Bellasi
2018-08-28 13:53 ` [PATCH v4 08/16] sched/core: uclamp: propagate parent clamps Patrick Bellasi
2018-09-09 3:02 ` Suren Baghdasaryan
2018-09-12 12:51 ` Patrick Bellasi
2018-09-12 15:56 ` Suren Baghdasaryan
2018-09-11 15:18 ` Tejun Heo
2018-09-11 16:26 ` Patrick Bellasi
2018-09-11 16:28 ` Tejun Heo
2018-08-28 13:53 ` [PATCH v4 09/16] sched/core: uclamp: map TG's clamp values into CPU's clamp groups Patrick Bellasi
2018-09-09 18:52 ` Suren Baghdasaryan
2018-09-12 14:19 ` Patrick Bellasi
2018-09-12 15:53 ` Suren Baghdasaryan
2018-08-28 13:53 ` [PATCH v4 10/16] sched/core: uclamp: use TG's clamps to restrict Task's clamps Patrick Bellasi
2018-08-28 13:53 ` [PATCH v4 11/16] sched/core: uclamp: add system default clamps Patrick Bellasi
2018-09-10 16:20 ` Suren Baghdasaryan
2018-09-11 16:46 ` Patrick Bellasi
2018-09-11 19:25 ` Suren Baghdasaryan
2018-08-28 13:53 ` [PATCH v4 12/16] sched/core: uclamp: update CPU's refcount on TG's clamp changes Patrick Bellasi
2018-08-28 13:53 ` [PATCH v4 13/16] sched/core: uclamp: use percentage clamp values Patrick Bellasi
2018-08-28 13:53 ` [PATCH v4 14/16] sched/core: uclamp: request CAP_SYS_ADMIN by default Patrick Bellasi
2018-09-04 13:47 ` Juri Lelli [this message]
2018-09-06 14:40 ` Patrick Bellasi
2018-09-06 14:59 ` Juri Lelli
2018-09-06 17:21 ` Patrick Bellasi
2018-09-14 11:10 ` Peter Zijlstra
2018-09-14 14:07 ` Patrick Bellasi
2018-09-14 14:28 ` Peter Zijlstra
2018-09-17 12:27 ` Patrick Bellasi
2018-09-21 9:13 ` Peter Zijlstra
2018-09-24 15:14 ` Patrick Bellasi
2018-09-24 15:56 ` Peter Zijlstra
2018-09-24 17:23 ` Patrick Bellasi
2018-09-24 16:26 ` Peter Zijlstra
2018-09-24 17:19 ` Patrick Bellasi
2018-09-25 15:49 ` Peter Zijlstra
2018-09-26 10:43 ` Patrick Bellasi
2018-09-27 10:00 ` Quentin Perret
2018-09-26 17:51 ` Patrick Bellasi
2018-08-28 13:53 ` [PATCH v4 15/16] sched/core: uclamp: add clamp group discretization support Patrick Bellasi
2018-08-28 13:53 ` [PATCH v4 16/16] sched/cpufreq: uclamp: add utilization clamping for RT tasks Patrick Bellasi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180904134748.GA4974@localhost.localdomain \
--to=juri.lelli@redhat.com \
--cc=dietmar.eggemann@arm.com \
--cc=joelaf@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pm@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=morten.rasmussen@arm.com \
--cc=patrick.bellasi@arm.com \
--cc=peterz@infradead.org \
--cc=pjt@google.com \
--cc=quentin.perret@arm.com \
--cc=rafael.j.wysocki@intel.com \
--cc=smuckle@google.com \
--cc=surenb@google.com \
--cc=tj@kernel.org \
--cc=tkjos@google.com \
--cc=vincent.guittot@linaro.org \
--cc=viresh.kumar@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).