From: Juri Lelli <juri.lelli@redhat.com>
To: Patrick Bellasi <patrick.bellasi@arm.com>
Cc: linux-kernel@vger.kernel.org, linux-pm@vger.kernel.org,
Ingo Molnar <mingo@redhat.com>,
Peter Zijlstra <peterz@infradead.org>, Tejun Heo <tj@kernel.org>,
"Rafael J . Wysocki" <rafael.j.wysocki@intel.com>,
Viresh Kumar <viresh.kumar@linaro.org>,
Vincent Guittot <vincent.guittot@linaro.org>,
Paul Turner <pjt@google.com>,
Quentin Perret <quentin.perret@arm.com>,
Dietmar Eggemann <dietmar.eggemann@arm.com>,
Morten Rasmussen <morten.rasmussen@arm.com>,
Todd Kjos <tkjos@google.com>, Joel Fernandes <joelaf@google.com>,
Steve Muckle <smuckle@google.com>,
Suren Baghdasaryan <surenb@google.com>
Subject: Re: [PATCH v4 14/16] sched/core: uclamp: request CAP_SYS_ADMIN by default
Date: Thu, 6 Sep 2018 16:59:36 +0200 [thread overview]
Message-ID: <20180906145936.GF27626@localhost.localdomain> (raw)
In-Reply-To: <20180906144053.GD25636@e110439-lin>
On 06/09/18 15:40, Patrick Bellasi wrote:
> On 04-Sep 15:47, Juri Lelli wrote:
[...]
> > Wondering if you want to fold the check below inside the
> >
> > if (user && !capable(CAP_SYS_NICE)) {
> > ...
> > }
> >
> > block. It would also save you from adding another parameter to the
> > function.
>
> So, there are two reasons for that:
>
> 1) _I think_ we don't want to depend on capable(CAP_SYS_NICE) but
> instead on capable(CAP_SYS_ADMIN)
>
> Does that make sense ?
>
> If yes, the I cannot fold it in the block you reported above
> because we will not check for users with CAP_SYS_NICE.
Ah, right, not sure though. Looks like CAP_SYS_NICE is used for settings
that relates to priorities, affinity, etc.: CPU related stuff. Since
here you are also dealing with something that seems to fall into the
same realm, it might actually fit more than CAP_SYS_ADMIN?
Now that I think more about it, would it actually make sense to allow
unpriviledged users to lower their assigned umin/umax properties if they
want? Something alike what happens for nice values or RT priorities.
> 2) Then we could move it after that block, where there is another
> set of checks with just:
>
> if (user) {
>
> We can potentially add the check there yes... but when uclamp is
> not enabled we will still perform those checks or we have to add
> some compiler guards...
>
> 3) ... or at least check for:
>
> if (attr->sched_flags & SCHED_FLAG_UTIL_CLAMP)
>
> Which is what I'm doing right after the block above (2).
>
> But, at this point, by passing in the parameter to the
> __setscheduler_uclamp() call, I get the benefits of:
>
> a) reducing uclamp specific code in the caller
> b) avoiding the checks on !CONFIG_UCLAMP_TASK build
>
> > > {
> > > int group_id[UCLAMP_CNT] = { UCLAMP_NOT_VALID };
> > > int lower_bound, upper_bound;
> > > struct uclamp_se *uc_se;
> > > int result = 0;
> > >
> > > + if (!capable(CAP_SYS_ADMIN) &&
> > > + user && !uclamp_user_allowed) {
> > > + return -EPERM;
> > > + }
> > > +
>
> Does all the above makes sense ?
If we agree on CAP_SYS_ADMIN, however, your approach looks cleaner yes.
next prev parent reply other threads:[~2018-09-06 14:59 UTC|newest]
Thread overview: 80+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-28 13:53 [PATCH v4 00/16] Add utilization clamping support Patrick Bellasi
2018-08-28 13:53 ` [PATCH v4 01/16] sched/core: uclamp: extend sched_setattr to support utilization clamping Patrick Bellasi
2018-09-05 11:01 ` Juri Lelli
2018-08-28 13:53 ` [PATCH v4 02/16] sched/core: uclamp: map TASK's clamp values into CPU's clamp groups Patrick Bellasi
2018-09-05 10:45 ` Juri Lelli
2018-09-06 13:48 ` Patrick Bellasi
2018-09-06 14:13 ` Juri Lelli
2018-09-06 8:17 ` Juri Lelli
2018-09-06 14:00 ` Patrick Bellasi
2018-09-08 23:47 ` Suren Baghdasaryan
2018-09-12 10:32 ` Patrick Bellasi
2018-09-12 13:49 ` Peter Zijlstra
2018-09-12 15:56 ` Patrick Bellasi
2018-09-12 16:12 ` Peter Zijlstra
2018-09-12 17:35 ` Patrick Bellasi
2018-09-12 17:42 ` Peter Zijlstra
2018-09-12 17:52 ` Patrick Bellasi
2018-09-13 19:14 ` Peter Zijlstra
2018-09-14 8:51 ` Patrick Bellasi
2018-09-12 16:24 ` Peter Zijlstra
2018-09-12 17:42 ` Patrick Bellasi
2018-09-13 19:20 ` Peter Zijlstra
2018-09-14 8:47 ` Patrick Bellasi
2018-08-28 13:53 ` [PATCH v4 03/16] sched/core: uclamp: add CPU's clamp groups accounting Patrick Bellasi
2018-09-12 17:34 ` Peter Zijlstra
2018-09-12 17:44 ` Patrick Bellasi
2018-09-13 19:12 ` Peter Zijlstra
2018-09-14 9:07 ` Patrick Bellasi
2018-09-14 11:52 ` Peter Zijlstra
2018-09-14 13:41 ` Patrick Bellasi
2018-08-28 13:53 ` [PATCH v4 04/16] sched/core: uclamp: update CPU's refcount on clamp changes Patrick Bellasi
2018-08-28 13:53 ` [PATCH v4 05/16] sched/core: uclamp: enforce last task UCLAMP_MAX Patrick Bellasi
2018-08-28 13:53 ` [PATCH v4 06/16] sched/cpufreq: uclamp: add utilization clamping for FAIR tasks Patrick Bellasi
2018-09-14 9:32 ` Peter Zijlstra
2018-09-14 13:19 ` Patrick Bellasi
2018-09-14 13:36 ` Peter Zijlstra
2018-09-14 13:57 ` Patrick Bellasi
2018-09-27 10:23 ` Quentin Perret
2018-08-28 13:53 ` [PATCH v4 07/16] sched/core: uclamp: extend cpu's cgroup controller Patrick Bellasi
2018-08-28 18:29 ` Randy Dunlap
2018-08-29 8:53 ` Patrick Bellasi
2018-08-28 13:53 ` [PATCH v4 08/16] sched/core: uclamp: propagate parent clamps Patrick Bellasi
2018-09-09 3:02 ` Suren Baghdasaryan
2018-09-12 12:51 ` Patrick Bellasi
2018-09-12 15:56 ` Suren Baghdasaryan
2018-09-11 15:18 ` Tejun Heo
2018-09-11 16:26 ` Patrick Bellasi
2018-09-11 16:28 ` Tejun Heo
2018-08-28 13:53 ` [PATCH v4 09/16] sched/core: uclamp: map TG's clamp values into CPU's clamp groups Patrick Bellasi
2018-09-09 18:52 ` Suren Baghdasaryan
2018-09-12 14:19 ` Patrick Bellasi
2018-09-12 15:53 ` Suren Baghdasaryan
2018-08-28 13:53 ` [PATCH v4 10/16] sched/core: uclamp: use TG's clamps to restrict Task's clamps Patrick Bellasi
2018-08-28 13:53 ` [PATCH v4 11/16] sched/core: uclamp: add system default clamps Patrick Bellasi
2018-09-10 16:20 ` Suren Baghdasaryan
2018-09-11 16:46 ` Patrick Bellasi
2018-09-11 19:25 ` Suren Baghdasaryan
2018-08-28 13:53 ` [PATCH v4 12/16] sched/core: uclamp: update CPU's refcount on TG's clamp changes Patrick Bellasi
2018-08-28 13:53 ` [PATCH v4 13/16] sched/core: uclamp: use percentage clamp values Patrick Bellasi
2018-08-28 13:53 ` [PATCH v4 14/16] sched/core: uclamp: request CAP_SYS_ADMIN by default Patrick Bellasi
2018-09-04 13:47 ` Juri Lelli
2018-09-06 14:40 ` Patrick Bellasi
2018-09-06 14:59 ` Juri Lelli [this message]
2018-09-06 17:21 ` Patrick Bellasi
2018-09-14 11:10 ` Peter Zijlstra
2018-09-14 14:07 ` Patrick Bellasi
2018-09-14 14:28 ` Peter Zijlstra
2018-09-17 12:27 ` Patrick Bellasi
2018-09-21 9:13 ` Peter Zijlstra
2018-09-24 15:14 ` Patrick Bellasi
2018-09-24 15:56 ` Peter Zijlstra
2018-09-24 17:23 ` Patrick Bellasi
2018-09-24 16:26 ` Peter Zijlstra
2018-09-24 17:19 ` Patrick Bellasi
2018-09-25 15:49 ` Peter Zijlstra
2018-09-26 10:43 ` Patrick Bellasi
2018-09-27 10:00 ` Quentin Perret
2018-09-26 17:51 ` Patrick Bellasi
2018-08-28 13:53 ` [PATCH v4 15/16] sched/core: uclamp: add clamp group discretization support Patrick Bellasi
2018-08-28 13:53 ` [PATCH v4 16/16] sched/cpufreq: uclamp: add utilization clamping for RT tasks Patrick Bellasi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180906145936.GF27626@localhost.localdomain \
--to=juri.lelli@redhat.com \
--cc=dietmar.eggemann@arm.com \
--cc=joelaf@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pm@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=morten.rasmussen@arm.com \
--cc=patrick.bellasi@arm.com \
--cc=peterz@infradead.org \
--cc=pjt@google.com \
--cc=quentin.perret@arm.com \
--cc=rafael.j.wysocki@intel.com \
--cc=smuckle@google.com \
--cc=surenb@google.com \
--cc=tj@kernel.org \
--cc=tkjos@google.com \
--cc=vincent.guittot@linaro.org \
--cc=viresh.kumar@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).