From patchwork Thu May 21 03:41:14 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Stultz X-Patchwork-Id: 48844 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-la0-f72.google.com (mail-la0-f72.google.com [209.85.215.72]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 1DF3B21411 for ; Thu, 21 May 2015 03:42:00 +0000 (UTC) Received: by lagv1 with SMTP id v1sf22994109lag.1 for ; Wed, 20 May 2015 20:41:59 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:delivered-to:from:to:cc:subject :date:message-id:in-reply-to:references:x-original-sender :x-original-authentication-results:precedence:mailing-list:list-id :list-post:list-help:list-archive:list-unsubscribe; bh=XaPRgaWHc7Pyfh/3IOh8fTqykk0zynU10hWyv2aJiCQ=; b=YZt3Zk5jPO9FXNpUg8LQTkRRRlM0/CZqIJF8a7HQ+iiVd/rkUtcxxn8tUSmQGJpOzK IGF9bviJR4UqQOXmSnSl8GLGLkgzHxUvnS8kjZljCLlqXAJKtdum7KL/W9JK+7uYBJzB w+JPcn1cEXDpGxuESzhn3pvgNr1mOh0NM8h8nKQXNa6V4aznZIstBBQ9wWr4LpNhAy+a 0ynV5sfxwaYsGNNJXdyYn+dLBCeKKvX9Zcl+PlpBD+EEfTiifZ9QUwsF/pxdOX6j1abG vJB5gKJDvSNaq83G2QkwMYM4AQ8lKycZv+IqFqrtkKFNDL/sqiYNqHDD6xEO7qSpxPt3 PwVw== X-Gm-Message-State: ALoCoQnTGwkxOl8ONi9BHMxWmyLKaT3fzR/coky2STeZe+Rcp/lxRVaNndEasQKPB4xzh4IaBi9V X-Received: by 10.152.116.115 with SMTP id jv19mr643325lab.9.1432179719085; Wed, 20 May 2015 20:41:59 -0700 (PDT) MIME-Version: 1.0 X-BeenThere: patchwork-forward@linaro.org Received: by 10.152.23.129 with SMTP id m1ls256696laf.76.gmail; Wed, 20 May 2015 20:41:58 -0700 (PDT) X-Received: by 10.112.234.163 with SMTP id uf3mr476650lbc.9.1432179718866; Wed, 20 May 2015 20:41:58 -0700 (PDT) Received: from mail-lb0-f181.google.com (mail-lb0-f181.google.com. [209.85.217.181]) by mx.google.com with ESMTPS id mq2si12412943lbb.91.2015.05.20.20.41.58 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 20 May 2015 20:41:58 -0700 (PDT) Received-SPF: pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.217.181 as permitted sender) client-ip=209.85.217.181; Received: by lbcmx3 with SMTP id mx3so8694641lbc.1 for ; Wed, 20 May 2015 20:41:58 -0700 (PDT) X-Received: by 10.152.36.161 with SMTP id r1mr478492laj.88.1432179718770; Wed, 20 May 2015 20:41:58 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patches@linaro.org Received: by 10.112.108.230 with SMTP id hn6csp258013lbb; Wed, 20 May 2015 20:41:57 -0700 (PDT) X-Received: by 10.66.163.38 with SMTP id yf6mr1297764pab.115.1432179716895; Wed, 20 May 2015 20:41:56 -0700 (PDT) Received: from mail-pa0-f43.google.com (mail-pa0-f43.google.com. [209.85.220.43]) by mx.google.com with ESMTPS id b3si29434900pat.229.2015.05.20.20.41.56 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 20 May 2015 20:41:56 -0700 (PDT) Received-SPF: pass (google.com: domain of john.stultz@linaro.org designates 209.85.220.43 as permitted sender) client-ip=209.85.220.43; Received: by pabru16 with SMTP id ru16so90298033pab.1 for ; Wed, 20 May 2015 20:41:56 -0700 (PDT) X-Received: by 10.70.35.230 with SMTP id l6mr1462380pdj.26.1432179716004; Wed, 20 May 2015 20:41:56 -0700 (PDT) Received: from localhost.localdomain (c-67-170-153-23.hsd1.or.comcast.net. [67.170.153.23]) by mx.google.com with ESMTPSA id l10sm12131773pbq.87.2015.05.20.20.41.54 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 20 May 2015 20:41:55 -0700 (PDT) From: John Stultz To: lkml Cc: Rom Lemarchand , Tejun Heo , Li Zefan , Jonathan Corbet , cgroups@vger.kernel.org, Android Kernel Team , Colin Cross , John Stultz Subject: [RFC][PATCH 2/2] cgroup: Add a memcg and cpu cg allow_attach policy for Android Date: Wed, 20 May 2015 20:41:14 -0700 Message-Id: <1432179674-19154-3-git-send-email-john.stultz@linaro.org> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1432179674-19154-1-git-send-email-john.stultz@linaro.org> References: <1432179674-19154-1-git-send-email-john.stultz@linaro.org> X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: john.stultz@linaro.org X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.217.181 as permitted sender) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Precedence: list Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org List-ID: X-Google-Group-Id: 836684582541 List-Post: , List-Help: , List-Archive: List-Unsubscribe: , From: Rom Lemarchand If CONFIG_CGROUP_NICE_ATTACH is enabled, this implements an allow_attach policy for Android, which allows any process with CAP_SYS_NICE to move tasks across mem and cpu cgroups. Cc: Tejun Heo Cc: Li Zefan Cc: Jonathan Corbet Cc: cgroups@vger.kernel.org Cc: Android Kernel Team Cc: Rom Lemarchand Cc: Colin Cross Signed-off-by: Rom Lemarchand [jstultz: Majorly reworked to make this policy function configurable, also squished in cpu and mem cgroup enablement.] Signed-off-by: John Stultz --- include/linux/cgroup.h | 12 ++++++++++++ init/Kconfig | 7 +++++++ kernel/Makefile | 1 + kernel/cgroup_nice_attach.c | 29 +++++++++++++++++++++++++++++ kernel/sched/core.c | 3 +++ mm/memcontrol.c | 3 +++ 6 files changed, 55 insertions(+) create mode 100644 kernel/cgroup_nice_attach.c diff --git a/include/linux/cgroup.h b/include/linux/cgroup.h index 0ea785d..d584d31 100644 --- a/include/linux/cgroup.h +++ b/include/linux/cgroup.h @@ -943,6 +943,18 @@ struct cgroup_subsys_state *cgroup_get_e_css(struct cgroup *cgroup, struct cgroup_subsys_state *css_tryget_online_from_dir(struct dentry *dentry, struct cgroup_subsys *ss); +#ifdef CONFIG_CGROUP_NICE_ATTACH +/* + * Default Android check for whether the current process is allowed to move a + * task across cgroups, either because CAP_SYS_NICE is set or because the uid + * of the calling process is the same as the moved task or because we are + * running as root. + * Returns 0 if this is allowed, or -EACCES otherwise. + */ +int cgroup_nice_allow_attach(struct cgroup_subsys_state *css, + struct cgroup_taskset *tset); +#endif + #else /* !CONFIG_CGROUPS */ struct cgroup_subsys_state; diff --git a/init/Kconfig b/init/Kconfig index f5dbc6d..0e66e44 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -1132,6 +1132,13 @@ config DEBUG_BLK_CGROUP Enable some debugging help. Currently it exports additional stat files in a cgroup which can be useful for debugging. +config CGROUP_NICE_ATTACH + bool "Enabled Android-style loosening of perm checks for attachment" + default n + ---help--- + Allows non-root processes to add arbitrary processes to mem and cpu + cgroups if they have CAP_SYS_NICE set. This is useful for Android. + endif # CGROUPS config CHECKPOINT_RESTORE diff --git a/kernel/Makefile b/kernel/Makefile index 1408b33..c81256b 100644 --- a/kernel/Makefile +++ b/kernel/Makefile @@ -52,6 +52,7 @@ obj-$(CONFIG_KEXEC) += kexec.o obj-$(CONFIG_BACKTRACE_SELF_TEST) += backtracetest.o obj-$(CONFIG_COMPAT) += compat.o obj-$(CONFIG_CGROUPS) += cgroup.o +obj-$(CONFIG_CGROUP_NICE_ATTACH) += cgroup_nice_attach.o obj-$(CONFIG_CGROUP_FREEZER) += cgroup_freezer.o obj-$(CONFIG_CPUSETS) += cpuset.o obj-$(CONFIG_UTS_NS) += utsname.o diff --git a/kernel/cgroup_nice_attach.c b/kernel/cgroup_nice_attach.c new file mode 100644 index 0000000..b94c68e --- /dev/null +++ b/kernel/cgroup_nice_attach.c @@ -0,0 +1,29 @@ +#include +#include + +/* + * Default Android check for whether the current process is allowed to move a + * task across cgroups, either because CAP_SYS_NICE is set or because the uid + * of the calling process is the same as the moved task or because we are + * running as root. + */ +int cgroup_nice_allow_attach(struct cgroup_subsys_state *css, + struct cgroup_taskset *tset) +{ + const struct cred *cred = current_cred(), *tcred; + struct task_struct *task; + + if (capable(CAP_SYS_NICE)) + return 0; + + cgroup_taskset_for_each(task, tset) { + tcred = __task_cred(task); + + if (current != task && !uid_eq(cred->euid, tcred->uid) && + !uid_eq(cred->euid, tcred->suid)) + return -EACCES; + } + + return 0; +} + diff --git a/kernel/sched/core.c b/kernel/sched/core.c index 62671f5..51dc86f 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -8368,6 +8368,9 @@ struct cgroup_subsys cpu_cgrp_subsys = { .fork = cpu_cgroup_fork, .can_attach = cpu_cgroup_can_attach, .attach = cpu_cgroup_attach, +#ifdef CONFIG_CGROUP_NICE_ATTACH + .allow_attach = cgroup_nice_allow_attach, +#endif .exit = cpu_cgroup_exit, .legacy_cftypes = cpu_files, .early_init = 1, diff --git a/mm/memcontrol.c b/mm/memcontrol.c index b34ef4a..6287697 100644 --- a/mm/memcontrol.c +++ b/mm/memcontrol.c @@ -5387,6 +5387,9 @@ struct cgroup_subsys memory_cgrp_subsys = { .can_attach = mem_cgroup_can_attach, .cancel_attach = mem_cgroup_cancel_attach, .attach = mem_cgroup_move_task, +#ifdef CONFIG_CGROUP_NICE_ATTACH + .allow_attach = cgroup_nice_allow_attach, +#endif .bind = mem_cgroup_bind, .dfl_cftypes = memory_files, .legacy_cftypes = mem_cgroup_legacy_files,