From patchwork Fri Jun 30 18:39:06 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Michal_Koutn=C3=BD?= X-Patchwork-Id: 114856 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp10587670vqr; Fri, 30 Jun 2023 11:51:26 -0700 (PDT) X-Google-Smtp-Source: APBJJlENeHay5+mfIVsRFFPNomu4V+7TYZNJJUsmS6Hwv7EZ0fwUdyZaR3gc2alLpzaZ3WOj3r0+ X-Received: by 2002:a17:902:e743:b0:1ae:89a:a4 with SMTP id p3-20020a170902e74300b001ae089a00a4mr5308887plf.8.1688151086474; Fri, 30 Jun 2023 11:51:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688151086; cv=none; d=google.com; s=arc-20160816; b=hmrXFMEg9MEq8u5KM/+qP1WW3SdhEhlyYjp067xtxuDi6oEjt+1XcfUG+Shb/FfRW3 ahS5vWohvJyPFZz3DTEZQLInvbGAo2NXJcbjNRd2H2mpbeJgoOrzODcknWkF2Mm+OTJn 9i14rY97zfWt7x+scu6BjsUsHxo6Vu8e12JsPayn8z8zOLwQUbVEz4dngAitBrH7eGyI G4qWOJuRR1WeehJXrbqOcFxUQyZkwMxW/chiBFxhPI+vipFSutsWh+H72Xa/s3ty/l0u UgF3ZcJut3ZeotdhqCE9JD0UZGzcSdo3JmuHd0K9cE9FZin91qHzMk8s8kXyICY3/6CL H2zg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=bCYIN6pQvd3q6SAnjV/5aG2ZzwJfRdxp+vjhFcp2bPA=; fh=W9YjB8LblKMI9BlzaYswLs++QP273lsG58/F27dOPSw=; b=CVyAMsh8Eebea40DfMFQQNvQMhC32p+Q181F9VSBN/SkQC2VQE5GUpU0QNvYnENLuK sSC4QX5ahkumb2eXvJxlu8jgyO/QIWiDYhAK673hVQpPGZS+KCWfWXrJ3bA6WPnEwx7N swpcK0HZEoe7L4beInik6X1xqqYiuEWKfHfH9p04ig0v1MAbFhkIxilcXweg4ddIcYLP BPI+B726ND6j8mhgEFASugKxoV0l1hBPfE1h3UruhQxy+phSG+n+WA3A3B9UdKNK1CMG yrIOL2lL7hbdjWIwW8023PBn9k/i5UFOyNVgsTQPgsErQuahmncdXFFsgPrk4yQZ1EuM WLMg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=ncRyoeoh; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id z18-20020a1709028f9200b001b7f849cd17si10844187plo.85.2023.06.30.11.51.09; Fri, 30 Jun 2023 11:51:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=ncRyoeoh; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233064AbjF3Sjj (ORCPT + 99 others); Fri, 30 Jun 2023 14:39:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45006 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231765AbjF3SjP (ORCPT ); Fri, 30 Jun 2023 14:39:15 -0400 Received: from smtp-out2.suse.de (smtp-out2.suse.de [IPv6:2001:67c:2178:6::1d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 80E1D19BA; Fri, 30 Jun 2023 11:39:12 -0700 (PDT) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 23E451F8C2; Fri, 30 Jun 2023 18:39:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1688150351; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=bCYIN6pQvd3q6SAnjV/5aG2ZzwJfRdxp+vjhFcp2bPA=; b=ncRyoeohjhmpusu0eYkwkCXqkCCcASKdr/ptw+5pVYntM8z5o07EoURaFYu4TjdrbyOAdL 8gvtcMsDhFDyCCcts6J5q3lyrT7PYVJ1ZWYdaJ2n+/4E8RLftf8KZEA86Au4jA6bRh3Kxy xkgQjZ0Oa56WYkfK3GcEUlS6oW09bgQ= Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id F05CE139FF; Fri, 30 Jun 2023 18:39:10 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id CIvTOU4hn2QgbQAAMHmgww (envelope-from ); Fri, 30 Jun 2023 18:39:10 +0000 From: =?utf-8?q?Michal_Koutn=C3=BD?= To: linux-kernel@vger.kernel.org, cgroups@vger.kernel.org, linux-kselftest@vger.kernel.org Cc: Waiman Long , Zefan Li , Tejun Heo , Johannes Weiner , Shuah Khan Subject: [PATCH v2 1/3] cpuset: Allow setscheduler regardless of manipulated task Date: Fri, 30 Jun 2023 20:39:06 +0200 Message-ID: <20230630183908.32148-2-mkoutny@suse.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230630183908.32148-1-mkoutny@suse.com> References: <20230630183908.32148-1-mkoutny@suse.com> MIME-Version: 1.0 X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1770154106270376459?= X-GMAIL-MSGID: =?utf-8?q?1770154713750672391?= When we migrate a task between two cgroups, one of the checks is a verification whether we can modify task's scheduler settings (cap_task_setscheduler()). An implicit migration occurs also when enabling a controller on the unified hierarchy (think of parent to child migration). The aforementioned check may be problematic if the caller of the migration (enabling a controller) has no permissions over migrated tasks. For instance, a user's cgroup that ends up running a process of a different user. Although cgroup permissions are configured favorably, the enablement fails due to the foreign process [1]. Change the behavior by relaxing the permissions check on the unified hierarchy (or in v2 mode). This is in accordance with unified hierarchy attachment behavior when permissions of the source to target cgroups are decisive whereas the migrated task is opaque (as opposed to more restrictive check in __cgroup1_procs_write()). [1] https://github.com/systemd/systemd/issues/18293#issuecomment-831205649 Signed-off-by: Michal Koutný --- kernel/cgroup/cpuset.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/kernel/cgroup/cpuset.c b/kernel/cgroup/cpuset.c index 58e6f18f01c1..41d3ed14b0f4 100644 --- a/kernel/cgroup/cpuset.c +++ b/kernel/cgroup/cpuset.c @@ -2505,9 +2505,16 @@ static int cpuset_can_attach(struct cgroup_taskset *tset) ret = task_can_attach(task); if (ret) goto out_unlock; - ret = security_task_setscheduler(task); - if (ret) - goto out_unlock; + + /* + * Skip rights over task check in v2, migration permission derives + * from hierarchy ownership in cgroup_procs_write_permission()). + */ + if (!cgroup_subsys_on_dfl(cpuset_cgrp_subsys)) { + ret = security_task_setscheduler(task); + if (ret) + goto out_unlock; + } if (dl_task(task)) { cs->nr_migrate_dl_tasks++; From patchwork Fri Jun 30 18:39:07 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Michal_Koutn=C3=BD?= X-Patchwork-Id: 114850 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp10585481vqr; Fri, 30 Jun 2023 11:47:03 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4DPxt+PpCq4sVuP0aoBZzEamJqx6EciulSOiftLKFFvc+XL9dQpMOironFsp1TUaiLwltP X-Received: by 2002:a17:902:ab5a:b0:1b5:4690:e8d0 with SMTP id ij26-20020a170902ab5a00b001b54690e8d0mr9973549plb.22.1688150823205; Fri, 30 Jun 2023 11:47:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688150823; cv=none; d=google.com; s=arc-20160816; b=hp+d67wUmfv5TktRez7tb3wsT3MLVFBqkAcLgFaJVJQhJ6SPiCErPnLRIEK0m8XRY3 xIaB1vvnQujFVf+WJdFj81EpmDNsiapS7P4FTIgRZJ7HA2CAmmJInXcGgyUMrW3ZdxCE S52UFmjlJ4n0vTFQKlMlgOIy34d76zyP6ry3hZkmVmeaeZYs+bnbkzixx3mhiT9I0hd1 pUHRz02A7ErUbToG2KR33nPpSV3jWhEpe48IaryfQCZpDMfjSFI2dK6xnAMWpfAsKVyw blRs/r9RE3+9mpKqy8rk9s3QIYZW5AL4LdWlh4qhkYVPL02nWU1w9zXikXCLFpb2rzJw sHhA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=tdTsxfSnc5J48DYVbkQ319BZmwsMm6KxF6jWIimyuF0=; fh=W9YjB8LblKMI9BlzaYswLs++QP273lsG58/F27dOPSw=; b=bVCcXRQPVe5aBcmIgLVPjg3dXrFtgEAdKAwX7ydsk8p/NYQbdLXcoRYxeM4acGICWX aEBMUtA9t3gpejyjezNVac1HqQxWszZzbb8sX77aPO1iZb21DivfNy6Etb0Hwsvt5Vdx YAkHwy6s35z6wk4roNmh4S+IOi0hNAZsv+PZ6le65dqg6G5vXJXj8AY4zVeWv2hHMVIt C7assuTX4RLVaSJdPWDIfpmmpiotcT3aKQ7tdHE4rXuUa9da9fviKE5EtHKRo+8f9X0v aWcbESltXRliP4lJu3yC5SlYRlrRLL4tKQ2Ec1SayTQkhgiR7HeF9pGtVkKkRDN66lMr 2h2w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=kPpEMFai; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e192-20020a6369c9000000b0055337508370si12944108pgc.889.2023.06.30.11.46.48; Fri, 30 Jun 2023 11:47:03 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=kPpEMFai; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232846AbjF3SjT (ORCPT + 99 others); Fri, 30 Jun 2023 14:39:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45012 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232503AbjF3SjP (ORCPT ); Fri, 30 Jun 2023 14:39:15 -0400 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E10583C2F; Fri, 30 Jun 2023 11:39:12 -0700 (PDT) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 516C11F8D7; Fri, 30 Jun 2023 18:39:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1688150351; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=tdTsxfSnc5J48DYVbkQ319BZmwsMm6KxF6jWIimyuF0=; b=kPpEMFainOoTWcqBBRN/XmqIT1GsT1ADWHUEiWVtkjtkmDz1gTaQaZIoAbwJQ5X7VwhBIG 7jKKzI77fYUb405+auHK/TJAi5cjrY/673uYpohika3UdezvV+jYkDJvy35p+Qqh9xmz9e snvPrHUaYJPMc16R6kposdlR/yvEJa0= Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 2539B138F8; Fri, 30 Jun 2023 18:39:11 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id UFhKCE8hn2QgbQAAMHmgww (envelope-from ); Fri, 30 Jun 2023 18:39:11 +0000 From: =?utf-8?q?Michal_Koutn=C3=BD?= To: linux-kernel@vger.kernel.org, cgroups@vger.kernel.org, linux-kselftest@vger.kernel.org Cc: Waiman Long , Zefan Li , Tejun Heo , Johannes Weiner , Shuah Khan Subject: [PATCH v2 2/3] selftests: cgroup: Minor code reorganizations Date: Fri, 30 Jun 2023 20:39:07 +0200 Message-ID: <20230630183908.32148-3-mkoutny@suse.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230630183908.32148-1-mkoutny@suse.com> References: <20230630183908.32148-1-mkoutny@suse.com> MIME-Version: 1.0 X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1770154437357475167?= X-GMAIL-MSGID: =?utf-8?q?1770154437357475167?= No functional change intended, these small changes are merged into one commit and they serve as a preparation for an upcoming new testcase. Signed-off-by: Michal Koutný --- MAINTAINERS | 1 + tools/testing/selftests/cgroup/cgroup_util.c | 2 ++ tools/testing/selftests/cgroup/cgroup_util.h | 2 ++ tools/testing/selftests/cgroup/test_core.c | 2 +- tools/testing/selftests/cgroup/test_cpuset_prs.sh | 2 +- 5 files changed, 7 insertions(+), 2 deletions(-) diff --git a/MAINTAINERS b/MAINTAINERS index e0976ae2a523..03bec83944c4 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -5260,6 +5260,7 @@ T: git git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup.git F: Documentation/admin-guide/cgroup-v1/cpusets.rst F: include/linux/cpuset.h F: kernel/cgroup/cpuset.c +F: tools/testing/selftests/cgroup/test_cpuset_prs.sh CONTROL GROUP - MEMORY RESOURCE CONTROLLER (MEMCG) M: Johannes Weiner diff --git a/tools/testing/selftests/cgroup/cgroup_util.c b/tools/testing/selftests/cgroup/cgroup_util.c index e8bbbdb77e0d..0340d4ca8f51 100644 --- a/tools/testing/selftests/cgroup/cgroup_util.c +++ b/tools/testing/selftests/cgroup/cgroup_util.c @@ -286,6 +286,8 @@ int cg_destroy(const char *cgroup) { int ret; + if (!cgroup) + return 0; retry: ret = rmdir(cgroup); if (ret && errno == EBUSY) { diff --git a/tools/testing/selftests/cgroup/cgroup_util.h b/tools/testing/selftests/cgroup/cgroup_util.h index c92df4e5d395..1df7f202214a 100644 --- a/tools/testing/selftests/cgroup/cgroup_util.h +++ b/tools/testing/selftests/cgroup/cgroup_util.h @@ -11,6 +11,8 @@ #define USEC_PER_SEC 1000000L #define NSEC_PER_SEC 1000000000L +#define TEST_UID 65534 /* usually nobody, any !root is fine */ + /* * Checks if two given values differ by less than err% of their sum. */ diff --git a/tools/testing/selftests/cgroup/test_core.c b/tools/testing/selftests/cgroup/test_core.c index 600123503063..80aa6b2373b9 100644 --- a/tools/testing/selftests/cgroup/test_core.c +++ b/tools/testing/selftests/cgroup/test_core.c @@ -683,7 +683,7 @@ static int test_cgcore_thread_migration(const char *root) */ static int test_cgcore_lesser_euid_open(const char *root) { - const uid_t test_euid = 65534; /* usually nobody, any !root is fine */ + const uid_t test_euid = TEST_UID; int ret = KSFT_FAIL; char *cg_test_a = NULL, *cg_test_b = NULL; char *cg_test_a_procs = NULL, *cg_test_b_procs = NULL; diff --git a/tools/testing/selftests/cgroup/test_cpuset_prs.sh b/tools/testing/selftests/cgroup/test_cpuset_prs.sh index 2b5215cc599f..4afb132e4e4f 100755 --- a/tools/testing/selftests/cgroup/test_cpuset_prs.sh +++ b/tools/testing/selftests/cgroup/test_cpuset_prs.sh @@ -10,7 +10,7 @@ skip_test() { echo "$1" echo "Test SKIPPED" - exit 0 + exit 4 # ksft_skip } [[ $(id -u) -eq 0 ]] || skip_test "Test must be run as root!" From patchwork Fri Jun 30 18:39:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Michal_Koutn=C3=BD?= X-Patchwork-Id: 114855 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp10587614vqr; Fri, 30 Jun 2023 11:51:21 -0700 (PDT) X-Google-Smtp-Source: APBJJlHBJjraGU/EJIKl5da48EN9xE3R5RU4RLBf/2DOlPaCETrpFu+0jlqtS564oT9HzWZ/tbT5 X-Received: by 2002:a17:903:496:b0:1b8:63c6:84ab with SMTP id jj22-20020a170903049600b001b863c684abmr1901330plb.61.1688151080845; Fri, 30 Jun 2023 11:51:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688151080; cv=none; d=google.com; s=arc-20160816; b=zNEFyYpq2u0S3uP8AaVRR4NOHVtN/1vInSXuKOKz326Rmfxbd//ogOT7Xji7L0NbUZ wC9oByTzCPor2qN3fgXLEcuAYmdmiZ7aAIUgq9o0FPgsQF5WXlRNxMUYebN9/ESmLF1e C9LIfqJf/ZRWBb+du25vW0e7VPr1GBIEZPg08UGifPdtt1S2P2nK8WJkrIisEAdZyUgH 7By3MSxheeV4cPpMb3orCjSqaLqyjR7IEGMdz1EBv3zhdzxGVhTv2CX+9P/xnB0EJKPD RYEj/RTZ4AuwwAJZxJKz2Ye38PN/ofuHJGHbnc1CyRVdLk9NoxfP4+RCShnt8EEiLSNh iKAQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=/mkrwOQhXNXUI/w8q8/tfaaJ0AMF+TiZmf5ENkhiSpo=; fh=W9YjB8LblKMI9BlzaYswLs++QP273lsG58/F27dOPSw=; b=OlHY2QqIpCFcub/2lUWX3fT83PMe4dPszP+wXjw6Oh0AITZWxExss5Lmm4/oIUa1ID xtvktEPb3DuJi17oqqWVIF78Tk6D1m4i/apdrlmILUHFOLoQf2i8PBcaGJSTTrqObTcp VtXcdMBJ8E78ocRnI+f6mRwAIH9QjLMejJAikjF1RXwNpbeEJ3TBHFNErrTX0QjoRicB ymxuk/qAbaLa9pyGpJgz8mWw3smat010RfETYMxxduMYdJ9GLfTBtovFlCheCpn6kYt0 nv0k+ezieizSk/7qDWJ0QfCQ0TgY15LauUUHKkfgAdji2xZ9Wdid7kOjxGkpgRqp6e80 V6gQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=UUqO4hoa; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id m8-20020a170902db0800b001b0603829afsi13984424plx.405.2023.06.30.11.51.07; Fri, 30 Jun 2023 11:51:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=UUqO4hoa; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233116AbjF3Sjm (ORCPT + 99 others); Fri, 30 Jun 2023 14:39:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45040 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229537AbjF3SjR (ORCPT ); Fri, 30 Jun 2023 14:39:17 -0400 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0A4F53C30; Fri, 30 Jun 2023 11:39:12 -0700 (PDT) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 7C23F211CE; Fri, 30 Jun 2023 18:39:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1688150351; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/mkrwOQhXNXUI/w8q8/tfaaJ0AMF+TiZmf5ENkhiSpo=; b=UUqO4hoavU73XqgnT725k9l7mOYKqlhlUQYad9oWn1acVy+xl8ak21YdiLT3d8i2iJ3Ykh ku4OG8Pa3SzJXhKaXexajCS/5JtbOaNWyRIyrPBFMf91ezWfPsbGpEaVYSdPK3Uvw687AE Fyg1wkX0l/UFsHDa6so/bM7YDR4KOtw= Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 53B06139FF; Fri, 30 Jun 2023 18:39:11 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id WFWoE08hn2QgbQAAMHmgww (envelope-from ); Fri, 30 Jun 2023 18:39:11 +0000 From: =?utf-8?q?Michal_Koutn=C3=BD?= To: linux-kernel@vger.kernel.org, cgroups@vger.kernel.org, linux-kselftest@vger.kernel.org Cc: Waiman Long , Zefan Li , Tejun Heo , Johannes Weiner , Shuah Khan Subject: [PATCH v2 3/3] selftests: cgroup: Add cpuset migrations testcase Date: Fri, 30 Jun 2023 20:39:08 +0200 Message-ID: <20230630183908.32148-4-mkoutny@suse.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230630183908.32148-1-mkoutny@suse.com> References: <20230630183908.32148-1-mkoutny@suse.com> MIME-Version: 1.0 X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1770154707372571190?= X-GMAIL-MSGID: =?utf-8?q?1770154707372571190?= Add a separate testfile to verify treating permissions when tasks are migrated on cgroup v2 hierarchy between cpuset cgroups. In accordance with v2 design, migration should be allowed based on delegation boundaries (i.e. cgroup.procs permissions) and does not depend on the migrated object (i.e. unprivileged process can migrate another process (even privileged) as long as it remains in the original dedicated scope). Signed-off-by: Michal Koutný --- MAINTAINERS | 1 + tools/testing/selftests/cgroup/.gitignore | 1 + tools/testing/selftests/cgroup/Makefile | 2 + tools/testing/selftests/cgroup/test_cpuset.c | 272 +++++++++++++++++++ 4 files changed, 276 insertions(+) create mode 100644 tools/testing/selftests/cgroup/test_cpuset.c diff --git a/MAINTAINERS b/MAINTAINERS index 03bec83944c4..5c55de000ee3 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -5260,6 +5260,7 @@ T: git git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup.git F: Documentation/admin-guide/cgroup-v1/cpusets.rst F: include/linux/cpuset.h F: kernel/cgroup/cpuset.c +F: tools/testing/selftests/cgroup/test_cpuset.c F: tools/testing/selftests/cgroup/test_cpuset_prs.sh CONTROL GROUP - MEMORY RESOURCE CONTROLLER (MEMCG) diff --git a/tools/testing/selftests/cgroup/.gitignore b/tools/testing/selftests/cgroup/.gitignore index c4a57e69f749..8443a8d46a1c 100644 --- a/tools/testing/selftests/cgroup/.gitignore +++ b/tools/testing/selftests/cgroup/.gitignore @@ -5,4 +5,5 @@ test_freezer test_kmem test_kill test_cpu +test_cpuset wait_inotify diff --git a/tools/testing/selftests/cgroup/Makefile b/tools/testing/selftests/cgroup/Makefile index 3d263747d2ad..dee0f013c7f4 100644 --- a/tools/testing/selftests/cgroup/Makefile +++ b/tools/testing/selftests/cgroup/Makefile @@ -12,6 +12,7 @@ TEST_GEN_PROGS += test_core TEST_GEN_PROGS += test_freezer TEST_GEN_PROGS += test_kill TEST_GEN_PROGS += test_cpu +TEST_GEN_PROGS += test_cpuset LOCAL_HDRS += $(selfdir)/clone3/clone3_selftests.h $(selfdir)/pidfd/pidfd.h @@ -23,3 +24,4 @@ $(OUTPUT)/test_core: cgroup_util.c $(OUTPUT)/test_freezer: cgroup_util.c $(OUTPUT)/test_kill: cgroup_util.c $(OUTPUT)/test_cpu: cgroup_util.c +$(OUTPUT)/test_cpuset: cgroup_util.c diff --git a/tools/testing/selftests/cgroup/test_cpuset.c b/tools/testing/selftests/cgroup/test_cpuset.c new file mode 100644 index 000000000000..976ec6f014d8 --- /dev/null +++ b/tools/testing/selftests/cgroup/test_cpuset.c @@ -0,0 +1,272 @@ +// SPDX-License-Identifier: GPL-2.0 + +#include +#include + +#include "../kselftest.h" +#include "cgroup_util.h" + +static int idle_process_fn(const char *cgroup, void *arg) +{ + (void)pause(); + return 0; +} + +static int do_migration_fn(const char *cgroup, void *arg) +{ + int object_pid = (int)(size_t)arg; + + if (setuid(TEST_UID)) + return EXIT_FAILURE; + + // XXX checking /proc/$pid/cgroup would be quicker than wait + if (cg_enter(cgroup, object_pid) || + cg_wait_for_proc_count(cgroup, 1)) + return EXIT_FAILURE; + + return EXIT_SUCCESS; +} + +static int do_controller_fn(const char *cgroup, void *arg) +{ + const char *child = cgroup; + const char *parent = arg; + + if (setuid(TEST_UID)) + return EXIT_FAILURE; + + if (!cg_read_strstr(child, "cgroup.controllers", "cpuset")) + return EXIT_FAILURE; + + if (cg_write(parent, "cgroup.subtree_control", "+cpuset")) + return EXIT_FAILURE; + + if (cg_read_strstr(child, "cgroup.controllers", "cpuset")) + return EXIT_FAILURE; + + if (cg_write(parent, "cgroup.subtree_control", "-cpuset")) + return EXIT_FAILURE; + + if (!cg_read_strstr(child, "cgroup.controllers", "cpuset")) + return EXIT_FAILURE; + + return EXIT_SUCCESS; +} + +/* + * Migrate a process between two sibling cgroups. + * The success should only depend on the parent cgroup permissions and not the + * migrated process itself (cpuset controller is in place because it uses + * security_task_setscheduler() in cgroup v1). + */ +static int test_cpuset_perms_object(const char *root, bool allow) +{ + char *parent = NULL, *child_src = NULL, *child_dst = NULL; + char *parent_procs = NULL, *child_src_procs = NULL, *child_dst_procs = NULL; + const uid_t test_euid = TEST_UID; + int object_pid = 0; + int ret = KSFT_FAIL; + + parent = cg_name(root, "cpuset_test_0"); + if (!parent) + goto cleanup; + parent_procs = cg_name(parent, "cgroup.procs"); + if (!parent_procs) + goto cleanup; + if (cg_create(parent)) + goto cleanup; + + child_src = cg_name(parent, "cpuset_test_1"); + if (!child_src) + goto cleanup; + child_src_procs = cg_name(child_src, "cgroup.procs"); + if (!child_src_procs) + goto cleanup; + if (cg_create(child_src)) + goto cleanup; + + child_dst = cg_name(parent, "cpuset_test_2"); + if (!child_dst) + goto cleanup; + child_dst_procs = cg_name(child_dst, "cgroup.procs"); + if (!child_dst_procs) + goto cleanup; + if (cg_create(child_dst)) + goto cleanup; + + if (cg_write(parent, "cgroup.subtree_control", "+cpuset")) + goto cleanup; + + if (cg_read_strstr(child_src, "cgroup.controllers", "cpuset") || + cg_read_strstr(child_dst, "cgroup.controllers", "cpuset")) + goto cleanup; + + /* Enable permissions along src->dst tree path */ + if (chown(child_src_procs, test_euid, -1) || + chown(child_dst_procs, test_euid, -1)) + goto cleanup; + + if (allow && chown(parent_procs, test_euid, -1)) + goto cleanup; + + /* Fork a privileged child as a test object */ + object_pid = cg_run_nowait(child_src, idle_process_fn, NULL); + if (object_pid < 0) + goto cleanup; + + /* Carry out migration in a child process that can drop all privileges + * (including capabilities), the main process must remain privileged for + * cleanup. + * Child process's cgroup is irrelevant but we place it into child_dst + * as hacky way to pass information about migration target to the child. + */ + if (allow ^ (cg_run(child_dst, do_migration_fn, (void *)(size_t)object_pid) == EXIT_SUCCESS)) + goto cleanup; + + ret = KSFT_PASS; + +cleanup: + if (object_pid > 0) { + (void)kill(object_pid, SIGTERM); + (void)clone_reap(object_pid, WEXITED); + } + + cg_destroy(child_dst); + free(child_dst_procs); + free(child_dst); + + cg_destroy(child_src); + free(child_src_procs); + free(child_src); + + cg_destroy(parent); + free(parent_procs); + free(parent); + + return ret; +} + +static int test_cpuset_perms_object_allow(const char *root) +{ + return test_cpuset_perms_object(root, true); +} + +static int test_cpuset_perms_object_deny(const char *root) +{ + return test_cpuset_perms_object(root, false); +} + +/* + * Migrate a process between parent and child implicitely + * Implicit migration happens when a controller is enabled/disabled. + * + */ +static int test_cpuset_perms_subtree(const char *root) +{ + char *parent = NULL, *child = NULL; + char *parent_procs = NULL, *parent_subctl = NULL, *child_procs = NULL; + const uid_t test_euid = TEST_UID; + int object_pid = 0; + int ret = KSFT_FAIL; + + parent = cg_name(root, "cpuset_test_0"); + if (!parent) + goto cleanup; + parent_procs = cg_name(parent, "cgroup.procs"); + if (!parent_procs) + goto cleanup; + parent_subctl = cg_name(parent, "cgroup.subtree_control"); + if (!parent_subctl) + goto cleanup; + if (cg_create(parent)) + goto cleanup; + + child = cg_name(parent, "cpuset_test_1"); + if (!child) + goto cleanup; + child_procs = cg_name(child, "cgroup.procs"); + if (!child_procs) + goto cleanup; + if (cg_create(child)) + goto cleanup; + + /* Enable permissions as in a delegated subtree */ + if (chown(parent_procs, test_euid, -1) || + chown(parent_subctl, test_euid, -1) || + chown(child_procs, test_euid, -1)) + goto cleanup; + + /* Put a privileged child in the subtree and modify controller state + * from an unprivileged process, the main process remains privileged + * for cleanup. + * The unprivileged child runs in subtree too to avoid parent and + * internal-node constraing violation. + */ + object_pid = cg_run_nowait(child, idle_process_fn, NULL); + if (object_pid < 0) + goto cleanup; + + if (cg_run(child, do_controller_fn, parent) != EXIT_SUCCESS) + goto cleanup; + + ret = KSFT_PASS; + +cleanup: + if (object_pid > 0) { + (void)kill(object_pid, SIGTERM); + (void)clone_reap(object_pid, WEXITED); + } + + cg_destroy(child); + free(child_procs); + free(child); + + cg_destroy(parent); + free(parent_subctl); + free(parent_procs); + free(parent); + + return ret; +} + + +#define T(x) { x, #x } +struct cpuset_test { + int (*fn)(const char *root); + const char *name; +} tests[] = { + T(test_cpuset_perms_object_allow), + T(test_cpuset_perms_object_deny), + T(test_cpuset_perms_subtree), +}; +#undef T + +int main(int argc, char *argv[]) +{ + char root[PATH_MAX]; + int i, ret = EXIT_SUCCESS; + + if (cg_find_unified_root(root, sizeof(root))) + ksft_exit_skip("cgroup v2 isn't mounted\n"); + + if (cg_read_strstr(root, "cgroup.subtree_control", "cpuset")) + if (cg_write(root, "cgroup.subtree_control", "+cpuset")) + ksft_exit_skip("Failed to set cpuset controller\n"); + + for (i = 0; i < ARRAY_SIZE(tests); i++) { + switch (tests[i].fn(root)) { + case KSFT_PASS: + ksft_test_result_pass("%s\n", tests[i].name); + break; + case KSFT_SKIP: + ksft_test_result_skip("%s\n", tests[i].name); + break; + default: + ret = EXIT_FAILURE; + ksft_test_result_fail("%s\n", tests[i].name); + break; + } + } + + return ret; +}