lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 30 Jun 2018 22:17:32 -0700
From:   Reinette Chatre <reinette.chatre@...el.com>
To:     tglx@...utronix.de, fenghua.yu@...el.com, tony.luck@...el.com,
        vikas.shivappa@...ux.intel.com
Cc:     gavin.hindman@...el.com, jithu.joseph@...el.com,
        dave.hansen@...el.com, mingo@...hat.com, hpa@...or.com,
        x86@...nel.org, linux-kernel@...r.kernel.org,
        Reinette Chatre <reinette.chatre@...el.com>
Subject: [PATCH 1/2] x86/intel_rdt: Support restoration of subset of permissions

As the mode of a resource group changes, the operations it can support
may also change. One way in which the supported operations are managed
is to modify the permissions of the files within the resource group's
resctrl directory.

At the moment only two possible permissions are supported: the default
permissions or no permissions in support for when the operation is
"locked down". It is possible where an operation on a resource group may
have more possibilities. For example, if by default changes can be made to
the resource group by writing to a resctrl file while the current
settings can be obtained by reading from the file, then it may be
possible that in another mode it is only possible to read the current
settings, and not change them.

Make it possible to modify some of the permissions of a resctrl file in
support of a more flexible way to manage the operations on a resource
group. In this preparation work the original behavior is maintained
where all permissions are restored.

Signed-off-by: Reinette Chatre <reinette.chatre@...el.com>
---
 arch/x86/kernel/cpu/intel_rdt.h             |  3 ++-
 arch/x86/kernel/cpu/intel_rdt_pseudo_lock.c | 14 +++++++-------
 arch/x86/kernel/cpu/intel_rdt_rdtgroup.c    |  6 ++++--
 3 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/arch/x86/kernel/cpu/intel_rdt.h b/arch/x86/kernel/cpu/intel_rdt.h
index 2d9cbb9d7a58..4e588f36228f 100644
--- a/arch/x86/kernel/cpu/intel_rdt.h
+++ b/arch/x86/kernel/cpu/intel_rdt.h
@@ -512,7 +512,8 @@ void rdt_ctrl_update(void *arg);
 struct rdtgroup *rdtgroup_kn_lock_live(struct kernfs_node *kn);
 void rdtgroup_kn_unlock(struct kernfs_node *kn);
 int rdtgroup_kn_mode_restrict(struct rdtgroup *r, const char *name);
-int rdtgroup_kn_mode_restore(struct rdtgroup *r, const char *name);
+int rdtgroup_kn_mode_restore(struct rdtgroup *r, const char *name,
+			     umode_t mask);
 struct rdt_domain *rdt_find_domain(struct rdt_resource *r, int id,
 				   struct list_head **pos);
 ssize_t rdtgroup_schemata_write(struct kernfs_open_file *of,
diff --git a/arch/x86/kernel/cpu/intel_rdt_pseudo_lock.c b/arch/x86/kernel/cpu/intel_rdt_pseudo_lock.c
index 8fd79c281ee6..5dfe4008c58f 100644
--- a/arch/x86/kernel/cpu/intel_rdt_pseudo_lock.c
+++ b/arch/x86/kernel/cpu/intel_rdt_pseudo_lock.c
@@ -590,11 +590,11 @@ static int rdtgroup_locksetup_user_restrict(struct rdtgroup *rdtgrp)
 	goto out;
 
 err_cpus_list:
-	rdtgroup_kn_mode_restore(rdtgrp, "cpus_list");
+	rdtgroup_kn_mode_restore(rdtgrp, "cpus_list", 0777);
 err_cpus:
-	rdtgroup_kn_mode_restore(rdtgrp, "cpus");
+	rdtgroup_kn_mode_restore(rdtgrp, "cpus", 0777);
 err_tasks:
-	rdtgroup_kn_mode_restore(rdtgrp, "tasks");
+	rdtgroup_kn_mode_restore(rdtgrp, "tasks", 0777);
 out:
 	return ret;
 }
@@ -615,20 +615,20 @@ static int rdtgroup_locksetup_user_restore(struct rdtgroup *rdtgrp)
 {
 	int ret;
 
-	ret = rdtgroup_kn_mode_restore(rdtgrp, "tasks");
+	ret = rdtgroup_kn_mode_restore(rdtgrp, "tasks", 0777);
 	if (ret)
 		return ret;
 
-	ret = rdtgroup_kn_mode_restore(rdtgrp, "cpus");
+	ret = rdtgroup_kn_mode_restore(rdtgrp, "cpus", 0777);
 	if (ret)
 		goto err_tasks;
 
-	ret = rdtgroup_kn_mode_restore(rdtgrp, "cpus_list");
+	ret = rdtgroup_kn_mode_restore(rdtgrp, "cpus_list", 0777);
 	if (ret)
 		goto err_cpus;
 
 	if (rdt_mon_capable) {
-		ret = rdtgroup_kn_mode_restore(rdtgrp, "mon_groups");
+		ret = rdtgroup_kn_mode_restore(rdtgrp, "mon_groups", 0777);
 		if (ret)
 			goto err_cpus_list;
 	}
diff --git a/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c b/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c
index 7b4a09d81a30..c20b51afd62d 100644
--- a/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c
+++ b/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c
@@ -1405,13 +1405,15 @@ int rdtgroup_kn_mode_restrict(struct rdtgroup *r, const char *name)
  * rdtgroup_kn_mode_restore - Restore user access to named resctrl file
  * @r: The resource group with which the file is associated.
  * @name: Name of the file
+ * @mask: Mask of permissions that should be restored
  *
  * Restore the permissions of the named file. If @name is a directory the
  * permissions of its parent will be used.
  *
  * Return: 0 on success, <0 on failure.
  */
-int rdtgroup_kn_mode_restore(struct rdtgroup *r, const char *name)
+int rdtgroup_kn_mode_restore(struct rdtgroup *r, const char *name,
+			     umode_t mask)
 {
 	struct iattr iattr = {.ia_valid = ATTR_MODE,};
 	struct kernfs_node *kn, *parent;
@@ -1423,7 +1425,7 @@ int rdtgroup_kn_mode_restore(struct rdtgroup *r, const char *name)
 
 	for (rft = rfts; rft < rfts + len; rft++) {
 		if (!strcmp(rft->name, name))
-			iattr.ia_mode = rft->mode;
+			iattr.ia_mode = rft->mode & mask;
 	}
 
 	kn = kernfs_find_and_get_ns(r->kn, name, NULL);
-- 
2.17.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ