lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 17 Aug 2012 16:58:13 +0200 From: Daniel Wagner <wagi@...om.org> To: netdev@...r.kernel.org, cgroups@...r.kernel.org Cc: Daniel Wagner <daniel.wagner@...-carit.de>, "David S. Miller" <davem@...emloft.net>, Gao feng <gaofeng@...fujitsu.com>, Jamal Hadi Salim <jhs@...atatu.com>, John Fastabend <john.r.fastabend@...el.com>, Li Zefan <lizefan@...wei.com>, Neil Horman <nhorman@...driver.com>, Tejun Heo <tj@...nel.org> Subject: [PATCH v1 4/5] cgroup: Protect access to task_netprioidx() when built as module From: Daniel Wagner <daniel.wagner@...-carit.de> The module version of task_netprioidex() checks if net_prio_subsys_id is valid to indentify when it is okay to access the controller. Instead relying on the net_prio_subsys_id to be set, make it explicit with a jump label. Signed-off-by: Daniel Wagner <daniel.wagner@...-carit.de> Cc: "David S. Miller" <davem@...emloft.net> Cc: Gao feng <gaofeng@...fujitsu.com> Cc: Jamal Hadi Salim <jhs@...atatu.com> Cc: John Fastabend <john.r.fastabend@...el.com> Cc: Li Zefan <lizefan@...wei.com> Cc: Neil Horman <nhorman@...driver.com> Cc: Tejun Heo <tj@...nel.org> Cc: netdev@...r.kernel.org Cc: cgroups@...r.kernel.org --- include/net/netprio_cgroup.h | 8 +++++++- net/core/netprio_cgroup.c | 10 ++++++++++ net/core/sock.c | 4 ++++ 3 files changed, 21 insertions(+), 1 deletion(-) diff --git a/include/net/netprio_cgroup.h b/include/net/netprio_cgroup.h index 2719dec..9ff58e4 100644 --- a/include/net/netprio_cgroup.h +++ b/include/net/netprio_cgroup.h @@ -16,7 +16,7 @@ #include <linux/cgroup.h> #include <linux/hardirq.h> #include <linux/rcupdate.h> - +#include <linux/jump_label.h> struct netprio_map { struct rcu_head rcu; @@ -54,12 +54,18 @@ static inline u32 task_netprioidx(struct task_struct *p) #elif IS_MODULE(CONFIG_NETPRIO_CGROUP) +extern struct static_key cgroup_netprio_enabled; +#define netpriocg_enabled static_key_false(&cgroup_netprio_enabled) + static inline u32 task_netprioidx(struct task_struct *p) { struct cgroup_netprio_state *state; int subsys_id; u32 idx = 0; + if (!netpriocg_enabled) + return 0; + rcu_read_lock(); subsys_id = rcu_dereference_index_check(net_prio_subsys_id, rcu_read_lock_held()); diff --git a/net/core/netprio_cgroup.c b/net/core/netprio_cgroup.c index ed0c043..94e1270 100644 --- a/net/core/netprio_cgroup.c +++ b/net/core/netprio_cgroup.c @@ -155,6 +155,11 @@ static struct cgroup_subsys_state *cgrp_create(struct cgroup *cgrp) goto out; } +#if IS_MODULE(CONFIG_NETPRIO_CGROUP) + if (!netpriocg_enabled && !cgrp->parent) + static_key_slow_inc(&cgroup_netprio_enabled); +#endif + ret = update_netdev_tables(); if (ret < 0) { put_prioidx(cs->prioidx); @@ -173,6 +178,11 @@ static void cgrp_destroy(struct cgroup *cgrp) struct net_device *dev; struct netprio_map *map; +#if IS_MODULE(CONFIG_NETPRIO_CGROUP) + if (netpriocg_enabled && !cgrp->parent) + static_key_slow_dec(&cgroup_netprio_enabled); +#endif + cs = cgrp_netprio_state(cgrp); rtnl_lock(); for_each_netdev(&init_net, dev) { diff --git a/net/core/sock.c b/net/core/sock.c index 8106e77..1f119d2 100644 --- a/net/core/sock.c +++ b/net/core/sock.c @@ -331,6 +331,10 @@ EXPORT_SYMBOL(__sk_backlog_rcv); struct static_key cgroup_cls_enabled = STATIC_KEY_INIT_FALSE; EXPORT_SYMBOL_GPL(cgroup_cls_enabled); #endif +#if IS_MODULE(CONFIG_NETPRIO_CGROUP) +struct static_key cgroup_netprio_enabled = STATIC_KEY_INIT_FALSE; +EXPORT_SYMBOL_GPL(cgroup_netprio_enabled); +#endif #if !defined(CONFIG_NET_CLS_CGROUP) int net_cls_subsys_id = -1; -- 1.7.12.rc1.16.g05a20c8 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists