lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20150309030636.GC13283@htj.duckdns.org>
Date:	Sun, 8 Mar 2015 23:06:36 -0400
From:	Tejun Heo <tj@...nel.org>
To:	Aleksa Sarai <cyphar@...har.com>
Cc:	lizefan@...wei.com, mingo@...hat.com, peterz@...radead.org,
	richard@....at, fweisbec@...il.com, linux-kernel@...r.kernel.org,
	cgroups@...r.kernel.org
Subject: Re: [PATCH v2 1/2] cgroups: allow a cgroup subsystem to reject a fork

On Fri, Feb 27, 2015 at 03:17:18PM +1100, Aleksa Sarai wrote:
...
> In order for can_fork to deal with a task that has an accurate css_set,
> move the css_set updating to cgroup_fork (where it belongs).

Hmmm?  So, now the task is visible on cgroup side before the point of
no return?  What happens if fork fails afterwards?  Also, why is this
non-trivial change happening in tandem in this patch?

> @@ -946,6 +950,11 @@ struct cgroup_subsys_state *css_tryget_online_from_dir(struct dentry *dentry,
>  static inline int cgroup_init_early(void) { return 0; }
>  static inline int cgroup_init(void) { return 0; }
>  static inline void cgroup_fork(struct task_struct *p) {}
> +static inline int cgroup_can_fork(struct task_struct *p)
> +{
> +	return 0;
> +}

Please follow the surrounding style.

> @@ -4928,7 +4928,7 @@ static void __init cgroup_init_subsys(struct cgroup_subsys *ss, bool early)
>  	 * init_css_set is in the subsystem's root cgroup. */
>  	init_css_set.subsys[ss->id] = css;
>  
> -	need_forkexit_callback |= ss->fork || ss->exit;
> +	need_forkexit_callback |= ss->can_fork || ss->cancel_fork || ss->fork || ss->exit;

Your patch isn't the culprit but this is silly given that this flag is
set pretty much whenever cgroups are enabled.  Per-callback subsys
mask would make far more sense.

Thanks.

-- 
tejun
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ