| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1527687991-1431-1-git-send-email-longman@redhat.com>
Date: Wed, 30 May 2018 09:46:31 -0400
From: Waiman Long <longman@...hat.com>
To: Tejun Heo <tj@...nel.org>, Li Zefan <lizefan@...wei.com>,
Johannes Weiner <hannes@...xchg.org>,
Peter Zijlstra <peterz@...radead.org>,
Ingo Molnar <mingo@...hat.com>
Cc: cgroups@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-doc@...r.kernel.org, kernel-team@...com, pjt@...gle.com,
luto@...capital.net, Mike Galbraith <efault@....de>,
torvalds@...ux-foundation.org, Roman Gushchin <guro@...com>,
Juri Lelli <juri.lelli@...hat.com>,
Patrick Bellasi <patrick.bellasi@....com>,
Waiman Long <longman@...hat.com>
Subject: [PATCH] cpuset: Enforce that a child's cpus must be a subset of the parent
It was found that the cpuset.cpus could contain CPUs that are not listed
in their parent's cpu list as shown by the command sequence below:
# echo "+cpuset" >cgroup.subtree_control
# mkdir g1
# echo 0-5 >g1/cpuset.cpus
# mkdir g1/g11
# echo "+cpuset" > g1/cgroup.subtree_control
# echo 6-11 >g1/g11/cpuset.cpus
# grep -R . g1 | grep "\.cpus"
g1/cpuset.cpus:0-5
g1/cpuset.cpus.effective:0-5
g1/g11/cpuset.cpus:6-11
g1/g11/cpuset.cpus.effective:0-5
As the intersection of g11's cpus and that of g1 is empty, the effective
cpus of g11 is just that of g1. The check in update_cpumask() is now
corrected to make sure that cpus in a child cpus must be a subset of
its parent's cpus. The error "write error: Invalid argument" will now
be reported in the above case.
Reported-by: Juri Lelli <juri.lelli@...hat.com>
Signed-off-by: Waiman Long <longman@...hat.com>
---
kernel/cgroup/cpuset.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/kernel/cgroup/cpuset.c b/kernel/cgroup/cpuset.c
index 71fb2d0..ceec438 100644
--- a/kernel/cgroup/cpuset.c
+++ b/kernel/cgroup/cpuset.c
@@ -1185,12 +1185,17 @@ static int update_cpumask(struct cpuset *cs, struct cpuset *trialcs,
if (!*buf) {
cpumask_clear(trialcs->cpus_allowed);
} else {
+ struct cpuset *parent = parent_cs(cs);
+
retval = cpulist_parse(buf, trialcs->cpus_allowed);
if (retval < 0)
return retval;
+ /*
+ * The cpu list must be a subset of the parent.
+ */
if (!cpumask_subset(trialcs->cpus_allowed,
- top_cpuset.cpus_allowed))
+ parent->cpus_allowed))
return -EINVAL;
}
--
1.8.3.1
Powered by blists - more mailing lists