| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 5 Feb 2020 14:44:25 +0100
From: Michal Koutný <mkoutny@...e.com>
To: cgroups@...r.kernel.org
Cc: Tejun Heo <tj@...nel.org>, Li Zefan <lizefan@...wei.com>,
Johannes Weiner <hannes@...xchg.org>,
Aleksa Sarai <cyphar@...har.com>, linux-kernel@...r.kernel.org
Subject: [RFC PATCH v2 2/3] cgroup/pids: Make event counters hierarchical
The pids.events file should honor the hierarchy, so make the events
propagate from their origin up to the root on the unified hierarchy. The
legacy hierarchy behavior remains the same.
Signed-off-by: Michal Koutný <mkoutny@...e.com>
---
Documentation/admin-guide/cgroup-v2.rst | 4 ++-
kernel/cgroup/pids.c | 44 ++++++++++++++++---------
2 files changed, 31 insertions(+), 17 deletions(-)
diff --git a/Documentation/admin-guide/cgroup-v2.rst b/Documentation/admin-guide/cgroup-v2.rst
index 38edeb79c2d8..5dda08f268b7 100644
--- a/Documentation/admin-guide/cgroup-v2.rst
+++ b/Documentation/admin-guide/cgroup-v2.rst
@@ -1819,7 +1819,9 @@ PID Interface Files
pids.events
A read-only flat-keyed file which exists on non-root cgroups. Unless
specified otherwise, a value change in this file generates a file modified
- event. The following entries are defined.
+ event. Fields in this file are hierarchical and the file modified event
+ can be generated due to an event down the hierarchy. The following
+ entries are defined.
max
The number of times the limit of the cgroup was hit.
diff --git a/kernel/cgroup/pids.c b/kernel/cgroup/pids.c
index bbfb2fb56029..5d65b36931cd 100644
--- a/kernel/cgroup/pids.c
+++ b/kernel/cgroup/pids.c
@@ -223,6 +223,33 @@ static void pids_cancel_attach(struct cgroup_taskset *tset)
}
}
+static void pids_event(struct pids_cgroup *pids_forking,
+ struct pids_cgroup *pids_over_limit)
+{
+ struct pids_cgroup *p;
+ bool limit = false;
+
+ for (p = pids_forking; parent_pids(p); p = parent_pids(p)) {
+ /* Only log the first time events_limit_imposed is incremented. */
+ if (atomic64_inc_return(&p->events_limit_imposed) == 1 &&
+ p == pids_forking) {
+ pr_info("cgroup: fork rejected by pids controller in ");
+ pr_cont_cgroup_path(p->css.cgroup);
+ pr_cont("\n");
+ }
+
+ if (p == pids_over_limit)
+ limit = true;
+ if (limit)
+ atomic64_inc(&p->events_limit);
+
+ cgroup_file_notify(&p->events_file);
+ /* Events are only notified in pids_forking on v1 */
+ if (!cgroup_subsys_on_dfl(pids_cgrp_subsys))
+ break;
+ }
+}
+
/*
* task_css_check(true) in pids_can_fork() and pids_cancel_fork() relies
* on cgroup_threadgroup_change_begin() held by the copy_process().
@@ -237,22 +264,7 @@ static int pids_can_fork(struct task_struct *task)
pids = css_pids(css);
err = pids_try_charge(pids, 1, &pids_over_limit);
if (err) {
- /* Backwards compatibility on v1 where events were notified in
- * leaves. */
- if (!cgroup_subsys_on_dfl(pids_cgrp_subsys))
- pids_over_limit = pids;
-
- /* Only log the first time events_limit_imposed is incremented. */
- if (atomic64_inc_return(&pids->events_limit_imposed) == 1) {
- pr_info("cgroup: fork rejected by pids controller in ");
- pr_cont_cgroup_path(pids->css.cgroup);
- pr_cont("\n");
- }
- atomic64_inc(&pids_over_limit->events_limit);
-
- cgroup_file_notify(&pids->events_file);
- if (pids_over_limit != pids)
- cgroup_file_notify(&pids_over_limit->events_file);
+ pids_event(pids, pids_over_limit);
}
return err;
}
--
2.24.1
Powered by blists - more mailing lists