| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 27 Feb 2020 09:46:31 -0500
From: chris hyser <chris.hyser@...cle.com>
To: Qais Yousef <qais.yousef@....com>, Parth Shah <parth@...ux.ibm.com>
Cc: vincent.guittot@...aro.org, dietmar.eggemann@....com,
patrick.bellasi@...bug.net, valentin.schneider@....com,
tim.c.chen@...ux.intel.com, linux-kernel@...r.kernel.org,
peterz@...radead.org, mingo@...hat.com, David.Laight@...LAB.COM,
pjt@...gle.com, pavel@....cz, tj@...nel.org,
dhaval.giani@...cle.com, qperret@...gle.com
Subject: Re: [PATCH v4 4/4] sched/core: Add permission checks for setting the
latency_nice value
On 2/27/20 6:44 AM, Qais Yousef wrote:
> On 02/25/20 12:17, Parth Shah wrote:
>>
>>
>> On 2/24/20 6:59 PM, Qais Yousef wrote:
>>> On 02/24/20 14:29, Parth Shah wrote:
>>>> Since the latency_nice uses the similar infrastructure as NICE, use the
>>>> already existing CAP_SYS_NICE security checks for the latency_nice. This
>>>> should return -EPERM for the non-root user when trying to set the task
>>>> latency_nice value to any lower than the current value.
>>>>
>>>> Signed-off-by: Parth Shah <parth@...ux.ibm.com>
>>>
>>> I'm not against this, so I'm okay if it goes in as is.
>>>
>>> But IMO the definition of this flag is system dependent and I think it's
>>> prudent to keep it an admin only configuration.
>>>
>>> It'd be hard to predict how normal application could use and depend on this
>>> feature in the future, which could tie our hand in terms of extending it.
>>>
>>
>> I am fine with this going in too. But just to lie down the fact on single
>> page and starting the discussion, here are the pros and cons for including
>> this permission checks:
>>
>> Pros:
>> =====
>> - Having this permission checks will allow only root users to promote the
>> task, meaning lowering the latency_nice of the task. This is required in
>> case when the admin has increased the latency_nice value of a task and
>> non-root user can not lower it.
>> - In absence of this check, the non-root user can decrease the latency_nice
>> value against the admin configured value.
>>
>> Cons:
>> =====
>> - This permission check prevents the non-root user to lower the value. This
>> is a problem when the user itself has increased the latency_nice value in
>> the past but fails to lower it again.
>> - After task fork, non-root user cannot lower the inherited child task's
>> latency_nice value, which might be a problem in the future for extending
>> this latency_nice ideas for different optimizations.
>
> Worth adding that if we start strict with root (or capable user) only, relaxing
> this to allow lowering the nice would still be possible in the future. But the
> opposite is not true, we can't reverse the users ability to lower its
> latency_nice value once we give it away.
>
> Beside thinking a bit more about it now. If high latency_nice value means
> cutting short the idle search for instance, does this prevent someone using
> a lower latency nice to be aggressive in some code path to get higher
> throughput?
Short-cutting an idle cpu search reduces latency. There would be a mapping between the latency_nice values -20..-1 and
the short cut. In that view 0 is the default and performs the full domain search as before and -20 presumably skips the
entire search. Positive values then presumably indicate a trade-off in preference of throughput. I've not thought any
about it till now, but maybe indicates that spending extra time (versus less) finding this task the perfect home to just
sit and crank on throughput would be worth it.
-chrish
Powered by blists - more mailing lists