| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 08 Jan 2024 21:37:26 -0600
From: "Haitao Huang" <haitao.huang@...ux.intel.com>
To: dave.hansen@...ux.intel.com, tj@...nel.org, mkoutny@...e.com,
linux-kernel@...r.kernel.org, linux-sgx@...r.kernel.org, x86@...nel.org,
cgroups@...r.kernel.org, tglx@...utronix.de, mingo@...hat.com, bp@...en8.de,
hpa@...or.com, sohil.mehta@...el.com, "Jarkko Sakkinen" <jarkko@...nel.org>
Cc: zhiquan1.li@...el.com, kristen@...ux.intel.com, seanjc@...gle.com,
zhanb@...rosoft.com, anakrish@...rosoft.com, mikko.ylinen@...ux.intel.com,
yangjie@...rosoft.com
Subject: Re: [PATCH v6 01/12] cgroup/misc: Add per resource callbacks for CSS
events
On Wed, 15 Nov 2023 14:25:59 -0600, Jarkko Sakkinen <jarkko@...nel.org>
wrote:
> On Mon Oct 30, 2023 at 8:20 PM EET, Haitao Huang wrote:
>> From: Kristen Carlson Accardi <kristen@...ux.intel.com>
>>
>> The misc cgroup controller (subsystem) currently does not perform
>> resource type specific action for Cgroups Subsystem State (CSS) events:
>> the 'css_alloc' event when a cgroup is created and the 'css_free' event
>> when a cgroup is destroyed.
>>
>> Define callbacks for those events and allow resource providers to
>> register the callbacks per resource type as needed. This will be
>> utilized later by the EPC misc cgroup support implemented in the SGX
>> driver.
>>
>> Also add per resource type private data for those callbacks to store and
>> access resource specific data.
>>
>> Signed-off-by: Kristen Carlson Accardi <kristen@...ux.intel.com>
>> Co-developed-by: Haitao Huang <haitao.huang@...ux.intel.com>
>> Signed-off-by: Haitao Huang <haitao.huang@...ux.intel.com>
>> ---
>> V6:
>> - Create ops struct for per resource callbacks (Jarkko)
>> - Drop max_write callback (Dave, Michal)
>> - Style fixes (Kai)
>> ---
>> include/linux/misc_cgroup.h | 14 ++++++++++++++
>> kernel/cgroup/misc.c | 27 ++++++++++++++++++++++++---
>> 2 files changed, 38 insertions(+), 3 deletions(-)
>>
>> diff --git a/include/linux/misc_cgroup.h b/include/linux/misc_cgroup.h
>> index e799b1f8d05b..5dc509c27c3d 100644
>> --- a/include/linux/misc_cgroup.h
>> +++ b/include/linux/misc_cgroup.h
>> @@ -27,16 +27,30 @@ struct misc_cg;
>>
>> #include <linux/cgroup.h>
>>
>> +/**
>> + * struct misc_operations_struct: per resource callback ops.
>> + * @alloc: invoked for resource specific initialization when cgroup is
>> allocated.
>> + * @free: invoked for resource specific cleanup when cgroup is
>> deallocated.
>> + */
>> +struct misc_operations_struct {
>> + int (*alloc)(struct misc_cg *cg);
>> + void (*free)(struct misc_cg *cg);
>> +};
>
> Maybe just misc_operations, or even misc_ops?
>
With Michal's suggestion to make ops per-resource-type, I'll rename this
misc_res_ops (I was following vm_operations_struct as example)
>> +
>> /**
>> * struct misc_res: Per cgroup per misc type resource
>> * @max: Maximum limit on the resource.
>> * @usage: Current usage of the resource.
>> * @events: Number of times, the resource limit exceeded.
>> + * @priv: resource specific data.
>> + * @misc_ops: resource specific operations.
>> */
>> struct misc_res {
>> u64 max;
>> atomic64_t usage;
>> atomic64_t events;
>> + void *priv;
>
> priv is the wrong patch, it just confuses the overall picture heere.
> please move it to 04/12. Let's deal with the callbacks here.
>
Ok
>> + const struct misc_operations_struct *misc_ops;
>> };
>
> misc_ops would be at least consistent with this, as misc_res also has an
> acronym.
>
>>
>> /**
>> diff --git a/kernel/cgroup/misc.c b/kernel/cgroup/misc.c
>> index 79a3717a5803..d971ede44ebf 100644
>> --- a/kernel/cgroup/misc.c
>> +++ b/kernel/cgroup/misc.c
>> @@ -383,23 +383,37 @@ static struct cftype misc_cg_files[] = {
>> static struct cgroup_subsys_state *
>> misc_cg_alloc(struct cgroup_subsys_state *parent_css)
>> {
>> + struct misc_cg *parent_cg, *cg;
>> enum misc_res_type i;
>> - struct misc_cg *cg;
>> + int ret;
>>
>> if (!parent_css) {
>> - cg = &root_cg;
>> + parent_cg = cg = &root_cg;
>> } else {
>> cg = kzalloc(sizeof(*cg), GFP_KERNEL);
>> if (!cg)
>> return ERR_PTR(-ENOMEM);
>> + parent_cg = css_misc(parent_css);
>> }
>>
>> for (i = 0; i < MISC_CG_RES_TYPES; i++) {
>> WRITE_ONCE(cg->res[i].max, MAX_NUM);
>> atomic64_set(&cg->res[i].usage, 0);
>> + if (parent_cg->res[i].misc_ops && parent_cg->res[i].misc_ops->alloc)
>> {
>> + ret = parent_cg->res[i].misc_ops->alloc(cg);
>> + if (ret)
>> + goto alloc_err;
>
> The patch set only has a use case for both operations defined - any
> partial combinations should never be allowed.
>
> To enforce this invariant you could create a set of operations (written
> out of top of my head):
>
> static int misc_res_init(struct misc_res *res, struct misc_ops *ops)
> {
> if (!misc_ops->alloc) {
> pr_err("%s: alloc missing\n", __func__);
> return -EINVAL;
> }
>
> if (!misc_ops->free) {
> pr_err("%s: free missing\n", __func__);
> return -EINVAL;
> }
>
> res->misc_ops = misc_ops;
> return 0;
> }
>
> static inline int misc_res_alloc(struct misc_cg *cg, struct misc_res
> *res)
> {
> int ret;
>
> if (!res->misc_ops)
> return 0;
>
> return res->misc_ops->alloc(cg);
> }
>
> static inline void misc_res_free(struct misc_cg *cg, struct misc_res
> *res)
> {
> int ret;
>
> if (!res->misc_ops)
> return 0;
>
> return res->misc_ops->alloc(cg);
> }
>
> Now if anything has misc_ops, it will also always have *both* callback,
> and nothing half-baked gets in.
>
> The above loops would be then:
>
> for (i = 0; i < MISC_CG_RES_TYPES; i++) {
> WRITE_ONCE(cg->res[i].max, MAX_NUM);
> atomic64_set(&cg->res[i].usage, 0);
> ret = misc_res_alloc(&parent_cg->res[i]);
> if (ret)
> goto alloc_err;
>
> Cleaner and better guards for state consistency. In 04/12 you need to
> then call misc_res_init() instead of direct assignment.
>
> BR, Jarkko
Will combine these with the use of a static operations array suggested by
Michal.
Thanks
Haitao
Powered by blists - more mailing lists