From: Waiman Long <longman@redhat.com>
To: Tejun Heo <tj@kernel.org>, Zefan Li <lizefan.x@bytedance.com>,
Johannes Weiner <hannes@cmpxchg.org>,
Jonathan Corbet <corbet@lwn.net>
Cc: cgroups@vger.kernel.org, linux-doc@vger.kernel.org,
linux-kernel@vger.kernel.org,
Kamalesh Babulal <kamalesh.babulal@oracle.com>,
Roman Gushchin <roman.gushchin@linux.dev>,
Waiman Long <longman@redhat.com>
Subject: [PATCH v3 2/2] cgroup: Limit frequency of reading cgroup.stat for unprivileged users
Date: Wed, 10 Jul 2024 14:23:53 -0400 [thread overview]
Message-ID: <20240710182353.2312025-2-longman@redhat.com> (raw)
In-Reply-To: <20240710182353.2312025-1-longman@redhat.com>
Since cgroup_mutex is being acquired when reading from a world readable
cgroup.stat control file, it is possible that repeated reading of
cgroup.stat may be used as a denial of service (DoS) attack vector
by unprivileged users to greatly hinder cgroup related operations in
a system.
To prevent this, we are limiting the reading of cgroup.stat file from
unprivileged users to at most 8 times per second.
Signed-off-by: Waiman Long <longman@redhat.com>
---
kernel/cgroup/cgroup.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index 18c982a06446..56ac9f14d100 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -3668,12 +3668,22 @@ static int cgroup_events_show(struct seq_file *seq, void *v)
static int cgroup_stat_show(struct seq_file *seq, void *v)
{
+ static unsigned long unpriv_timestamp;
struct cgroup *cgroup = seq_css(seq)->cgroup;
struct cgroup_subsys_state *css;
int ssid;
+ /*
+ * Unprivileged users can only read cgroup.stat up to 8 times
+ * per second to avoid potential DoS attack.
+ */
+ if (!capable(CAP_SYS_ADMIN) &&
+ time_before(jiffies, unpriv_timestamp + (HZ >> 3)))
+ msleep(HZ >> 3);
+
/* cgroup_mutex required for for_each_css() */
cgroup_lock();
+ unpriv_timestamp = jiffies;
seq_printf(seq, "nr_descendants %d\n",
cgroup->nr_descendants);
seq_printf(seq, "nr_dying_descendants %d\n",
--
2.39.3
next prev parent reply other threads:[~2024-07-10 18:24 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-10 18:23 [PATCH v3 1/2] cgroup: Show # of subsystem CSSes in cgroup.stat Waiman Long
2024-07-10 18:23 ` Waiman Long [this message]
2024-07-10 21:43 ` Roman Gushchin
2024-07-10 23:49 ` Waiman Long
2024-07-10 21:59 ` Tejun Heo
2024-07-10 23:51 ` Waiman Long
2024-07-11 13:49 ` Johannes Weiner
2024-07-11 14:05 ` Waiman Long
2024-07-11 17:18 ` Tejun Heo
2024-07-11 17:39 ` Waiman Long
2024-07-11 18:44 ` Tejun Heo
2024-07-11 18:51 ` Waiman Long
2024-07-11 18:59 ` Tejun Heo
2024-07-11 19:13 ` Waiman Long
2024-07-11 19:21 ` Tejun Heo
2024-07-11 19:29 ` Waiman Long
2024-07-11 19:59 ` Johannes Weiner
2024-07-11 21:00 ` Waiman Long
2024-07-11 21:57 ` Waiman Long
2024-07-12 16:29 ` Johannes Weiner
2024-07-12 17:10 ` Waiman Long
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240710182353.2312025-2-longman@redhat.com \
--to=longman@redhat.com \
--cc=cgroups@vger.kernel.org \
--cc=corbet@lwn.net \
--cc=hannes@cmpxchg.org \
--cc=kamalesh.babulal@oracle.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lizefan.x@bytedance.com \
--cc=roman.gushchin@linux.dev \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox