From: Oleg Nesterov <oleg@redhat.com>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Zhen Ni <zhen.ni@easystack.cn>,
viro@zeniv.linux.org.uk, catalin.marinas@arm.com,
brauner@kernel.org, zev@bewilderbeest.net,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org
Subject: Re: [PATCH] kernel/sys: Optimize do_prlimit lock scope to reduce contention
Date: Thu, 28 Nov 2024 08:13:52 +0100 [thread overview]
Message-ID: <20241128071351.GA10998@redhat.com> (raw)
In-Reply-To: <20241127174536.752def18058e84487ab9ad65@linux-foundation.org>
On 11/27, Andrew Morton wrote:
>
> On Wed, 20 Nov 2024 21:21:56 +0800 Zhen Ni <zhen.ni@easystack.cn> wrote:
>
> > The security_task_setrlimit function is a Linux Security Module (LSM)
> > hook that evaluates resource limit changes based on security policies.
> > It does not alter the rlim data structure, as confirmed by existing
> > LSM implementations (e.g., SELinux and AppArmor). Thus, this function
> > does not require locking, ensuring correctness while improving
> > concurrency.
>
> Seems sane.
>
> Does any code call do_prlimit() frequently enough for this to matter?
I have the same question...
> > - task_lock(tsk->group_leader);
> > if (new_rlim) {
> > /*
> > * Keep the capable check against init_user_ns until cgroups can
> > * contain all limits.
> > */
> > if (new_rlim->rlim_max > rlim->rlim_max &&
> > - !capable(CAP_SYS_RESOURCE))
> > - retval = -EPERM;
> > - if (!retval)
> > - retval = security_task_setrlimit(tsk, resource, new_rlim);
> > + !capable(CAP_SYS_RESOURCE))
> > + return -EPERM;
> > + retval = security_task_setrlimit(tsk, resource, new_rlim);
> > + if (retval)
> > + return retval;
> > }
> > +
> > + task_lock(tsk->group_leader);
The problem is that task_lock(tsk->group_leader) doesn't look right with or
without this patch. I'll try to make a fix on weekend.
If the caller is sys_prlimit64() and tsk != current, then ->group_leader is
not stable, do_prlimit() can race with mt exec and take the wrong lock.
Oleg.
next prev parent reply other threads:[~2024-11-28 7:14 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20241120132156.207250-1-zhen.ni@easystack.cn>
2024-11-28 1:45 ` [PATCH] kernel/sys: Optimize do_prlimit lock scope to reduce contention Andrew Morton
2024-11-28 7:13 ` Oleg Nesterov [this message]
2024-11-28 7:39 ` Oleg Nesterov
2024-11-28 8:08 ` Oleg Nesterov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241128071351.GA10998@redhat.com \
--to=oleg@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=brauner@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
--cc=zev@bewilderbeest.net \
--cc=zhen.ni@easystack.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).