From: tip-bot for Reinette Chatre <tipbot@zytor.com>
To: linux-tip-commits@vger.kernel.org
Cc: mingo@kernel.org, tglx@linutronix.de, reinette.chatre@intel.com,
hpa@zytor.com, linux-kernel@vger.kernel.org
Subject: [tip:x86/cache] x86/intel_rdt: Respect read and write access
Date: Tue, 19 Jun 2018 17:21:38 -0700 [thread overview]
Message-ID: <tip-4d6959cf503a2a7395216f4bb14fb5409468fac9@git.kernel.org> (raw)
In-Reply-To: <c8b54235b16f40b74fded417f5b6151afe8f27b1.1527593970.git.reinette.chatre@intel.com>
Commit-ID: 4d6959cf503a2a7395216f4bb14fb5409468fac9
Gitweb: https://git.kernel.org/tip/4d6959cf503a2a7395216f4bb14fb5409468fac9
Author: Reinette Chatre <reinette.chatre@intel.com>
AuthorDate: Tue, 29 May 2018 05:57:42 -0700
Committer: Thomas Gleixner <tglx@linutronix.de>
CommitDate: Wed, 20 Jun 2018 00:56:33 +0200
x86/intel_rdt: Respect read and write access
By default, if the opener has CAP_DAC_OVERRIDE, a kernfs file can be opened
regardless of RW permissions. Writing to a kernfs file will thus succeed
even if permissions are 0000.
It's required to restrict the actions that can be performed on a resource
group from userspace based on the mode of the resource group. This
restriction will be done through a modification of the file
permissions. That is, for example, if a resource group is locked then the
user cannot add tasks to the resource group.
For this restriction through file permissions to work it has to be ensured
that the permissions are always respected. To do so the resctrl filesystem
is created with the KERNFS_ROOT_EXTRA_OPEN_PERM_CHECK flag that will result
in open(2) failing with -EACCESS regardless of CAP_DAC_OVERRIDE if the
permission does not have the respective read or write access.
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: fenghua.yu@intel.com
Cc: tony.luck@intel.com
Cc: vikas.shivappa@linux.intel.com
Cc: gavin.hindman@intel.com
Cc: jithu.joseph@intel.com
Cc: dave.hansen@intel.com
Cc: hpa@zytor.com
Link: https://lkml.kernel.org/r/c8b54235b16f40b74fded417f5b6151afe8f27b1.1527593970.git.reinette.chatre@intel.com
---
arch/x86/kernel/cpu/intel_rdt_rdtgroup.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c b/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c
index 9e69f4dbc686..0ddb455b126d 100644
--- a/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c
+++ b/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c
@@ -2537,7 +2537,8 @@ static int __init rdtgroup_setup_root(void)
int ret;
rdt_root = kernfs_create_root(&rdtgroup_kf_syscall_ops,
- KERNFS_ROOT_CREATE_DEACTIVATED,
+ KERNFS_ROOT_CREATE_DEACTIVATED |
+ KERNFS_ROOT_EXTRA_OPEN_PERM_CHECK,
&rdtgroup_default);
if (IS_ERR(rdt_root))
return PTR_ERR(rdt_root);
next prev parent reply other threads:[~2018-06-20 0:21 UTC|newest]
Thread overview: 90+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-29 12:57 [PATCH V5 00/38] Intel(R) Resource Director Technology Cache Pseudo-Locking enabling Reinette Chatre
2018-05-29 12:57 ` [PATCH V5 01/38] x86/intel_rdt: Document new mode, size, and bit_usage Reinette Chatre
2018-06-20 0:12 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-05-29 12:57 ` [PATCH V5 02/38] x86/intel_rdt: Introduce RDT resource group mode Reinette Chatre
2018-06-20 0:13 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-05-29 12:57 ` [PATCH V5 03/38] x86/intel_rdt: Associate mode with each RDT resource group Reinette Chatre
2018-06-20 0:14 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-05-29 12:57 ` [PATCH V5 04/38] x86/intel_rdt: Introduce resource group's mode resctrl file Reinette Chatre
2018-06-20 0:14 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-05-29 12:57 ` [PATCH V5 05/38] x86/intel_rdt: Introduce test to determine if closid is in use Reinette Chatre
2018-06-20 0:15 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-05-29 12:57 ` [PATCH V5 06/38] x86/intel_rdt: Make useful functions available internally Reinette Chatre
2018-06-20 0:15 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-05-29 12:57 ` [PATCH V5 07/38] x86/intel_rdt: Initialize new resource group with sane defaults Reinette Chatre
2018-06-07 21:24 ` [PATCH V6 " Reinette Chatre
2018-06-19 12:31 ` Thomas Gleixner
2018-06-19 16:33 ` Reinette Chatre
2018-06-19 16:53 ` Thomas Gleixner
2018-06-19 17:06 ` Reinette Chatre
2018-06-20 0:16 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-05-29 12:57 ` [PATCH V5 08/38] x86/intel_rdt: Introduce new "exclusive" mode Reinette Chatre
2018-06-20 0:16 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-05-29 12:57 ` [PATCH V5 09/38] x86/intel_rdt: Enable setting of exclusive mode Reinette Chatre
2018-06-20 0:17 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-05-29 12:57 ` [PATCH V5 10/38] x86/intel_rdt: Making CBM name and type more explicit Reinette Chatre
2018-06-20 0:17 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-05-29 12:57 ` [PATCH V5 11/38] x86/intel_rdt: Support flexible data to parsing callbacks Reinette Chatre
2018-06-20 0:18 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-05-29 12:57 ` [PATCH V5 12/38] x86/intel_rdt: Ensure requested schemata respects mode Reinette Chatre
2018-06-20 0:18 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-05-29 12:57 ` [PATCH V5 13/38] x86/intel_rdt: Introduce "bit_usage" to display cache allocations details Reinette Chatre
2018-06-20 0:19 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-05-29 12:57 ` [PATCH V5 14/38] x86/intel_rdt: Display resource groups' allocations' size in bytes Reinette Chatre
2018-06-20 0:20 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-05-29 12:57 ` [PATCH V5 15/38] x86/intel_rdt: Documentation for Cache Pseudo-Locking Reinette Chatre
2018-06-20 0:20 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-05-29 12:57 ` [PATCH V5 16/38] x86/intel_rdt: Introduce the Cache Pseudo-Locking modes Reinette Chatre
2018-06-20 0:21 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-05-29 12:57 ` [PATCH V5 17/38] x86/intel_rdt: Respect read and write access Reinette Chatre
2018-06-20 0:21 ` tip-bot for Reinette Chatre [this message]
2018-05-29 12:57 ` [PATCH V5 18/38] x86/intel_rdt: Add utility to test if tasks assigned to resource group Reinette Chatre
2018-06-20 0:22 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-05-29 12:57 ` [PATCH V5 19/38] x86/intel_rdt: Add utility to restrict/restore access to resctrl files Reinette Chatre
2018-06-20 0:22 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-05-29 12:57 ` [PATCH V5 20/38] x86/intel_rdt: Protect against resource group changes during locking Reinette Chatre
2018-06-20 0:23 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-05-29 12:57 ` [PATCH V5 21/38] x86/intel_rdt: Utilities to restrict/restore access to specific files Reinette Chatre
2018-06-20 0:23 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-05-29 12:57 ` [PATCH V5 22/38] x86/intel_rdt: Add check to determine if monitoring in progress Reinette Chatre
2018-06-20 0:24 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-05-29 12:57 ` [PATCH V5 23/38] x86/intel_rdt: Introduce pseudo-locked region Reinette Chatre
2018-06-20 0:25 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-05-29 12:57 ` [PATCH V5 24/38] x86/intel_rdt: Support enter/exit of locksetup mode Reinette Chatre
2018-06-20 0:25 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-05-29 12:57 ` [PATCH V5 25/38] x86/intel_rdt: Enable entering of pseudo-locksetup mode Reinette Chatre
2018-06-07 21:26 ` [PATCH V6 " Reinette Chatre
2018-06-20 0:26 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-05-29 12:57 ` [PATCH V5 26/38] x86/intel_rdt: Split resource group removal in two Reinette Chatre
2018-06-20 0:26 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-05-29 12:57 ` [PATCH V5 27/38] x86/intel_rdt: Add utilities to test pseudo-locked region possibility Reinette Chatre
2018-06-01 13:09 ` [PATCH V6 " Reinette Chatre
2018-06-20 0:27 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-05-29 12:57 ` [PATCH V5 28/38] x86/intel_rdt: Discover supported platforms via prefetch disable bits Reinette Chatre
2018-06-20 0:27 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-05-29 12:57 ` [PATCH V5 29/38] x86/intel_rdt: Pseudo-lock region creation/removal core Reinette Chatre
2018-05-31 21:06 ` [PATCH V6 " Reinette Chatre
2018-06-20 0:28 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-05-29 12:57 ` [PATCH V5 30/38] x86/intel_rdt: Support creation/removal of pseudo-locked region Reinette Chatre
2018-06-20 0:29 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-05-29 12:57 ` [PATCH V5 31/38] x86/intel_rdt: resctrl files reflect pseudo-locked information Reinette Chatre
2018-06-20 0:29 ` [tip:x86/cache] x86/intel_rdt: Resctrl " tip-bot for Reinette Chatre
2018-05-29 12:57 ` [PATCH V5 32/38] x86/intel_rdt: Ensure RDT cleanup on exit Reinette Chatre
2018-06-20 0:30 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-05-29 12:57 ` [PATCH V5 33/38] x86/intel_rdt: Create resctrl debug area Reinette Chatre
2018-06-20 0:30 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-05-29 12:57 ` [PATCH V5 34/38] x86/intel_rdt: Create debugfs files for pseudo-locking testing Reinette Chatre
2018-06-20 0:31 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-05-29 12:58 ` [PATCH V5 35/38] x86/intel_rdt: Create character device exposing pseudo-locked region Reinette Chatre
2018-06-20 0:31 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-05-29 12:58 ` [PATCH V5 36/38] x86/intel_rdt: More precise L2 hit/miss measurements Reinette Chatre
2018-06-20 0:32 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-05-29 12:58 ` [PATCH V5 37/38] x86/intel_rdt: Support L3 cache performance event of Broadwell Reinette Chatre
2018-06-20 0:32 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-05-29 12:58 ` [PATCH V5 38/38] x86/intel_rdt: Limit C-states dynamically when pseudo-locking active Reinette Chatre
2018-06-20 0:33 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-06-19 16:57 ` [PATCH V5 00/38] Intel(R) Resource Director Technology Cache Pseudo-Locking enabling Thomas Gleixner
2018-06-19 17:06 ` Reinette Chatre
2018-06-20 6:21 ` Thomas Gleixner
2018-06-20 6:38 ` Reinette Chatre
-- strict thread matches above, loose matches on Subject: below --
2018-06-22 22:42 [PATCH V7 18/41] x86/intel_rdt: Respect read and write access Reinette Chatre
2018-06-23 12:16 ` [tip:x86/cache] " tip-bot for Reinette Chatre
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=tip-4d6959cf503a2a7395216f4bb14fb5409468fac9@git.kernel.org \
--to=tipbot@zytor.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-tip-commits@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=reinette.chatre@intel.com \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox