From: Mina Almasry <almasrymina@google.com>
Cc: Mina Almasry <almasrymina@google.com>,
Michal Hocko <mhocko@suse.com>, "Theodore Ts'o" <tytso@mit.edu>,
Greg Thelen <gthelen@google.com>,
Shakeel Butt <shakeelb@google.com>,
Andrew Morton <akpm@linux-foundation.org>,
Hugh Dickins <hughd@google.com>,
Roman Gushchin <songmuchun@bytedance.com>,
Johannes Weiner <hannes@cmpxchg.org>, Tejun Heo <tj@kernel.org>,
Vladimir Davydov <vdavydov.dev@gmail.com>,
riel@surriel.com, linux-mm@kvack.org,
linux-fsdevel@vger.kernel.org, cgroups@vger.kernel.org
Subject: [PATCH v1 2/5] mm: add tmpfs memcg= permissions check
Date: Mon, 8 Nov 2021 13:19:56 -0800 [thread overview]
Message-ID: <20211108211959.1750915-3-almasrymina@google.com> (raw)
In-Reply-To: <20211108211959.1750915-1-almasrymina@google.com>
Restricts the mounting of tmpfs:
mount -t tmpfs -o memcg=<cgroup>
Only if the mounting task is allowed to open <cgroup>/cgroup.procs file
and allowed to enter the cgroup. Thus, processes are allowed to direct
tmpfs changes to a cgroup that they themselves can enter and allocate
memory in.
Signed-off-by: Mina Almasry <almasrymina@google.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Theodore Ts'o <tytso@mit.edu>
Cc: Greg Thelen <gthelen@google.com>
Cc: Shakeel Butt <shakeelb@google.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Hugh Dickins <hughd@google.com>
Cc: Roman Gushchin <songmuchun@bytedance.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Hugh Dickins <hughd@google.com>
Cc: Tejun Heo <tj@kernel.org>
Cc: Vladimir Davydov <vdavydov.dev@gmail.com>
Cc: Muchun Song <songmuchun@bytedance.com>
Cc: riel@surriel.com
Cc: linux-mm@kvack.org
Cc: linux-fsdevel@vger.kernel.org
Cc: cgroups@vger.kernel.org
---
mm/memcontrol.c | 26 +++++++++++++++++++++++++-
1 file changed, 25 insertions(+), 1 deletion(-)
diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index 389d2f2be9674..2e4c20d09f959 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -62,6 +62,7 @@
#include <linux/tracehook.h>
#include <linux/psi.h>
#include <linux/seq_buf.h>
+#include <linux/string.h>
#include "internal.h"
#include <net/sock.h>
#include <net/ip.h>
@@ -2585,9 +2586,32 @@ void mem_cgroup_handle_over_high(void)
*/
struct mem_cgroup *mem_cgroup_get_from_path(const char *path)
{
- struct file *file;
+ static const char procs_filename[] = "/cgroup.procs";
+ struct file *file, *procs;
struct cgroup_subsys_state *css;
struct mem_cgroup *memcg;
+ char *procs_path =
+ kmalloc(strlen(path) + sizeof(procs_filename), GFP_KERNEL);
+
+ if (procs_path == NULL)
+ return ERR_PTR(-ENOMEM);
+ strcpy(procs_path, path);
+ strcat(procs_path, procs_filename);
+
+ procs = filp_open(procs_path, O_WRONLY, 0);
+ kfree(procs_path);
+
+ /*
+ * Restrict the capability for tasks to mount with memcg charging to the
+ * cgroup they could not join. For example, disallow:
+ *
+ * mount -t tmpfs -o memcg=root-cgroup nodev <MOUNT_DIR>
+ *
+ * if it is a non-root task.
+ */
+ if (IS_ERR(procs))
+ return (struct mem_cgroup *)procs;
+ fput(procs);
file = filp_open(path, O_DIRECTORY | O_RDONLY, 0);
if (IS_ERR(file))
--
2.34.0.rc0.344.g81b53c2807-goog
next prev parent reply other threads:[~2021-11-08 21:20 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20211108211959.1750915-1-almasrymina@google.com>
2021-11-08 21:19 ` [PATCH v1 1/5] mm/shmem: support deterministic charging of tmpfs Mina Almasry
2021-11-08 22:10 ` Dave Chinner
2021-11-08 23:41 ` Matthew Wilcox
2021-11-09 1:18 ` Dave Chinner
2021-11-09 23:56 ` Mina Almasry
2021-11-10 1:15 ` Mina Almasry
2021-11-15 17:53 ` Shakeel Butt
2021-11-09 1:15 ` Roman Gushchin
2021-11-08 21:19 ` Mina Almasry [this message]
2021-11-08 21:19 ` [PATCH v1 3/5] mm/oom: handle remote ooms Mina Almasry
2021-11-09 1:19 ` Roman Gushchin
2021-11-08 21:19 ` [PATCH v1 4/5] mm, shmem: add tmpfs memcg= option documentation Mina Almasry
2021-11-08 21:19 ` [PATCH v1 5/5] mm, shmem, selftests: add tmpfs memcg= mount option tests Mina Almasry
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211108211959.1750915-3-almasrymina@google.com \
--to=almasrymina@google.com \
--cc=akpm@linux-foundation.org \
--cc=cgroups@vger.kernel.org \
--cc=gthelen@google.com \
--cc=hannes@cmpxchg.org \
--cc=hughd@google.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mhocko@suse.com \
--cc=riel@surriel.com \
--cc=shakeelb@google.com \
--cc=songmuchun@bytedance.com \
--cc=tj@kernel.org \
--cc=tytso@mit.edu \
--cc=vdavydov.dev@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox