From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8304EC64ED6 for ; Wed, 1 Mar 2023 18:05:51 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 11B4B6B0071; Wed, 1 Mar 2023 13:05:51 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 0CC4A6B0072; Wed, 1 Mar 2023 13:05:51 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id ED51B6B0075; Wed, 1 Mar 2023 13:05:50 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id D8FD96B0071 for ; Wed, 1 Mar 2023 13:05:50 -0500 (EST) Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 9B376C0638 for ; Wed, 1 Mar 2023 18:05:50 +0000 (UTC) X-FDA: 80521107660.03.73FA8F8 Received: from mail-yw1-f180.google.com (mail-yw1-f180.google.com [209.85.128.180]) by imf18.hostedemail.com (Postfix) with ESMTP id BB1001C000E for ; Wed, 1 Mar 2023 18:05:48 +0000 (UTC) Authentication-Results: imf18.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=F4Tge1Vk; spf=pass (imf18.hostedemail.com: domain of surenb@google.com designates 209.85.128.180 as permitted sender) smtp.mailfrom=surenb@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1677693948; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=uX8jmiHZcgYXj8u2P74s/De46LZgaxk18Jsejs4CDXw=; b=JwgCHJLVICisJkSGqbQbQD7RydLJWq+eGEIoEdTnJbtxWdYrlIAA6iPGP1ZKgSZmLh2bAX 9TVzWsldQ/gL4MbE+xX9NsMcrOPc31Q4lHBHk6iIWO8pBOPgOIUJnsyxAABvQm5a79o31J yanjJD1u71iSGmxafiz2teboAMefqwY= ARC-Authentication-Results: i=1; imf18.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=F4Tge1Vk; spf=pass (imf18.hostedemail.com: domain of surenb@google.com designates 209.85.128.180 as permitted sender) smtp.mailfrom=surenb@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1677693948; a=rsa-sha256; cv=none; b=590BKOUPS8HzYO47jpTvxlxGXibsHxNz9cRj1lficPGM0/8yxxIGJvW7BO2SPy6hXvfarr pipgUD6C9d/j9odCoyB54rMqlyQ5hbDX+2JL1ithcu9kiKJmdJ5wyQ76R1nhemR+CM6mpf Jgk48b7lHEZ+MJsj+iM0NBCGUjBBK5g= Received: by mail-yw1-f180.google.com with SMTP id 00721157ae682-53852143afcso380228957b3.3 for ; Wed, 01 Mar 2023 10:05:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; t=1677693948; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=uX8jmiHZcgYXj8u2P74s/De46LZgaxk18Jsejs4CDXw=; b=F4Tge1VkHhBLEu87APuX+c1FBFZuQ/236EIgqsa2CLAghV4MU4ktWNxdD4wbxYlLnG 8Jz5OVtY0G4gUHBsHAUXgUuH3ztxqwsOiC8zJryAUnVUICBu/WSrngNVUHUKqqlFwKRo twWP+HY0so8JHoUhrK0FYhjLb3iJunbdtoZmQL+PZhLFN3CZWUPGY7tug8DPT0K0GRio 2y69fGAW3CjaTSWmBcVf90tdB5iHUOvM8g6UdSZK38pahBHs1bkhZI4YgUC/DBfZFEuR 6YZdJx6Ijq0D/SCoGQsB3SVT1Q2QZA67NO8fHXg9I5OE8119UaOTW6PvjnaS/XuMPdMa 4kxg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1677693948; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=uX8jmiHZcgYXj8u2P74s/De46LZgaxk18Jsejs4CDXw=; b=f7KWhU1Oo8fpe+6LeAGtQGSREBHNZmGPLLkP//hrF+o5iPBCbNFGMscNR4pfq1qXJM 727hlrZy7eW1dc+bq5+F4C+Ty1iHZ7/OD5pYeKUzbxnC/zX3QhVla+TfV7/x7+NGF2d+ WTmf4w0MgDbHKYIWmmMbv8VlcJwFzoVyTgL3R5aHRMzbRV+X+ivyjHg0nEqP9QOGUyUC FFIe0IARvxw0To+ImJIHWIFL/nxY0c1ZV6mzfEi4pclwmkWF5F6wsW5WyTgTjnnZJbKk HqRYd1bJGmFkhG5Rsc1TGAz5OM6SHK78PWkIx4qlwd3WrNS4y4+tt0zqizmecFXB9MOz 98bg== X-Gm-Message-State: AO0yUKXoCF+FcNNDVnkNprJMJSYIcavBlRHmuy98c8sMx31YUqWy81DT bc9Vx6QjE5h4GjifiX9JhK1g91vixlBwJfF7Aemd5A== X-Google-Smtp-Source: AK7set/dkGy44D3lzDpt1OcAlZQDAmRQia2GQABeGUlYp/z+jLLEd0bIjWbxiVlVZhq3mS1FWuYcAJPaqDINSB9WsPo= X-Received: by 2002:a81:ac51:0:b0:53c:6fda:b469 with SMTP id z17-20020a81ac51000000b0053c6fdab469mr1569992ywj.0.1677693947655; Wed, 01 Mar 2023 10:05:47 -0800 (PST) MIME-Version: 1.0 References: <20230301014651.1370939-1-surenb@google.com> In-Reply-To: From: Suren Baghdasaryan Date: Wed, 1 Mar 2023 10:05:36 -0800 Message-ID: Subject: Re: [PATCH 1/1] cgroup: limit cgroup psi file writes to processes with CAP_SYS_RESOURCE To: Michal Hocko Cc: tj@kernel.org, hannes@cmpxchg.org, lizefan.x@bytedance.com, peterz@infradead.org, johunt@akamai.com, quic_sudaraja@quicinc.com, cgroups@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspam05 X-Rspamd-Queue-Id: BB1001C000E X-Stat-Signature: ia7rxp4n84igkgg17j7fym5sbhczuw49 X-Rspam-User: X-HE-Tag: 1677693948-555712 X-HE-Meta: U2FsdGVkX19ecXfQVV7FuY61Mpd+6axTg4vIeFaxgc5JyS7JKChoAkjtBgteu1Lw55qU+IxofdIfj+9FWP1zX8PPsczOVq2wc873KMRbp6Z7AzCkLTl2SjwtEskRV212/VkkMqh+YjI1H3EctVRZVWGtNR/btZa//3vuy63O37kQo2SmTk89hUAfSDuwL6ApRRzgs4UtOQLFVUTSWI1aUzxRD03yOF3x5pzrKuF7c+V/0CG30K7ikez4TDnsFgX6wzEBJDs72ELzCG0v2Wxp0G0EG33tzFsmfrvi07unbt3x5YTWgnwkWHkpwoDOWckZlwxzlm59H8mXVm2KXsIRg5uDih9eG06LbLzf+LxWcXzSDhvgzdT1cVHh3p6GlcXPD+rNeEqF15xSRDzP/t+Nul9hztQi9+6wS2eBh390UOCesdSTTtA9/wG1rGwlkuXZIh3cQb+jN08Y/jl9L8C5hlwJ/q+zV1xhOs+h7HP8E+EAHY6uMn6NIQ3TaKZAJXZ85obz3k3MOi1f+kviujRmyH7yPVBxFwrYVoXnjcVa5irEu7jLth9JI6N//AkbcQVvvIJcfL4Pj5BFcPc/l5pzlGi5Pa3GWnyW5tTV/xEHHMliYwvb6XIu5WTl9Dn+zijHJe9gt1rM6FvLNxEBNgXJJWrwzsRlW8SIZAARv+DJ6JlJ8xaL+46okd8XVM0SsI6aK/PskbeFQBUjdYaUDC93gau6rI3TgnR650v6/BcMnFEchKq1c66Oju8TZyx9YOGQoAZDHVj1uMd2Osg5h/8bysTd6vMh9PszNtVwx/b13j8slIL8dvZDkzkINTGRsfZ6WGAw6+F44BbbbRG5jH1sl98L4vTOM7gPHbIfimpwx5bD6pUuAx7iEUR3ZUFlwwdso8jNcwkTS1J54PBzKR8AD7I9Edxn6Mm2jMzb2KRalNbJZ2FACe9uUijww7Fd8cS4iL7J4hZhxFqfYBCEuKa Qs3UYvDV xJCY1wjk3iaAZqRc+gFIA5LAuFNQkNsCVe3dAG2pEik8qG7NcW+ywAmof5ddTC+TwgLyNLW/7SYBCMEFvv7urT5ujmHZvH13/RrLDDdIfAo+IwMHnGWCzJijgADsKVViv1Zr9AxkWWueCSvbX0t3szALrVt2zJRfx3BwdLQSRvVop6qBJbBoYIMU4qGyyYjnbVez2DJrVny79aYLiBNV24ClO7ju0Mzu/4Gr9AWtOMwQb+w72aK0jbLKebyifGm2srVsjwxqUV7r7CRxXGnPU3C/qY4RRGeMaKnkoNoSRMJVHMDYojDrou4CIf4g/6huxuCrRCp8Ae5Wbo1RiEZXmpB04R2g8jwIenxDA X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Wed, Mar 1, 2023 at 1:47=E2=80=AFAM Michal Hocko wrote= : > > On Tue 28-02-23 17:46:51, Suren Baghdasaryan wrote: > > Currently /proc/pressure/* files can be written only by processes with > > CAP_SYS_RESOURCE capability to prevent any unauthorized user from > > creating psi triggers. However no such limitation is required for > > per-cgroup pressure files. Fix this inconsistency by requiring the same > > capability for writing per-cgroup psi files. > > > > Fixes: 6db12ee0456d ("psi: allow unprivileged users with CAP_SYS_RESOUR= CE to write psi files") > > Is this really a regression from this commit? 6db12ee0456d is changing > permissions of those files to be world writeable with the > CAP_SYS_RESOURCE requirement. Permissions of cgroup files is not changed > and the default mode is 644 (with root as an owner) so only privileged > processes are allowed without any delegation. Agree, the Fixes line here is not valid. I will remove it. > > I think you should instead construct this slightly differently. The > ultimate goal is to allow a reasonable delegation after all, no? Yes. > > So keep your current patch and extend it by removing the min timeout > constrain and justify the change by the necessity of the granularity > tuning as reported by Sudarshan Rajagopala. If this causes any > regression then a revert would also return the min timeout constrain > back and we will have to think about a different approach. I think adding CAP_SYS_RESOURCE check is needed even if we keep the min timeout capped like today. Without it one could create multiple cgroups and add a trigger into each one, therefore creating an unlimited number of "psimon" kernel threads. At some point I expect them to affect system performance because even at high polling intervals they still consume some cpu resources. So, this change I think is needed regardless of the change to min polling period and I would suggest keeping them separate. > > The consistency with the global case is a valid point only partially > because different cgroups might have different owners which is not > usually the case for the global psi interface, right? Correct. > > Makes sense? Yes but hopefully my argument about keeping this and min period patches separate is reasonable? Thanks, Suren. > -- > Michal Hocko > SUSE Labs