Commit dedf22e9 authored by Tejun Heo's avatar Tejun Heo

cgroup: separate out cgroup_procs_write_permission() from __cgroup_procs_write()

Separate out task / process migration permission check from
__cgroup_procs_write() into cgroup_procs_write_permission().

* Permission check is moved right above the actual migration and no
  longer performed while holding rcu_read_lock().
  cgroup_procs_write_permission() uses get_task_cred() / put_cred()
  instead of __task_cred().  Also, !root trying to migrate kthreadd or
  PF_NO_SETAFFINITY tasks will now fail with -EINVAL rather than
  -EACCES which should be fine.

* The same permission check is now performed even when moving self by
  specifying 0 as pid.  This always succeeds so there's no functional
  difference.  We'll add more permission checks later and the benefits
  of keeping both cases consistent outweigh the minute overhead of
  doing perm checks on pid 0 case.
Signed-off-by: default avatarTejun Heo <tj@kernel.org>
parent fb02915f
...@@ -2392,6 +2392,25 @@ static int cgroup_attach_task(struct cgroup *dst_cgrp, ...@@ -2392,6 +2392,25 @@ static int cgroup_attach_task(struct cgroup *dst_cgrp,
return ret; return ret;
} }
static int cgroup_procs_write_permission(struct task_struct *task)
{
const struct cred *cred = current_cred();
const struct cred *tcred = get_task_cred(task);
int ret = 0;
/*
* even if we're attaching all tasks in the thread group, we only
* need to check permissions on one of them.
*/
if (!uid_eq(cred->euid, GLOBAL_ROOT_UID) &&
!uid_eq(cred->euid, tcred->uid) &&
!uid_eq(cred->euid, tcred->suid))
ret = -EACCES;
put_cred(tcred);
return ret;
}
/* /*
* Find the task_struct of the task to attach by vpid and pass it along to the * Find the task_struct of the task to attach by vpid and pass it along to the
* function to attach either it or all tasks in its threadgroup. Will lock * function to attach either it or all tasks in its threadgroup. Will lock
...@@ -2401,7 +2420,6 @@ static ssize_t __cgroup_procs_write(struct kernfs_open_file *of, char *buf, ...@@ -2401,7 +2420,6 @@ static ssize_t __cgroup_procs_write(struct kernfs_open_file *of, char *buf,
size_t nbytes, loff_t off, bool threadgroup) size_t nbytes, loff_t off, bool threadgroup)
{ {
struct task_struct *tsk; struct task_struct *tsk;
const struct cred *cred = current_cred(), *tcred;
struct cgroup *cgrp; struct cgroup *cgrp;
pid_t pid; pid_t pid;
int ret; int ret;
...@@ -2421,19 +2439,9 @@ static ssize_t __cgroup_procs_write(struct kernfs_open_file *of, char *buf, ...@@ -2421,19 +2439,9 @@ static ssize_t __cgroup_procs_write(struct kernfs_open_file *of, char *buf,
ret = -ESRCH; ret = -ESRCH;
goto out_unlock_rcu; goto out_unlock_rcu;
} }
/* } else {
* even if we're attaching all tasks in the thread group, we
* only need to check permissions on one of them.
*/
tcred = __task_cred(tsk);
if (!uid_eq(cred->euid, GLOBAL_ROOT_UID) &&
!uid_eq(cred->euid, tcred->uid) &&
!uid_eq(cred->euid, tcred->suid)) {
ret = -EACCES;
goto out_unlock_rcu;
}
} else
tsk = current; tsk = current;
}
if (threadgroup) if (threadgroup)
tsk = tsk->group_leader; tsk = tsk->group_leader;
...@@ -2451,7 +2459,9 @@ static ssize_t __cgroup_procs_write(struct kernfs_open_file *of, char *buf, ...@@ -2451,7 +2459,9 @@ static ssize_t __cgroup_procs_write(struct kernfs_open_file *of, char *buf,
get_task_struct(tsk); get_task_struct(tsk);
rcu_read_unlock(); rcu_read_unlock();
ret = cgroup_attach_task(cgrp, tsk, threadgroup); ret = cgroup_procs_write_permission(tsk);
if (!ret)
ret = cgroup_attach_task(cgrp, tsk, threadgroup);
put_task_struct(tsk); put_task_struct(tsk);
goto out_unlock_threadgroup; goto out_unlock_threadgroup;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment