From nobody Wed Dec 17 09:44:33 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 58EACC25B67
	for <linux-kernel@archiver.kernel.org>; Thu, 26 Oct 2023 16:41:22 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1345222AbjJZQlV (ORCPT
        <rfc822;linux-kernel@archiver.kernel.org>);
        Thu, 26 Oct 2023 12:41:21 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42062 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231180AbjJZQlT (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 26 Oct 2023 12:41:19 -0400
Received: from mail-qt1-x832.google.com (mail-qt1-x832.google.com
 [IPv6:2607:f8b0:4864:20::832])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7762F1A2
        for <linux-kernel@vger.kernel.org>;
 Thu, 26 Oct 2023 09:41:16 -0700 (PDT)
Received: by mail-qt1-x832.google.com with SMTP id
 d75a77b69052e-41cc776ccb4so8019781cf.1
        for <linux-kernel@vger.kernel.org>;
 Thu, 26 Oct 2023 09:41:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=cmpxchg-org.20230601.gappssmtp.com; s=20230601; t=1698338475;
 x=1698943275; darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:from:to:cc:subject:date:message-id:reply-to;
        bh=B/p+SmSABAsiAM1HGs7MlXdI15ooHjpFZ3RrRIcsztY=;
        b=UMQolasfAj6vnApYa7c8x4muGg29qTgZhhW1XMH5rohPN7q1qqH1YBQPbAU6ec6YTs
         F0b3Y96N0Ys/lvRcTdUcRYe9sZ3fGYvFezcibD4h2k7Bnpqr63VsBJe8UeGNzVApk2Ff
         ypVo3yuGgDqfNtnaNUHDb/S/HpW3lsMjJLJvvf1sonwU/YLw5DLlKjtGAGi6l7IIkV2O
         I3DMK/UC9yOED58xuCKdAKZZnNh8ga1miz63PSVnEnhCRQNANY0vOUjopLUN6vz/Otfu
         9jJrhuNCCDIqxrZkgpJIEQkauftdqArwOtHIcpWTkd72MrrCD5g7Rh7gt6NnwsqXW0+w
         xG2A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1698338475; x=1698943275;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=B/p+SmSABAsiAM1HGs7MlXdI15ooHjpFZ3RrRIcsztY=;
        b=VEHRzGG/Q98EEjgo9xECZMskoUCtgYOXq3Cg3794W8hw/KnDSEiUsqxtRx5vp+f9YW
         onvV3YfNgTQDKyXrKN0tfuShD+9hfClmAHJVPqGgRmmNnR+Zd3+IwgwRpmkqFrMQ9Jfa
         QxNhBfSaKOdgMViqFn0JX4KjTjTmuBrtfe/5XDlfA2SNvW/c5VGrYMazgKiwNGdhFnRi
         NYUJc28SM1Rm1DyHXNIR5HSZ4tURt7Fuuh/Lu0FDmhpd5I91BvybSOSyypOp0VxHIn5c
         2t+JcF1CcuHQhTSmKj9YCe0a0+p4kQV9+1J5iJDYz7CMatwQE/Lvk1vHwNiG7q/Up45g
         5jUw==
X-Gm-Message-State: AOJu0YxwAUr+0AXZBbR25nC0lpXpasTtWNkJ9wisqAEKOhIB6953/gAq
        aEdAOCvycE/KTfNA24CMNK3cNw==
X-Google-Smtp-Source: 
 AGHT+IFcWjR27pVnVjEugb0ritH7C5+/+6wUabijlnw13id8uM99pLef8sfNC4GhyiaJPKOPWDmQVA==
X-Received: by 2002:a05:622a:287:b0:41c:b94a:98ac with SMTP id
 z7-20020a05622a028700b0041cb94a98acmr72026qtw.57.1698338475606;
        Thu, 26 Oct 2023 09:41:15 -0700 (PDT)
Received: from localhost ([2620:10d:c091:400::5:a294])
        by smtp.gmail.com with ESMTPSA id
 m24-20020ac86898000000b004108ce94882sm5114224qtq.83.2023.10.26.09.41.14
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 26 Oct 2023 09:41:15 -0700 (PDT)
From: Johannes Weiner <hannes@cmpxchg.org>
To: Peter Zijlstra <peterz@infradead.org>
Cc: Suren Baghdasaryan <surenb@google.com>,
        Domenico Cerasuolo <cerasuolodomenico@gmail.com>,
        linux-kernel@vger.kernel.org, stable@vger.kernel.org,
        Luca Boccassi <bluca@debian.org>
Subject: [PATCH] sched: psi: fix unprivileged polling against cgroups
Date: Thu, 26 Oct 2023 12:41:14 -0400
Message-ID: <20231026164114.2488682-1-hannes@cmpxchg.org>
X-Mailer: git-send-email 2.42.0
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Type: text/plain; charset="utf-8"

519fabc7aaba ("psi: remove 500ms min window size limitation for
triggers") breaks unprivileged psi polling on cgroups.

Historically, we had a privilege check for polling in the open() of a
pressure file in /proc, but were erroneously missing it for the open()
of cgroup pressure files.

When unprivileged polling was introduced in d82caa273565 ("sched/psi:
Allow unprivileged polling of N*2s period"), it needed to filter
privileges depending on the exact polling parameters, and as such
moved the CAP_SYS_RESOURCE check from the proc open() callback to
psi_trigger_create(). Both the proc files as well as cgroup files go
through this during write(). This implicitly added the missing check
for privileges required for HT polling for cgroups.

When 519fabc7aaba ("psi: remove 500ms min window size limitation for
triggers") followed right after to remove further restrictions on the
RT polling window, it incorrectly assumed the cgroup privilege check
was still missing and added it to the cgroup open(), mirroring what we
used to do for proc files in the past.

As a result, unprivileged poll requests that would be supported now
get rejected when opening the cgroup pressure file for writing.

Remove the cgroup open() check. psi_trigger_create() handles it.

Fixes: 519fabc7aaba ("psi: remove 500ms min window size limitation for trig=
gers")
Cc: stable@vger.kernel.org # 6.5+
Reported-by: Luca Boccassi <bluca@debian.org>
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Acked-by: Luca Boccassi <bluca@debian.org>
Acked-by: Suren Baghdasaryan <surenb@google.com>
---
 kernel/cgroup/cgroup.c | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index f11488b18ceb..2069ee98da60 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -3879,14 +3879,6 @@ static __poll_t cgroup_pressure_poll(struct kernfs_o=
pen_file *of,
 	return psi_trigger_poll(&ctx->psi.trigger, of->file, pt);
 }
=20
-static int cgroup_pressure_open(struct kernfs_open_file *of)
-{
-	if (of->file->f_mode & FMODE_WRITE && !capable(CAP_SYS_RESOURCE))
-		return -EPERM;
-
-	return 0;
-}
-
 static void cgroup_pressure_release(struct kernfs_open_file *of)
 {
 	struct cgroup_file_ctx *ctx =3D of->priv;
@@ -5287,7 +5279,6 @@ static struct cftype cgroup_psi_files[] =3D {
 	{
 		.name =3D "io.pressure",
 		.file_offset =3D offsetof(struct cgroup, psi_files[PSI_IO]),
-		.open =3D cgroup_pressure_open,
 		.seq_show =3D cgroup_io_pressure_show,
 		.write =3D cgroup_io_pressure_write,
 		.poll =3D cgroup_pressure_poll,
@@ -5296,7 +5287,6 @@ static struct cftype cgroup_psi_files[] =3D {
 	{
 		.name =3D "memory.pressure",
 		.file_offset =3D offsetof(struct cgroup, psi_files[PSI_MEM]),
-		.open =3D cgroup_pressure_open,
 		.seq_show =3D cgroup_memory_pressure_show,
 		.write =3D cgroup_memory_pressure_write,
 		.poll =3D cgroup_pressure_poll,
@@ -5305,7 +5295,6 @@ static struct cftype cgroup_psi_files[] =3D {
 	{
 		.name =3D "cpu.pressure",
 		.file_offset =3D offsetof(struct cgroup, psi_files[PSI_CPU]),
-		.open =3D cgroup_pressure_open,
 		.seq_show =3D cgroup_cpu_pressure_show,
 		.write =3D cgroup_cpu_pressure_write,
 		.poll =3D cgroup_pressure_poll,
@@ -5315,7 +5304,6 @@ static struct cftype cgroup_psi_files[] =3D {
 	{
 		.name =3D "irq.pressure",
 		.file_offset =3D offsetof(struct cgroup, psi_files[PSI_IRQ]),
-		.open =3D cgroup_pressure_open,
 		.seq_show =3D cgroup_irq_pressure_show,
 		.write =3D cgroup_irq_pressure_write,
 		.poll =3D cgroup_pressure_poll,
--=20
2.42.0