From nobody Fri Dec 19 16:26:50 2025 Received: from mail-oa1-f73.google.com (mail-oa1-f73.google.com [209.85.160.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 22AFC1662E7 for ; Fri, 5 Dec 2025 00:58:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.160.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764896329; cv=none; b=uu6MB4wWZxe3NtyjtA5RHQXnt2c0SnWcsD8rkLauThdxqHKcg2L+2bqpHPDa5ig3pA4bOwf9scQmgpir4U6mV/6UtEocXdCI94uzJV6ige9TKcUCjgRtdolO4ZzB61FUQDlGyA4Qonpowc3jy+RDaEOrJEMiWsmjXoEi74Yi7+4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764896329; c=relaxed/simple; bh=nyHWTFoGvASer3toat4ImRw6FmdnkyEWU7Xu2iHxdEk=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=DXQmVRvGf91D8LzU+9gTmZQTIuhcb2ujNRlBpYpaq2hRQzXG7juVGRWo1Cgt/cW+dKtbVDM1naK0ZfOyE2xMW53kPSQL90ms+ASsRpowU3ITrjKdVmwCmlVcCqvihdKOlW8u+C8gtwCGjqWG04s9W3cE3DHYM+yEqJRNl+zpHoo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--avagin.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=gv9lFCd+; arc=none smtp.client-ip=209.85.160.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--avagin.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="gv9lFCd+" Received: by mail-oa1-f73.google.com with SMTP id 586e51a60fabf-3ed1787beb6so2559199fac.0 for ; Thu, 04 Dec 2025 16:58:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1764896326; x=1765501126; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=l1Ka/G7ByT2+kY8UIiF65zUCvkc5PFIL+KWxYDYgrVo=; b=gv9lFCd+GtEiz92KLbQSnh8G42/pYerV62qYQ9N3AshItE6xE21WY9HEQtg0lNLuEs z5B8ny+6MwviPpmtRUTHe1qJttrrqi0FiBRzFo9Khs3emOxfGTm85vwVWdi8uJ7Ha9BN /GGzc955p/cz4XRYEvn4eA2YU8biHNDYYOgBaJxzGHY0XrGmMcoek5RLcxZqktsDRPeH xB6ZCfpscjkWUKZDXf97b6OSVQPwgo/g3gNet2eLmwfDVFo7IuaMsSv1FZoHxw8oQgWt ExoTTY9W7y5sCi5Tnata6GDm41gkKLzlgbKE+QVdsH8kVB5jdckuBkmLOaqzDl/TPTUu On7g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764896326; x=1765501126; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=l1Ka/G7ByT2+kY8UIiF65zUCvkc5PFIL+KWxYDYgrVo=; b=QFmd/8kdw7qx8+V6li9Zm9HuA3qSPfiDJkif9GUrB9SKGezSulzxyJA9HDl3NttA6v hlyhTib+E8W58C/PZ8bhBTwB6H7Myo1JAKyS170rPWDhpwcjMC7UGo6B5Ohutht3cPwz t3a1E5ecemctitFq7g/2SX80iUtip3RrhYwgJZmR9ch2ZXemFEQn0a/IkgyJP8pWK3Dm 3dszgoyavR7ASpw+y28IdctS0JH36gd9/g60xUO32WZMwtTlpCaJKNFCtwK2/aYBAyz+ EKprnK7/BtO+4Xo98nf/gCrzm4S+YQ47y6tr7Jv48CshpImorJYRyWvbItLXgnhDjPpu 1eZw== X-Gm-Message-State: AOJu0Yw87+kzlpBvP8FVgFDCoeJorrHk0RCQNJw6EXrcTqPZllrfdre2 E1lHPcm9flyMFKWRIU9PXikTr9glWVdoeoVAuY8D+bMeaYXYINodENvtYyRm+WBAk13Uqb+hw2A JsIFz3g== X-Google-Smtp-Source: AGHT+IEwsKSsZMSp6xx5UIj2r6LD+T7cD7UXVYxQ9IkaQIcbU4lDaPVqZhMj+NwIGSDCYm3tG6SS17DBIEk= X-Received: from oacnz12.prod.google.com ([2002:a05:6871:758c:b0:3e7:db6c:48b]) (user=avagin job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6870:888f:b0:3e8:8e57:a7a1 with SMTP id 586e51a60fabf-3f5067dfc56mr2969051fac.52.1764896326246; Thu, 04 Dec 2025 16:58:46 -0800 (PST) Date: Fri, 5 Dec 2025 00:58:29 +0000 In-Reply-To: <20251205005841.3942668-1-avagin@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20251205005841.3942668-1-avagin@google.com> X-Mailer: git-send-email 2.52.0.223.gf5cc29aaa4-goog Message-ID: <20251205005841.3942668-2-avagin@google.com> Subject: [PATCH 1/3] cgroup, binfmt_elf: Add hwcap masks to the misc controller From: Andrei Vagin To: Kees Cook Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, cgroups@vger.kernel.org, criu@lists.linux.dev, Tejun Heo , Johannes Weiner , "=?UTF-8?q?Michal=20Koutn=C3=BD?=" , Vipin Sharma , Jonathan Corbet , Andrei Vagin Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add an interface to the misc cgroup controller that allows masking out hardware capabilities (AT_HWCAP) reported to user-space processes. This provides a mechanism to restrict the features a containerized application can see. The new "misc.mask" cgroup file allows users to specify masks for AT_HWCAP, AT_HWCAP2, AT_HWCAP3, and AT_HWCAP4. The output of "misc.mask" is extended to display the effective mask, which is a combination of the masks from the current cgroup and all its ancestors. Signed-off-by: Andrei Vagin --- fs/binfmt_elf.c | 24 +++++-- include/linux/misc_cgroup.h | 25 +++++++ kernel/cgroup/misc.c | 126 ++++++++++++++++++++++++++++++++++++ 3 files changed, 171 insertions(+), 4 deletions(-) diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index 3eb734c192e9..59137784e81d 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -47,6 +47,7 @@ #include #include #include +#include #include #include =20 @@ -182,6 +183,21 @@ create_elf_tables(struct linux_binprm *bprm, const str= uct elfhdr *exec, int ei_index; const struct cred *cred =3D current_cred(); struct vm_area_struct *vma; + struct misc_cg *misc_cg; + u64 hwcap_mask[4] =3D {0, 0, 0, 0}; + + misc_cg =3D get_current_misc_cg(); + misc_cg_get_mask(MISC_CG_MASK_HWCAP, misc_cg, &hwcap_mask[0]); +#ifdef ELF_HWCAP2 + misc_cg_get_mask(MISC_CG_MASK_HWCAP2, misc_cg, &hwcap_mask[1]); +#endif +#ifdef ELF_HWCAP3 + misc_cg_get_mask(MISC_CG_MASK_HWCAP3, misc_cg, &hwcap_mask[2]); +#endif +#ifdef ELF_HWCAP4 + misc_cg_get_mask(MISC_CG_MASK_HWCAP4, misc_cg, &hwcap_mask[3]); +#endif + put_misc_cg(misc_cg); =20 /* * In some cases (e.g. Hyper-Threading), we want to avoid L1 @@ -246,7 +262,7 @@ create_elf_tables(struct linux_binprm *bprm, const stru= ct elfhdr *exec, */ ARCH_DLINFO; #endif - NEW_AUX_ENT(AT_HWCAP, ELF_HWCAP); + NEW_AUX_ENT(AT_HWCAP, ELF_HWCAP & ~hwcap_mask[0]); NEW_AUX_ENT(AT_PAGESZ, ELF_EXEC_PAGESIZE); NEW_AUX_ENT(AT_CLKTCK, CLOCKS_PER_SEC); NEW_AUX_ENT(AT_PHDR, phdr_addr); @@ -264,13 +280,13 @@ create_elf_tables(struct linux_binprm *bprm, const st= ruct elfhdr *exec, NEW_AUX_ENT(AT_SECURE, bprm->secureexec); NEW_AUX_ENT(AT_RANDOM, (elf_addr_t)(unsigned long)u_rand_bytes); #ifdef ELF_HWCAP2 - NEW_AUX_ENT(AT_HWCAP2, ELF_HWCAP2); + NEW_AUX_ENT(AT_HWCAP2, ELF_HWCAP2 & ~hwcap_mask[1]); #endif #ifdef ELF_HWCAP3 - NEW_AUX_ENT(AT_HWCAP3, ELF_HWCAP3); + NEW_AUX_ENT(AT_HWCAP3, ELF_HWCAP3 & ~hwcap_mask[2]); #endif #ifdef ELF_HWCAP4 - NEW_AUX_ENT(AT_HWCAP4, ELF_HWCAP4); + NEW_AUX_ENT(AT_HWCAP4, ELF_HWCAP4 & ~hwcap_mask[3]); #endif NEW_AUX_ENT(AT_EXECFN, bprm->exec); if (k_platform) { diff --git a/include/linux/misc_cgroup.h b/include/linux/misc_cgroup.h index 0cb36a3ffc47..cff830c238fb 100644 --- a/include/linux/misc_cgroup.h +++ b/include/linux/misc_cgroup.h @@ -8,6 +8,8 @@ #ifndef _MISC_CGROUP_H_ #define _MISC_CGROUP_H_ =20 +#include + /** * enum misc_res_type - Types of misc cgroup entries supported by the host. */ @@ -26,6 +28,20 @@ enum misc_res_type { MISC_CG_RES_TYPES }; =20 +enum misc_mask_type { + MISC_CG_MASK_HWCAP, +#ifdef ELF_HWCAP2 + MISC_CG_MASK_HWCAP2, +#endif +#ifdef ELF_HWCAP3 + MISC_CG_MASK_HWCAP3, +#endif +#ifdef ELF_HWCAP4 + MISC_CG_MASK_HWCAP4, +#endif + MISC_CG_MASK_TYPES +}; + struct misc_cg; =20 #ifdef CONFIG_CGROUP_MISC @@ -62,12 +78,15 @@ struct misc_cg { struct cgroup_file events_local_file; =20 struct misc_res res[MISC_CG_RES_TYPES]; + u64 mask[MISC_CG_MASK_TYPES]; }; =20 int misc_cg_set_capacity(enum misc_res_type type, u64 capacity); int misc_cg_try_charge(enum misc_res_type type, struct misc_cg *cg, u64 am= ount); void misc_cg_uncharge(enum misc_res_type type, struct misc_cg *cg, u64 amo= unt); =20 +int misc_cg_get_mask(enum misc_mask_type type, struct misc_cg *cg, u64 *pm= ask); + /** * css_misc() - Get misc cgroup from the css. * @css: cgroup subsys state object. @@ -134,5 +153,11 @@ static inline void put_misc_cg(struct misc_cg *cg) { } =20 +static inline int misc_cg_get_mask(enum misc_mask_type type, struct misc_c= g *cg, u64 *pmask) +{ + *pmask =3D 0; + return 0; +} + #endif /* CONFIG_CGROUP_MISC */ #endif /* _MISC_CGROUP_H_ */ diff --git a/kernel/cgroup/misc.c b/kernel/cgroup/misc.c index 6a01d91ea4cb..d1386d86060f 100644 --- a/kernel/cgroup/misc.c +++ b/kernel/cgroup/misc.c @@ -30,6 +30,19 @@ static const char *const misc_res_name[] =3D { #endif }; =20 +static const char *const misc_mask_name[] =3D { + "AT_HWCAP", +#ifdef ELF_HWCAP2 + "AT_HWCAP2", +#endif +#ifdef ELF_HWCAP3 + "AT_HWCAP3", +#endif +#ifdef ELF_HWCAP4 + "AT_HWCAP4", +#endif +}; + /* Root misc cgroup */ static struct misc_cg root_cg; =20 @@ -71,6 +84,11 @@ static inline bool valid_type(enum misc_res_type type) return type >=3D 0 && type < MISC_CG_RES_TYPES; } =20 +static inline bool valid_mask_type(enum misc_mask_type type) +{ + return type >=3D 0 && type < MISC_CG_MASK_TYPES; +} + /** * misc_cg_set_capacity() - Set the capacity of the misc cgroup res. * @type: Type of the misc res. @@ -391,6 +409,109 @@ static int misc_events_local_show(struct seq_file *sf= , void *v) return __misc_events_show(sf, true); } =20 +/** + * misc_cg_get_mask() - Get the mask of the specified type. + * @type: The misc mask type. + * @cg: The misc cgroup. + * @pmask: Pointer to the resulting mask. + * + * This function calculates the effective mask for a given cgroup by walki= ng up + * the hierarchy and ORing the masks from all parent cgroupfs. The final r= esult + * is stored in the location pointed to by @pmask. + * + * Context: Any context. + * Return: 0 on success, -EINVAL if @type is invalid. + */ +int misc_cg_get_mask(enum misc_mask_type type, struct misc_cg *cg, u64 *pm= ask) +{ + struct misc_cg *i; + u64 mask =3D 0; + + if (!(valid_mask_type(type))) + return -EINVAL; + + for (i =3D cg; i; i =3D parent_misc(i)) + mask |=3D READ_ONCE(i->mask[type]); + + *pmask =3D mask; + return 0; +} + +/** + * misc_cg_mask_show() - Show the misc cgroup masks. + * @sf: Interface file + * @v: Arguments passed + * + * Context: Any context. + * Return: 0 to denote successful print. + */ +static int misc_cg_mask_show(struct seq_file *sf, void *v) +{ + struct misc_cg *cg =3D css_misc(seq_css(sf)); + int i; + + for (i =3D 0; i < MISC_CG_MASK_TYPES; i++) { + u64 rval, val =3D READ_ONCE(cg->mask[i]); + + misc_cg_get_mask(i, cg, &rval); + seq_printf(sf, "%s\t%#016llx\t%#016llx\n", misc_mask_name[i], val, rval); + } + + return 0; +} + +/** + * misc_cg_mask_write() - Update the mask of the specified type. + * @of: Handler for the file. + * @buf: The buffer containing the user's input. + * @nbytes: The number of bytes in @buf. + * @off: The offset in the file. + * + * This function parses a user-provided string to update a mask. + * The expected format is " ", for example: + * + * echo "AT_HWCAP 0xf00" > misc.mask + * + * Context: Process context. + * Return: The number of bytes processed on success, or a negative error c= ode + * on failure. + */ +static ssize_t misc_cg_mask_write(struct kernfs_open_file *of, char *buf, + size_t nbytes, loff_t off) +{ + struct misc_cg *cg; + u64 max; + int ret =3D 0, i; + enum misc_mask_type type =3D MISC_CG_MASK_TYPES; + char *token; + + buf =3D strstrip(buf); + token =3D strsep(&buf, " "); + + if (!token || !buf) + return -EINVAL; + + for (i =3D 0; i < MISC_CG_MASK_TYPES; i++) { + if (!strcmp(misc_mask_name[i], token)) { + type =3D i; + break; + } + } + + if (type =3D=3D MISC_CG_MASK_TYPES) + return -EINVAL; + + ret =3D kstrtou64(buf, 0, &max); + if (ret) + return ret; + + cg =3D css_misc(of_css(of)); + + WRITE_ONCE(cg->mask[type], max); + + return nbytes; +} + /* Misc cgroup interface files */ static struct cftype misc_cg_files[] =3D { { @@ -424,6 +545,11 @@ static struct cftype misc_cg_files[] =3D { .file_offset =3D offsetof(struct misc_cg, events_local_file), .seq_show =3D misc_events_local_show, }, + { + .name =3D "mask", + .write =3D misc_cg_mask_write, + .seq_show =3D misc_cg_mask_show, + }, {} }; =20 --=20 2.52.0.223.gf5cc29aaa4-goog From nobody Fri Dec 19 16:26:50 2025 Received: from mail-oi1-f202.google.com (mail-oi1-f202.google.com [209.85.167.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 115811F8755 for ; Fri, 5 Dec 2025 00:58:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.167.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764896330; cv=none; b=A80muf9HNA9EHDP3Dds6jGvgDDDiVOqD4MsoHkJRjIAJmfZjYqg7PGyBVTRBywR6N4HeMSr/HJ0kymIQ5rhUlYt2BED6L82A9qHl+E8e7ZJ9vFLWRxDLmdR3FqKXX8pNlBk6n1fR/n7hItEVJYy+pvZjDM7I3kn/g+0morhzotM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764896330; c=relaxed/simple; bh=nyHWTFoGvASer3toat4ImRw6FmdnkyEWU7Xu2iHxdEk=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=UWVRCo6dGBjCVrYpRLke1o0c6eUylUul7fIQiEELIrpRCccix2UEdHf0dXGh++13Rlh3Qi8sMTSr9OPgCNiTihqqP+lBcx7l7bjOZabUZ0JjbqL1aSCw6xiTWn2lqmUPTtOiNd/FCMOciIltnSEyFz77n5Jxxkk2rWj0bWSrhDs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--avagin.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=eNZEsLmA; arc=none smtp.client-ip=209.85.167.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--avagin.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="eNZEsLmA" Received: by mail-oi1-f202.google.com with SMTP id 5614622812f47-4537c9e1c14so1267410b6e.1 for ; Thu, 04 Dec 2025 16:58:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1764896327; x=1765501127; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=l1Ka/G7ByT2+kY8UIiF65zUCvkc5PFIL+KWxYDYgrVo=; b=eNZEsLmAdpb0BU2UpV5lhEny7gj5K5inc2LLvEIbLCq3aW6Wl8RuKrlK16q0FbPdDY cF6VTXRH+Q2yFbiCH9jUTQKHpfaBFNUtzYrqjcBu3fD1Z8i1NXxLk+wf7QQKQ9BnrzJi 6YZLicRaWzMU/MzBBy8odRJR3jPUSd2nji/PacrYeaakDSDUxvWjY5fy0f6kRD0B6NrC jwzMeD6E+1UtawogGpdAQZr7Ir30WRkNlJhKprd8DX81gWIp4QZ8GWO1r4f9z0xjEVv2 ivmF3q7sQrG1YRJfijmK2DKI37V8MC9j5HLM5zx4RzNntOlvx8vJFy+nrKkStaqeZeXp vXsg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764896327; x=1765501127; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=l1Ka/G7ByT2+kY8UIiF65zUCvkc5PFIL+KWxYDYgrVo=; b=p2P8w9TzDdvWYIPp8qeVqPWus9HZtaLIxqciGRMdwNzuKpP82ibBHdaMTjCtoB1Kvv 9L51D3nmJp8abBMDTeSLoTdOHGF9YkwuV1dewKlZXhRKqvVHznKwsE8Qa7NXVVuCIMzC eEJhweEDXV/0ZKteh2hpf5DxSHCI2iBN3w8MkRopsO2HMmXyVr3oj8Pwpta+cbukuimU Jat91e3W9YS8+Jm3zUN5ewNGtmuPHBdCaBfywNIfOaRHS8dz4mT+CKc50JAtca7h4hjz VAvQYfalG1fNOKZQ+7hDmHlEQjMFX8lUrUUyXnmK0w/F91m3wqoyZhM2nCn87BvTBtBT erpg== X-Gm-Message-State: AOJu0YxfFsZRDwr6k1M0ItR4sblc9WO8qAMckMTn8aQEdJbba0zXdH12 3QsLUco0r7vOYl8B4OoIFYRzq1OBzPzVQqdMlCEch6DpkgQozmbCZ1Pc6tlvQNJOvGr08WoXGJv s+/X2vA== X-Google-Smtp-Source: AGHT+IGmtosd8xmps/oV4TZgOUFGtK1BT8mv/MmkumMBnl/inyl5u1+B5QcUb//XVfD1YOf+RZc7lMo25M0= X-Received: from iobgp24.prod.google.com ([2002:a05:6602:e18:b0:949:60d:4912]) (user=avagin job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6808:1185:b0:44f:e61d:189f with SMTP id 5614622812f47-4536e3dcc04mr4462771b6e.13.1764896327255; Thu, 04 Dec 2025 16:58:47 -0800 (PST) Date: Fri, 5 Dec 2025 00:58:30 +0000 In-Reply-To: <20251205005841.3942668-1-avagin@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20251205005841.3942668-1-avagin@google.com> X-Mailer: git-send-email 2.52.0.223.gf5cc29aaa4-goog Message-ID: <20251205005841.3942668-3-avagin@google.com> Subject: [PATCH 1/3] cgroup, binfmt_elf: Add hwcap masks to the misc controller From: Andrei Vagin To: Kees Cook Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, cgroups@vger.kernel.org, criu@lists.linux.dev, Tejun Heo , Johannes Weiner , "=?UTF-8?q?Michal=20Koutn=C3=BD?=" , Vipin Sharma , Jonathan Corbet , Andrei Vagin Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add an interface to the misc cgroup controller that allows masking out hardware capabilities (AT_HWCAP) reported to user-space processes. This provides a mechanism to restrict the features a containerized application can see. The new "misc.mask" cgroup file allows users to specify masks for AT_HWCAP, AT_HWCAP2, AT_HWCAP3, and AT_HWCAP4. The output of "misc.mask" is extended to display the effective mask, which is a combination of the masks from the current cgroup and all its ancestors. Signed-off-by: Andrei Vagin --- fs/binfmt_elf.c | 24 +++++-- include/linux/misc_cgroup.h | 25 +++++++ kernel/cgroup/misc.c | 126 ++++++++++++++++++++++++++++++++++++ 3 files changed, 171 insertions(+), 4 deletions(-) diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index 3eb734c192e9..59137784e81d 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -47,6 +47,7 @@ #include #include #include +#include #include #include =20 @@ -182,6 +183,21 @@ create_elf_tables(struct linux_binprm *bprm, const str= uct elfhdr *exec, int ei_index; const struct cred *cred =3D current_cred(); struct vm_area_struct *vma; + struct misc_cg *misc_cg; + u64 hwcap_mask[4] =3D {0, 0, 0, 0}; + + misc_cg =3D get_current_misc_cg(); + misc_cg_get_mask(MISC_CG_MASK_HWCAP, misc_cg, &hwcap_mask[0]); +#ifdef ELF_HWCAP2 + misc_cg_get_mask(MISC_CG_MASK_HWCAP2, misc_cg, &hwcap_mask[1]); +#endif +#ifdef ELF_HWCAP3 + misc_cg_get_mask(MISC_CG_MASK_HWCAP3, misc_cg, &hwcap_mask[2]); +#endif +#ifdef ELF_HWCAP4 + misc_cg_get_mask(MISC_CG_MASK_HWCAP4, misc_cg, &hwcap_mask[3]); +#endif + put_misc_cg(misc_cg); =20 /* * In some cases (e.g. Hyper-Threading), we want to avoid L1 @@ -246,7 +262,7 @@ create_elf_tables(struct linux_binprm *bprm, const stru= ct elfhdr *exec, */ ARCH_DLINFO; #endif - NEW_AUX_ENT(AT_HWCAP, ELF_HWCAP); + NEW_AUX_ENT(AT_HWCAP, ELF_HWCAP & ~hwcap_mask[0]); NEW_AUX_ENT(AT_PAGESZ, ELF_EXEC_PAGESIZE); NEW_AUX_ENT(AT_CLKTCK, CLOCKS_PER_SEC); NEW_AUX_ENT(AT_PHDR, phdr_addr); @@ -264,13 +280,13 @@ create_elf_tables(struct linux_binprm *bprm, const st= ruct elfhdr *exec, NEW_AUX_ENT(AT_SECURE, bprm->secureexec); NEW_AUX_ENT(AT_RANDOM, (elf_addr_t)(unsigned long)u_rand_bytes); #ifdef ELF_HWCAP2 - NEW_AUX_ENT(AT_HWCAP2, ELF_HWCAP2); + NEW_AUX_ENT(AT_HWCAP2, ELF_HWCAP2 & ~hwcap_mask[1]); #endif #ifdef ELF_HWCAP3 - NEW_AUX_ENT(AT_HWCAP3, ELF_HWCAP3); + NEW_AUX_ENT(AT_HWCAP3, ELF_HWCAP3 & ~hwcap_mask[2]); #endif #ifdef ELF_HWCAP4 - NEW_AUX_ENT(AT_HWCAP4, ELF_HWCAP4); + NEW_AUX_ENT(AT_HWCAP4, ELF_HWCAP4 & ~hwcap_mask[3]); #endif NEW_AUX_ENT(AT_EXECFN, bprm->exec); if (k_platform) { diff --git a/include/linux/misc_cgroup.h b/include/linux/misc_cgroup.h index 0cb36a3ffc47..cff830c238fb 100644 --- a/include/linux/misc_cgroup.h +++ b/include/linux/misc_cgroup.h @@ -8,6 +8,8 @@ #ifndef _MISC_CGROUP_H_ #define _MISC_CGROUP_H_ =20 +#include + /** * enum misc_res_type - Types of misc cgroup entries supported by the host. */ @@ -26,6 +28,20 @@ enum misc_res_type { MISC_CG_RES_TYPES }; =20 +enum misc_mask_type { + MISC_CG_MASK_HWCAP, +#ifdef ELF_HWCAP2 + MISC_CG_MASK_HWCAP2, +#endif +#ifdef ELF_HWCAP3 + MISC_CG_MASK_HWCAP3, +#endif +#ifdef ELF_HWCAP4 + MISC_CG_MASK_HWCAP4, +#endif + MISC_CG_MASK_TYPES +}; + struct misc_cg; =20 #ifdef CONFIG_CGROUP_MISC @@ -62,12 +78,15 @@ struct misc_cg { struct cgroup_file events_local_file; =20 struct misc_res res[MISC_CG_RES_TYPES]; + u64 mask[MISC_CG_MASK_TYPES]; }; =20 int misc_cg_set_capacity(enum misc_res_type type, u64 capacity); int misc_cg_try_charge(enum misc_res_type type, struct misc_cg *cg, u64 am= ount); void misc_cg_uncharge(enum misc_res_type type, struct misc_cg *cg, u64 amo= unt); =20 +int misc_cg_get_mask(enum misc_mask_type type, struct misc_cg *cg, u64 *pm= ask); + /** * css_misc() - Get misc cgroup from the css. * @css: cgroup subsys state object. @@ -134,5 +153,11 @@ static inline void put_misc_cg(struct misc_cg *cg) { } =20 +static inline int misc_cg_get_mask(enum misc_mask_type type, struct misc_c= g *cg, u64 *pmask) +{ + *pmask =3D 0; + return 0; +} + #endif /* CONFIG_CGROUP_MISC */ #endif /* _MISC_CGROUP_H_ */ diff --git a/kernel/cgroup/misc.c b/kernel/cgroup/misc.c index 6a01d91ea4cb..d1386d86060f 100644 --- a/kernel/cgroup/misc.c +++ b/kernel/cgroup/misc.c @@ -30,6 +30,19 @@ static const char *const misc_res_name[] =3D { #endif }; =20 +static const char *const misc_mask_name[] =3D { + "AT_HWCAP", +#ifdef ELF_HWCAP2 + "AT_HWCAP2", +#endif +#ifdef ELF_HWCAP3 + "AT_HWCAP3", +#endif +#ifdef ELF_HWCAP4 + "AT_HWCAP4", +#endif +}; + /* Root misc cgroup */ static struct misc_cg root_cg; =20 @@ -71,6 +84,11 @@ static inline bool valid_type(enum misc_res_type type) return type >=3D 0 && type < MISC_CG_RES_TYPES; } =20 +static inline bool valid_mask_type(enum misc_mask_type type) +{ + return type >=3D 0 && type < MISC_CG_MASK_TYPES; +} + /** * misc_cg_set_capacity() - Set the capacity of the misc cgroup res. * @type: Type of the misc res. @@ -391,6 +409,109 @@ static int misc_events_local_show(struct seq_file *sf= , void *v) return __misc_events_show(sf, true); } =20 +/** + * misc_cg_get_mask() - Get the mask of the specified type. + * @type: The misc mask type. + * @cg: The misc cgroup. + * @pmask: Pointer to the resulting mask. + * + * This function calculates the effective mask for a given cgroup by walki= ng up + * the hierarchy and ORing the masks from all parent cgroupfs. The final r= esult + * is stored in the location pointed to by @pmask. + * + * Context: Any context. + * Return: 0 on success, -EINVAL if @type is invalid. + */ +int misc_cg_get_mask(enum misc_mask_type type, struct misc_cg *cg, u64 *pm= ask) +{ + struct misc_cg *i; + u64 mask =3D 0; + + if (!(valid_mask_type(type))) + return -EINVAL; + + for (i =3D cg; i; i =3D parent_misc(i)) + mask |=3D READ_ONCE(i->mask[type]); + + *pmask =3D mask; + return 0; +} + +/** + * misc_cg_mask_show() - Show the misc cgroup masks. + * @sf: Interface file + * @v: Arguments passed + * + * Context: Any context. + * Return: 0 to denote successful print. + */ +static int misc_cg_mask_show(struct seq_file *sf, void *v) +{ + struct misc_cg *cg =3D css_misc(seq_css(sf)); + int i; + + for (i =3D 0; i < MISC_CG_MASK_TYPES; i++) { + u64 rval, val =3D READ_ONCE(cg->mask[i]); + + misc_cg_get_mask(i, cg, &rval); + seq_printf(sf, "%s\t%#016llx\t%#016llx\n", misc_mask_name[i], val, rval); + } + + return 0; +} + +/** + * misc_cg_mask_write() - Update the mask of the specified type. + * @of: Handler for the file. + * @buf: The buffer containing the user's input. + * @nbytes: The number of bytes in @buf. + * @off: The offset in the file. + * + * This function parses a user-provided string to update a mask. + * The expected format is " ", for example: + * + * echo "AT_HWCAP 0xf00" > misc.mask + * + * Context: Process context. + * Return: The number of bytes processed on success, or a negative error c= ode + * on failure. + */ +static ssize_t misc_cg_mask_write(struct kernfs_open_file *of, char *buf, + size_t nbytes, loff_t off) +{ + struct misc_cg *cg; + u64 max; + int ret =3D 0, i; + enum misc_mask_type type =3D MISC_CG_MASK_TYPES; + char *token; + + buf =3D strstrip(buf); + token =3D strsep(&buf, " "); + + if (!token || !buf) + return -EINVAL; + + for (i =3D 0; i < MISC_CG_MASK_TYPES; i++) { + if (!strcmp(misc_mask_name[i], token)) { + type =3D i; + break; + } + } + + if (type =3D=3D MISC_CG_MASK_TYPES) + return -EINVAL; + + ret =3D kstrtou64(buf, 0, &max); + if (ret) + return ret; + + cg =3D css_misc(of_css(of)); + + WRITE_ONCE(cg->mask[type], max); + + return nbytes; +} + /* Misc cgroup interface files */ static struct cftype misc_cg_files[] =3D { { @@ -424,6 +545,11 @@ static struct cftype misc_cg_files[] =3D { .file_offset =3D offsetof(struct misc_cg, events_local_file), .seq_show =3D misc_events_local_show, }, + { + .name =3D "mask", + .write =3D misc_cg_mask_write, + .seq_show =3D misc_cg_mask_show, + }, {} }; =20 --=20 2.52.0.223.gf5cc29aaa4-goog From nobody Fri Dec 19 16:26:50 2025 Received: from mail-oi1-f201.google.com (mail-oi1-f201.google.com [209.85.167.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1582C202F70 for ; Fri, 5 Dec 2025 00:58:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.167.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764896331; cv=none; b=rEbO4RU/QmObtUpQoNqIRx0xaYBFqRD+9t3SQr4EBNgq5G5NOmTVYzy6dhBB7aPXX6bORZ+B97z9hOQ5R9AsMluEZ8OmaSIWMvtXk2yT8vF7QUykyaMzLpkmjGJYC9VaKotKi8cKZCLhUQYg1+SscS0nAIvJNPd36ZCABKlyHuY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764896331; c=relaxed/simple; bh=UvSln048ohPOzbLPJhvVxAZd+2oA+tXy8HJRgRIhYLo=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=YlgOKY6bUlo+aS5qiav0p8CO/BzlbJtRmxATgTicGCh8oTMesif8a+ZcUglQ0C9W7wij06pFSO1HzsE8U+DGxfH2mbS6/9w7O1bB8trUJLe/mxIxPTPtTcy89/NLjc+4pOcjq5MutMFkhNcYwE0IC9vrvFYL1zMlaGM1obJqZ4A= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--avagin.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=RYIksOdr; arc=none smtp.client-ip=209.85.167.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--avagin.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="RYIksOdr" Received: by mail-oi1-f201.google.com with SMTP id 5614622812f47-451064d84edso452099b6e.3 for ; Thu, 04 Dec 2025 16:58:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1764896328; x=1765501128; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=K6yuyWg6J+6tRA6+qXQKoG2t2/jCR8bZmCcJlfiuOoE=; b=RYIksOdrOrb/vLo5JbUXC4JyB44TEW/Z6+ubFEpyQI+jC97o6S6q41NqHwvlISfDy1 ytuGWjMqqfkzzl4YcBcr17C2P4l3nTTuAzrNH2+AkVa4D85xGQ64Tj3FhDGwnok1bzuM WDTPblnkY+T5UXIhIsqiHjc7dbcT8PmswhFF1vY0t1GC+CemR+omJRqF9spBlbCJTnDN M/hwHsC5ZZI4OVPCN4sGND6FqeqneQztCJ44XFmSd8+cGnJlHOZAlC4t6ccY4k7mr25t 3TtH19JUu6paKfwWwn0QhS/uNjiICrYq2UG3nzDgsdHzWrgq1pWNTnp8JAvNdXL/WL0j V6UA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764896328; x=1765501128; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=K6yuyWg6J+6tRA6+qXQKoG2t2/jCR8bZmCcJlfiuOoE=; b=OKheRuHHY/wmECfzey3ZDNUAZF7uVxvfpXTFHzQ4kueoJxHdT+wKa336zHEH8ku1MB WGGEKtEeVGLUoOhrIjRty2GcYVuyur5NM7NTxCZnh3bi9Sz0HYDzmRz2GEvyRAoZ9IIp vtYr/D0QHfyIFLZIh+tVKaIulyzLwT3kFl/CWLuIGiWVVXhgcdZZsRsKPzF+WfOREl5l acXuLuiYozO8MwqPY6gIOPN2IqNiuh0HmYg/wg43+DN1Rh8mVdzROoqtL18hr4/At2PN L1GF+yyKWAuEzolm2ZW32qL2XCDxdv0kDgT6VRVGlUw+KIg8ZNZrqq0RBitDJgSPudqX RsSw== X-Gm-Message-State: AOJu0YzZn2x8KDLrmFjl+W4cUbKjwQj8FOWkk8Ht7GYFlyc8Y64FEEgz cl6FUleuH2WIrAg8ZWMPGmE8t5yOVbNHsYmEyZx7F/xQlc5tlApuq5qmnxtIikooMi/YfHoru3T P4aMJiQ== X-Google-Smtp-Source: AGHT+IFADxKy/vFest5snAc0m/D0WWFhbz7XE0sMmrJDgeiYPmoKVCscGluChmmNgyVRHEbkPAnHLRJv63w= X-Received: from ioxv4.prod.google.com ([2002:a05:6602:584:b0:948:a326:e2d6]) (user=avagin job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6808:1899:b0:450:d09a:8ce7 with SMTP id 5614622812f47-45379cc4f26mr2830491b6e.20.1764896328239; Thu, 04 Dec 2025 16:58:48 -0800 (PST) Date: Fri, 5 Dec 2025 00:58:31 +0000 In-Reply-To: <20251205005841.3942668-1-avagin@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20251205005841.3942668-1-avagin@google.com> X-Mailer: git-send-email 2.52.0.223.gf5cc29aaa4-goog Message-ID: <20251205005841.3942668-4-avagin@google.com> Subject: [PATCH 2/3] selftests/cgroup: Add a test for the misc.mask cgroup interface From: Andrei Vagin To: Kees Cook Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, cgroups@vger.kernel.org, criu@lists.linux.dev, Tejun Heo , Johannes Weiner , "=?UTF-8?q?Michal=20Koutn=C3=BD?=" , Vipin Sharma , Jonathan Corbet , Andrei Vagin Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add a selftest for the misc.mask cgroup interface. The test verifies that the misc.mask file is present and has the correct default value, that it is possible to write a new mask to the file, and that the mask is inherited by sub-cgroups. Signed-off-by: Andrei Vagin --- tools/testing/selftests/cgroup/.gitignore | 1 + tools/testing/selftests/cgroup/Makefile | 2 + tools/testing/selftests/cgroup/config | 1 + tools/testing/selftests/cgroup/test_misc.c | 118 +++++++++++++++++++++ 4 files changed, 122 insertions(+) create mode 100644 tools/testing/selftests/cgroup/test_misc.c diff --git a/tools/testing/selftests/cgroup/.gitignore b/tools/testing/self= tests/cgroup/.gitignore index 952e4448bf07..3ced02a3634b 100644 --- a/tools/testing/selftests/cgroup/.gitignore +++ b/tools/testing/selftests/cgroup/.gitignore @@ -7,6 +7,7 @@ test_hugetlb_memcg test_kill test_kmem test_memcontrol +test_misc test_pids test_zswap wait_inotify diff --git a/tools/testing/selftests/cgroup/Makefile b/tools/testing/selfte= sts/cgroup/Makefile index e01584c2189a..6e9e92f89d8a 100644 --- a/tools/testing/selftests/cgroup/Makefile +++ b/tools/testing/selftests/cgroup/Makefile @@ -15,6 +15,7 @@ TEST_GEN_PROGS +=3D test_hugetlb_memcg TEST_GEN_PROGS +=3D test_kill TEST_GEN_PROGS +=3D test_kmem TEST_GEN_PROGS +=3D test_memcontrol +TEST_GEN_PROGS +=3D test_misc TEST_GEN_PROGS +=3D test_pids TEST_GEN_PROGS +=3D test_zswap =20 @@ -31,5 +32,6 @@ $(OUTPUT)/test_hugetlb_memcg: $(LIBCGROUP_O) $(OUTPUT)/test_kill: $(LIBCGROUP_O) $(OUTPUT)/test_kmem: $(LIBCGROUP_O) $(OUTPUT)/test_memcontrol: $(LIBCGROUP_O) +$(OUTPUT)/test_misc: $(LIBCGROUP_O) $(OUTPUT)/test_pids: $(LIBCGROUP_O) $(OUTPUT)/test_zswap: $(LIBCGROUP_O) diff --git a/tools/testing/selftests/cgroup/config b/tools/testing/selftest= s/cgroup/config index 39f979690dd3..9e3d03736f5a 100644 --- a/tools/testing/selftests/cgroup/config +++ b/tools/testing/selftests/cgroup/config @@ -1,6 +1,7 @@ CONFIG_CGROUPS=3Dy CONFIG_CGROUP_CPUACCT=3Dy CONFIG_CGROUP_FREEZER=3Dy +CONFIG_CGROUP_MISC=3Dy CONFIG_CGROUP_SCHED=3Dy CONFIG_MEMCG=3Dy CONFIG_PAGE_COUNTER=3Dy diff --git a/tools/testing/selftests/cgroup/test_misc.c b/tools/testing/sel= ftests/cgroup/test_misc.c new file mode 100644 index 000000000000..50e8acb51852 --- /dev/null +++ b/tools/testing/selftests/cgroup/test_misc.c @@ -0,0 +1,118 @@ +// SPDX-License-Identifier: GPL-2.0 +#define _GNU_SOURCE + +#include +#include +#include +#include +#include +#include +#include + +#include "../kselftest.h" +#include "cgroup_util.h" + +/* + * This test checks that misc.mask works correctly. + */ +static int test_misc_mask(const char *root) +{ + int ret =3D KSFT_FAIL; + char *cg_misc, *cg_misc_sub =3D NULL; + + cg_misc =3D cg_name(root, "misc_test"); + if (!cg_misc) + goto cleanup; + + cg_misc_sub =3D cg_name(root, "misc_test/sub"); + if (!cg_misc_sub) + goto cleanup; + + if (cg_create(cg_misc)) + goto cleanup; + + if (cg_read_strcmp(cg_misc, "misc.mask", + "AT_HWCAP\t0x00000000000000\t0x00000000000000\n")) + goto cleanup; + + if (cg_write(cg_misc, "misc.mask", "AT_HWCAP 0xf0000000000000")) + goto cleanup; + + if (cg_read_strcmp(cg_misc, "misc.mask", + "AT_HWCAP\t0xf0000000000000\t0xf0000000000000\n")) + goto cleanup; + + if (cg_write(cg_misc, "cgroup.subtree_control", "+misc")) + goto cleanup; + + if (cg_create(cg_misc_sub)) + goto cleanup; + + if (cg_read_strcmp(cg_misc_sub, "misc.mask", + "AT_HWCAP\t0x00000000000000\t0xf0000000000000\n")) + goto cleanup; + + if (cg_write(cg_misc_sub, "misc.mask", "AT_HWCAP 0x01000000000000")) + goto cleanup; + + if (cg_read_strcmp(cg_misc_sub, "misc.mask", + "AT_HWCAP\t0x01000000000000\t0xf1000000000000\n")) + goto cleanup; + + ret =3D KSFT_PASS; + +cleanup: + cg_enter_current(root); + cg_destroy(cg_misc_sub); + cg_destroy(cg_misc); + free(cg_misc); + free(cg_misc_sub); + + return ret; +} + +#define T(x) { x, #x } +struct misc_test { + int (*fn)(const char *root); + const char *name; +} tests[] =3D { + T(test_misc_mask), +}; +#undef T + +int main(int argc, char **argv) +{ + char root[PATH_MAX]; + + ksft_print_header(); + ksft_set_plan(ARRAY_SIZE(tests)); + if (cg_find_unified_root(root, sizeof(root), NULL)) + ksft_exit_skip("cgroup v2 isn't mounted\n"); + + /* + * Check that misc controller is available: + * misc is listed in cgroup.controllers + */ + if (cg_read_strstr(root, "cgroup.controllers", "misc")) + ksft_exit_skip("misc controller isn't available\n"); + + if (cg_read_strstr(root, "cgroup.subtree_control", "misc")) + if (cg_write(root, "cgroup.subtree_control", "+misc")) + ksft_exit_skip("Failed to set misc controller\n"); + + for (int i =3D 0; i < ARRAY_SIZE(tests); i++) { + switch (tests[i].fn(root)) { + case KSFT_PASS: + ksft_test_result_pass("%s\n", tests[i].name); + break; + case KSFT_SKIP: + ksft_test_result_skip("%s\n", tests[i].name); + break; + default: + ksft_test_result_fail("%s\n", tests[i].name); + break; + } + } + + ksft_finished(); +} --=20 2.52.0.223.gf5cc29aaa4-goog From nobody Fri Dec 19 16:26:50 2025 Received: from mail-oi1-f201.google.com (mail-oi1-f201.google.com [209.85.167.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9DC171F471F for ; Fri, 5 Dec 2025 00:58:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.167.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764896332; cv=none; b=B4DXHuKul1pPzEUnbEkhAAGFZjqyTPUgzqi0RDhrazFkwfbHSEsgzlgcBpYs9Y/BoXsVKDNGc4Sa2rk/WURANwUo58tXAKhb1NsM1xNuHOQwD9HBrRrL7y1rwHAkfYdNSipRNPhPrItsDgElTA6NgxVMQE3rbVxL6Oto4UbGbWs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764896332; c=relaxed/simple; bh=LLwOjwJb3krQOl35pm6jPUBFIvmN0U0U/HlVN35oQmQ=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=G60hTKNnjxQ7ifyklk5KCrT2iOg8o56+l70Unk+k+flX3vtdXsSxLNSgZkE7bMf1Rne97TwNxms0dS3Jc6+qAEIyVEhQxpB+rRAvXlaWefLRy+MA3OpPahWekVz6Cig398Efeb9pYk9UoEWBkdgcBt/3vP5vKjhOm7tIfpLKY9s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--avagin.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=pu0MNb0e; arc=none smtp.client-ip=209.85.167.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--avagin.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="pu0MNb0e" Received: by mail-oi1-f201.google.com with SMTP id 5614622812f47-450b8303c1cso2153393b6e.0 for ; Thu, 04 Dec 2025 16:58:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1764896329; x=1765501129; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=bVE0N0KUpY0wO1fMUhmyg8I9ioeDz1sYwcQ5NNPx/VI=; b=pu0MNb0eIh3SqZbOq8ShY0wCZTmi6kG5Fo+kqHqdMby0LhQ3z+iEUltuPHsoyv0LQy fwNU8V+BdXuVHMV0FC5VS5Wrq4zbswIvW2yqmn17wNbw22u5636fw+XvBw65gn0TZIZ4 GM/Lf9pJDB56AGui08QYRJyE+R3640z1buFm30bWjhd3zj6ilz3PocA2/k3iB4pPaNu0 Yn6Rj8Ws1pmVuvi7R25p/VnjAdD45pnTlRL8ZRp8aWV6IiICymL9gRRxWfFSYcGLiDi2 lQ+Y1oDAlT0rzRomDdGKqtyB+R3OsHUZnudA9IRT3EgCWq0D1URDUX6QnVu49rr605o2 zVUA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764896329; x=1765501129; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=bVE0N0KUpY0wO1fMUhmyg8I9ioeDz1sYwcQ5NNPx/VI=; b=q6CotSmpyDyWI+x+k6zEIqdjQHZ83l+Gz4BOy7TJ354UIfDkA0G8pOo2T359bBxAT+ B/kLWBkZVpKaIi2+82JwFfXtmu/M5eSpuSpTj0mHPDVvqIG0WPN4HnDZDZv6G7uSofLz hL02uBLZysafskYmD9zRc3impGpBf3XHicmJrjObSZVrRgcfEMa8BxUWkPdDNTYpjIdT 0OpZueb/cDr8NjBIZxiq93ltE3V69JfLs6uHQ+Ao5d/DytaN5NFIqwZeKuVfBB7+ereI kss9+ZdLBF8RTOGzteoG/0PwrFl3VnmGe0z6y/Lb9WvjF+Xp8hJDORPKm7uhy75mqZyB sdSw== X-Gm-Message-State: AOJu0Yyo04dLbn2zoj5NJshzLy+RZ39KhKKnGrFI0G2JEJl+wLGeFvQ1 b5S/CKKr7aLXtgm9P6HvHnLBaFYgrvgNBVfpvg3n+cwi7qQcn9cW7LsmgIVQXEcuxQg4xfz+8P4 eKCJyHw== X-Google-Smtp-Source: AGHT+IFifApyQ81uqcVNp3ozqjh2VV5F+exYOtd6RAsz1O9td1lhZ/L2nTazk9kUzTzPa/vDQgHRCZrkH4g= X-Received: from iobfb16.prod.google.com ([2002:a05:6602:3f90:b0:949:11f9:31f7]) (user=avagin job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6808:11c4:b0:450:b3ec:c154 with SMTP id 5614622812f47-4536e3de299mr4587772b6e.25.1764896329505; Thu, 04 Dec 2025 16:58:49 -0800 (PST) Date: Fri, 5 Dec 2025 00:58:32 +0000 In-Reply-To: <20251205005841.3942668-1-avagin@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20251205005841.3942668-1-avagin@google.com> X-Mailer: git-send-email 2.52.0.223.gf5cc29aaa4-goog Message-ID: <20251205005841.3942668-5-avagin@google.com> Subject: [PATCH 3/3] Documentation: cgroup-v2: Document misc.mask interface From: Andrei Vagin To: Kees Cook Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, cgroups@vger.kernel.org, criu@lists.linux.dev, Tejun Heo , Johannes Weiner , "=?UTF-8?q?Michal=20Koutn=C3=BD?=" , Vipin Sharma , Jonathan Corbet , Andrei Vagin Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Updates the cgroup-v2 documentation to include details about the newly introduced 'misc.mask' interface. This interface, part of the 'misc' cgroup controller, allows masking out hardware capabilities (AT_HWCAP, AT_HWCAP2, AT_HWCAP3, AT_HWCAP4) reported to user-space processes within a cgroup. Signed-off-by: Andrei Vagin --- Documentation/admin-guide/cgroup-v2.rst | 25 +++++++++++++++++++++++++ Documentation/arch/arm64/elf_hwcaps.rst | 21 +++++++++++++++++++++ 2 files changed, 46 insertions(+) diff --git a/Documentation/admin-guide/cgroup-v2.rst b/Documentation/admin-= guide/cgroup-v2.rst index 4c072e85acdf..9d9d923e0d4e 100644 --- a/Documentation/admin-guide/cgroup-v2.rst +++ b/Documentation/admin-guide/cgroup-v2.rst @@ -2924,6 +2924,31 @@ Miscellaneous controller provides 3 interface files.= If two misc resources (res_ cgroup i.e. not hierarchical. The file modified event generated on this file reflects only the local events. =20 +Miscellaneous controller provides one interface file to control masks. + + misc.mask + A read-write flat-keyed file shown in all cgroups. It allows + setting/reading the masks. The file format is a series of lines, each + describing a mask of a specific mask type. + + The file has the following format for each line:: + + $NAME\t$LOCAL_MASK\t$EFFECTIVE_MASK + + Where $NAME is the mask type name, $LOCAL_MASK is the mask for the + current cgroup, and $EFFECTIVE_MASK is the effective mask for the + current cgroup, which is a combination of the masks from the current + cgroup and all its ancestors. + + To set a mask, write a string in the following format to the file:: + + $NAME $MASK + + For example, to set a mask for the mask_a type, you would write the + following to the file:: + + # echo "mask_a 0x3000" > misc.mask + Migration and Ownership ~~~~~~~~~~~~~~~~~~~~~~~ =20 diff --git a/Documentation/arch/arm64/elf_hwcaps.rst b/Documentation/arch/a= rm64/elf_hwcaps.rst index a15df4956849..5526daff5d30 100644 --- a/Documentation/arch/arm64/elf_hwcaps.rst +++ b/Documentation/arch/arm64/elf_hwcaps.rst @@ -450,3 +450,24 @@ HWCAP3_LSFE =20 For interoperation with userspace, the kernel guarantees that bits 62 and 63 of AT_HWCAP will always be returned as 0. + +5. Masking hwcaps for a group of processes +-------------------------------- + +The misc cgroup controller provides a mechanism to mask hwcaps for a speci= fic +workload. This can be useful for limiting the features available to a +containerized application. + +To mask hwcaps, you can write a mask to the ``misc.mask`` file in the cgro= up +directory. The mask is specified per AT_HWCAP entry (AT_HWCAP, AT_HWCAP2, +AT_HWCAP3) in the format `` ``. + +For example, to mask ``HWCAP_FP`` and ``HWCAP_ASIMD`` (which are represent= ed by +bits 0 and 1 of AT_HWCAP, so a mask of 0x3) for a workload, you would writ= e the +mask for AT_HWCAP to the ``misc.mask`` file in the new cgroup directory:: + + # echo "AT_HWCAP 0x3" > /sys/fs/cgroup/misc/my-workload/misc.mask + +Any new processes started in this cgroup will have the specified hwcaps +masked. You can verify this by reading the ``misc.mask`` file, which will +show the effective mask for the cgroup. --=20 2.52.0.223.gf5cc29aaa4-goog