Re: [patch] cgroups: disallow attaching kthreadd
From: Mike Galbraith
Date: Tue Apr 03 2012 - 22:34:40 EST
On Tue, 2012-04-03 at 11:49 -0700, Tejun Heo wrote:
> On Tue, Apr 03, 2012 at 07:58:26PM +0200, Mike Galbraith wrote:
> > @@ -1894,6 +1895,14 @@ int cgroup_attach_task(struct cgroup *cg
> > if (tsk->flags & PF_EXITING)
> > return -ESRCH;
> >
> > + /*
> > + * Workqueue threads may acquire PF_THREAD_BOUND and become
> > + * trapped in a cpuset, or RT worker may be born in a cgroup
> > + * with no rt_runtime allocated. Just say no.
> > + */
> > + if (tsk == kthreadd_task)
> > + return -EINVAL;
> > +
> > /* Nothing to do if the task is already in that cgroup */
> > oldcgrp = task_cgroup_from_root(tsk, root);
> > if (cgrp == oldcgrp)
> > @@ -2172,6 +2181,17 @@ static int attach_task_by_pid(struct cgr
> >
> > if (threadgroup)
> > tsk = tsk->group_leader;
> > +
> > + /*
> > + * Workqueue threads may acquire PF_THREAD_BOUND and become
> > + * trapped in a cpuset, or RT worker may be born in a cgroup
> > + * with no rt_runtime allocated. Just say no.
> > + */
> > + if (tsk == kthreadd_task) {
> > + ret = -EINVAL;
> > + goto out_unlock_cgroup;
> > + }
>
> If we have this test here, do we need the same check in
> cgroup_attach_task()/
It looked to me like yes, because cgroup_attach_task() can be called
directly. For the problem at hand, user script doing bad things, no,
it's not needed.
-Mike
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/