tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge branch 'sched-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip

* 'sched-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
sched: don't allow setuid to succeed if the user does not have rt bandwidth
sched_rt: don't start timer when rt bandwidth disabled

Linus Torvalds 219f170a 3024e4a9

+54 -14
+4
include/linux/sched.h
··· 2291 2291 extern int sched_group_set_rt_period(struct task_group *tg, 2292 2292 long rt_period_us); 2293 2293 extern long sched_group_rt_period(struct task_group *tg); 2294 + extern int sched_rt_can_attach(struct task_group *tg, struct task_struct *tsk); 2294 2295 #endif 2295 2296 #endif 2297 + 2298 + extern int task_can_switch_user(struct user_struct *up, 2299 + struct task_struct *tsk); 2296 2300 2297 2301 #ifdef CONFIG_TASK_XACCT 2298 2302 static inline void add_rchar(struct task_struct *tsk, ssize_t amt)
+12 -3
kernel/sched.c
··· 223 223 { 224 224 ktime_t now; 225 225 226 - if (rt_bandwidth_enabled() && rt_b->rt_runtime == RUNTIME_INF) 226 + if (!rt_bandwidth_enabled() || rt_b->rt_runtime == RUNTIME_INF) 227 227 return; 228 228 229 229 if (hrtimer_active(&rt_b->rt_period_timer)) ··· 9224 9224 9225 9225 return ret; 9226 9226 } 9227 + 9228 + int sched_rt_can_attach(struct task_group *tg, struct task_struct *tsk) 9229 + { 9230 + /* Don't accept realtime tasks when there is no way for them to run */ 9231 + if (rt_task(tsk) && tg->rt_bandwidth.rt_runtime == 0) 9232 + return 0; 9233 + 9234 + return 1; 9235 + } 9236 + 9227 9237 #else /* !CONFIG_RT_GROUP_SCHED */ 9228 9238 static int sched_rt_global_constraints(void) 9229 9239 { ··· 9327 9317 struct task_struct *tsk) 9328 9318 { 9329 9319 #ifdef CONFIG_RT_GROUP_SCHED 9330 - /* Don't accept realtime tasks when there is no way for them to run */ 9331 - if (rt_task(tsk) && cgroup_tg(cgrp)->rt_bandwidth.rt_runtime == 0) 9320 + if (!sched_rt_can_attach(cgroup_tg(cgrp), tsk)) 9332 9321 return -EINVAL; 9333 9322 #else 9334 9323 /* We don't support RT-tasks being in separate groups */
+20 -11
kernel/sys.c
··· 559 559 abort_creds(new); 560 560 return retval; 561 561 } 562 - 562 + 563 563 /* 564 564 * change the user struct in a credentials set to match the new UID 565 565 */ ··· 570 570 new_user = alloc_uid(current_user_ns(), new->uid); 571 571 if (!new_user) 572 572 return -EAGAIN; 573 + 574 + if (!task_can_switch_user(new_user, current)) { 575 + free_uid(new_user); 576 + return -EINVAL; 577 + } 573 578 574 579 if (atomic_read(&new_user->processes) >= 575 580 current->signal->rlim[RLIMIT_NPROC].rlim_cur && ··· 636 631 goto error; 637 632 } 638 633 639 - retval = -EAGAIN; 640 - if (new->uid != old->uid && set_user(new) < 0) 641 - goto error; 642 - 634 + if (new->uid != old->uid) { 635 + retval = set_user(new); 636 + if (retval < 0) 637 + goto error; 638 + } 643 639 if (ruid != (uid_t) -1 || 644 640 (euid != (uid_t) -1 && euid != old->uid)) 645 641 new->suid = new->euid; ··· 686 680 retval = -EPERM; 687 681 if (capable(CAP_SETUID)) { 688 682 new->suid = new->uid = uid; 689 - if (uid != old->uid && set_user(new) < 0) { 690 - retval = -EAGAIN; 691 - goto error; 683 + if (uid != old->uid) { 684 + retval = set_user(new); 685 + if (retval < 0) 686 + goto error; 692 687 } 693 688 } else if (uid != old->uid && uid != new->suid) { 694 689 goto error; ··· 741 734 goto error; 742 735 } 743 736 744 - retval = -EAGAIN; 745 737 if (ruid != (uid_t) -1) { 746 738 new->uid = ruid; 747 - if (ruid != old->uid && set_user(new) < 0) 748 - goto error; 739 + if (ruid != old->uid) { 740 + retval = set_user(new); 741 + if (retval < 0) 742 + goto error; 743 + } 749 744 } 750 745 if (euid != (uid_t) -1) 751 746 new->euid = euid;
+18
kernel/user.c
··· 362 362 363 363 #endif 364 364 365 + #if defined(CONFIG_RT_GROUP_SCHED) && defined(CONFIG_USER_SCHED) 366 + /* 367 + * We need to check if a setuid can take place. This function should be called 368 + * before successfully completing the setuid. 369 + */ 370 + int task_can_switch_user(struct user_struct *up, struct task_struct *tsk) 371 + { 372 + 373 + return sched_rt_can_attach(up->tg, tsk); 374 + 375 + } 376 + #else 377 + int task_can_switch_user(struct user_struct *up, struct task_struct *tsk) 378 + { 379 + return 1; 380 + } 381 + #endif 382 + 365 383 /* 366 384 * Locate the user_struct for the passed UID. If found, take a ref on it. The 367 385 * caller must undo that ref with free_uid().