Commit 519fabc7 authored by Suren Baghdasaryan's avatar Suren Baghdasaryan Committed by Peter Zijlstra

psi: remove 500ms min window size limitation for triggers

Current 500ms min window size for psi triggers limits polling interval
to 50ms to prevent polling threads from using too much cpu bandwidth by
polling too frequently. However the number of cgroups with triggers is
unlimited, so this protection can be defeated by creating multiple
cgroups with psi triggers (triggers in each cgroup are served by a single
"psimon" kernel thread).
Instead of limiting min polling period, which also limits the latency of
psi events, it's better to limit psi trigger creation to authorized users
only, like we do for system-wide psi triggers (/proc/pressure/* files can
be written only by processes with CAP_SYS_RESOURCE capability). This also
makes access rules for cgroup psi files consistent with system-wide ones.
Add a CAP_SYS_RESOURCE capability check for cgroup psi file writers and
remove the psi window min size limitation.
Suggested-by: default avatarSudarshan Rajagopalan <quic_sudaraja@quicinc.com>
Signed-off-by: default avatarSuren Baghdasaryan <surenb@google.com>
Signed-off-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: default avatarMichal Hocko <mhocko@suse.com>
Acked-by: default avatarJohannes Weiner <hannes@cmpxchg.org>
Link: https://lore.kernel.org/all/cover.1676067791.git.quic_sudaraja@quicinc.com/
parent 044f0e27
...@@ -3877,6 +3877,14 @@ static __poll_t cgroup_pressure_poll(struct kernfs_open_file *of, ...@@ -3877,6 +3877,14 @@ static __poll_t cgroup_pressure_poll(struct kernfs_open_file *of,
return psi_trigger_poll(&ctx->psi.trigger, of->file, pt); return psi_trigger_poll(&ctx->psi.trigger, of->file, pt);
} }
static int cgroup_pressure_open(struct kernfs_open_file *of)
{
if (of->file->f_mode & FMODE_WRITE && !capable(CAP_SYS_RESOURCE))
return -EPERM;
return 0;
}
static void cgroup_pressure_release(struct kernfs_open_file *of) static void cgroup_pressure_release(struct kernfs_open_file *of)
{ {
struct cgroup_file_ctx *ctx = of->priv; struct cgroup_file_ctx *ctx = of->priv;
...@@ -5276,6 +5284,7 @@ static struct cftype cgroup_psi_files[] = { ...@@ -5276,6 +5284,7 @@ static struct cftype cgroup_psi_files[] = {
{ {
.name = "io.pressure", .name = "io.pressure",
.file_offset = offsetof(struct cgroup, psi_files[PSI_IO]), .file_offset = offsetof(struct cgroup, psi_files[PSI_IO]),
.open = cgroup_pressure_open,
.seq_show = cgroup_io_pressure_show, .seq_show = cgroup_io_pressure_show,
.write = cgroup_io_pressure_write, .write = cgroup_io_pressure_write,
.poll = cgroup_pressure_poll, .poll = cgroup_pressure_poll,
...@@ -5284,6 +5293,7 @@ static struct cftype cgroup_psi_files[] = { ...@@ -5284,6 +5293,7 @@ static struct cftype cgroup_psi_files[] = {
{ {
.name = "memory.pressure", .name = "memory.pressure",
.file_offset = offsetof(struct cgroup, psi_files[PSI_MEM]), .file_offset = offsetof(struct cgroup, psi_files[PSI_MEM]),
.open = cgroup_pressure_open,
.seq_show = cgroup_memory_pressure_show, .seq_show = cgroup_memory_pressure_show,
.write = cgroup_memory_pressure_write, .write = cgroup_memory_pressure_write,
.poll = cgroup_pressure_poll, .poll = cgroup_pressure_poll,
...@@ -5292,6 +5302,7 @@ static struct cftype cgroup_psi_files[] = { ...@@ -5292,6 +5302,7 @@ static struct cftype cgroup_psi_files[] = {
{ {
.name = "cpu.pressure", .name = "cpu.pressure",
.file_offset = offsetof(struct cgroup, psi_files[PSI_CPU]), .file_offset = offsetof(struct cgroup, psi_files[PSI_CPU]),
.open = cgroup_pressure_open,
.seq_show = cgroup_cpu_pressure_show, .seq_show = cgroup_cpu_pressure_show,
.write = cgroup_cpu_pressure_write, .write = cgroup_cpu_pressure_write,
.poll = cgroup_pressure_poll, .poll = cgroup_pressure_poll,
...@@ -5301,6 +5312,7 @@ static struct cftype cgroup_psi_files[] = { ...@@ -5301,6 +5312,7 @@ static struct cftype cgroup_psi_files[] = {
{ {
.name = "irq.pressure", .name = "irq.pressure",
.file_offset = offsetof(struct cgroup, psi_files[PSI_IRQ]), .file_offset = offsetof(struct cgroup, psi_files[PSI_IRQ]),
.open = cgroup_pressure_open,
.seq_show = cgroup_irq_pressure_show, .seq_show = cgroup_irq_pressure_show,
.write = cgroup_irq_pressure_write, .write = cgroup_irq_pressure_write,
.poll = cgroup_pressure_poll, .poll = cgroup_pressure_poll,
......
...@@ -160,7 +160,6 @@ __setup("psi=", setup_psi); ...@@ -160,7 +160,6 @@ __setup("psi=", setup_psi);
#define EXP_300s 2034 /* 1/exp(2s/300s) */ #define EXP_300s 2034 /* 1/exp(2s/300s) */
/* PSI trigger definitions */ /* PSI trigger definitions */
#define WINDOW_MIN_US 500000 /* Min window size is 500ms */
#define WINDOW_MAX_US 10000000 /* Max window size is 10s */ #define WINDOW_MAX_US 10000000 /* Max window size is 10s */
#define UPDATES_PER_WINDOW 10 /* 10 updates per window */ #define UPDATES_PER_WINDOW 10 /* 10 updates per window */
...@@ -1305,8 +1304,7 @@ struct psi_trigger *psi_trigger_create(struct psi_group *group, ...@@ -1305,8 +1304,7 @@ struct psi_trigger *psi_trigger_create(struct psi_group *group,
if (state >= PSI_NONIDLE) if (state >= PSI_NONIDLE)
return ERR_PTR(-EINVAL); return ERR_PTR(-EINVAL);
if (window_us < WINDOW_MIN_US || if (window_us == 0 || window_us > WINDOW_MAX_US)
window_us > WINDOW_MAX_US)
return ERR_PTR(-EINVAL); return ERR_PTR(-EINVAL);
/* /*
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment