From patchwork Mon Nov  8 21:19:56 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Mina Almasry <almasrymina@google.com>
X-Patchwork-Id: 12609109
Return-Path: <SRS0=Ztt1=P3=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id F081FC433EF
	for <linux-mm@archiver.kernel.org>; Mon,  8 Nov 2021 21:20:11 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id 821DC61361
	for <linux-mm@archiver.kernel.org>; Mon,  8 Nov 2021 21:20:11 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 821DC61361
Authentication-Results: mail.kernel.org;
 dmarc=fail (p=reject dis=none) header.from=google.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org
Received: by kanga.kvack.org (Postfix)
	id 224E46B0072; Mon,  8 Nov 2021 16:20:11 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 1D4646B0073; Mon,  8 Nov 2021 16:20:11 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 0C5586B0074; Mon,  8 Nov 2021 16:20:11 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0082.hostedemail.com
 [216.40.44.82])
	by kanga.kvack.org (Postfix) with ESMTP id F3AFD6B0072
	for <linux-mm@kvack.org>; Mon,  8 Nov 2021 16:20:10 -0500 (EST)
Received: from smtpin15.hostedemail.com (10.5.19.251.rfc1918.com
 [10.5.19.251])
	by forelay01.hostedemail.com (Postfix) with ESMTP id AF4471813708F
	for <linux-mm@kvack.org>; Mon,  8 Nov 2021 21:20:10 +0000 (UTC)
X-FDA: 78787030980.15.7C61415
Received: from mail-pf1-f201.google.com (mail-pf1-f201.google.com
 [209.85.210.201])
	by imf02.hostedemail.com (Postfix) with ESMTP id 7C39B7001713
	for <linux-mm@kvack.org>; Mon,  8 Nov 2021 21:20:04 +0000 (UTC)
Received: by mail-pf1-f201.google.com with SMTP id
 z19-20020aa79593000000b0049472f5e52dso7655517pfj.13
        for <linux-mm@kvack.org>; Mon, 08 Nov 2021 13:20:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=date:in-reply-to:message-id:mime-version:references:subject:from:cc;
        bh=ZMz9mAglfr0087cpLEYUjV++mI1ePPikWKx3K/Mi3/g=;
        b=eQWejA7DFPbb3XHQdQsO1O81F5j5nVRtuzAWVptvU8ipbvidXvGHeRvBEGV3TQkuZF
         N3LeJhdmJgoOx/k2uvb5EIouPRu3C7cFY65zSv0oTcZDXNgPzd9eSIlizIPrInInwDtL
         5wXMuiLX4K8Rno4G9cb4cN98D3aUBpOCjdLKD7ujQGYDACFdBqyO7WYQ8GMQND9QCR1b
         PT/05SKYcgXAKhwmuBt6ectzJBGyMkfPIcH5RzlDAwmZhGPxX78FC3ZWaoJFPUNPmRdk
         oYfNA+dmEwc22B5Pd6dhT5v9UApeCz8JPwyof+w2wq84JtHlW6pTHqan783jaEiRQAA9
         bi0A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:date:in-reply-to:message-id:mime-version
         :references:subject:from:cc;
        bh=ZMz9mAglfr0087cpLEYUjV++mI1ePPikWKx3K/Mi3/g=;
        b=BUt2oha179XzI/wjY2hs/FQGq+87RvadSJHfeZNGv4LSfluSgyaGtH/g18ZK2NzmP5
         MnUdQ9L9zUoCb4wog/dCdtlrje9MxUoMgoa6uOXs0satfi9Hru9DpeOXky82Thpmqxkt
         ZK7c0HJQ3+OIqnrA/AhbXZc5acEQ3+L/9hxlDP9tLtGzEoeYFQG4uHatqPVUf220sB2F
         tB3ltgDH36DOjewk4EXoFZDxrZwN0nYMxg3OJT74FfJU0kfY/sB9DkGyg6cPRmGBjz4R
         LcoQccqGa7083YWeB36PiOA0c4oG3bqWfpO4EJS/Z02Ul14UEhek4/8/XaiObL6umxb0
         3yRw==
X-Gm-Message-State: AOAM532q5iCJs7CEEv79Jydc7lyF5+PXvO5iYli9VBVUlmopDK51NvQh
	4kRw1Zbe7VKEKtye+V87XjxwX6bgweEyPA11UQ==
X-Google-Smtp-Source: 
 ABdhPJyqUdcqHHS5ZEYdqfLkpdwzUGFGnjlm/Fxt/QXzAUvg/F+LJxhmAcpzJ6AmbPdNMFtj9kgXoLfmK/WLh9sHaQ==
X-Received: from almasrymina.svl.corp.google.com
 ([2620:15c:2cd:202:8717:7707:fb59:664e])
 (user=almasrymina job=sendgmr) by 2002:a17:902:bb96:b0:13f:b181:58ef with
 SMTP id m22-20020a170902bb9600b0013fb18158efmr2368937pls.2.1636406409232;
 Mon, 08 Nov 2021 13:20:09 -0800 (PST)
Date: Mon,  8 Nov 2021 13:19:56 -0800
In-Reply-To: <20211108211959.1750915-1-almasrymina@google.com>
Message-Id: <20211108211959.1750915-3-almasrymina@google.com>
Mime-Version: 1.0
References: <20211108211959.1750915-1-almasrymina@google.com>
X-Mailer: git-send-email 2.34.0.rc0.344.g81b53c2807-goog
Subject: [PATCH v1 2/5] mm: add tmpfs memcg= permissions check
From: Mina Almasry <almasrymina@google.com>
Cc: Mina Almasry <almasrymina@google.com>, Michal Hocko <mhocko@suse.com>,
	"Theodore Ts'o" <tytso@mit.edu>, Greg Thelen <gthelen@google.com>,
 Shakeel Butt <shakeelb@google.com>,
	Andrew Morton <akpm@linux-foundation.org>, Hugh Dickins <hughd@google.com>,
	Roman Gushchin <songmuchun@bytedance.com>,
 Johannes Weiner <hannes@cmpxchg.org>, Tejun Heo <tj@kernel.org>,
	Vladimir Davydov <vdavydov.dev@gmail.com>, riel@surriel.com,
 linux-mm@kvack.org,
	linux-fsdevel@vger.kernel.org, cgroups@vger.kernel.org
X-Rspamd-Server: rspam01
X-Rspamd-Queue-Id: 7C39B7001713
X-Stat-Signature: dc85eknzjkbu1cixmcezz1etiydki5te
Authentication-Results: imf02.hostedemail.com;
	dkim=pass header.d=google.com header.s=20210112 header.b=eQWejA7D;
	spf=pass (imf02.hostedemail.com: domain of
 3iZSJYQsKCOoMXYMedkYUZMSaaSXQ.OaYXUZgj-YYWhMOW.adS@flex--almasrymina.bounces.google.com
 designates 209.85.210.201 as permitted sender)
 smtp.mailfrom=3iZSJYQsKCOoMXYMedkYUZMSaaSXQ.OaYXUZgj-YYWhMOW.adS@flex--almasrymina.bounces.google.com;
	dmarc=pass (policy=reject) header.from=google.com
X-HE-Tag: 1636406404-638018
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

Restricts the mounting of tmpfs:

mount -t tmpfs -o memcg=<cgroup>

Only if the mounting task is allowed to open <cgroup>/cgroup.procs file
and allowed to enter the cgroup. Thus, processes are allowed to direct
tmpfs changes to a cgroup that they themselves can enter and allocate
memory in.

Signed-off-by: Mina Almasry <almasrymina@google.com>

Cc: Michal Hocko <mhocko@suse.com>
Cc: Theodore Ts'o <tytso@mit.edu>
Cc: Greg Thelen <gthelen@google.com>
Cc: Shakeel Butt <shakeelb@google.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Hugh Dickins <hughd@google.com>
Cc: Roman Gushchin <songmuchun@bytedance.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Hugh Dickins <hughd@google.com>
Cc: Tejun Heo <tj@kernel.org>
Cc: Vladimir Davydov <vdavydov.dev@gmail.com>
Cc: Muchun Song <songmuchun@bytedance.com>
Cc: riel@surriel.com
Cc: linux-mm@kvack.org
Cc: linux-fsdevel@vger.kernel.org
Cc: cgroups@vger.kernel.org
---
 mm/memcontrol.c | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

--
2.34.0.rc0.344.g81b53c2807-goog

diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index 389d2f2be9674..2e4c20d09f959 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -62,6 +62,7 @@
 #include <linux/tracehook.h>
 #include <linux/psi.h>
 #include <linux/seq_buf.h>
+#include <linux/string.h>
 #include "internal.h"
 #include <net/sock.h>
 #include <net/ip.h>
@@ -2585,9 +2586,32 @@ void mem_cgroup_handle_over_high(void)
  */
 struct mem_cgroup *mem_cgroup_get_from_path(const char *path)
 {
-	struct file *file;
+	static const char procs_filename[] = "/cgroup.procs";
+	struct file *file, *procs;
 	struct cgroup_subsys_state *css;
 	struct mem_cgroup *memcg;
+	char *procs_path =
+		kmalloc(strlen(path) + sizeof(procs_filename), GFP_KERNEL);
+
+	if (procs_path == NULL)
+		return ERR_PTR(-ENOMEM);
+	strcpy(procs_path, path);
+	strcat(procs_path, procs_filename);
+
+	procs = filp_open(procs_path, O_WRONLY, 0);
+	kfree(procs_path);
+
+	/*
+	 * Restrict the capability for tasks to mount with memcg charging to the
+	 * cgroup they could not join. For example, disallow:
+	 *
+	 * mount -t tmpfs -o memcg=root-cgroup nodev <MOUNT_DIR>
+	 *
+	 * if it is a non-root task.
+	 */
+	if (IS_ERR(procs))
+		return (struct mem_cgroup *)procs;
+	fput(procs);

 	file = filp_open(path, O_DIRECTORY | O_RDONLY, 0);
 	if (IS_ERR(file))