| From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 |
| From: Quentin Perret <qperret@google.com> |
| Date: Thu, 10 Jun 2021 15:13:06 +0000 |
| Subject: ANDROID: sched: Make uclamp changes depend on CAP_SYS_NICE |
| |
| There is currently nothing preventing tasks from changing their per-task |
| clamp values in anyway that they like. The rationale is probably that |
| system administrators are still able to limit those clamps thanks to the |
| cgroup interface. However, this causes pain in a system where both |
| per-task and per-cgroup clamp values are expected to be under the |
| control of core system components (as is the case for Android). |
| |
| To fix this, let's require CAP_SYS_NICE to change per-task clamp values. |
| There are ongoing discussions upstream about more flexible approaches |
| than this using the RLIMIT API -- see [1]. But the upstream discussion |
| has not converged yet, and this is way too late for UAPI changes in |
| android12-5.10 anyway, so let's apply this change which provides the |
| behaviour we want without actually impacting UAPIs. |
| |
| [1] https://lore.kernel.org/lkml/20210623123441.592348-4-qperret@google.com/ |
| |
| Bug: 187186685 |
| Signed-off-by: Quentin Perret <qperret@google.com> |
| Change-Id: I749312a77306460318ac5374cf243d00b78120dd |
| --- |
| kernel/sched/core.c | 4 ++++ |
| 1 file changed, 4 insertions(+) |
| |
| diff --git a/kernel/sched/core.c b/kernel/sched/core.c |
| --- a/kernel/sched/core.c |
| +++ b/kernel/sched/core.c |
| @@ -7279,6 +7279,10 @@ static int __sched_setscheduler(struct task_struct *p, |
| /* Normal users shall not reset the sched_reset_on_fork flag: */ |
| if (p->sched_reset_on_fork && !reset_on_fork) |
| return -EPERM; |
| + |
| + /* Can't change util-clamps */ |
| + if (attr->sched_flags & SCHED_FLAG_UTIL_CLAMP) |
| + return -EPERM; |
| } |
| |
| if (user) { |
