cgroup: disallow debug controller on the default hierarchy

The debug controller, as its name suggests, exposes cgroup core internals to userland to aid debugging. Unfortunately, except for the name, there's no provision to prevent its usage in production configurations and the controller is widely enabled and mounted leaking internal details to userland. Like most other debug information, the information exposed by debug isn't interesting even for debugging itself once the related parts are working reliably. This controller has no reason for existing. This patch implements cgrp_dfl_root_inhibit_ss_mask which can suppress specific subsystems on the default hierarchy and adds the debug subsystem to it so that it can be gradually deprecated as usages move towards the unified hierarchy. Signed-off-by: Tejun Heo <tj@kernel.org>
author: Tejun Heo <tj@kernel.org> 2014-05-14 19:33:07 -0400
committer: Tejun Heo <tj@kernel.org> 2014-05-19 16:37:06 -0400
commit: 5533e0114425dcdb878f11b291f2727af8667a7c (patch)
tree: 4dbbe79b3cee1ab19765ee9984db4b24f283f83d /kernel/cgroup.c
parent: a3e3354d56d8c121dad42ee7f63d96bf81522c0e (diff)
1 files changed, 18 insertions, 3 deletions
diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index 082bb842b11a..a5f75ac4e793 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -148,6 +148,13 @@ struct cgroup_root cgrp_dfl_root;
 */
 static bool cgrp_dfl_root_visible;
+/* some controllers are not supported in the default hierarchy */
+static const unsigned int cgrp_dfl_root_inhibit_ss_mask = 0
+#ifdef CONFIG_CGROUP_DEBUG
+        | (1 << debug_cgrp_id)
+#endif
+        ;
 /* The list of hierarchy roots */
 static LIST_HEAD(cgroup_roots);
@@ -1126,6 +1133,7 @@ static void cgroup_clear_dir(struct cgroup *cgrp, unsigned int subsys_mask)
 static int rebind_subsystems(struct cgroup_root *dst_root, unsigned int ss_mask)
 {
        struct cgroup_subsys *ss;
+        unsigned int tmp_ss_mask;
        int ssid, i, ret;
        lockdep_assert_held(&cgroup_mutex);
@@ -1143,7 +1151,12 @@ static int rebind_subsystems(struct cgroup_root *dst_root, unsigned int ss_mask)
                        return -EBUSY;
        }
-        ret = cgroup_populate_dir(&dst_root->cgrp, ss_mask);
+        /* skip creating root files on dfl_root for inhibited subsystems */
+        tmp_ss_mask = ss_mask;
+        if (dst_root == &cgrp_dfl_root)
+                tmp_ss_mask &= ~cgrp_dfl_root_inhibit_ss_mask;
+        ret = cgroup_populate_dir(&dst_root->cgrp, tmp_ss_mask);
        if (ret) {
                if (dst_root != &cgrp_dfl_root)
                        return ret;
@@ -2426,7 +2439,8 @@ static int cgroup_root_controllers_show(struct seq_file *seq, void *v)
 {
        struct cgroup *cgrp = seq_css(seq)->cgroup;
-        cgroup_print_ss_mask(seq, cgrp->root->subsys_mask);
+        cgroup_print_ss_mask(seq, cgrp->root->subsys_mask &
+                             ~cgrp_dfl_root_inhibit_ss_mask);
        return 0;
 }
@@ -2564,7 +2578,8 @@ static ssize_t cgroup_subtree_control_write(struct kernfs_open_file *of,
                if (tok[0] == '\0')
                        continue;
                for_each_subsys(ss, ssid) {
-                        if (ss->disabled || strcmp(tok + 1, ss->name))
+                        if (ss->disabled || strcmp(tok + 1, ss->name) ||
+                            ((1 << ss->id) & cgrp_dfl_root_inhibit_ss_mask))
                                continue;
                        if (*tok == '+') {
author	Tejun Heo <tj@kernel.org>	2014-05-14 19:33:07 -0400
committer	Tejun Heo <tj@kernel.org>	2014-05-19 16:37:06 -0400
commit	5533e0114425dcdb878f11b291f2727af8667a7c (patch)
tree	4dbbe79b3cee1ab19765ee9984db4b24f283f83d /kernel/cgroup.c
parent	a3e3354d56d8c121dad42ee7f63d96bf81522c0e (diff)