MIRRORS/linux-imx
1
0
Fork 0
mirror of https://github.com/nxp-imx/linux-imx.git synced 2025-07-07 09:55:19 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

ANDROID: sched/psi: disable the privilege check if

Browse Source 
CONFIG_DEFAULT_SECURITY_SELINUX is enabled

Since 'commit d82caa2735 ("sched/psi: Allow unprivileged polling
of N*2s period")' only processes with CAP_SYS_RESOURCE privilege can
register with window_us < WINDOW_MAX_US. Unprivileged ones can only
use multiples of 2s for window_us to register.

So on the Android V with kernel-6.6, system_server without
CAP_SYS_RESOURCE using 1s for window_us failed to register.

The relative code as follows:
frameworks/base/services/core/jni/com_android_server_am_LowMemDetector.cpp;l=44
// stall tracking window size in us
static constexpr int PSI_WINDOW_SIZE_US = 1000000;

The failed log:
libpsi  : /proc/pressure/memory write failed for psi stall type 'some'; errno=22
LowMemDetector: Failed to register psi trigger

To fix this, disable the privilege check if CONFIG_DEFAULT_SECURITY_SELINUX
is enabled, Besides change proc_create() calls to 0 to keep consistency with
the previous version of the kernel.

Bug: 348152354
Change-Id: Ica596c210604661e37fd3ff4c7c3aa22855573f5
Signed-off-by: Hailong.Liu <liuhailong@oppo.com>
This commit is contained in:
Hailong.Liu 2024-06-19 17:58:53 +08:00 committed by Todd Kjos
parent 5f59226f87
commit 79591ebabf
1 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
kernel/sched/psi.c
View File

@ -1294,10 +1294,12 @@ struct psi_trigger *psi_trigger_create(struct psi_group *group, char *buf,
return ERR_PTR(-EOPNOTSUPP);
/*
* Checking the privilege here on file->f_cred implies that a privileged user
* could open the file and delegate the write to an unprivileged one.
* Checking the privilege on file->f_cred or selinux enabled here imply
* that a privileged user could open the file and delegate the write
* to an unprivileged one.
*/
privileged = cap_raised(file->f_cred->cap_effective, CAP_SYS_RESOURCE);
privileged = cap_raised(file->f_cred->cap_effective, CAP_SYS_RESOURCE) ||
IS_ENABLED(CONFIG_DEFAULT_SECURITY_SELINUX);
if (sscanf(buf, "some %u %u", &threshold_us, &window_us) == 2)
state = PSI_IO_SOME + res * 2;
@ -1656,11 +1658,11 @@ static int __init psi_proc_init(void)
{
if (psi_enable) {
proc_mkdir("pressure", NULL);
proc_create("pressure/io", 0666, NULL, &psi_io_proc_ops);
proc_create("pressure/memory", 0666, NULL, &psi_memory_proc_ops);
proc_create("pressure/cpu", 0666, NULL, &psi_cpu_proc_ops);
proc_create("pressure/io", 0, NULL, &psi_io_proc_ops);
proc_create("pressure/memory", 0, NULL, &psi_memory_proc_ops);
proc_create("pressure/cpu", 0, NULL, &psi_cpu_proc_ops);
#ifdef CONFIG_IRQ_TIME_ACCOUNTING
proc_create("pressure/irq", 0666, NULL, &psi_irq_proc_ops);
proc_create("pressure/irq", 0, NULL, &psi_irq_proc_ops);
#endif
}
return 0;