From: Gerrit Huizenga On exec, fork, exit, real/effective gid/uid, use CKRM to associate tasks with appropriate class. Addressed all review comments except: Use of __bitwise and sparse in enum's Use of kernel list type Signed-off-by: Shailabh Nagar Signed-off-by: Hubertus Franke Signed-off-by: Chandra Seetharaman Signed-off-by: Gerrit Huizenga Signed-off-by: Andrew Morton --- fs/exec.c | 2 include/linux/ckrm_events.h | 192 ++++++++++++++++++++++++++++++++++++++++++++ init/Kconfig | 16 +++ kernel/Makefile | 1 kernel/ckrm/Makefile | 5 + kernel/ckrm/ckrm_events.c | 86 +++++++++++++++++++ kernel/exit.c | 3 kernel/fork.c | 4 kernel/sys.c | 10 ++ 9 files changed, 319 insertions(+) diff -puN fs/exec.c~ckrm-core-ckrm-event-callbacks fs/exec.c --- 25/fs/exec.c~ckrm-core-ckrm-event-callbacks Wed Jul 13 14:43:43 2005 +++ 25-akpm/fs/exec.c Wed Jul 13 14:43:43 2005 @@ -48,6 +48,7 @@ #include #include #include +#include #include #include @@ -1104,6 +1105,7 @@ int search_binary_handler(struct linux_b fput(bprm->file); bprm->file = NULL; current->did_exec = 1; + ckrm_cb_exec(bprm->filename); return retval; } read_lock(&binfmt_lock); diff -puN /dev/null include/linux/ckrm_events.h --- /dev/null Thu Apr 11 07:25:15 2002 +++ 25-akpm/include/linux/ckrm_events.h Wed Jul 13 14:43:43 2005 @@ -0,0 +1,192 @@ +/* + * ckrm_events.h - Class-based Kernel Resource Management (CKRM) + * event handling + * + * Copyright (C) Hubertus Franke, IBM Corp. 2003,2004 + * (C) Shailabh Nagar, IBM Corp. 2003 + * (C) Chandra Seetharaman, IBM Corp. 2003 + * + * + * Provides a base header file including macros and basic data structures. + * + * Latest version, more details at http://ckrm.sf.net + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it would be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * + */ + +#ifndef _LINUX_CKRM_EVENTS_H +#define _LINUX_CKRM_EVENTS_H + +#ifdef CONFIG_CKRM + +/* + * Data structure and function to get the list of registered + * resource controllers. + */ + +/* + * CKRM defines a set of events at particular points in the kernel + * at which callbacks registered by various class types are called + */ + +enum ckrm_event { + /* + * we distinguish these events types: + * + * (a) CKRM_LATCHABLE_EVENTS + * events can be latched for event callbacks by classtypes + * + * (b) CKRM_NONLATACHBLE_EVENTS + * events can not be latched but can be used to call classification + * + * (c) event that are used for notification purposes + * range: [ CKRM_EVENT_CANNOT_CLASSIFY .. ) + */ + + /* events (a) */ + + CKRM_LATCHABLE_EVENTS, + + CKRM_EVENT_NEWTASK = CKRM_LATCHABLE_EVENTS, + CKRM_EVENT_FORK, + CKRM_EVENT_EXIT, + CKRM_EVENT_EXEC, + CKRM_EVENT_UID, + CKRM_EVENT_GID, + CKRM_EVENT_LOGIN, + CKRM_EVENT_USERADD, + CKRM_EVENT_USERDEL, + CKRM_EVENT_LISTEN_START, + CKRM_EVENT_LISTEN_STOP, + CKRM_EVENT_APPTAG, + + /* events (b) */ + + CKRM_NONLATCHABLE_EVENTS, + + CKRM_EVENT_RECLASSIFY = CKRM_NONLATCHABLE_EVENTS, + + /* events (c) */ + + CKRM_NOTCLASSIFY_EVENTS, + + CKRM_EVENT_MANUAL = CKRM_NOTCLASSIFY_EVENTS, + + CKRM_NUM_EVENTS +}; + +/* + * CKRM event callback specification for the classtypes or resource controllers + * typically an array is specified using CKRM_EVENT_SPEC terminated with + * CKRM_EVENT_SPEC_LAST and then that array is registered using + * ckrm_register_event_set. + * Individual registration of event_cb is also possible + */ + +struct ckrm_hook_cb { + void (*fct)(void *arg); + struct ckrm_hook_cb *next; +}; + +struct ckrm_event_spec { + enum ckrm_event ev; + struct ckrm_hook_cb cb; +}; + +int ckrm_register_event_set(struct ckrm_event_spec especs[]); +int ckrm_unregister_event_set(struct ckrm_event_spec especs[]); +int ckrm_register_event_cb(enum ckrm_event ev, struct ckrm_hook_cb *cb); +int ckrm_unregister_event_cb(enum ckrm_event ev, struct ckrm_hook_cb *cb); + +extern void ckrm_invoke_event_cb_chain(enum ckrm_event ev, void *arg); + +/* forward declarations for function arguments */ +struct task_struct; +struct sock; +struct user_struct; + +static inline void ckrm_cb_fork(struct task_struct *p) +{ + ckrm_invoke_event_cb_chain(CKRM_EVENT_FORK, p); +} + +static inline void ckrm_cb_newtask(struct task_struct *p) +{ + ckrm_invoke_event_cb_chain(CKRM_EVENT_NEWTASK, p); +} + +static inline void ckrm_cb_exit(struct task_struct *p) +{ + ckrm_invoke_event_cb_chain(CKRM_EVENT_EXIT, p); +} + +static inline void ckrm_cb_exec(char *c) +{ + ckrm_invoke_event_cb_chain(CKRM_EVENT_EXEC, c); +} + +static inline void ckrm_cb_uid(void) +{ + ckrm_invoke_event_cb_chain(CKRM_EVENT_UID, NULL); +} + +static inline void ckrm_cb_gid(void) +{ + ckrm_invoke_event_cb_chain(CKRM_EVENT_GID, NULL); +} + +static inline void ckrm_cb_apptag(void) +{ + ckrm_invoke_event_cb_chain(CKRM_EVENT_APPTAG, NULL); +} + +static inline void ckrm_cb_login(void) +{ + ckrm_invoke_event_cb_chain(CKRM_EVENT_LOGIN, NULL); +} + +static inline void ckrm_cb_useradd(struct user_struct *u) +{ + ckrm_invoke_event_cb_chain(CKRM_EVENT_USERADD, u); +} + +static inline void ckrm_cb_userdel(struct user_struct *u) +{ + ckrm_invoke_event_cb_chain(CKRM_EVENT_USERDEL, u); +} + +static inline void ckrm_cb_listen_start(struct sock *s) +{ + ckrm_invoke_event_cb_chain(CKRM_EVENT_LISTEN_START, s); +} + +static inline void ckrm_cb_listen_stop(struct sock *s) +{ + ckrm_invoke_event_cb_chain(CKRM_EVENT_LISTEN_STOP, s); +} + +#else /* !CONFIG_CKRM */ + +static inline void ckrm_cb_fork(struct task_struct *p) { } +static inline void ckrm_cb_newtask(struct task_struct *p) { } +static inline void ckrm_cb_exit(struct task_struct *p) { } +static inline void ckrm_cb_exec(const char *c) { } +static inline void ckrm_cb_uid(void) { } +static inline void ckrm_cb_gid(void) { } +static inline void ckrm_cb_apptag(void) { } +static inline void ckrm_cb_login(void) { } +static inline void ckrm_cb_useradd(struct user_struct *u) { } +static inline void ckrm_cb_userdel(struct user_struct *u) { } +static inline void ckrm_cb_listen_start(struct sock *s) { } +static inline void ckrm_cb_listen_stop(struct sock *s) { } + +#endif /* CONFIG_CKRM */ + +#endif /* _LINUX_CKRM_EVENTS_H */ diff -puN init/Kconfig~ckrm-core-ckrm-event-callbacks init/Kconfig --- 25/init/Kconfig~ckrm-core-ckrm-event-callbacks Wed Jul 13 14:43:43 2005 +++ 25-akpm/init/Kconfig Wed Jul 13 14:43:43 2005 @@ -146,6 +146,22 @@ config BSD_PROCESS_ACCT_V3 for processing it. A preliminary version of these tools is available at . +menu "Class Based Kernel Resource Management" + +config CKRM + bool "Class Based Kernel Resource Management Core" + depends on EXPERIMENTAL + help + Class-based Kernel Resource Management is a framework for controlling + and monitoring resource allocation of user-defined groups of tasks or + incoming socket connections. For more information, please visit + http://ckrm.sf.net. + + If you say Y here, enable the Resource Class File System and at least + one of the resource controllers below. Say N if you are unsure. + +endmenu + config SYSCTL bool "Sysctl support" ---help--- diff -puN /dev/null kernel/ckrm/ckrm_events.c --- /dev/null Thu Apr 11 07:25:15 2002 +++ 25-akpm/kernel/ckrm/ckrm_events.c Wed Jul 13 14:43:43 2005 @@ -0,0 +1,86 @@ +/* ckrm_events.c - Class-based Kernel Resource Management (CKRM) + * - event handling routines + * + * Copyright (C) Hubertus Franke, IBM Corp. 2003, 2004 + * (C) Chandra Seetharaman, IBM Corp. 2003 + * + * + * Provides API for event registration and handling for different + * classtypes. + * + * Latest version, more details at http://ckrm.sf.net + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + */ + +#include +#include +#include + +/******************************************************************* + * Event callback invocation + *******************************************************************/ + +struct ckrm_hook_cb *ckrm_event_callbacks[CKRM_NONLATCHABLE_EVENTS]; + +/* Registration / Deregistration / Invocation functions */ + +int ckrm_register_event_cb(enum ckrm_event ev, struct ckrm_hook_cb *cb) +{ + struct ckrm_hook_cb **cbptr; + + if ((ev < CKRM_LATCHABLE_EVENTS) || (ev >= CKRM_NONLATCHABLE_EVENTS)) + return 1; + cbptr = &ckrm_event_callbacks[ev]; + while (*cbptr != NULL) + cbptr = &((*cbptr)->next); + *cbptr = cb; + return 0; +} + +int ckrm_unregister_event_cb(enum ckrm_event ev, struct ckrm_hook_cb *cb) +{ + struct ckrm_hook_cb **cbptr; + + if ((ev < CKRM_LATCHABLE_EVENTS) || (ev >= CKRM_NONLATCHABLE_EVENTS)) + return -1; + cbptr = &ckrm_event_callbacks[ev]; + while ((*cbptr != NULL) && (*cbptr != cb)) + cbptr = &((*cbptr)->next); + if (*cbptr) + (*cbptr)->next = cb->next; + return (*cbptr == NULL); +} + +int ckrm_register_event_set(struct ckrm_event_spec especs[]) +{ + struct ckrm_event_spec *espec = especs; + + for (espec = especs; espec->ev != -1; espec++) + ckrm_register_event_cb(espec->ev, &espec->cb); + return 0; +} + +int ckrm_unregister_event_set(struct ckrm_event_spec especs[]) +{ + struct ckrm_event_spec *espec = especs; + + for (espec = especs; espec->ev != -1; espec++) + ckrm_unregister_event_cb(espec->ev, &espec->cb); + return 0; +} + +void ckrm_invoke_event_cb_chain(enum ckrm_event ev, void *arg) +{ + struct ckrm_hook_cb *cb, *anchor; + + if ((anchor = ckrm_event_callbacks[ev]) != NULL) { + for (cb = anchor; cb; cb = cb->next) + (*cb->fct) (arg); + } +} + diff -puN /dev/null kernel/ckrm/Makefile --- /dev/null Thu Apr 11 07:25:15 2002 +++ 25-akpm/kernel/ckrm/Makefile Wed Jul 13 14:43:43 2005 @@ -0,0 +1,5 @@ +# +# Makefile for CKRM +# + +obj-y := ckrm_events.o diff -puN kernel/exit.c~ckrm-core-ckrm-event-callbacks kernel/exit.c --- 25/kernel/exit.c~ckrm-core-ckrm-event-callbacks Wed Jul 13 14:43:43 2005 +++ 25-akpm/kernel/exit.c Wed Jul 13 14:43:43 2005 @@ -28,6 +28,7 @@ #include #include #include +#include #include #include @@ -660,6 +661,8 @@ static void exit_notify(struct task_stru struct task_struct *t; struct list_head ptrace_dead, *_p, *_n; + ckrm_cb_exit(tsk); + if (signal_pending(tsk) && !(tsk->signal->flags & SIGNAL_GROUP_EXIT) && !thread_group_empty(tsk)) { /* diff -puN kernel/fork.c~ckrm-core-ckrm-event-callbacks kernel/fork.c --- 25/kernel/fork.c~ckrm-core-ckrm-event-callbacks Wed Jul 13 14:43:43 2005 +++ 25-akpm/kernel/fork.c Wed Jul 13 14:43:43 2005 @@ -41,6 +41,7 @@ #include #include #include +#include #include #include @@ -174,6 +175,7 @@ static struct task_struct *dup_task_stru tsk->thread_info = ti; ti->task = tsk; + ckrm_cb_newtask(tsk); /* One for us, one for whoever does the "release_task()" (usually parent) */ atomic_set(&tsk->usage,2); return tsk; @@ -1229,6 +1231,8 @@ long do_fork(unsigned long clone_flags, if (!IS_ERR(p)) { struct completion vfork; + ckrm_cb_fork(p); + if (clone_flags & CLONE_VFORK) { p->vfork_done = &vfork; init_completion(&vfork); diff -puN kernel/Makefile~ckrm-core-ckrm-event-callbacks kernel/Makefile --- 25/kernel/Makefile~ckrm-core-ckrm-event-callbacks Wed Jul 13 14:43:43 2005 +++ 25-akpm/kernel/Makefile Wed Jul 13 14:43:43 2005 @@ -31,6 +31,7 @@ obj-$(CONFIG_DETECT_SOFTLOCKUP) += softl obj-$(CONFIG_GENERIC_HARDIRQS) += irq/ obj-$(CONFIG_CRASH_DUMP) += crash_dump.o obj-$(CONFIG_SECCOMP) += seccomp.o +obj-$(CONFIG_CKRM) += ckrm/ ifneq ($(CONFIG_SCHED_NO_NO_OMIT_FRAME_POINTER),y) # According to Alan Modra , the -fno-omit-frame-pointer is diff -puN kernel/sys.c~ckrm-core-ckrm-event-callbacks kernel/sys.c --- 25/kernel/sys.c~ckrm-core-ckrm-event-callbacks Wed Jul 13 14:43:43 2005 +++ 25-akpm/kernel/sys.c Wed Jul 13 14:43:43 2005 @@ -31,6 +31,7 @@ #include #include +#include #include #include @@ -558,6 +559,7 @@ asmlinkage long sys_setregid(gid_t rgid, current->egid = new_egid; current->gid = new_rgid; key_fsgid_changed(current); + ckrm_cb_gid(); return 0; } @@ -597,6 +599,7 @@ asmlinkage long sys_setgid(gid_t gid) return -EPERM; key_fsgid_changed(current); + ckrm_cb_gid(); return 0; } @@ -687,6 +690,8 @@ asmlinkage long sys_setreuid(uid_t ruid, key_fsuid_changed(current); + ckrm_cb_uid(); + return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RE); } @@ -734,6 +739,8 @@ asmlinkage long sys_setuid(uid_t uid) key_fsuid_changed(current); + ckrm_cb_uid(); + return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_ID); } @@ -782,6 +789,8 @@ asmlinkage long sys_setresuid(uid_t ruid key_fsuid_changed(current); + ckrm_cb_uid(); + return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RES); } @@ -833,6 +842,7 @@ asmlinkage long sys_setresgid(gid_t rgid current->sgid = sgid; key_fsgid_changed(current); + ckrm_cb_gid(); return 0; } _