Attachment 229555 Details for Bug 239125 – Patch to allow rtprio for regular users

[patch] Patch to allow rtprio for regular users

rtprio.diff (text/plain), 3.22 KB, created by Hans Petter Selasky on 2021-11-17 17:36:22 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Hans Petter Selasky

Created: 2021-11-17 17:36:22 UTC

Size: 3.22 KB

patch

obsolete

>commit 996c821236915dce3aeec92db4c5e01938b8930f
>Author: Hans Petter Selasky <hselasky@FreeBSD.org>
>Date:   Wed Nov 17 18:34:23 2021 +0100
>
>    Implement security.bsd.unprivileged_rtprio to bypass rtprio(1) priv check.
>    
>    While at it make the existing "security.bsd.unprivileged_idprio"
>    sysctl knob tunable.
>    
>    PR:             239125
>    MFC after:      1 week
>    Sponsored by:   NVIDIA Networking
>
>diff --git a/sys/kern/kern_resource.c b/sys/kern/kern_resource.c
>index b556d4fded5..f2bf131a961 100644
>--- a/sys/kern/kern_resource.c
>+++ b/sys/kern/kern_resource.c
>@@ -283,9 +283,31 @@ donice(struct thread *td, struct proc *p, int n)
> }
> 
> static int unprivileged_idprio;
>-SYSCTL_INT(_security_bsd, OID_AUTO, unprivileged_idprio, CTLFLAG_RW,
>+SYSCTL_INT(_security_bsd, OID_AUTO, unprivileged_idprio, CTLFLAG_RWTUN,
>     &unprivileged_idprio, 0, "Allow non-root users to set an idle priority");
> 
>+static int unprivileged_rtprio;
>+SYSCTL_INT(_security_bsd, OID_AUTO, unprivileged_rtprio, CTLFLAG_RWTUN,
>+    &unprivileged_rtprio, 0, "Allow non-root users to set a realtime priority");
>+
>+static int
>+priv_check_priority(struct thread *td, const struct rtprio *rtp)
>+{
>+	switch (RTP_PRIO_BASE(rtp->type)) {
>+	case RTP_PRIO_REALTIME:
>+		if (unprivileged_rtprio)
>+			return (0);
>+		break;
>+	case RTP_PRIO_IDLE:
>+		if (unprivileged_idprio)
>+			return (0);
>+		break;
>+	default:
>+		return (0);
>+	}
>+	return (priv_check(td, PRIV_SCHED_RTPRIO));
>+}
>+
> /*
>  * Set realtime priority for LWP.
>  */
>@@ -350,13 +372,9 @@ sys_rtprio_thread(struct thread *td, struct rtprio_thread_args *uap)
> 		 * easier to lock a resource indefinitely, but it is not the
> 		 * only thing that makes it possible.
> 		 */
>-		if (RTP_PRIO_BASE(rtp.type) == RTP_PRIO_REALTIME ||
>-		    (RTP_PRIO_BASE(rtp.type) == RTP_PRIO_IDLE &&
>-		    unprivileged_idprio == 0)) {
>-			error = priv_check(td, PRIV_SCHED_RTPRIO);
>-			if (error)
>-				break;
>-		}
>+		error = priv_check_priority(td, &rtp);
>+		if (error)
>+			break;
> 		error = rtp_to_pri(&rtp, td1);
> 		break;
> 	default:
>@@ -440,13 +458,9 @@ sys_rtprio(struct thread *td, struct rtprio_args *uap)
> 		 * See the comment in sys_rtprio_thread about idprio
> 		 * threads holding a lock.
> 		 */
>-		if (RTP_PRIO_BASE(rtp.type) == RTP_PRIO_REALTIME ||
>-		    (RTP_PRIO_BASE(rtp.type) == RTP_PRIO_IDLE &&
>-		    !unprivileged_idprio)) {
>-			error = priv_check(td, PRIV_SCHED_RTPRIO);
>-			if (error)
>-				break;
>-		}
>+		error = priv_check_priority(td, &rtp);
>+		if (error)
>+			break;
> 
> 		/*
> 		 * If we are setting our own priority, set just our
>diff --git a/usr.sbin/rtprio/rtprio.1 b/usr.sbin/rtprio/rtprio.1
>index 85130c87f7e..79b81da3ddb 100644
>--- a/usr.sbin/rtprio/rtprio.1
>+++ b/usr.sbin/rtprio/rtprio.1
>@@ -30,7 +30,7 @@
> .\"
> .\" $FreeBSD$
> .\"
>-.Dd September 29, 2012
>+.Dd November 17, 2021
> .Dt RTPRIO 1
> .Os
> .Sh NAME
>@@ -118,6 +118,11 @@ A user may modify the idle priority of their own processes if the
> variable
> .Va security.bsd.unprivileged_idprio
> is set to non-zero.
>+A user may modify the realtime priority of their own processes if the
>+.Xr sysctl 8
>+variable
>+.Va security.bsd.unprivileged_rtprio
>+is set to non-zero.
> Note that this increases the chance that a deadlock can occur
> if a process locks a required resource and then does
> not get to run.

Actions: View | Diff

Attachments on bug 239125: 229555 | 229680 | 229725