Merge remote-tracking branch 'torvalds/master' into perf/core

To pick up fixes that went thru perf/urgent. Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
author: Arnaldo Carvalho de Melo <acme@redhat.com> 2022-03-14 19:15:16 -0300
committer: Arnaldo Carvalho de Melo <acme@redhat.com> 2022-03-14 19:15:16 -0300
commit: 65eab2bc7dab326ee892ec5a4c749470b368b51a (patch)
tree: 341189a55a3d021db7f1c8a8e5b4772b6c782c25 /kernel/cgroup/cgroup.c
parent: f693dac4794fae99c04f75a3a1a5c4018bb33144 (diff)
parent: 09688c0166e76ce2fb85e86b9d99be8b0084cdf9 (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index 9d05c3ca2d5e..a557eea7166f 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -6166,6 +6166,20 @@ static int cgroup_css_set_fork(struct kernel_clone_args *kargs)
 	if (ret)
 		goto err;
 
+	/*
+	 * Spawning a task directly into a cgroup works by passing a file
+	 * descriptor to the target cgroup directory. This can even be an O_PATH
+	 * file descriptor. But it can never be a cgroup.procs file descriptor.
+	 * This was done on purpose so spawning into a cgroup could be
+	 * conceptualized as an atomic
+	 *
+	 *   fd = openat(dfd_cgroup, "cgroup.procs", ...);
+	 *   write(fd, <child-pid>, ...);
+	 *
+	 * sequence, i.e. it's a shorthand for the caller opening and writing
+	 * cgroup.procs of the cgroup indicated by @dfd_cgroup. This allows us
+	 * to always use the caller's credentials.
+	 */
 	ret = cgroup_attach_permissions(cset->dfl_cgrp, dst_cgrp, sb,
 					!(kargs->flags & CLONE_THREAD),
 					current->nsproxy->cgroup_ns);
author	Arnaldo Carvalho de Melo <acme@redhat.com>	2022-03-14 19:15:16 -0300
committer	Arnaldo Carvalho de Melo <acme@redhat.com>	2022-03-14 19:15:16 -0300
commit	65eab2bc7dab326ee892ec5a4c749470b368b51a (patch)
tree	341189a55a3d021db7f1c8a8e5b4772b6c782c25 /kernel/cgroup/cgroup.c
parent	f693dac4794fae99c04f75a3a1a5c4018bb33144 (diff)
parent	09688c0166e76ce2fb85e86b9d99be8b0084cdf9 (diff)