diff options
| author | Allan Jude <allanjude@FreeBSD.org> | 2017-05-24 00:58:30 +0000 |
|---|---|---|
| committer | Allan Jude <allanjude@FreeBSD.org> | 2017-05-24 00:58:30 +0000 |
| commit | f299c47b52b7b116df305056cf121dbf9871abcf (patch) | |
| tree | 7866f8b0a3fc2d7b3fd70275951bc845e3453248 /sys/kern/kern_cpuset.c | |
| parent | 7c0cad38c73d1a17a08f1d8c7d098e146f752ad8 (diff) | |
| download | src-f299c47b52b7b116df305056cf121dbf9871abcf.tar.gz src-f299c47b52b7b116df305056cf121dbf9871abcf.zip | |
Allow cpuset_{get,set}affinity in capabilities mode
bhyve was recently sandboxed with capsicum, and needs to be able to
control the CPU sets of its vcpu threads
Reviewed by: emaste, oshogbo, rwatson
MFC after: 2 weeks
Sponsored by: ScaleEngine Inc.
Differential Revision: https://reviews.freebsd.org/D10170
Notes
Notes:
svn path=/head/; revision=318765
Diffstat (limited to 'sys/kern/kern_cpuset.c')
| -rw-r--r-- | sys/kern/kern_cpuset.c | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/sys/kern/kern_cpuset.c b/sys/kern/kern_cpuset.c index 9e83f568889e..c279264ea244 100644 --- a/sys/kern/kern_cpuset.c +++ b/sys/kern/kern_cpuset.c @@ -47,6 +47,7 @@ __FBSDID("$FreeBSD$"); #include <sys/sched.h> #include <sys/smp.h> #include <sys/syscallsubr.h> +#include <sys/capsicum.h> #include <sys/cpuset.h> #include <sys/sx.h> #include <sys/queue.h> @@ -522,6 +523,7 @@ cpuset_setproc(pid_t pid, struct cpuset *set, cpuset_t *mask) int threads; int nfree; int error; + /* * The algorithm requires two passes due to locking considerations. * @@ -1096,6 +1098,15 @@ kern_cpuset_getaffinity(struct thread *td, cpulevel_t level, cpuwhich_t which, if (cpusetsize < sizeof(cpuset_t) || cpusetsize > CPU_MAXSIZE / NBBY) return (ERANGE); + /* In Capability mode, you can only get your own CPU set. */ + if (IN_CAPABILITY_MODE(td)) { + if (level != CPU_LEVEL_WHICH) + return (ECAPMODE); + if (which != CPU_WHICH_TID && which != CPU_WHICH_PID) + return (ECAPMODE); + if (id != -1) + return (ECAPMODE); + } size = cpusetsize; mask = malloc(size, M_TEMP, M_WAITOK | M_ZERO); error = cpuset_which(which, id, &p, &ttd, &set); @@ -1204,6 +1215,15 @@ kern_cpuset_setaffinity(struct thread *td, cpulevel_t level, cpuwhich_t which, if (cpusetsize < sizeof(cpuset_t) || cpusetsize > CPU_MAXSIZE / NBBY) return (ERANGE); + /* In Capability mode, you can only set your own CPU set. */ + if (IN_CAPABILITY_MODE(td)) { + if (level != CPU_LEVEL_WHICH) + return (ECAPMODE); + if (which != CPU_WHICH_TID && which != CPU_WHICH_PID) + return (ECAPMODE); + if (id != -1) + return (ECAPMODE); + } mask = malloc(cpusetsize, M_TEMP, M_WAITOK | M_ZERO); error = copyin(maskp, mask, cpusetsize); if (error) |