openwrt/target/linux/brcm2708/patches-4.14/950-0136-cgroup-Disable-cgroup-memory-by-default.patch
Koen Vandeputte af79c3bccc kernel: bump 4.14 to 4.14.171
Refreshed all patches.

Fixes:
- CVE-2013-1798

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2020-02-24 14:20:14 +01:00

71 lines
1.8 KiB
Diff

From 584bc4a6093ceb9aea07673185ee0084edc8690b Mon Sep 17 00:00:00 2001
From: Phil Elwell <phil@raspberrypi.org>
Date: Mon, 27 Nov 2017 17:14:54 +0000
Subject: [PATCH 136/454] cgroup: Disable cgroup "memory" by default
Some Raspberry Pis have limited RAM and most users won't use the
cgroup memory support so it is disabled by default. Enable with:
cgroup_enable=memory
See: https://github.com/raspberrypi/linux/issues/1950
Signed-off-by: Phil Elwell <phil@raspberrypi.org>
---
kernel/cgroup/cgroup.c | 30 ++++++++++++++++++++++++++++++
1 file changed, 30 insertions(+)
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -5207,6 +5207,8 @@ int __init cgroup_init_early(void)
}
static u16 cgroup_disable_mask __initdata;
+static u16 cgroup_enable_mask __initdata;
+static int __init cgroup_disable(char *str);
/**
* cgroup_init - cgroup initialization
@@ -5245,6 +5247,12 @@ int __init cgroup_init(void)
mutex_unlock(&cgroup_mutex);
+ /* Apply an implicit disable... */
+ cgroup_disable("memory");
+
+ /* ...knowing that an explicit enable will override it. */
+ cgroup_disable_mask &= ~cgroup_enable_mask;
+
for_each_subsys(ss, ssid) {
if (ss->early_init) {
struct cgroup_subsys_state *css =
@@ -5636,6 +5644,28 @@ static int __init cgroup_disable(char *s
}
__setup("cgroup_disable=", cgroup_disable);
+static int __init cgroup_enable(char *str)
+{
+ struct cgroup_subsys *ss;
+ char *token;
+ int i;
+
+ while ((token = strsep(&str, ",")) != NULL) {
+ if (!*token)
+ continue;
+
+ for_each_subsys(ss, i) {
+ if (strcmp(token, ss->name) &&
+ strcmp(token, ss->legacy_name))
+ continue;
+
+ cgroup_enable_mask |= 1 << i;
+ }
+ }
+ return 1;
+}
+__setup("cgroup_enable=", cgroup_enable);
+
/**
* css_tryget_online_from_dir - get corresponding css from a cgroup dentry
* @dentry: directory dentry of interest