From: Tejun Heo <tj@kernel.org>
To: lizefan@huawei.com
Cc: cgroups@vger.kernel.org, linux-kernel@vger.kernel.org,
hannes@cmpxchg.org, Tejun Heo <tj@kernel.org>,
Aristeu Rozanski <aris@redhat.com>,
Serge Hallyn <serge.hallyn@ubuntu.com>
Subject: [PATCH 13/14] device_cgroup: use css_has_online_children() instead of has_children()
Date: Fri, 9 May 2014 17:31:30 -0400 [thread overview]
Message-ID: <1399671091-23867-14-git-send-email-tj@kernel.org> (raw)
In-Reply-To: <1399671091-23867-1-git-send-email-tj@kernel.org>
devcgroup_update_access() wants to know whether there are child
cgroups which are online and visible to userland and has_children()
may return false positive. Replace it with css_has_online_children().
Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Aristeu Rozanski <aris@redhat.com>
Cc: Serge Hallyn <serge.hallyn@ubuntu.com>
---
security/device_cgroup.c | 19 ++-----------------
1 file changed, 2 insertions(+), 17 deletions(-)
diff --git a/security/device_cgroup.c b/security/device_cgroup.c
index 75b4b18..22de334 100644
--- a/security/device_cgroup.c
+++ b/security/device_cgroup.c
@@ -475,21 +475,6 @@ static int propagate_exception(struct dev_cgroup *devcg_root,
return rc;
}
-static inline bool has_children(struct dev_cgroup *devcgroup)
-{
- bool ret;
-
- /*
- * FIXME: There may be lingering offline csses and this function
- * may return %true when there isn't any userland-visible child
- * which is incorrect for our purposes.
- */
- rcu_read_lock();
- ret = css_next_child(NULL, &devcgroup->css);
- rcu_read_unlock();
- return ret;
-}
-
/*
* Modify the exception list using allow/deny rules.
* CAP_SYS_ADMIN is needed for this. It's at least separate from CAP_MKNOD
@@ -522,7 +507,7 @@ static int devcgroup_update_access(struct dev_cgroup *devcgroup,
case 'a':
switch (filetype) {
case DEVCG_ALLOW:
- if (has_children(devcgroup))
+ if (css_has_online_children(&devcgroup->css))
return -EINVAL;
if (!may_allow_all(parent))
@@ -538,7 +523,7 @@ static int devcgroup_update_access(struct dev_cgroup *devcgroup,
return rc;
break;
case DEVCG_DENY:
- if (has_children(devcgroup))
+ if (css_has_online_children(&devcgroup->css))
return -EINVAL;
dev_exception_clean(devcgroup);
--
1.9.0
next prev parent reply other threads:[~2014-05-09 21:31 UTC|newest]
Thread overview: 82+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-09 21:31 [PATCHSET cgroup/for-3.16] cgroup: iterate cgroup_subsys_states directly Tejun Heo
2014-05-09 21:31 ` Tejun Heo
2014-05-09 21:31 ` [PATCH 01/14] cgroup: remove css_parent() Tejun Heo
2014-05-12 13:16 ` Michal Hocko
[not found] ` <1399671091-23867-2-git-send-email-tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
2014-05-11 1:47 ` David Miller
2014-05-11 1:47 ` David Miller
2014-05-11 13:02 ` Neil Horman
2014-05-11 13:02 ` Neil Horman
2014-05-13 18:50 ` [PATCH v2 " Tejun Heo
2014-05-13 18:50 ` Tejun Heo
2014-05-09 21:31 ` [PATCH 04/14] device_cgroup: remove direct access to cgroup->children Tejun Heo
[not found] ` <1399671091-23867-5-git-send-email-tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
2014-05-13 12:56 ` Aristeu Rozanski
2014-05-13 12:56 ` Aristeu Rozanski
2014-05-14 12:52 ` Serge E. Hallyn
2014-05-14 12:52 ` Serge E. Hallyn
2014-05-09 21:31 ` [PATCH 05/14] cgroup: remove cgroup->parent Tejun Heo
2014-05-09 21:31 ` [PATCH 08/14] cgroup: move cgroup->serial_nr into cgroup_subsys_state Tejun Heo
2014-05-09 21:31 ` [PATCH 09/14] cgroup: introduce CSS_RELEASED and reduce css iteration fallback window Tejun Heo
[not found] ` <1399671091-23867-10-git-send-email-tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
2014-05-16 16:07 ` [PATCH v2 " Tejun Heo
2014-05-16 16:07 ` Tejun Heo
2014-05-09 21:31 ` [PATCH 10/14] cgroup: iterate cgroup_subsys_states directly Tejun Heo
2014-05-09 21:31 ` [PATCH 11/14] cgroup: use CSS_ONLINE instead of CGRP_DEAD Tejun Heo
2014-05-09 21:31 ` [PATCH 12/14] cgroup: convert cgroup_has_live_children() into css_has_online_children() Tejun Heo
2014-05-09 21:31 ` Tejun Heo [this message]
[not found] ` <1399671091-23867-14-git-send-email-tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
2014-05-13 12:56 ` [PATCH 13/14] device_cgroup: use css_has_online_children() instead of has_children() Aristeu Rozanski
2014-05-13 12:56 ` Aristeu Rozanski
2014-05-14 12:53 ` Serge E. Hallyn
2014-05-09 21:31 ` [PATCH 14/14] cgroup: implement css_tryget() Tejun Heo
[not found] ` <1399671091-23867-15-git-send-email-tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
2014-05-11 4:54 ` Johannes Weiner
2014-05-11 4:54 ` Johannes Weiner
[not found] ` <20140511045459.GA25009-druUgvl0LCNAfugRpC6u6w@public.gmane.org>
2014-05-11 12:38 ` Tejun Heo
2014-05-11 12:38 ` Tejun Heo
2014-05-16 16:07 ` [PATCH v2 " Tejun Heo
2014-05-16 16:07 ` Tejun Heo
[not found] ` <1399671091-23867-1-git-send-email-tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
2014-05-09 21:31 ` [PATCH 02/14] cgroup: remove pointless has tasks/children test from mem_cgroup_force_empty() Tejun Heo
2014-05-09 21:31 ` Tejun Heo
[not found] ` <1399671091-23867-3-git-send-email-tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
2014-05-12 14:53 ` Michal Hocko
2014-05-12 14:53 ` Michal Hocko
[not found] ` <20140512145324.GE9564-2MMpYkNvuYDjFM9bn6wA6Q@public.gmane.org>
2014-05-12 14:58 ` [PATCH] memcg: deprecate memory.force_empty knob Michal Hocko
2014-05-12 14:58 ` Michal Hocko
[not found] ` <20140512145803.GF9564-2MMpYkNvuYDjFM9bn6wA6Q@public.gmane.org>
2014-05-12 15:00 ` Tejun Heo
2014-05-12 15:00 ` Tejun Heo
[not found] ` <20140512150014.GB1421-Gd/HAXX7CRxy/B6EtB590w@public.gmane.org>
2014-05-12 15:20 ` Michal Hocko
2014-05-12 15:20 ` Michal Hocko
2014-05-12 15:25 ` Tejun Heo
[not found] ` <20140512152507.GD1421-Gd/HAXX7CRxy/B6EtB590w@public.gmane.org>
2014-05-12 15:34 ` Michal Hocko
2014-05-12 15:34 ` Michal Hocko
[not found] ` <20140512153458.GJ9564-2MMpYkNvuYDjFM9bn6wA6Q@public.gmane.org>
2014-05-13 13:16 ` Johannes Weiner
2014-05-13 13:16 ` Johannes Weiner
[not found] ` <20140513131655.GC18849-druUgvl0LCNAfugRpC6u6w@public.gmane.org>
2014-05-13 15:09 ` Michal Hocko
2014-05-13 15:09 ` Michal Hocko
2014-05-12 14:59 ` [PATCH 02/14] cgroup: remove pointless has tasks/children test from mem_cgroup_force_empty() Tejun Heo
2014-05-12 14:59 ` Tejun Heo
[not found] ` <20140512145927.GA1421-Gd/HAXX7CRxy/B6EtB590w@public.gmane.org>
2014-05-12 15:21 ` Michal Hocko
2014-05-12 15:21 ` Michal Hocko
2014-05-13 13:10 ` Johannes Weiner
2014-05-13 13:10 ` Johannes Weiner
2014-05-13 16:46 ` Tejun Heo
2014-05-13 16:46 ` Tejun Heo
2014-05-13 18:51 ` [PATCH UPDATED 02/14] memcg: remove " Tejun Heo
2014-05-13 18:51 ` Tejun Heo
2014-05-09 21:31 ` [PATCH 03/14] memcg: update memcg_has_children() to use css_next_child() Tejun Heo
2014-05-09 21:31 ` Tejun Heo
[not found] ` <1399671091-23867-4-git-send-email-tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
2014-05-12 15:18 ` Michal Hocko
2014-05-12 15:18 ` Michal Hocko
2014-05-13 16:53 ` [PATCH v2 " Tejun Heo
2014-05-09 21:31 ` [PATCH 06/14] cgroup: move cgroup->sibling and ->children into cgroup_subsys_state Tejun Heo
2014-05-09 21:31 ` Tejun Heo
2014-05-09 21:31 ` [PATCH 07/14] cgroup: link all cgroup_subsys_states in their sibling lists Tejun Heo
2014-05-09 21:31 ` Tejun Heo
2014-05-13 16:59 ` [PATCHSET cgroup/for-3.16] cgroup: iterate cgroup_subsys_states directly Tejun Heo
2014-05-13 16:59 ` Tejun Heo
2014-05-14 4:21 ` Li Zefan
2014-05-14 4:21 ` Li Zefan
[not found] ` <5372EF45.8060701-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2014-05-14 13:07 ` Tejun Heo
2014-05-14 13:07 ` Tejun Heo
[not found] ` <20140514130722.GE28815-Gd/HAXX7CRxy/B6EtB590w@public.gmane.org>
2014-05-16 1:28 ` Li Zefan
2014-05-16 1:28 ` Li Zefan
2014-05-16 1:29 ` Li Zefan
2014-05-16 1:29 ` Li Zefan
2014-05-16 16:08 ` Tejun Heo
2014-05-16 16:08 ` Tejun Heo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1399671091-23867-14-git-send-email-tj@kernel.org \
--to=tj@kernel.org \
--cc=aris@redhat.com \
--cc=cgroups@vger.kernel.org \
--cc=hannes@cmpxchg.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lizefan@huawei.com \
--cc=serge.hallyn@ubuntu.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.