From: "Serge E. Hallyn" <serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org>
To: aris-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org
Cc: linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Tejun Heo <tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
Serge Hallyn
<serge.hallyn-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>
Subject: Re: [PATCH v4 6/9] devcg: use css_online and css_offline
Date: Wed, 30 Jan 2013 20:40:07 +0000 [thread overview]
Message-ID: <20130130204007.GD8507@mail.hallyn.com> (raw)
In-Reply-To: <20130130171101.947461296-cd6kKtb6gxi3M6m420IelR/sF2h8X+2i0E9HWUfgJXw@public.gmane.org>
Quoting aris-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org (aris-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org):
> Allocate resources and change behavior only when online. This is needed in
> order to determine if a node is suitable for hierarchy propagation or if it's
> being removed.
>
> Locking:
> Both functions take devcgroup_mutex to make changes to device_cgroup structure.
> Hierarchy propagation will also take devcgroup_mutex before walking the
> tree while walking the tree itself is protected by rcu lock.
>
> Acked-by: Tejun Heo <tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
> Cc: Tejun Heo <tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
> Cc: Serge Hallyn <serge.hallyn-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>
Acked-by: Serge Hallyn <serge.hallyn-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>
> Signed-off-by: Aristeu Rozanski <aris-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
>
> ---
> security/device_cgroup.c | 59 +++++++++++++++++++++++++++++++++--------------
> 1 file changed, 42 insertions(+), 17 deletions(-)
>
> --- github.orig/security/device_cgroup.c 2013-01-30 09:00:09.435351867 -0500
> +++ github/security/device_cgroup.c 2013-01-30 09:09:12.572464122 -0500
> @@ -230,14 +230,51 @@ static void dev_exception_clean(struct d
> __dev_exception_clean(dev_cgroup);
> }
>
> +/**
> + * devcgroup_online - initializes devcgroup's behavior and exceptions based on
> + * parent's
> + * @cgroup: cgroup getting online
> + * returns 0 in case of success, error code otherwise
> + */
> +static int devcgroup_online(struct cgroup *cgroup)
> +{
> + struct dev_cgroup *dev_cgroup, *parent_dev_cgroup = NULL;
> + int ret = 0;
> +
> + mutex_lock(&devcgroup_mutex);
> + dev_cgroup = cgroup_to_devcgroup(cgroup);
> + if (cgroup->parent)
> + parent_dev_cgroup = cgroup_to_devcgroup(cgroup->parent);
> +
> + if (parent_dev_cgroup == NULL)
> + dev_cgroup->behavior = DEVCG_DEFAULT_ALLOW;
> + else {
> + ret = dev_exceptions_copy(&dev_cgroup->exceptions,
> + &parent_dev_cgroup->exceptions);
> + if (!ret)
> + dev_cgroup->behavior = parent_dev_cgroup->behavior;
> + }
> + mutex_unlock(&devcgroup_mutex);
> +
> + return ret;
> +}
> +
> +static void devcgroup_offline(struct cgroup *cgroup)
> +{
> + struct dev_cgroup *dev_cgroup = cgroup_to_devcgroup(cgroup);
> +
> + mutex_lock(&devcgroup_mutex);
> + dev_cgroup->behavior = DEVCG_DEFAULT_NONE;
> + mutex_unlock(&devcgroup_mutex);
> +}
> +
> /*
> * called from kernel/cgroup.c with cgroup_lock() held.
> */
> static struct cgroup_subsys_state *devcgroup_css_alloc(struct cgroup *cgroup)
> {
> - struct dev_cgroup *dev_cgroup, *parent_dev_cgroup;
> + struct dev_cgroup *dev_cgroup;
> struct cgroup *parent_cgroup;
> - int ret;
>
> dev_cgroup = kzalloc(sizeof(*dev_cgroup), GFP_KERNEL);
> if (!dev_cgroup)
> @@ -245,23 +282,9 @@ static struct cgroup_subsys_state *devcg
> INIT_LIST_HEAD(&dev_cgroup->exceptions);
> INIT_LIST_HEAD(&dev_cgroup->local.exceptions);
> dev_cgroup->local.behavior = DEVCG_DEFAULT_NONE;
> + dev_cgroup->behavior = DEVCG_DEFAULT_NONE;
> parent_cgroup = cgroup->parent;
>
> - if (parent_cgroup == NULL)
> - dev_cgroup->behavior = DEVCG_DEFAULT_ALLOW;
> - else {
> - parent_dev_cgroup = cgroup_to_devcgroup(parent_cgroup);
> - mutex_lock(&devcgroup_mutex);
> - ret = dev_exceptions_copy(&dev_cgroup->exceptions,
> - &parent_dev_cgroup->exceptions);
> - dev_cgroup->behavior = parent_dev_cgroup->behavior;
> - mutex_unlock(&devcgroup_mutex);
> - if (ret) {
> - kfree(dev_cgroup);
> - return ERR_PTR(ret);
> - }
> - }
> -
> return &dev_cgroup->css;
> }
>
> @@ -635,6 +658,8 @@ struct cgroup_subsys devices_subsys = {
> .can_attach = devcgroup_can_attach,
> .css_alloc = devcgroup_css_alloc,
> .css_free = devcgroup_css_free,
> + .css_online = devcgroup_online,
> + .css_offline = devcgroup_offline,
> .subsys_id = devices_subsys_id,
> .base_cftypes = dev_cgroup_files,
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
WARNING: multiple messages have this Message-ID (diff)
From: "Serge E. Hallyn" <serge@hallyn.com>
To: aris@redhat.com
Cc: linux-kernel@vger.kernel.org, cgroups@vger.kernel.org,
Tejun Heo <tj@kernel.org>,
Serge Hallyn <serge.hallyn@canonical.com>
Subject: Re: [PATCH v4 6/9] devcg: use css_online and css_offline
Date: Wed, 30 Jan 2013 20:40:07 +0000 [thread overview]
Message-ID: <20130130204007.GD8507@mail.hallyn.com> (raw)
In-Reply-To: <20130130171101.947461296@napanee.usersys.redhat.com>
Quoting aris@redhat.com (aris@redhat.com):
> Allocate resources and change behavior only when online. This is needed in
> order to determine if a node is suitable for hierarchy propagation or if it's
> being removed.
>
> Locking:
> Both functions take devcgroup_mutex to make changes to device_cgroup structure.
> Hierarchy propagation will also take devcgroup_mutex before walking the
> tree while walking the tree itself is protected by rcu lock.
>
> Acked-by: Tejun Heo <tj@kernel.org>
> Cc: Tejun Heo <tj@kernel.org>
> Cc: Serge Hallyn <serge.hallyn@canonical.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
> Signed-off-by: Aristeu Rozanski <aris@redhat.com>
>
> ---
> security/device_cgroup.c | 59 +++++++++++++++++++++++++++++++++--------------
> 1 file changed, 42 insertions(+), 17 deletions(-)
>
> --- github.orig/security/device_cgroup.c 2013-01-30 09:00:09.435351867 -0500
> +++ github/security/device_cgroup.c 2013-01-30 09:09:12.572464122 -0500
> @@ -230,14 +230,51 @@ static void dev_exception_clean(struct d
> __dev_exception_clean(dev_cgroup);
> }
>
> +/**
> + * devcgroup_online - initializes devcgroup's behavior and exceptions based on
> + * parent's
> + * @cgroup: cgroup getting online
> + * returns 0 in case of success, error code otherwise
> + */
> +static int devcgroup_online(struct cgroup *cgroup)
> +{
> + struct dev_cgroup *dev_cgroup, *parent_dev_cgroup = NULL;
> + int ret = 0;
> +
> + mutex_lock(&devcgroup_mutex);
> + dev_cgroup = cgroup_to_devcgroup(cgroup);
> + if (cgroup->parent)
> + parent_dev_cgroup = cgroup_to_devcgroup(cgroup->parent);
> +
> + if (parent_dev_cgroup == NULL)
> + dev_cgroup->behavior = DEVCG_DEFAULT_ALLOW;
> + else {
> + ret = dev_exceptions_copy(&dev_cgroup->exceptions,
> + &parent_dev_cgroup->exceptions);
> + if (!ret)
> + dev_cgroup->behavior = parent_dev_cgroup->behavior;
> + }
> + mutex_unlock(&devcgroup_mutex);
> +
> + return ret;
> +}
> +
> +static void devcgroup_offline(struct cgroup *cgroup)
> +{
> + struct dev_cgroup *dev_cgroup = cgroup_to_devcgroup(cgroup);
> +
> + mutex_lock(&devcgroup_mutex);
> + dev_cgroup->behavior = DEVCG_DEFAULT_NONE;
> + mutex_unlock(&devcgroup_mutex);
> +}
> +
> /*
> * called from kernel/cgroup.c with cgroup_lock() held.
> */
> static struct cgroup_subsys_state *devcgroup_css_alloc(struct cgroup *cgroup)
> {
> - struct dev_cgroup *dev_cgroup, *parent_dev_cgroup;
> + struct dev_cgroup *dev_cgroup;
> struct cgroup *parent_cgroup;
> - int ret;
>
> dev_cgroup = kzalloc(sizeof(*dev_cgroup), GFP_KERNEL);
> if (!dev_cgroup)
> @@ -245,23 +282,9 @@ static struct cgroup_subsys_state *devcg
> INIT_LIST_HEAD(&dev_cgroup->exceptions);
> INIT_LIST_HEAD(&dev_cgroup->local.exceptions);
> dev_cgroup->local.behavior = DEVCG_DEFAULT_NONE;
> + dev_cgroup->behavior = DEVCG_DEFAULT_NONE;
> parent_cgroup = cgroup->parent;
>
> - if (parent_cgroup == NULL)
> - dev_cgroup->behavior = DEVCG_DEFAULT_ALLOW;
> - else {
> - parent_dev_cgroup = cgroup_to_devcgroup(parent_cgroup);
> - mutex_lock(&devcgroup_mutex);
> - ret = dev_exceptions_copy(&dev_cgroup->exceptions,
> - &parent_dev_cgroup->exceptions);
> - dev_cgroup->behavior = parent_dev_cgroup->behavior;
> - mutex_unlock(&devcgroup_mutex);
> - if (ret) {
> - kfree(dev_cgroup);
> - return ERR_PTR(ret);
> - }
> - }
> -
> return &dev_cgroup->css;
> }
>
> @@ -635,6 +658,8 @@ struct cgroup_subsys devices_subsys = {
> .can_attach = devcgroup_can_attach,
> .css_alloc = devcgroup_css_alloc,
> .css_free = devcgroup_css_free,
> + .css_online = devcgroup_online,
> + .css_offline = devcgroup_offline,
> .subsys_id = devices_subsys_id,
> .base_cftypes = dev_cgroup_files,
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
next prev parent reply other threads:[~2013-01-30 20:40 UTC|newest]
Thread overview: 76+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-01-30 17:11 [PATCH v4 0/9] devcg: introduce proper hierarchy support aris
2013-01-30 17:11 ` [PATCH v4 1/9] device_cgroup: prepare exception list handling functions for two lists aris
[not found] ` <20130130171101.263587090-cd6kKtb6gxi3M6m420IelR/sF2h8X+2i0E9HWUfgJXw@public.gmane.org>
2013-01-30 19:34 ` Serge E. Hallyn
2013-01-30 19:34 ` Serge E. Hallyn
2013-01-30 17:11 ` [PATCH v4 2/9] devcg: reorder device exception functions aris
[not found] ` <20130130171101.406627645-cd6kKtb6gxi3M6m420IelR/sF2h8X+2i0E9HWUfgJXw@public.gmane.org>
2013-01-30 19:44 ` Serge E. Hallyn
2013-01-30 19:44 ` Serge E. Hallyn
2013-01-30 17:11 ` [PATCH v4 3/9] device_cgroup: keep track of local group settings aris-H+wXaHxf7aLQT0dZR+AlfA
2013-01-30 17:11 ` aris
[not found] ` <20130130171101.538945424-cd6kKtb6gxi3M6m420IelR/sF2h8X+2i0E9HWUfgJXw@public.gmane.org>
2013-01-30 20:01 ` Serge E. Hallyn
2013-01-30 20:01 ` Serge E. Hallyn
2013-01-30 17:11 ` [PATCH v4 4/9] devcg: expand may_access() logic aris-H+wXaHxf7aLQT0dZR+AlfA
2013-01-30 17:11 ` aris
[not found] ` <20130130171101.690972553-cd6kKtb6gxi3M6m420IelR/sF2h8X+2i0E9HWUfgJXw@public.gmane.org>
2013-01-30 20:09 ` Serge E. Hallyn
2013-01-30 20:09 ` Serge E. Hallyn
2013-01-30 17:11 ` [PATCH v4 5/9] devcg: prepare may_access() for hierarchy support aris
[not found] ` <20130130171101.812377398-cd6kKtb6gxi3M6m420IelR/sF2h8X+2i0E9HWUfgJXw@public.gmane.org>
2013-01-30 20:30 ` Serge E. Hallyn
2013-01-30 20:30 ` Serge E. Hallyn
2013-01-30 17:11 ` [PATCH v4 6/9] devcg: use css_online and css_offline aris
[not found] ` <20130130171101.947461296-cd6kKtb6gxi3M6m420IelR/sF2h8X+2i0E9HWUfgJXw@public.gmane.org>
2013-01-30 20:40 ` Serge E. Hallyn [this message]
2013-01-30 20:40 ` Serge E. Hallyn
2013-01-30 17:11 ` [PATCH v4 7/9] devcg: split single exception copy from dev_exceptions_copy() aris-H+wXaHxf7aLQT0dZR+AlfA
2013-01-30 17:11 ` aris
[not found] ` <20130130171102.108794435-cd6kKtb6gxi3M6m420IelR/sF2h8X+2i0E9HWUfgJXw@public.gmane.org>
2013-01-30 20:42 ` Serge E. Hallyn
2013-01-30 20:42 ` Serge E. Hallyn
2013-01-30 17:11 ` [PATCH v4 8/9] devcg: refactor dev_exception_clean() aris-H+wXaHxf7aLQT0dZR+AlfA
2013-01-30 17:11 ` aris
2013-01-30 20:47 ` Serge E. Hallyn
[not found] ` <20130130204730.GF8507-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2013-01-30 20:49 ` Aristeu Rozanski
2013-01-30 20:49 ` Aristeu Rozanski
[not found] ` <20130130204917.GL17632-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-01-30 20:50 ` Tejun Heo
2013-01-30 20:50 ` Tejun Heo
[not found] ` <CAOS58YOHkK9xTBPFAXKksrwP7ZxQc_WuGOp39D94Z1pBsFHfjw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-01-31 2:15 ` Li Zefan
2013-01-31 2:15 ` Li Zefan
2013-01-31 15:13 ` Aristeu Rozanski
2013-01-31 15:13 ` Aristeu Rozanski
2013-01-30 17:11 ` [PATCH v4 9/9] devcg: propagate local changes down the hierarchy aris
[not found] ` <20130130171102.390708521-cd6kKtb6gxi3M6m420IelR/sF2h8X+2i0E9HWUfgJXw@public.gmane.org>
2013-01-30 21:35 ` Serge E. Hallyn
2013-01-30 21:35 ` Serge E. Hallyn
2013-01-31 4:19 ` Serge E. Hallyn
2013-01-31 4:19 ` Serge E. Hallyn
[not found] ` <20130131041932.GB14576-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2013-01-31 22:00 ` Aristeu Rozanski
2013-01-31 22:00 ` Aristeu Rozanski
2013-01-31 4:38 ` Serge E. Hallyn
[not found] ` <20130131043839.GA14726-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2013-01-31 22:03 ` Aristeu Rozanski
2013-01-31 22:03 ` Aristeu Rozanski
2013-02-01 19:09 ` [PATCH v5 " Aristeu Rozanski
2013-02-01 19:09 ` Aristeu Rozanski
[not found] ` <20130201190958.GP17632-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-02-02 16:13 ` Serge E. Hallyn
2013-02-02 16:13 ` Serge E. Hallyn
[not found] ` <20130202161341.GA11284-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2013-02-04 15:03 ` Aristeu Rozanski
2013-02-04 15:03 ` Aristeu Rozanski
[not found] ` <20130204150307.GQ17632-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-02-04 15:17 ` Serge Hallyn
2013-02-04 15:17 ` Serge Hallyn
2013-02-02 16:20 ` Serge E. Hallyn
2013-02-02 16:20 ` Serge E. Hallyn
[not found] ` <20130202162052.GB11284-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2013-02-04 15:09 ` Aristeu Rozanski
2013-02-04 15:09 ` Aristeu Rozanski
2013-02-05 18:36 ` [PATCH v6 " Aristeu Rozanski
2013-02-05 18:36 ` Aristeu Rozanski
[not found] ` <20130205183646.GT17632-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-02-09 3:53 ` Serge E. Hallyn
2013-02-09 3:53 ` Serge E. Hallyn
[not found] ` <20130209035357.GA31122-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2013-02-11 14:30 ` Aristeu Rozanski
2013-02-11 14:30 ` Aristeu Rozanski
2013-02-09 4:04 ` Serge E. Hallyn
2013-02-09 4:04 ` Serge E. Hallyn
[not found] ` <20130209040402.GA31942-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2013-02-11 14:32 ` Aristeu Rozanski
2013-02-11 14:32 ` Aristeu Rozanski
2013-02-11 17:42 ` Serge E. Hallyn
[not found] ` <20130211174259.GA18179-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2013-02-11 18:38 ` Aristeu Rozanski
2013-02-11 18:38 ` Aristeu Rozanski
2013-02-11 18:52 ` Serge E. Hallyn
[not found] ` <20130211185239.GA18779-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2013-02-11 19:02 ` Aristeu Rozanski
2013-02-11 19:02 ` Aristeu Rozanski
[not found] ` <20130211190251.GH30962-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-02-11 20:47 ` Serge Hallyn
2013-02-11 20:47 ` Serge Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130130204007.GD8507@mail.hallyn.com \
--to=serge-a9i7lubdfnhqt0dzr+alfa@public.gmane.org \
--cc=aris-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=serge.hallyn-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org \
--cc=tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.