diff options
author | Tejun Heo <tj@kernel.org> | 2014-05-16 13:22:52 -0400 |
---|---|---|
committer | Tejun Heo <tj@kernel.org> | 2014-05-16 13:22:52 -0400 |
commit | 7a3bb24f7c5ceebad19b12b66fd832a27a7e90df (patch) | |
tree | fc1d5735096c2d0012f9a1e3235279397a7011b5 /security | |
parent | f3d4650015301d1c880df4523f7e7ef320a38aab (diff) | |
download | linux-7a3bb24f7c5ceebad19b12b66fd832a27a7e90df.tar.bz2 |
device_cgroup: use css_has_online_children() instead of has_children()
devcgroup_update_access() wants to know whether there are child
cgroups which are online and visible to userland and has_children()
may return false positive. Replace it with css_has_online_children().
Signed-off-by: Tejun Heo <tj@kernel.org>
Acked-by: Aristeu Rozanski <aris@redhat.com>
Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Li Zefan <lizefan@huawei.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/device_cgroup.c | 19 |
1 files changed, 2 insertions, 17 deletions
diff --git a/security/device_cgroup.c b/security/device_cgroup.c index 084c8e417564..d9d69e6930ed 100644 --- a/security/device_cgroup.c +++ b/security/device_cgroup.c @@ -587,21 +587,6 @@ static int propagate_exception(struct dev_cgroup *devcg_root, return rc; } -static inline bool has_children(struct dev_cgroup *devcgroup) -{ - bool ret; - - /* - * FIXME: There may be lingering offline csses and this function - * may return %true when there isn't any userland-visible child - * which is incorrect for our purposes. - */ - rcu_read_lock(); - ret = css_next_child(NULL, &devcgroup->css); - rcu_read_unlock(); - return ret; -} - /* * Modify the exception list using allow/deny rules. * CAP_SYS_ADMIN is needed for this. It's at least separate from CAP_MKNOD @@ -634,7 +619,7 @@ static int devcgroup_update_access(struct dev_cgroup *devcgroup, case 'a': switch (filetype) { case DEVCG_ALLOW: - if (has_children(devcgroup)) + if (css_has_online_children(&devcgroup->css)) return -EINVAL; if (!may_allow_all(parent)) @@ -650,7 +635,7 @@ static int devcgroup_update_access(struct dev_cgroup *devcgroup, return rc; break; case DEVCG_DENY: - if (has_children(devcgroup)) + if (css_has_online_children(&devcgroup->css)) return -EINVAL; dev_exception_clean(devcgroup); |