aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinus Torvalds2012-12-12 10:18:24 -0600
committerLinus Torvalds2012-12-12 10:18:24 -0600
commitd206e09036d6201f90b2719484c8a59526c46125 (patch)
tree84b9057919bcb8cfd1cff47baa5fc74457e77d6d /security
parentfef3ff2eb777e76cfa5ae67591982d902c17139c (diff)
parent15ef4ffaa797034d5ff82844daf8f595d7c6d53c (diff)
downloadkernel-common-d206e09036d6201f90b2719484c8a59526c46125.tar.gz
kernel-common-d206e09036d6201f90b2719484c8a59526c46125.tar.xz
kernel-common-d206e09036d6201f90b2719484c8a59526c46125.zip
Merge branch 'for-3.8' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup
Pull cgroup changes from Tejun Heo: "A lot of activities on cgroup side. The big changes are focused on making cgroup hierarchy handling saner. - cgroup_rmdir() had peculiar semantics - it allowed cgroup destruction to be vetoed by individual controllers and tried to drain refcnt synchronously. The vetoing never worked properly and caused good deal of contortions in cgroup. memcg was the last reamining user. Michal Hocko removed the usage and cgroup_rmdir() path has been simplified significantly. This was done in a separate branch so that the memcg people can base further memcg changes on top. - The above allowed cleaning up cgroup lifecycle management and implementation of generic cgroup iterators which are used to improve hierarchy support. - cgroup_freezer updated to allow migration in and out of a frozen cgroup and handle hierarchy. If a cgroup is frozen, all descendant cgroups are frozen. - netcls_cgroup and netprio_cgroup updated to handle hierarchy properly. - Various fixes and cleanups. - Two merge commits. One to pull in memcg and rmdir cleanups (needed to build iterators). The other pulled in cgroup/for-3.7-fixes for device_cgroup fixes so that further device_cgroup patches can be stacked on top." Fixed up a trivial conflict in mm/memcontrol.c as per Tejun (due to commit bea8c150a7 ("memcg: fix hotplugged memory zone oops") in master touching code close to commit 2ef37d3fe4 ("memcg: Simplify mem_cgroup_force_empty_list error handling") in for-3.8) * 'for-3.8' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup: (65 commits) cgroup: update Documentation/cgroups/00-INDEX cgroup_rm_file: don't delete the uncreated files cgroup: remove subsystem files when remounting cgroup cgroup: use cgroup_addrm_files() in cgroup_clear_directory() cgroup: warn about broken hierarchies only after css_online cgroup: list_del_init() on removed events cgroup: fix lockdep warning for event_control cgroup: move list add after list head initilization netprio_cgroup: allow nesting and inherit config on cgroup creation netprio_cgroup: implement netprio[_set]_prio() helpers netprio_cgroup: use cgroup->id instead of cgroup_netprio_state->prioidx netprio_cgroup: reimplement priomap expansion netprio_cgroup: shorten variable names in extend_netdev_table() netprio_cgroup: simplify write_priomap() netcls_cgroup: move config inheritance to ->css_online() and remove .broken_hierarchy marking cgroup: remove obsolete guarantee from cgroup_task_migrate. cgroup: add cgroup->id cgroup, cpuset: remove cgroup_subsys->post_clone() cgroup: s/CGRP_CLONE_CHILDREN/CGRP_CPUSET_CLONE_CHILDREN/ cgroup: rename ->create/post_create/pre_destroy/destroy() to ->css_alloc/online/offline/free() ...
Diffstat (limited to 'security')
-rw-r--r--security/device_cgroup.c20
1 files changed, 16 insertions, 4 deletions
diff --git a/security/device_cgroup.c b/security/device_cgroup.c
index b08d20c66c2..19ecc8de9e6 100644
--- a/security/device_cgroup.c
+++ b/security/device_cgroup.c
@@ -82,6 +82,8 @@ static int dev_exceptions_copy(struct list_head *dest, struct list_head *orig)
82{ 82{
83 struct dev_exception_item *ex, *tmp, *new; 83 struct dev_exception_item *ex, *tmp, *new;
84 84
85 lockdep_assert_held(&devcgroup_mutex);
86
85 list_for_each_entry(ex, orig, list) { 87 list_for_each_entry(ex, orig, list) {
86 new = kmemdup(ex, sizeof(*ex), GFP_KERNEL); 88 new = kmemdup(ex, sizeof(*ex), GFP_KERNEL);
87 if (!new) 89 if (!new)
@@ -107,6 +109,8 @@ static int dev_exception_add(struct dev_cgroup *dev_cgroup,
107{ 109{
108 struct dev_exception_item *excopy, *walk; 110 struct dev_exception_item *excopy, *walk;
109 111
112 lockdep_assert_held(&devcgroup_mutex);
113
110 excopy = kmemdup(ex, sizeof(*ex), GFP_KERNEL); 114 excopy = kmemdup(ex, sizeof(*ex), GFP_KERNEL);
111 if (!excopy) 115 if (!excopy)
112 return -ENOMEM; 116 return -ENOMEM;
@@ -137,6 +141,8 @@ static void dev_exception_rm(struct dev_cgroup *dev_cgroup,
137{ 141{
138 struct dev_exception_item *walk, *tmp; 142 struct dev_exception_item *walk, *tmp;
139 143
144 lockdep_assert_held(&devcgroup_mutex);
145
140 list_for_each_entry_safe(walk, tmp, &dev_cgroup->exceptions, list) { 146 list_for_each_entry_safe(walk, tmp, &dev_cgroup->exceptions, list) {
141 if (walk->type != ex->type) 147 if (walk->type != ex->type)
142 continue; 148 continue;
@@ -163,6 +169,8 @@ static void dev_exception_clean(struct dev_cgroup *dev_cgroup)
163{ 169{
164 struct dev_exception_item *ex, *tmp; 170 struct dev_exception_item *ex, *tmp;
165 171
172 lockdep_assert_held(&devcgroup_mutex);
173
166 list_for_each_entry_safe(ex, tmp, &dev_cgroup->exceptions, list) { 174 list_for_each_entry_safe(ex, tmp, &dev_cgroup->exceptions, list) {
167 list_del_rcu(&ex->list); 175 list_del_rcu(&ex->list);
168 kfree_rcu(ex, rcu); 176 kfree_rcu(ex, rcu);
@@ -172,7 +180,7 @@ static void dev_exception_clean(struct dev_cgroup *dev_cgroup)
172/* 180/*
173 * called from kernel/cgroup.c with cgroup_lock() held. 181 * called from kernel/cgroup.c with cgroup_lock() held.
174 */ 182 */
175static struct cgroup_subsys_state *devcgroup_create(struct cgroup *cgroup) 183static struct cgroup_subsys_state *devcgroup_css_alloc(struct cgroup *cgroup)
176{ 184{
177 struct dev_cgroup *dev_cgroup, *parent_dev_cgroup; 185 struct dev_cgroup *dev_cgroup, *parent_dev_cgroup;
178 struct cgroup *parent_cgroup; 186 struct cgroup *parent_cgroup;
@@ -202,7 +210,7 @@ static struct cgroup_subsys_state *devcgroup_create(struct cgroup *cgroup)
202 return &dev_cgroup->css; 210 return &dev_cgroup->css;
203} 211}
204 212
205static void devcgroup_destroy(struct cgroup *cgroup) 213static void devcgroup_css_free(struct cgroup *cgroup)
206{ 214{
207 struct dev_cgroup *dev_cgroup; 215 struct dev_cgroup *dev_cgroup;
208 216
@@ -298,6 +306,10 @@ static int may_access(struct dev_cgroup *dev_cgroup,
298 struct dev_exception_item *ex; 306 struct dev_exception_item *ex;
299 bool match = false; 307 bool match = false;
300 308
309 rcu_lockdep_assert(rcu_read_lock_held() ||
310 lockdep_is_held(&devcgroup_mutex),
311 "device_cgroup::may_access() called without proper synchronization");
312
301 list_for_each_entry_rcu(ex, &dev_cgroup->exceptions, list) { 313 list_for_each_entry_rcu(ex, &dev_cgroup->exceptions, list) {
302 if ((refex->type & DEV_BLOCK) && !(ex->type & DEV_BLOCK)) 314 if ((refex->type & DEV_BLOCK) && !(ex->type & DEV_BLOCK))
303 continue; 315 continue;
@@ -552,8 +564,8 @@ static struct cftype dev_cgroup_files[] = {
552struct cgroup_subsys devices_subsys = { 564struct cgroup_subsys devices_subsys = {
553 .name = "devices", 565 .name = "devices",
554 .can_attach = devcgroup_can_attach, 566 .can_attach = devcgroup_can_attach,
555 .create = devcgroup_create, 567 .css_alloc = devcgroup_css_alloc,
556 .destroy = devcgroup_destroy, 568 .css_free = devcgroup_css_free,
557 .subsys_id = devices_subsys_id, 569 .subsys_id = devices_subsys_id,
558 .base_cftypes = dev_cgroup_files, 570 .base_cftypes = dev_cgroup_files,
559 571