device_cgroup: use css_has_online_children() instead of has_children() [Linux 3.16]

This Linux kernel change "device_cgroup: use css_has_online_children() instead of has_children()" is included in the Linux 3.16 release. This change is authored by Tejun Heo <tj [at] kernel.org> on Fri May 16 13:22:52 2014 -0400. The commit for this change in Linux stable tree is 7a3bb24 (patch).

device_cgroup: use css_has_online_children() instead of has_children()

devcgroup_update_access() wants to know whether there are child
cgroups which are online and visible to userland and has_children()
may return false positive.  Replace it with css_has_online_children().

Signed-off-by: Tejun Heo <tj@kernel.org>
Acked-by: Aristeu Rozanski <aris@redhat.com>
Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Li Zefan <lizefan@huawei.com>

There are 19 lines of Linux source code added/deleted in this change. Code changes to Linux kernel are as follows.

 security/device_cgroup.c | 19 ++-----------------
 1 file changed, 2 insertions(+), 17 deletions(-)

diff --git a/security/device_cgroup.c b/security/device_cgroup.c
index 084c8e4..d9d69e6 100644
--- a/security/device_cgroup.c
+++ b/security/device_cgroup.c
@@ -587,21 +587,6 @@ static int propagate_exception(struct dev_cgroup *devcg_root,
    return rc;
 }

-static inline bool has_children(struct dev_cgroup *devcgroup)
-{
-   bool ret;
-
-   /*
-    * FIXME: There may be lingering offline csses and this function
-    * may return %true when there isn't any userland-visible child
-    * which is incorrect for our purposes.
-    */
-   rcu_read_lock();
-   ret = css_next_child(NULL, &devcgroup->css);
-   rcu_read_unlock();
-   return ret;
-}
-
 /*
  * Modify the exception list using allow/deny rules.
  * CAP_SYS_ADMIN is needed for this.  It's at least separate from CAP_MKNOD
@@ -634,7 +619,7 @@ static int devcgroup_update_access(struct dev_cgroup *devcgroup,
    case 'a':
        switch (filetype) {
        case DEVCG_ALLOW:
-           if (has_children(devcgroup))
+           if (css_has_online_children(&devcgroup->css))
                return -EINVAL;

            if (!may_allow_all(parent))
@@ -650,7 +635,7 @@ static int devcgroup_update_access(struct dev_cgroup *devcgroup,
                return rc;
            break;
        case DEVCG_DENY:
-           if (has_children(devcgroup))
+           if (css_has_online_children(&devcgroup->css))
                return -EINVAL;

            dev_exception_clean(devcgroup);

Leave a Reply

Your email address will not be published. Required fields are marked *