diff options
| author | Li Zefan <lizf@cn.fujitsu.com> | 2008-09-02 17:35:52 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-09-02 22:21:38 -0400 |
| commit | 36fd71d293898a59b14e49da1f6e81c1a58f2035 (patch) | |
| tree | e67d5a0f6fc6caa83558f57588d9f69a46e5f4c9 | |
| parent | 09a2910e54646f7a334702fbafa7a6129dc072e6 (diff) | |
devcgroup: fix race against rmdir()
During the use of a dev_cgroup, we should guarantee the corresponding
cgroup won't be deleted (i.e. via rmdir). This can be done through
css_get(&dev_cgroup->css), but here we can just get and use the dev_cgroup
under rcu_read_lock.
And also remove checking NULL dev_cgroup, it won't be NULL since a task
always belongs to a cgroup.
Signed-off-by: Li Zefan <lizf@cn.fujitsu.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Cc: Paul Menage <menage@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| -rw-r--r-- | security/device_cgroup.c | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/security/device_cgroup.c b/security/device_cgroup.c index 7bd296cca041..46f23971f7e4 100644 --- a/security/device_cgroup.c +++ b/security/device_cgroup.c | |||
| @@ -508,12 +508,11 @@ int devcgroup_inode_permission(struct inode *inode, int mask) | |||
| 508 | return 0; | 508 | return 0; |
| 509 | if (!S_ISBLK(inode->i_mode) && !S_ISCHR(inode->i_mode)) | 509 | if (!S_ISBLK(inode->i_mode) && !S_ISCHR(inode->i_mode)) |
| 510 | return 0; | 510 | return 0; |
| 511 | dev_cgroup = css_to_devcgroup(task_subsys_state(current, | ||
| 512 | devices_subsys_id)); | ||
| 513 | if (!dev_cgroup) | ||
| 514 | return 0; | ||
| 515 | 511 | ||
| 516 | rcu_read_lock(); | 512 | rcu_read_lock(); |
| 513 | |||
| 514 | dev_cgroup = task_devcgroup(current); | ||
| 515 | |||
| 517 | list_for_each_entry_rcu(wh, &dev_cgroup->whitelist, list) { | 516 | list_for_each_entry_rcu(wh, &dev_cgroup->whitelist, list) { |
| 518 | if (wh->type & DEV_ALL) | 517 | if (wh->type & DEV_ALL) |
| 519 | goto acc_check; | 518 | goto acc_check; |
| @@ -533,6 +532,7 @@ acc_check: | |||
| 533 | rcu_read_unlock(); | 532 | rcu_read_unlock(); |
| 534 | return 0; | 533 | return 0; |
| 535 | } | 534 | } |
| 535 | |||
| 536 | rcu_read_unlock(); | 536 | rcu_read_unlock(); |
| 537 | 537 | ||
| 538 | return -EPERM; | 538 | return -EPERM; |
| @@ -543,12 +543,10 @@ int devcgroup_inode_mknod(int mode, dev_t dev) | |||
| 543 | struct dev_cgroup *dev_cgroup; | 543 | struct dev_cgroup *dev_cgroup; |
| 544 | struct dev_whitelist_item *wh; | 544 | struct dev_whitelist_item *wh; |
| 545 | 545 | ||
| 546 | dev_cgroup = css_to_devcgroup(task_subsys_state(current, | ||
| 547 | devices_subsys_id)); | ||
| 548 | if (!dev_cgroup) | ||
| 549 | return 0; | ||
| 550 | |||
| 551 | rcu_read_lock(); | 546 | rcu_read_lock(); |
| 547 | |||
| 548 | dev_cgroup = task_devcgroup(current); | ||
| 549 | |||
| 552 | list_for_each_entry(wh, &dev_cgroup->whitelist, list) { | 550 | list_for_each_entry(wh, &dev_cgroup->whitelist, list) { |
| 553 | if (wh->type & DEV_ALL) | 551 | if (wh->type & DEV_ALL) |
| 554 | goto acc_check; | 552 | goto acc_check; |
| @@ -566,6 +564,8 @@ acc_check: | |||
| 566 | rcu_read_unlock(); | 564 | rcu_read_unlock(); |
| 567 | return 0; | 565 | return 0; |
| 568 | } | 566 | } |
| 567 | |||
| 569 | rcu_read_unlock(); | 568 | rcu_read_unlock(); |
| 569 | |||
| 570 | return -EPERM; | 570 | return -EPERM; |
| 571 | } | 571 | } |