diff options
author | Tejun Heo <tj@kernel.org> | 2013-08-08 20:11:23 -0400 |
---|---|---|
committer | Tejun Heo <tj@kernel.org> | 2013-08-08 20:11:23 -0400 |
commit | 6387698699afd72d6304566fb6ccf84bffe07c56 (patch) | |
tree | 9440e96fa8e5adce62409a5b0e40984dfedaada3 /security/device_cgroup.c | |
parent | a7c6d554aa01236ac2a9f851ab0f75704f76dfa2 (diff) |
cgroup: add css_parent()
Currently, controllers have to explicitly follow the cgroup hierarchy
to find the parent of a given css. cgroup is moving towards using
cgroup_subsys_state as the main controller interface construct, so
let's provide a way to climb the hierarchy using just csses.
This patch implements css_parent() which, given a css, returns its
parent. The function is guarnateed to valid non-NULL parent css as
long as the target css is not at the top of the hierarchy.
freezer, cpuset, cpu, cpuacct, hugetlb, memory, net_cls and devices
are converted to use css_parent() instead of accessing cgroup->parent
directly.
* __parent_ca() is dropped from cpuacct and its usage is replaced with
parent_ca(). The only difference between the two was NULL test on
cgroup->parent which is now embedded in css_parent() making the
distinction moot. Note that eventually a css->parent field will be
added to css and the NULL check in css_parent() will go away.
This patch shouldn't cause any behavior differences.
Signed-off-by: Tejun Heo <tj@kernel.org>
Acked-by: Li Zefan <lizefan@huawei.com>
Diffstat (limited to 'security/device_cgroup.c')
-rw-r--r-- | security/device_cgroup.c | 18 |
1 files changed, 5 insertions, 13 deletions
diff --git a/security/device_cgroup.c b/security/device_cgroup.c index 90953648c643..635a49db005d 100644 --- a/security/device_cgroup.c +++ b/security/device_cgroup.c | |||
@@ -198,13 +198,11 @@ static inline bool is_devcg_online(const struct dev_cgroup *devcg) | |||
198 | */ | 198 | */ |
199 | static int devcgroup_online(struct cgroup *cgroup) | 199 | static int devcgroup_online(struct cgroup *cgroup) |
200 | { | 200 | { |
201 | struct dev_cgroup *dev_cgroup, *parent_dev_cgroup = NULL; | 201 | struct dev_cgroup *dev_cgroup = cgroup_to_devcgroup(cgroup); |
202 | struct dev_cgroup *parent_dev_cgroup = css_to_devcgroup(css_parent(&dev_cgroup->css)); | ||
202 | int ret = 0; | 203 | int ret = 0; |
203 | 204 | ||
204 | mutex_lock(&devcgroup_mutex); | 205 | mutex_lock(&devcgroup_mutex); |
205 | dev_cgroup = cgroup_to_devcgroup(cgroup); | ||
206 | if (cgroup->parent) | ||
207 | parent_dev_cgroup = cgroup_to_devcgroup(cgroup->parent); | ||
208 | 206 | ||
209 | if (parent_dev_cgroup == NULL) | 207 | if (parent_dev_cgroup == NULL) |
210 | dev_cgroup->behavior = DEVCG_DEFAULT_ALLOW; | 208 | dev_cgroup->behavior = DEVCG_DEFAULT_ALLOW; |
@@ -394,12 +392,10 @@ static bool may_access(struct dev_cgroup *dev_cgroup, | |||
394 | static int parent_has_perm(struct dev_cgroup *childcg, | 392 | static int parent_has_perm(struct dev_cgroup *childcg, |
395 | struct dev_exception_item *ex) | 393 | struct dev_exception_item *ex) |
396 | { | 394 | { |
397 | struct cgroup *pcg = childcg->css.cgroup->parent; | 395 | struct dev_cgroup *parent = css_to_devcgroup(css_parent(&childcg->css)); |
398 | struct dev_cgroup *parent; | ||
399 | 396 | ||
400 | if (!pcg) | 397 | if (!parent) |
401 | return 1; | 398 | return 1; |
402 | parent = cgroup_to_devcgroup(pcg); | ||
403 | return may_access(parent, ex, childcg->behavior); | 399 | return may_access(parent, ex, childcg->behavior); |
404 | } | 400 | } |
405 | 401 | ||
@@ -524,15 +520,11 @@ static int devcgroup_update_access(struct dev_cgroup *devcgroup, | |||
524 | char temp[12]; /* 11 + 1 characters needed for a u32 */ | 520 | char temp[12]; /* 11 + 1 characters needed for a u32 */ |
525 | int count, rc = 0; | 521 | int count, rc = 0; |
526 | struct dev_exception_item ex; | 522 | struct dev_exception_item ex; |
527 | struct cgroup *p = devcgroup->css.cgroup; | 523 | struct dev_cgroup *parent = css_to_devcgroup(css_parent(&devcgroup->css)); |
528 | struct dev_cgroup *parent = NULL; | ||
529 | 524 | ||
530 | if (!capable(CAP_SYS_ADMIN)) | 525 | if (!capable(CAP_SYS_ADMIN)) |
531 | return -EPERM; | 526 | return -EPERM; |
532 | 527 | ||
533 | if (p->parent) | ||
534 | parent = cgroup_to_devcgroup(p->parent); | ||
535 | |||
536 | memset(&ex, 0, sizeof(ex)); | 528 | memset(&ex, 0, sizeof(ex)); |
537 | b = buffer; | 529 | b = buffer; |
538 | 530 | ||