Merge commit 'v2.6.28-rc1' into sched/urgent

author: Ingo Molnar <mingo@elte.hu> 2008-10-24 06:48:46 -0400
committer: Ingo Molnar <mingo@elte.hu> 2008-10-24 06:48:46 -0400
commit: 8c82a17e9c924c0e9f13e75e4c2f6bca19a4b516 (patch)
tree: d535f46a917e14e90deccb29ad00aac016ad18dd /security
parent: 4ce72a2c063a7fa8e42a9435440ae3364115a58d (diff)
parent: 57f8f7b60db6f1ed2c6918ab9230c4623a9dbe37 (diff)
2 files changed, 10 insertions, 45 deletions
diff --git a/security/device_cgroup.c b/security/device_cgroup.c
index 46f23971f7e4..5ba78701adc3 100644
--- a/security/device_cgroup.c
+++ b/security/device_cgroup.c
@@ -1,5 +1,5 @@
 /*
- * dev_cgroup.c - device cgroup subsystem
+ * device_cgroup.c - device cgroup subsystem
 *
 * Copyright 2007 IBM Corp
 */
@@ -10,6 +10,7 @@
 #include <linux/list.h>
 #include <linux/uaccess.h>
 #include <linux/seq_file.h>
+#include <linux/rcupdate.h>
 #define ACC_MKNOD 1
 #define ACC_READ  2
@@ -22,18 +23,8 @@
 /*
 * whitelist locking rules:
- * cgroup_lock() cannot be taken under dev_cgroup->lock.
+ * hold cgroup_lock() for update/read.
- * dev_cgroup->lock can be taken with or without cgroup_lock().
+ * hold rcu_read_lock() for read.
- *
- * modifications always require cgroup_lock
- * modifications to a list which is visible require the
- *   dev_cgroup->lock *and* cgroup_lock()
- * walking the list requires dev_cgroup->lock or cgroup_lock().
- *
- * reasoning: dev_whitelist_copy() needs to kmalloc, so needs
- *   a mutex, which the cgroup_lock() is.  Since modifying
- *   a visible list requires both locks, either lock can be
- *   taken for walking the list.
 */
 struct dev_whitelist_item {
@@ -47,7 +38,6 @@ struct dev_whitelist_item {
 struct dev_cgroup {
        struct cgroup_subsys_state css;
        struct list_head whitelist;
-        spinlock_t lock;
 };
 static inline struct dev_cgroup *css_to_devcgroup(struct cgroup_subsys_state *s)
@@ -84,13 +74,9 @@ static int dev_whitelist_copy(struct list_head *dest, struct list_head *orig)
        struct dev_whitelist_item *wh, *tmp, *new;
        list_for_each_entry(wh, orig, list) {
-                new = kmalloc(sizeof(*wh), GFP_KERNEL);
+                new = kmemdup(wh, sizeof(*wh), GFP_KERNEL);
                if (!new)
                        goto free_and_exit;
-                new->major = wh->major;
-                new->minor = wh->minor;
-                new->type = wh->type;
-                new->access = wh->access;
                list_add_tail(&new->list, dest);
        }
@@ -107,19 +93,16 @@ free_and_exit:
 /* Stupid prototype - don't bother combining existing entries */
 /*
 * called under cgroup_lock()
- * since the list is visible to other tasks, we need the spinlock also
 */
 static int dev_whitelist_add(struct dev_cgroup *dev_cgroup,
                        struct dev_whitelist_item *wh)
 {
        struct dev_whitelist_item *whcopy, *walk;
-        whcopy = kmalloc(sizeof(*whcopy), GFP_KERNEL);
+        whcopy = kmemdup(wh, sizeof(*wh), GFP_KERNEL);
        if (!whcopy)
                return -ENOMEM;
-        memcpy(whcopy, wh, sizeof(*whcopy));
-        spin_lock(&dev_cgroup->lock);
        list_for_each_entry(walk, &dev_cgroup->whitelist, list) {
                if (walk->type != wh->type)
                        continue;
@@ -135,7 +118,6 @@ static int dev_whitelist_add(struct dev_cgroup *dev_cgroup,
        if (whcopy != NULL)
                list_add_tail_rcu(&whcopy->list, &dev_cgroup->whitelist);
-        spin_unlock(&dev_cgroup->lock);
        return 0;
 }
@@ -149,14 +131,12 @@ static void whitelist_item_free(struct rcu_head *rcu)
 /*
 * called under cgroup_lock()
- * since the list is visible to other tasks, we need the spinlock also
 */
 static void dev_whitelist_rm(struct dev_cgroup *dev_cgroup,
                        struct dev_whitelist_item *wh)
 {
        struct dev_whitelist_item *walk, *tmp;
-        spin_lock(&dev_cgroup->lock);
        list_for_each_entry_safe(walk, tmp, &dev_cgroup->whitelist, list) {
                if (walk->type == DEV_ALL)
                        goto remove;
@@ -174,7 +154,6 @@ remove:
                        call_rcu(&walk->rcu, whitelist_item_free);
                }
        }
-        spin_unlock(&dev_cgroup->lock);
 }
 /*
@@ -214,7 +193,6 @@ static struct cgroup_subsys_state *devcgroup_create(struct cgroup_subsys *ss,
                }
        }
-        spin_lock_init(&dev_cgroup->lock);
        return &dev_cgroup->css;
 }
@@ -330,15 +308,11 @@ static int parent_has_perm(struct dev_cgroup *childcg,
 {
        struct cgroup *pcg = childcg->css.cgroup->parent;
        struct dev_cgroup *parent;
-        int ret;
        if (!pcg)
                return 1;
        parent = cgroup_to_devcgroup(pcg);
-        spin_lock(&parent->lock);
+        return may_access_whitelist(parent, wh);
-        ret = may_access_whitelist(parent, wh);
-        spin_unlock(&parent->lock);
-        return ret;
 }
 /*
@@ -357,17 +331,14 @@ static int parent_has_perm(struct dev_cgroup *childcg,
 static int devcgroup_update_access(struct dev_cgroup *devcgroup,
                                   int filetype, const char *buffer)
 {
-        struct dev_cgroup *cur_devcgroup;
        const char *b;
        char *endp;
-        int retval = 0, count;
+        int count;
        struct dev_whitelist_item wh;
        if (!capable(CAP_SYS_ADMIN))
                return -EPERM;
-        cur_devcgroup = task_devcgroup(current);
        memset(&wh, 0, sizeof(wh));
        b = buffer;
@@ -437,7 +408,6 @@ static int devcgroup_update_access(struct dev_cgroup *devcgroup,
        }
 handle:
-        retval = 0;
        switch (filetype) {
        case DEVCG_ALLOW:
                if (!parent_has_perm(devcgroup, &wh))
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 576e51199079..3e3fde7c1d2b 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -75,6 +75,7 @@
 #include <linux/string.h>
 #include <linux/selinux.h>
 #include <linux/mutex.h>
+#include <linux/posix-timers.h>
 #include "avc.h"
 #include "objsec.h"
@@ -2322,13 +2323,7 @@ static void selinux_bprm_post_apply_creds(struct linux_binprm *bprm)
                        initrlim = init_task.signal->rlim+i;
                        rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
                }
-                if (current->signal->rlim[RLIMIT_CPU].rlim_cur != RLIM_INFINITY) {
+                update_rlimit_cpu(rlim->rlim_cur);
-                        /*
-                         * This will cause RLIMIT_CPU calculations
-                         * to be refigured.
-                         */
-                        current->it_prof_expires = jiffies_to_cputime(1);
-                }
        }
        /* Wake up the parent if it is waiting so that it can
author	Ingo Molnar <mingo@elte.hu>	2008-10-24 06:48:46 -0400
committer	Ingo Molnar <mingo@elte.hu>	2008-10-24 06:48:46 -0400
commit	8c82a17e9c924c0e9f13e75e4c2f6bca19a4b516 (patch)
tree	d535f46a917e14e90deccb29ad00aac016ad18dd /security
parent	4ce72a2c063a7fa8e42a9435440ae3364115a58d (diff)
parent	57f8f7b60db6f1ed2c6918ab9230c4623a9dbe37 (diff)