path: root/security
diff options
authorTejun Heo <tj@kernel.org>2014-05-16 13:22:48 -0400
committerTejun Heo <tj@kernel.org>2014-05-16 13:22:48 -0400
commit5877019d97ab827b808e8759c71ef8d31490907a (patch)
treeb7fb8eb3c632b5a64cbf038181e46af5753d42c4 /security
parentea280e7b408ca0dad195ce9836feccdd1dc32131 (diff)
device_cgroup: remove direct access to cgroup->children
Currently, devcg::has_children() directly tests cgroup->children for list emptiness. The field is not a published field and scheduled to go away. In addition, the test isn't strictly correct as devcg should only care about children which are visible to userland. This patch converts has_children() to use css_next_child() instead. The subtle incorrectness is noted and will be dealt with later. Signed-off-by: Tejun Heo <tj@kernel.org> Acked-by: Aristeu Rozanski <aris@redhat.com> Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Li Zefan <lizefan@huawei.com>
Diffstat (limited to 'security')
1 files changed, 10 insertions, 2 deletions
diff --git a/security/device_cgroup.c b/security/device_cgroup.c
index ce14a31b1337..084c8e417564 100644
--- a/security/device_cgroup.c
+++ b/security/device_cgroup.c
@@ -589,9 +589,17 @@ static int propagate_exception(struct dev_cgroup *devcg_root,
static inline bool has_children(struct dev_cgroup *devcgroup)
- struct cgroup *cgrp = devcgroup->css.cgroup;
+ bool ret;
- return !list_empty(&cgrp->children);
+ /*
+ * FIXME: There may be lingering offline csses and this function
+ * may return %true when there isn't any userland-visible child
+ * which is incorrect for our purposes.
+ */
+ rcu_read_lock();
+ ret = css_next_child(NULL, &devcgroup->css);
+ rcu_read_unlock();
+ return ret;

Privacy Policy