[PATCH v5 4/6] cgroup: add cgroup_may_write() helper

[PATCH v5 0/6] clone3 & cgroups: allow spawning processes into cgroups · Christian Brauner <hidden> · 2020-01-21
[PATCH v5 1/6] cgroup: unify attach permission checking · Christian Brauner <hidden> · 2020-01-21
Re: [PATCH v5 1/6] cgroup: unify attach permission checking · Michal Koutný <mkoutny@suse.com> · 2020-01-29
[PATCH v5 2/6] cgroup: add cgroup_get_from_file() helper · Christian Brauner <hidden> · 2020-01-21
Re: [PATCH v5 2/6] cgroup: add cgroup_get_from_file() helper · Michal Koutný <mkoutny@suse.com> · 2020-01-29
[PATCH v5 3/6] cgroup: refactor fork helpers · Christian Brauner <hidden> · 2020-01-21
Re: [PATCH v5 3/6] cgroup: refactor fork helpers · Michal Koutný <mkoutny@suse.com> · 2020-01-29
[PATCH v5 4/6] cgroup: add cgroup_may_write() helper · Christian Brauner <hidden> · 2020-01-21
[PATCH v5 6/6] selftests/cgroup: add tests for cloning into cgroups · Christian Brauner <hidden> · 2020-01-21
[PATCH v5 5/6] clone3: allow spawning processes into cgroups · Christian Brauner <hidden> · 2020-01-21
Re: [PATCH v5 5/6] clone3: allow spawning processes into cgroups · Michal Koutný <mkoutny@suse.com> · 2020-01-29
Re: [PATCH v5 5/6] clone3: allow spawning processes into cgroups · Christian Brauner <hidden> · 2020-02-02
Re: [PATCH v5 5/6] clone3: allow spawning processes into cgroups · Michal Koutný <mkoutny@suse.com> · 2020-02-03
Re: [PATCH v5 5/6] clone3: allow spawning processes into cgroups · Christian Brauner <hidden> · 2020-02-04
Re: [PATCH v5 5/6] clone3: allow spawning processes into cgroups · Peter Zijlstra <peterz@infradead.org> · 2020-02-04
Re: [PATCH v5 5/6] clone3: allow spawning processes into cgroups · Christian Brauner <hidden> · 2020-02-04

STALE2314d

Revisions (4)

2020-01-17 v3 [diff vs current]
2020-01-17 v4 [diff vs current]
2020-01-21 v5 current
2020-02-05 v6 [diff vs current]

From: Christian Brauner <hidden>
Date: 2020-01-21 15:50:41
Also in: cgroups, lkml
Subsystem: control group (cgroup), the rest · Maintainers: Tejun Heo, Johannes Weiner, Michal Koutný, Linus Torvalds

Add a cgroup_may_write() helper which we can use in the
CLONE_INTO_CGROUP patch series to verify that we can write to the
destination cgroup.

Cc: Tejun Heo <tj@kernel.org>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Li Zefan <redacted>
Cc: cgroups@vger.kernel.org
Signed-off-by: Christian Brauner <redacted>
---
/* v1 */
patch not present

/* v2 */
patch not present

/* v3 */
patch not present

/* v4 */
Link: https://lore.kernel.org/r/20200117181219.14542-5-christian.brauner@ubuntu.com (local)
patch introduced

/* v5 */
unchanged
---
 kernel/cgroup/cgroup.c | 24 +++++++++++++++++-------
 1 file changed, 17 insertions(+), 7 deletions(-)

diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index ce2d5b8aa19f..636fe3d46d2d 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c

@@ -4649,13 +4649,28 @@ static int cgroup_procs_show(struct seq_file *s, void *v)
 	return 0;
 }
 
+static int cgroup_may_write(const struct cgroup *cgrp, struct super_block *sb)
+{
+	int ret;
+	struct inode *inode;
+
+	lockdep_assert_held(&cgroup_mutex);
+
+	inode = kernfs_get_inode(sb, cgrp->procs_file.kn);
+	if (!inode)
+		return -ENOMEM;
+
+	ret = inode_permission(inode, MAY_WRITE);
+	iput(inode);
+	return ret;
+}
+
 static int cgroup_procs_write_permission(struct cgroup *src_cgrp,
 					 struct cgroup *dst_cgrp,
 					 struct super_block *sb)
 {
 	struct cgroup_namespace *ns = current->nsproxy->cgroup_ns;
 	struct cgroup *com_cgrp = src_cgrp;
-	struct inode *inode;
 	int ret;
 
 	lockdep_assert_held(&cgroup_mutex);

@@ -4665,12 +4680,7 @@ static int cgroup_procs_write_permission(struct cgroup *src_cgrp,
 		com_cgrp = cgroup_parent(com_cgrp);
 
 	/* %current should be authorized to migrate to the common ancestor */
-	inode = kernfs_get_inode(sb, com_cgrp->procs_file.kn);
-	if (!inode)
-		return -ENOMEM;
-
-	ret = inode_permission(inode, MAY_WRITE);
-	iput(inode);
+	ret = cgroup_may_write(com_cgrp, sb);
 	if (ret)
 		return ret;

-- 
2.25.0

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help