Merge branch 'for-5.7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup
Pull cgroup fixes from Tejun Heo: - Reverted stricter synchronization for cgroup recursive stats which was prepping it for event counter usage which never got merged. The change was causing performation regressions in some cases. - Restore bpf-based device-cgroup operation even when cgroup1 device cgroup is disabled. - An out-param init fix. * 'for-5.7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup: device_cgroup: Cleanup cgroup eBPF device filter code xattr: fix uninitialized out-param Revert "cgroup: Add memory barriers to plug cgroup_rstat_updated() race window"
This commit is contained in:
commit
3301f6ae2d
|
@ -1050,7 +1050,7 @@ void kfd_dec_compute_active(struct kfd_dev *dev);
|
|||
/* Check with device cgroup if @kfd device is accessible */
|
||||
static inline int kfd_devcgroup_check_permission(struct kfd_dev *kfd)
|
||||
{
|
||||
#if defined(CONFIG_CGROUP_DEVICE)
|
||||
#if defined(CONFIG_CGROUP_DEVICE) || defined(CONFIG_CGROUP_BPF)
|
||||
struct drm_device *ddev = kfd->ddev;
|
||||
|
||||
return devcgroup_check_permission(DEVCG_DEV_CHAR, ddev->driver->major,
|
||||
|
|
|
@ -876,6 +876,9 @@ int simple_xattr_set(struct simple_xattrs *xattrs, const char *name,
|
|||
struct simple_xattr *new_xattr = NULL;
|
||||
int err = 0;
|
||||
|
||||
if (removed_size)
|
||||
*removed_size = -1;
|
||||
|
||||
/* value == NULL means remove */
|
||||
if (value) {
|
||||
new_xattr = simple_xattr_alloc(value, size);
|
||||
|
@ -914,9 +917,6 @@ int simple_xattr_set(struct simple_xattrs *xattrs, const char *name,
|
|||
list_add(&new_xattr->list, &xattrs->head);
|
||||
xattr = NULL;
|
||||
}
|
||||
|
||||
if (removed_size)
|
||||
*removed_size = -1;
|
||||
out:
|
||||
spin_unlock(&xattrs->lock);
|
||||
if (xattr) {
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
/* SPDX-License-Identifier: GPL-2.0 */
|
||||
#include <linux/fs.h>
|
||||
#include <linux/bpf-cgroup.h>
|
||||
|
||||
#define DEVCG_ACC_MKNOD 1
|
||||
#define DEVCG_ACC_READ 2
|
||||
|
@ -11,16 +10,10 @@
|
|||
#define DEVCG_DEV_CHAR 2
|
||||
#define DEVCG_DEV_ALL 4 /* this represents all devices */
|
||||
|
||||
#ifdef CONFIG_CGROUP_DEVICE
|
||||
int devcgroup_check_permission(short type, u32 major, u32 minor,
|
||||
short access);
|
||||
#else
|
||||
static inline int devcgroup_check_permission(short type, u32 major, u32 minor,
|
||||
short access)
|
||||
{ return 0; }
|
||||
#endif
|
||||
|
||||
#if defined(CONFIG_CGROUP_DEVICE) || defined(CONFIG_CGROUP_BPF)
|
||||
int devcgroup_check_permission(short type, u32 major, u32 minor,
|
||||
short access);
|
||||
static inline int devcgroup_inode_permission(struct inode *inode, int mask)
|
||||
{
|
||||
short type, access = 0;
|
||||
|
@ -61,6 +54,9 @@ static inline int devcgroup_inode_mknod(int mode, dev_t dev)
|
|||
}
|
||||
|
||||
#else
|
||||
static inline int devcgroup_check_permission(short type, u32 major, u32 minor,
|
||||
short access)
|
||||
{ return 0; }
|
||||
static inline int devcgroup_inode_permission(struct inode *inode, int mask)
|
||||
{ return 0; }
|
||||
static inline int devcgroup_inode_mknod(int mode, dev_t dev)
|
||||
|
|
|
@ -33,12 +33,9 @@ void cgroup_rstat_updated(struct cgroup *cgrp, int cpu)
|
|||
return;
|
||||
|
||||
/*
|
||||
* Paired with the one in cgroup_rstat_cpu_pop_updated(). Either we
|
||||
* see NULL updated_next or they see our updated stat.
|
||||
*/
|
||||
smp_mb();
|
||||
|
||||
/*
|
||||
* Speculative already-on-list test. This may race leading to
|
||||
* temporary inaccuracies, which is fine.
|
||||
*
|
||||
* Because @parent's updated_children is terminated with @parent
|
||||
* instead of NULL, we can tell whether @cgrp is on the list by
|
||||
* testing the next pointer for NULL.
|
||||
|
@ -134,13 +131,6 @@ static struct cgroup *cgroup_rstat_cpu_pop_updated(struct cgroup *pos,
|
|||
*nextp = rstatc->updated_next;
|
||||
rstatc->updated_next = NULL;
|
||||
|
||||
/*
|
||||
* Paired with the one in cgroup_rstat_cpu_updated().
|
||||
* Either they see NULL updated_next or we see their
|
||||
* updated stat.
|
||||
*/
|
||||
smp_mb();
|
||||
|
||||
return pos;
|
||||
}
|
||||
|
||||
|
|
|
@ -30,7 +30,7 @@ obj-$(CONFIG_SECURITY_YAMA) += yama/
|
|||
obj-$(CONFIG_SECURITY_LOADPIN) += loadpin/
|
||||
obj-$(CONFIG_SECURITY_SAFESETID) += safesetid/
|
||||
obj-$(CONFIG_SECURITY_LOCKDOWN_LSM) += lockdown/
|
||||
obj-$(CONFIG_CGROUP_DEVICE) += device_cgroup.o
|
||||
obj-$(CONFIG_CGROUPS) += device_cgroup.o
|
||||
obj-$(CONFIG_BPF_LSM) += bpf/
|
||||
|
||||
# Object integrity file lists
|
||||
|
|
|
@ -15,6 +15,8 @@
|
|||
#include <linux/rcupdate.h>
|
||||
#include <linux/mutex.h>
|
||||
|
||||
#ifdef CONFIG_CGROUP_DEVICE
|
||||
|
||||
static DEFINE_MUTEX(devcgroup_mutex);
|
||||
|
||||
enum devcg_behavior {
|
||||
|
@ -792,7 +794,7 @@ struct cgroup_subsys devices_cgrp_subsys = {
|
|||
};
|
||||
|
||||
/**
|
||||
* __devcgroup_check_permission - checks if an inode operation is permitted
|
||||
* devcgroup_legacy_check_permission - checks if an inode operation is permitted
|
||||
* @dev_cgroup: the dev cgroup to be tested against
|
||||
* @type: device type
|
||||
* @major: device major number
|
||||
|
@ -801,7 +803,7 @@ struct cgroup_subsys devices_cgrp_subsys = {
|
|||
*
|
||||
* returns 0 on success, -EPERM case the operation is not permitted
|
||||
*/
|
||||
static int __devcgroup_check_permission(short type, u32 major, u32 minor,
|
||||
static int devcgroup_legacy_check_permission(short type, u32 major, u32 minor,
|
||||
short access)
|
||||
{
|
||||
struct dev_cgroup *dev_cgroup;
|
||||
|
@ -825,6 +827,10 @@ static int __devcgroup_check_permission(short type, u32 major, u32 minor,
|
|||
return 0;
|
||||
}
|
||||
|
||||
#endif /* CONFIG_CGROUP_DEVICE */
|
||||
|
||||
#if defined(CONFIG_CGROUP_DEVICE) || defined(CONFIG_CGROUP_BPF)
|
||||
|
||||
int devcgroup_check_permission(short type, u32 major, u32 minor, short access)
|
||||
{
|
||||
int rc = BPF_CGROUP_RUN_PROG_DEVICE_CGROUP(type, major, minor, access);
|
||||
|
@ -832,6 +838,13 @@ int devcgroup_check_permission(short type, u32 major, u32 minor, short access)
|
|||
if (rc)
|
||||
return -EPERM;
|
||||
|
||||
return __devcgroup_check_permission(type, major, minor, access);
|
||||
#ifdef CONFIG_CGROUP_DEVICE
|
||||
return devcgroup_legacy_check_permission(type, major, minor, access);
|
||||
|
||||
#else /* CONFIG_CGROUP_DEVICE */
|
||||
return 0;
|
||||
|
||||
#endif /* CONFIG_CGROUP_DEVICE */
|
||||
}
|
||||
EXPORT_SYMBOL(devcgroup_check_permission);
|
||||
#endif /* defined(CONFIG_CGROUP_DEVICE) || defined(CONFIG_CGROUP_BPF) */
|
||||
|
|
Loading…
Reference in New Issue