mirrors/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2025-11-04 02:30:34 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

cgroup: replace cftype->mode with CFTYPE_WORLD_WRITABLE

Browse source 
cftype->mode allows controllers to give arbitrary permissions to
interface knobs.  Except for "cgroup.event_control", the existing uses
are spurious.

* Some explicitly specify S_IRUGO | S_IWUSR even though that's the
  default.

* "cpuset.memory_pressure" specifies S_IRUGO while also setting a
  write callback which returns -EACCES.  All it needs to do is simply
  not setting a write callback.

"cgroup.event_control" uses cftype->mode to make the file
world-writable.  It's a misdesigned interface and we don't want
controllers to be tweaking interface file permissions in general.
This patch removes cftype->mode and all its spurious uses and
implements CFTYPE_WORLD_WRITABLE for "cgroup.event_control" which is
marked as compatibility-only.

Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Li Zefan <lizefan@huawei.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
This commit is contained in:
Tejun Heo 2015-09-18 17:54:23 -04:00
parent 4a07c222d3
commit 7dbdb199d3
4 changed files with 9 additions and 25 deletions
repo.diff.show_diff_stats Download patch file Download diff file Expand all files Collapse all files

6
include/linux/cgroup-defs.h
View file

@ -76,6 +76,7 @@ enum {
CFTYPE_ONLY_ON_ROOT = (1 << 0), /* only create on root cgrp */ CFTYPE_ONLY_ON_ROOT = (1 << 0), /* only create on root cgrp */
CFTYPE_NOT_ON_ROOT = (1 << 1), /* don't create on root cgrp */ CFTYPE_NOT_ON_ROOT = (1 << 1), /* don't create on root cgrp */
CFTYPE_NO_PREFIX = (1 << 3), /* (DON'T USE FOR NEW FILES) no subsys prefix */ CFTYPE_NO_PREFIX = (1 << 3), /* (DON'T USE FOR NEW FILES) no subsys prefix */
CFTYPE_WORLD_WRITABLE = (1 << 4), /* (DON'T USE FOR NEW FILES) S_IWUGO */
/* internal flags, do not use outside cgroup core proper */ /* internal flags, do not use outside cgroup core proper */
__CFTYPE_ONLY_ON_DFL = (1 << 16), /* only on default hierarchy */ __CFTYPE_ONLY_ON_DFL = (1 << 16), /* only on default hierarchy */
@ -324,11 +325,6 @@ struct cftype {
*/ */
char name[MAX_CFTYPE_NAME]; char name[MAX_CFTYPE_NAME];
unsigned long private; unsigned long private;
/*
* If not 0, file mode is set to this value, otherwise it will
* be figured out automatically
*/
umode_t mode;
/* /*
* The maximum length of string, excluding trailing nul, that can * The maximum length of string, excluding trailing nul, that can

17
kernel/cgroup.c
View file

@ -1139,23 +1139,21 @@ static char *cgroup_file_name(struct cgroup *cgrp, const struct cftype *cft,
* cgroup_file_mode - deduce file mode of a control file * cgroup_file_mode - deduce file mode of a control file
* @cft: the control file in question * @cft: the control file in question
* *
* returns cft->mode if ->mode is not 0 * S_IRUGO for read, S_IWUSR for write.
* returns S_IRUGO|S_IWUSR if it has both a read and a write handler
* returns S_IRUGO if it has only a read handler
* returns S_IWUSR if it has only a write hander
*/ */
static umode_t cgroup_file_mode(const struct cftype *cft) static umode_t cgroup_file_mode(const struct cftype *cft)
{ {
umode_t mode = 0; umode_t mode = 0;
if (cft->mode)
return cft->mode;
if (cft->read_u64 || cft->read_s64 || cft->seq_show) if (cft->read_u64 || cft->read_s64 || cft->seq_show)
mode |= S_IRUGO; mode |= S_IRUGO;
if (cft->write_u64 || cft->write_s64 || cft->write) if (cft->write_u64 || cft->write_s64 || cft->write) {
if (cft->flags & CFTYPE_WORLD_WRITABLE)
mode |= S_IWUGO;
else
mode |= S_IWUSR; mode |= S_IWUSR;
}
return mode; return mode;
} }
@ -4371,7 +4369,6 @@ static struct cftype cgroup_dfl_base_files[] = {
.seq_show = cgroup_pidlist_show, .seq_show = cgroup_pidlist_show,
.private = CGROUP_FILE_PROCS, .private = CGROUP_FILE_PROCS,
.write = cgroup_procs_write, .write = cgroup_procs_write,
.mode = S_IRUGO | S_IWUSR,
}, },
{ {
.name = "cgroup.controllers", .name = "cgroup.controllers",
@ -4406,7 +4403,6 @@ static struct cftype cgroup_legacy_base_files[] = {
.seq_show = cgroup_pidlist_show, .seq_show = cgroup_pidlist_show,
.private = CGROUP_FILE_PROCS, .private = CGROUP_FILE_PROCS,
.write = cgroup_procs_write, .write = cgroup_procs_write,
.mode = S_IRUGO | S_IWUSR,
}, },
{ {
.name = "cgroup.clone_children", .name = "cgroup.clone_children",
@ -4426,7 +4422,6 @@ static struct cftype cgroup_legacy_base_files[] = {
.seq_show = cgroup_pidlist_show, .seq_show = cgroup_pidlist_show,
.private = CGROUP_FILE_TASKS, .private = CGROUP_FILE_TASKS,
.write = cgroup_tasks_write, .write = cgroup_tasks_write,
.mode = S_IRUGO | S_IWUSR,
}, },
{ {
.name = "notify_on_release", .name = "notify_on_release",

6
kernel/cpuset.c
View file

@ -1597,9 +1597,6 @@ static int cpuset_write_u64(struct cgroup_subsys_state *css, struct cftype *cft,
case FILE_MEMORY_PRESSURE_ENABLED: case FILE_MEMORY_PRESSURE_ENABLED:
cpuset_memory_pressure_enabled = !!val; cpuset_memory_pressure_enabled = !!val;
break; break;
case FILE_MEMORY_PRESSURE:
retval = -EACCES;
break;
case FILE_SPREAD_PAGE: case FILE_SPREAD_PAGE:
retval = update_flag(CS_SPREAD_PAGE, cs, val); retval = update_flag(CS_SPREAD_PAGE, cs, val);
break; break;
@ -1866,9 +1863,6 @@ static struct cftype files[] = {
{ {
.name = "memory_pressure", .name = "memory_pressure",
.read_u64 = cpuset_read_u64, .read_u64 = cpuset_read_u64,
.write_u64 = cpuset_write_u64,
.private = FILE_MEMORY_PRESSURE,
.mode = S_IRUGO,
}, },
{ {

3
mm/memcontrol.c
View file

@ -4060,8 +4060,7 @@ static struct cftype mem_cgroup_legacy_files[] = {
{ {
.name = "cgroup.event_control", /* XXX: for compat */ .name = "cgroup.event_control", /* XXX: for compat */
.write = memcg_write_event_control, .write = memcg_write_event_control,
.flags = CFTYPE_NO_PREFIX, .flags = CFTYPE_NO_PREFIX | CFTYPE_WORLD_WRITABLE,
.mode = S_IWUGO,
}, },
{ {
.name = "swappiness", .name = "swappiness",