Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 574c7e23 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge branch 'for-4.7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup 

Pull more cgroup updates from Tejun Heo:
 "I forgot to include the patches which got applied to for-4.7-fixes
  late during last cycle.

  Eric's three patches fix bugs introduced with the namespace support"

* 'for-4.7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup:
  cgroupns: Only allow creation of hierarchies in the initial cgroup namespace
  cgroupns: Close race between cgroup_post_fork and copy_cgroup_ns
  cgroupns: Fix the locking in copy_cgroup_ns
parents a6408f6c 726a4994

kernel/cgroup.c

+8 −10
Original line number Diff line number Diff line
@@ -2209,12 +2209,8 @@ static struct dentry *cgroup_mount(struct file_system_type *fs_type, 
		goto out_unlock;

	}



	/*

	 * We know this subsystem has not yet been bound.  Users in a non-init

	 * user namespace may only mount hierarchies with no bound subsystems,

	 * i.e. 'none,name=user1'

	 */

	if (!opts.none && !capable(CAP_SYS_ADMIN)) {

	/* Hierarchies may only be created in the initial cgroup namespace. */

	if (ns != &init_cgroup_ns) {

		ret = -EPERM;

		goto out_unlock;

	}
@@ -2956,6 +2952,7 @@ int cgroup_attach_task_all(struct task_struct *from, struct task_struct *tsk) 
	int retval = 0;



	mutex_lock(&cgroup_mutex);

	percpu_down_write(&cgroup_threadgroup_rwsem);

	for_each_root(root) {

		struct cgroup *from_cgrp;
@@ -2970,6 +2967,7 @@ int cgroup_attach_task_all(struct task_struct *from, struct task_struct *tsk) 
		if (retval)

			break;

	}

	percpu_up_write(&cgroup_threadgroup_rwsem);

	mutex_unlock(&cgroup_mutex);



	return retval;
@@ -4337,6 +4335,8 @@ int cgroup_transfer_tasks(struct cgroup *to, struct cgroup *from) 


	mutex_lock(&cgroup_mutex);



	percpu_down_write(&cgroup_threadgroup_rwsem);



	/* all tasks in @from are being moved, all csets are source */

	spin_lock_irq(&css_set_lock);

	list_for_each_entry(link, &from->cset_links, cset_link)
@@ -4365,6 +4365,7 @@ int cgroup_transfer_tasks(struct cgroup *to, struct cgroup *from) 
	} while (task && !ret);

out_err:

	cgroup_migrate_finish(&preloaded_csets);

	percpu_up_write(&cgroup_threadgroup_rwsem);

	mutex_unlock(&cgroup_mutex);

	return ret;

}
@@ -6339,14 +6340,11 @@ struct cgroup_namespace *copy_cgroup_ns(unsigned long flags, 
	if (!ns_capable(user_ns, CAP_SYS_ADMIN))

		return ERR_PTR(-EPERM);



	mutex_lock(&cgroup_mutex);

	/* It is not safe to take cgroup_mutex here */

	spin_lock_irq(&css_set_lock);



	cset = task_css_set(current);

	get_css_set(cset);



	spin_unlock_irq(&css_set_lock);

	mutex_unlock(&cgroup_mutex);



	new_ns = alloc_cgroup_ns();

	if (IS_ERR(new_ns)) {