Merge tag 'md/4.2' of git://neil.brown.name/md

[deliverable/linux.git] / kernel / cgroup.c

diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index 6d6d3c75209645dd75f2239f580234127aabdde9..9ef9fc8a774b08820a0dea814ecc4456dd83376c 100644 (file)
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -424,7 +424,7 @@ static int notify_on_release(const struct cgroup *cgrp)
  */
 #define for_each_subsys_which(ss, ssid, ss_maskp)                      \
        if (!CGROUP_SUBSYS_COUNT) /* to avoid spurious gcc warning */   \
-               ;                                                       \
+               (ssid) = 0;                                             \
        else                                                            \
                for_each_set_bit(ssid, ss_maskp, CGROUP_SUBSYS_COUNT)   \
                        if (((ss) = cgroup_subsys[ssid]) && false)      \
@@ -2392,6 +2392,47 @@ static int cgroup_attach_task(struct cgroup *dst_cgrp,
        return ret;
 }
 
+static int cgroup_procs_write_permission(struct task_struct *task,
+                                        struct cgroup *dst_cgrp,
+                                        struct kernfs_open_file *of)
+{
+       const struct cred *cred = current_cred();
+       const struct cred *tcred = get_task_cred(task);
+       int ret = 0;
+
+       /*
+        * even if we're attaching all tasks in the thread group, we only
+        * need to check permissions on one of them.
+        */
+       if (!uid_eq(cred->euid, GLOBAL_ROOT_UID) &&
+           !uid_eq(cred->euid, tcred->uid) &&
+           !uid_eq(cred->euid, tcred->suid))
+               ret = -EACCES;
+
+       if (!ret && cgroup_on_dfl(dst_cgrp)) {
+               struct super_block *sb = of->file->f_path.dentry->d_sb;
+               struct cgroup *cgrp;
+               struct inode *inode;
+
+               down_read(&css_set_rwsem);
+               cgrp = task_cgroup_from_root(task, &cgrp_dfl_root);
+               up_read(&css_set_rwsem);
+
+               while (!cgroup_is_descendant(dst_cgrp, cgrp))
+                       cgrp = cgroup_parent(cgrp);
+
+               ret = -ENOMEM;
+               inode = kernfs_get_inode(sb, cgrp->procs_kn);
+               if (inode) {
+                       ret = inode_permission(inode, MAY_WRITE);
+                       iput(inode);
+               }
+       }
+
+       put_cred(tcred);
+       return ret;
+}
+
 /*
  * Find the task_struct of the task to attach by vpid and pass it along to the
  * function to attach either it or all tasks in its threadgroup. Will lock
@@ -2401,7 +2442,6 @@ static ssize_t __cgroup_procs_write(struct kernfs_open_file *of, char *buf,
                                    size_t nbytes, loff_t off, bool threadgroup)
 {
        struct task_struct *tsk;
-       const struct cred *cred = current_cred(), *tcred;
        struct cgroup *cgrp;
        pid_t pid;
        int ret;
@@ -2421,19 +2461,9 @@ static ssize_t __cgroup_procs_write(struct kernfs_open_file *of, char *buf,
                        ret = -ESRCH;
                        goto out_unlock_rcu;
                }
-               /*
-                * even if we're attaching all tasks in the thread group, we
-                * only need to check permissions on one of them.
-                */
-               tcred = __task_cred(tsk);
-               if (!uid_eq(cred->euid, GLOBAL_ROOT_UID) &&
-                   !uid_eq(cred->euid, tcred->uid) &&
-                   !uid_eq(cred->euid, tcred->suid)) {
-                       ret = -EACCES;
-                       goto out_unlock_rcu;
-               }
-       } else
+       } else {
                tsk = current;
+       }
 
        if (threadgroup)
                tsk = tsk->group_leader;
@@ -2451,7 +2481,9 @@ static ssize_t __cgroup_procs_write(struct kernfs_open_file *of, char *buf,
        get_task_struct(tsk);
        rcu_read_unlock();
 
-       ret = cgroup_attach_task(cgrp, tsk, threadgroup);
+       ret = cgroup_procs_write_permission(tsk, cgrp, of);
+       if (!ret)
+               ret = cgroup_attach_task(cgrp, tsk, threadgroup);
 
        put_task_struct(tsk);
        goto out_unlock_threadgroup;
@@ -3077,7 +3109,9 @@ static int cgroup_add_file(struct cgroup *cgrp, struct cftype *cft)
                return ret;
        }
 
-       if (cft->seq_show == cgroup_populated_show)
+       if (cft->write == cgroup_procs_write)
+               cgrp->procs_kn = kn;
+       else if (cft->seq_show == cgroup_populated_show)
                cgrp->populated_kn = kn;
        return 0;
 }