Currently, devcg::has_children() directly tests cgroup->children for
list emptiness. The field is not a published field and scheduled to
go away. In addition, the test isn't strictly correct as devcg should
only care about children which are visible to userland.
This patch converts has_children() to use css_next_child() instead.
The subtle incorrectness is noted and will be dealt with later.
Signed-off-by: Tejun Heo <tj@xxxxxxxxxx>
Cc: Aristeu Rozanski <aris@xxxxxxxxxx>
Cc: Serge Hallyn <serge.hallyn@xxxxxxxxxx>
---
security/device_cgroup.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/security/device_cgroup.c b/security/device_cgroup.c
index 3116015..75b4b18 100644
--- a/security/device_cgroup.c
+++ b/security/device_cgroup.c
@@ -477,9 +477,17 @@ static int propagate_exception(struct dev_cgroup *devcg_root,
static inline bool has_children(struct dev_cgroup *devcgroup)
{
- struct cgroup *cgrp = devcgroup->css.cgroup;
+ bool ret;
- return !list_empty(&cgrp->children);
+ /*
+ * FIXME: There may be lingering offline csses and this function
+ * may return %true when there isn't any userland-visible child
+ * which is incorrect for our purposes.
+ */
+ rcu_read_lock();
+ ret = css_next_child(NULL, &devcgroup->css);
+ rcu_read_unlock();
+ return ret;
}
/*
--
1.9.0
--
To unsubscribe from this list: send the line "unsubscribe cgroups" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
