)]}' { "log": [ { "commit": "53eb8c82d581fdd4b389a3e417261f3ae924e603", "tree": "de3893156c17c9ab220e4460630f581c55a0f487", "parents": [ "024e4ec1856d57bb78c06ec903d29dcf716f5f47" ], "author": { "name": "Jerry Snitselaar", "email": "jerry.snitselaar@oracle.com", "time": "Thu Feb 21 16:41:31 2013 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Feb 21 17:22:15 2013 -0800" }, "message": "device_cgroup: don\u0027t grab mutex in rcu callback\n\nCommit 103a197c0c4e (\"security/device_cgroup: lock assert fails in\ndev_exception_clean()\") grabs devcgroup_mutex to fix assert failure, but\na mutex can\u0027t be grabbed in rcu callback. Since there shouldn\u0027t be any\nother references when css_free is called, mutex isn\u0027t needed for list\ncleanup in devcgroup_css_free().\n\nSigned-off-by: Jerry Snitselaar \u003cjerry.snitselaar@oracle.com\u003e\nAcked-by: Tejun Heo \u003ctj@kernel.org\u003e\nAcked-by: Aristeu Rozanski \u003caris@redhat.com\u003e\nCc: James Morris \u003cjames.l.morris@oracle.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "103a197c0c4ec936f5a243b5b092e4e49213f569", "tree": "e39515c278a0f923537aaee97bef38aad671ab00", "parents": [ "a67adb997419fb53540d4a4f79c6471c60bc69b6" ], "author": { "name": "Jerry Snitselaar", "email": "jerry.snitselaar@oracle.com", "time": "Thu Jan 17 01:04:14 2013 -0700" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Tue Jan 22 00:27:55 2013 +1100" }, "message": "security/device_cgroup: lock assert fails in dev_exception_clean()\n\ndevcgroup_css_free() calls dev_exception_clean() without the devcgroup_mutex being locked.\n\nShutting down a kvm virt was giving me the following trace:\n\n[36280.732764] ------------[ cut here ]------------\n[36280.732778] WARNING: at /home/snits/dev/linux/security/device_cgroup.c:172 dev_exception_clean+0xa9/0xc0()\n[36280.732782] Hardware name: Studio XPS 8100\n[36280.732785] Modules linked in: xt_REDIRECT fuse ebtable_nat ebtables ipt_MASQUERADE iptable_nat nf_nat_ipv4 nf_nat xt_CHECKSUM iptable_mangle bridge stp llc nf_conntrack_ipv4 ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 nf_defrag_ipv4 ip6table_filter it87 hwmon_vid xt_state nf_conntrack ip6_tables snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep snd_seq coretemp snd_seq_device crc32c_intel snd_pcm snd_page_alloc snd_timer snd broadcom tg3 serio_raw i7core_edac edac_core ptp pps_core lpc_ich pcspkr mfd_core soundcore microcode i2c_i801 nfsd auth_rpcgss nfs_acl lockd vhost_net sunrpc tun macvtap macvlan kvm_intel kvm uinput binfmt_misc autofs4 usb_storage firewire_ohci firewire_core crc_itu_t radeon drm_kms_helper ttm\n[36280.732921] Pid: 933, comm: libvirtd Tainted: G W 3.8.0-rc3-00307-g4c217de #1\n[36280.732922] Call Trace:\n[36280.732927] [\u003cffffffff81044303\u003e] warn_slowpath_common+0x93/0xc0\n[36280.732930] [\u003cffffffff8104434a\u003e] warn_slowpath_null+0x1a/0x20\n[36280.732932] [\u003cffffffff812deaf9\u003e] dev_exception_clean+0xa9/0xc0\n[36280.732934] [\u003cffffffff812deb2a\u003e] devcgroup_css_free+0x1a/0x30\n[36280.732938] [\u003cffffffff810ccd76\u003e] cgroup_diput+0x76/0x210\n[36280.732941] [\u003cffffffff8119eac0\u003e] d_delete+0x120/0x180\n[36280.732943] [\u003cffffffff81195cff\u003e] vfs_rmdir+0xef/0x130\n[36280.732945] [\u003cffffffff81195e47\u003e] do_rmdir+0x107/0x1c0\n[36280.732949] [\u003cffffffff8132d17e\u003e] ? trace_hardirqs_on_thunk+0x3a/0x3f\n[36280.732951] [\u003cffffffff81198646\u003e] sys_rmdir+0x16/0x20\n[36280.732954] [\u003cffffffff8173bd82\u003e] system_call_fastpath+0x16/0x1b\n[36280.732956] ---[ end trace ca39dced899a7d9f ]---\n\nSigned-off-by: Jerry Snitselaar \u003cjerry.snitselaar@oracle.com\u003e\nCc: stable@kernel.org\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "92fb97487a7e41b222c1417cabd1d1ab7cc3a48c", "tree": "c220c622b9ac9b16535535d448e9cd29be72c77e", "parents": [ "b1929db42f8a649d9a9e397119f628c27fd4021f" ], "author": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Mon Nov 19 08:13:38 2012 -0800" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Mon Nov 19 08:13:38 2012 -0800" }, "message": "cgroup: rename -\u003ecreate/post_create/pre_destroy/destroy() to -\u003ecss_alloc/online/offline/free()\n\nRename cgroup_subsys css lifetime related callbacks to better describe\nwhat their roles are. Also, update documentation.\n\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\nAcked-by: Li Zefan \u003clizefan@huawei.com\u003e\n" }, { "commit": "4b1c7840b7d01b14a1a00fa0e61b761d4391ba67", "tree": "1e93e0a8a0bb6fb2f5934a58a6eb32b3077b18b8", "parents": [ "5b805f2a7675634fbdf9ac1c9b2256905ab2ea68" ], "author": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Tue Nov 06 09:16:53 2012 -0800" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Tue Nov 06 12:28:04 2012 -0800" }, "message": "device_cgroup: add lockdep asserts\n\ndevice_cgroup uses RCU safe -\u003eexceptions list which is write-protected\nby devcgroup_mutex and has had some issues using locking correctly.\nAdd lockdep asserts to utility functions so that future errors can be\neasily detected.\n\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@ubuntu.com\u003e\nCc: Aristeu Rozanski \u003caris@redhat.com\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\n" }, { "commit": "201e72acb2d3821e2de9ce6091e98859c316b29a", "tree": "01e47038346474d659714151b8209673c11f330a", "parents": [ "64e104771351d365e51e588a0e9a656ae6ed2f50" ], "author": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Tue Nov 06 09:17:37 2012 -0800" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Tue Nov 06 12:25:51 2012 -0800" }, "message": "device_cgroup: fix RCU usage\n\ndev_cgroup-\u003eexceptions is protected with devcgroup_mutex for writes\nand RCU for reads; however, RCU usage isn\u0027t correct.\n\n* dev_exception_clean() doesn\u0027t use RCU variant of list_del() and\n kfree(). The function can race with may_access() and may_access()\n may end up dereferencing already freed memory. Use list_del_rcu()\n and kfree_rcu() instead.\n\n* may_access() may be called only with RCU read locked but doesn\u0027t use\n RCU safe traversal over -\u003eexceptions. Use list_for_each_entry_rcu().\n\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@ubuntu.com\u003e\nCc: stable@vger.kernel.org\nCc: Aristeu Rozanski \u003caris@redhat.com\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\n" }, { "commit": "64e104771351d365e51e588a0e9a656ae6ed2f50", "tree": "e5078e0ba32729735846aa465c1f53f5d98c11ac", "parents": [ "3d70f8c617a436c7146ecb81df2265b4626dfe89" ], "author": { "name": "Aristeu Rozanski", "email": "aris@redhat.com", "time": "Tue Nov 06 07:25:04 2012 -0800" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Tue Nov 06 07:25:20 2012 -0800" }, "message": "device_cgroup: fix unchecked cgroup parent usage\n\nIn 4cef7299b478687 (\"device_cgroup: add proper checking when changing\ndefault behavior\") the cgroup parent usage is unchecked. root will not\nhave a parent and trying to use device.{allow,deny} will cause problems.\nFor some reason my stressing scripts didn\u0027t test the root directory so I\ndidn\u0027t catch it on my regular tests.\n\nSigned-off-by: Aristeu Rozanski \u003caris@redhat.com\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@ubuntu.com\u003e\nCc: Jiri Slaby \u003cjslaby@suse.cz\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\n" }, { "commit": "4cef7299b4786879a3e113e84084a72b24590c5b", "tree": "31efb5e00be1c1e5cc266046c783c7569e495ede", "parents": [ "26fd8405dd470cb8b54cb96859b7dd437e5e1391" ], "author": { "name": "Aristeu Rozanski", "email": "aris@redhat.com", "time": "Thu Oct 25 13:37:45 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Oct 25 14:37:52 2012 -0700" }, "message": "device_cgroup: add proper checking when changing default behavior\n\nBefore changing a group\u0027s default behavior to ALLOW, we must check if\nits parent\u0027s behavior is also ALLOW.\n\nSigned-off-by: Aristeu Rozanski \u003caris@redhat.com\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nCc: Jiri Slaby \u003cjslaby@suse.cz\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "26fd8405dd470cb8b54cb96859b7dd437e5e1391", "tree": "c4d77df24842b0d980ccd10e09b00c6230db3176", "parents": [ "5b7aa7d5bb2c5cf7fc05aaa41561af321706ab5f" ], "author": { "name": "Aristeu Rozanski", "email": "aris@redhat.com", "time": "Thu Oct 25 13:37:41 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Oct 25 14:37:52 2012 -0700" }, "message": "device_cgroup: stop using simple_strtoul()\n\nConvert the code to use kstrtou32() instead of simple_strtoul() which is\ndeprecated. The real size of the variables are u32, so use kstrtou32\ninstead of kstrtoul\n\nSigned-off-by: Aristeu Rozanski \u003caris@redhat.com\u003e\nCc: Dave Jones \u003cdavej@redhat.com\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nCc: Jiri Slaby \u003cjslaby@suse.cz\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "5b7aa7d5bb2c5cf7fc05aaa41561af321706ab5f", "tree": "404da02312a547f3ff66003fe4002a4b4ff14dcb", "parents": [ "8c9506d16925f1b1314d93af383ca3134eb534d8" ], "author": { "name": "Aristeu Rozanski", "email": "aris@redhat.com", "time": "Thu Oct 25 13:37:38 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Oct 25 14:37:52 2012 -0700" }, "message": "device_cgroup: rename deny_all to behavior\n\nThis was done in a v2 patch but v1 ended up being committed. The\nvariable name is less confusing and stores the default behavior when no\nmatching exception exists.\n\nSigned-off-by: Aristeu Rozanski \u003caris@redhat.com\u003e\nCc: Dave Jones \u003cdavej@redhat.com\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nCc: Jiri Slaby \u003cjslaby@suse.cz\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "8c9506d16925f1b1314d93af383ca3134eb534d8", "tree": "e14dbc5816b375463b8d37eda0f79bcd0ea96a3b", "parents": [ "ef5d437f71afdf4afdbab99213add99f4b1318fd" ], "author": { "name": "Jiri Slaby", "email": "jslaby@suse.cz", "time": "Thu Oct 25 13:37:34 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Oct 25 14:37:52 2012 -0700" }, "message": "cgroup: fix invalid rcu dereference\n\nCommit ad676077a2ae (\"device_cgroup: convert device_cgroup internally to\npolicy + exceptions\") removed rcu locks which are needed in\ntask_devcgroup called in this chain:\n\n devcgroup_inode_mknod OR __devcgroup_inode_permission -\u003e\n __devcgroup_inode_permission -\u003e\n task_devcgroup -\u003e\n task_subsys_state -\u003e\n task_subsys_state_check.\n\nChange the code so that task_devcgroup is safely called with rcu read\nlock held.\n\n \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n [ INFO: suspicious RCU usage. ]\n 3.6.0-rc5-next-20120913+ #42 Not tainted\n -------------------------------\n include/linux/cgroup.h:553 suspicious rcu_dereference_check() usage!\n\n other info that might help us debug this:\n\n rcu_scheduler_active \u003d 1, debug_locks \u003d 0\n 2 locks held by kdevtmpfs/23:\n #0: (sb_writers){.+.+.+}, at: [\u003cffffffff8116873f\u003e]\n mnt_want_write+0x1f/0x50\n #1: (\u0026sb-\u003es_type-\u003ei_mutex_key#3/1){+.+.+.}, at: [\u003cffffffff811558af\u003e]\n kern_path_create+0x7f/0x170\n\n stack backtrace:\n Pid: 23, comm: kdevtmpfs Not tainted 3.6.0-rc5-next-20120913+ #42\n Call Trace:\n lockdep_rcu_suspicious+0xfd/0x130\n devcgroup_inode_mknod+0x19d/0x240\n vfs_mknod+0x71/0xf0\n handle_create.isra.2+0x72/0x200\n devtmpfsd+0x114/0x140\n ? handle_create.isra.2+0x200/0x200\n kthread+0xd6/0xe0\n kernel_thread_helper+0x4/0x10\n\nSigned-off-by: Jiri Slaby \u003cjslaby@suse.cz\u003e\nCc: Dave Jones \u003cdavej@redhat.com\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "db9aeca97a58563e1ab927d157c9b5048f233e73", "tree": "6569621429efe0e6cc0529b78c50939913f0bd35", "parents": [ "ad676077a2ae4af4bb6627486ce19ccce04f1efe" ], "author": { "name": "Aristeu Rozanski", "email": "aris@redhat.com", "time": "Thu Oct 04 17:15:20 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Oct 06 03:05:14 2012 +0900" }, "message": "device_cgroup: rename whitelist to exception list\n\nThis patch replaces the \"whitelist\" usage in the code and comments and replace\nthem by exception list related information.\n\nSigned-off-by: Aristeu Rozanski \u003caris@redhat.com\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "ad676077a2ae4af4bb6627486ce19ccce04f1efe", "tree": "638e05256abe3b04f6acdbecf630b003143649c4", "parents": [ "868539a3b671e0f736ddd11b67bf1dc3d8a5a921" ], "author": { "name": "Aristeu Rozanski", "email": "aris@redhat.com", "time": "Thu Oct 04 17:15:17 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Oct 06 03:05:14 2012 +0900" }, "message": "device_cgroup: convert device_cgroup internally to policy + exceptions\n\nThe original model of device_cgroup is having a whitelist where all the\nallowed devices are listed. The problem with this approach is that is\nimpossible to have the case of allowing everything but few devices.\n\nThe reason for that lies in the way the whitelist is handled internally:\nsince there\u0027s only a whitelist, the \"all devices\" entry would have to be\nremoved and replaced by the entire list of possible devices but the ones\nthat are being denied. Since dev_t is 32 bits long, representing the allowed\ndevices as a bitfield is not memory efficient.\n\nThis patch replaces the \"whitelist\" by a \"exceptions\" list and the default\npolicy is kept as \"deny_all\" variable in dev_cgroup structure.\n\nThe current interface determines that whenever \"a\" is written to devices.allow\nor devices.deny, the entry masking all devices will be added or removed,\nrespectively. This behavior is kept and it\u0027s what will determine the default\npolicy:\n\n\t# cat devices.list\n\ta *:* rwm\n\t# echo a \u003edevices.deny\n\t# cat devices.list\n\t# echo a \u003edevices.allow\n\t# cat devices.list\n\ta *:* rwm\n\nThe interface is also preserved. For example, if one wants to block only access\nto /dev/null:\n\t# ls -l /dev/null\n\tcrw-rw-rw- 1 root root 1, 3 Jul 24 16:17 /dev/null\n\t# echo a \u003edevices.allow\n\t# echo \"c 1:3 rwm\" \u003edevices.deny\n\t# cat /dev/null\n\tcat: /dev/null: Operation not permitted\n\t# echo \u003e/dev/null\n\tbash: /dev/null: Operation not permitted\n\tmknod /tmp/null c 1 3\n\tmknod: `/tmp/null\u0027: Operation not permitted\n\t# echo \"c 1:3 r\" \u003edevices.allow\n\t# cat /dev/null\n\t# echo \u003e/dev/null\n\tbash: /dev/null: Operation not permitted\n\tmknod /tmp/null c 1 3\n\tmknod: `/tmp/null\u0027: Operation not permitted\n\t# echo \"c 1:3 rw\" \u003edevices.allow\n\t# echo \u003e/dev/null\n\t# cat /dev/null\n\t# mknod /tmp/null c 1 3\n\tmknod: `/tmp/null\u0027: Operation not permitted\n\t# echo \"c 1:3 rwm\" \u003edevices.allow\n\t# echo \u003e/dev/null\n\t# cat /dev/null\n\t# mknod /tmp/null c 1 3\n\t#\n\nNote that I didn\u0027t rename the functions/variables in this patch, but in the\nnext one to make reviewing easier.\n\nSigned-off-by: Aristeu Rozanski \u003caris@redhat.com\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "868539a3b671e0f736ddd11b67bf1dc3d8a5a921", "tree": "2c2c10e2983c40ffad02fb01d55fad6f4a6b3175", "parents": [ "66b8ef67756b3051bf42a077a82c3c5c279caa5b" ], "author": { "name": "Aristeu Rozanski", "email": "aris@redhat.com", "time": "Thu Oct 04 17:15:15 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Oct 06 03:05:14 2012 +0900" }, "message": "device_cgroup: introduce dev_whitelist_clean()\n\nThis function cleans all the items in a whitelist and will be used by the next\npatches.\n\nSigned-off-by: Aristeu Rozanski \u003caris@redhat.com\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "66b8ef67756b3051bf42a077a82c3c5c279caa5b", "tree": "60527442334744981f0766dae6f46bf7ae9b4d4f", "parents": [ "12ae6779332181432a7feda740735ffa5bb3d32d" ], "author": { "name": "Aristeu Rozanski", "email": "aris@redhat.com", "time": "Thu Oct 04 17:15:13 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Oct 06 03:05:13 2012 +0900" }, "message": "device_cgroup: add \"deny_all\" in dev_cgroup structure\n\ndeny_all will determine if the default policy is to deny all device access\nunless for the ones in the exception list.\n\nThis variable will be used in the next patches to convert device_cgroup\ninternally into a default policy + rules.\n\nSigned-off-by: Aristeu Rozanski \u003caris@redhat.com\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "8c7f6edbda01f1b1a2e60ad61f14fe38023e433b", "tree": "f1db9712b109575cba86e37140e1e4f8a56ca780", "parents": [ "fbcbe2b3c92ee1c930dcfcf8bb764074c100fd63" ], "author": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Thu Sep 13 12:20:58 2012 -0700" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Fri Sep 14 12:01:16 2012 -0700" }, "message": "cgroup: mark subsystems with broken hierarchy support and whine if cgroups are nested for them\n\nCurrently, cgroup hierarchy support is a mess. cpu related subsystems\nbehave correctly - configuration, accounting and control on a parent\nproperly cover its children. blkio and freezer completely ignore\nhierarchy and treat all cgroups as if they\u0027re directly under the root\ncgroup. Others show yet different behaviors.\n\nThese differing interpretations of cgroup hierarchy make using cgroup\nconfusing and it impossible to co-mount controllers into the same\nhierarchy and obtain sane behavior.\n\nEventually, we want full hierarchy support from all subsystems and\nprobably a unified hierarchy. Users using separate hierarchies\nexpecting completely different behaviors depending on the mounted\nsubsystem is deterimental to making any progress on this front.\n\nThis patch adds cgroup_subsys.broken_hierarchy and sets it to %true\nfor controllers which are lacking in hierarchy support. The goal of\nthis patch is two-fold.\n\n* Move users away from using hierarchy on currently non-hierarchical\n subsystems, so that implementing proper hierarchy support on those\n doesn\u0027t surprise them.\n\n* Keep track of which controllers are broken how and nudge the\n subsystems to implement proper hierarchy support.\n\nFor now, start with a single warning message. We can whine louder\nlater on.\n\nv2: Fixed a typo spotted by Michal. Warning message updated.\n\nv3: Updated memcg part so that it doesn\u0027t generate warning in the\n cases where .use_hierarchy\u003dfalse doesn\u0027t make the behavior\n different from root.use_hierarchy\u003dtrue. Fixed a typo spotted by\n Glauber.\n\nv4: Check -\u003ebroken_hierarchy after cgroup creation is complete so that\n -\u003ecreate() can affect the result per Michal. Dropped unnecessary\n memcg root handling per Michal.\n\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\nAcked-by: Michal Hocko \u003cmhocko@suse.cz\u003e\nAcked-by: Li Zefan \u003clizefan@huawei.com\u003e\nAcked-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nCc: Glauber Costa \u003cglommer@parallels.com\u003e\nCc: Peter Zijlstra \u003cpeterz@infradead.org\u003e\nCc: Paul Turner \u003cpjt@google.com\u003e\nCc: Johannes Weiner \u003channes@cmpxchg.org\u003e\nCc: Thomas Graf \u003ctgraf@suug.ch\u003e\nCc: Vivek Goyal \u003cvgoyal@redhat.com\u003e\nCc: Paul Mackerras \u003cpaulus@samba.org\u003e\nCc: Ingo Molnar \u003cmingo@redhat.com\u003e\nCc: Arnaldo Carvalho de Melo \u003cacme@ghostprotocols.net\u003e\nCc: Neil Horman \u003cnhorman@tuxdriver.com\u003e\nCc: Aneesh Kumar K.V \u003caneesh.kumar@linux.vnet.ibm.com\u003e\n" }, { "commit": "4baf6e33251b37f111e21289f8ee71fe4cce236e", "tree": "7decc386a60679fd2696041810cf331c0daf1f41", "parents": [ "676f7c8f84d15e94065841529016da5ab92e901b" ], "author": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Sun Apr 01 12:09:55 2012 -0700" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Sun Apr 01 12:09:55 2012 -0700" }, "message": "cgroup: convert all non-memcg controllers to the new cftype interface\n\nConvert debug, freezer, cpuset, cpu_cgroup, cpuacct, net_prio, blkio,\nnet_cls and device controllers to use the new cftype based interface.\nTermination entry is added to cftype arrays and populate callbacks are\nreplaced with cgroup_subsys-\u003ebase_cftypes initializations.\n\nThis is functionally identical transformation. There shouldn\u0027t be any\nvisible behavior change.\n\nmemcg is rather special and will be converted separately.\n\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\nAcked-by: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nCc: Paul Menage \u003cpaul@paulmenage.org\u003e\nCc: Ingo Molnar \u003cmingo@elte.hu\u003e\nCc: Peter Zijlstra \u003cpeterz@infradead.org\u003e\nCc: \"David S. Miller\" \u003cdavem@davemloft.net\u003e\nCc: Vivek Goyal \u003cvgoyal@redhat.com\u003e\n" }, { "commit": "761b3ef50e1c2649cffbfa67a4dcb2dcdb7982ed", "tree": "67ab6a9a2520811c9c0b4d70d1c19b4bfca16237", "parents": [ "61d1d219c4c0761059236a46867bc49943c4d29d" ], "author": { "name": "Li Zefan", "email": "lizf@cn.fujitsu.com", "time": "Tue Jan 31 13:47:36 2012 +0800" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Thu Feb 02 09:20:22 2012 -0800" }, "message": "cgroup: remove cgroup_subsys argument from callbacks\n\nThe argument is not used at all, and it\u0027s not necessary, because\na specific callback handler of course knows which subsys it\nbelongs to.\n\nNow only -\u003epupulate() takes this argument, because the handlers of\nthis callback always call cgroup_add_file()/cgroup_add_files().\n\nSo we reduce a few lines of code, though the shrinking of object size\nis minimal.\n\n 16 files changed, 113 insertions(+), 162 deletions(-)\n\n text data bss dec hex filename\n5486240 656987 7039960 13183187 c928d3 vmlinux.o.orig\n5486170 656987 7039960 13183117 c9288d vmlinux.o\n\nSigned-off-by: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\n" }, { "commit": "2f7ee5691eecb67c8108b92001a85563ea336ac5", "tree": "18cf60ea8a463f4a6cd59c68926ba4357ae8ff4c", "parents": [ "134d33737f9015761c3832f6b268fae6274aac7f" ], "author": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Mon Dec 12 18:12:21 2011 -0800" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Mon Dec 12 18:12:21 2011 -0800" }, "message": "cgroup: introduce cgroup_taskset and use it in subsys-\u003ecan_attach(), cancel_attach() and attach()\n\nCurrently, there\u0027s no way to pass multiple tasks to cgroup_subsys\nmethods necessitating the need for separate per-process and per-task\nmethods. This patch introduces cgroup_taskset which can be used to\npass multiple tasks and their associated cgroups to cgroup_subsys\nmethods.\n\nThree methods - can_attach(), cancel_attach() and attach() - are\nconverted to use cgroup_taskset. This unifies passed parameters so\nthat all methods have access to all information. Conversions in this\npatchset are identical and don\u0027t introduce any behavior change.\n\n-v2: documentation updated as per Paul Menage\u0027s suggestion.\n\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\nReviewed-by: KAMEZAWA Hiroyuki \u003ckamezawa.hiroyu@jp.fujitsu.com\u003e\nReviewed-by: Frederic Weisbecker \u003cfweisbec@gmail.com\u003e\nAcked-by: Paul Menage \u003cpaul@paulmenage.org\u003e\nAcked-by: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nCc: Balbir Singh \u003cbsingharora@gmail.com\u003e\nCc: Daisuke Nishimura \u003cnishimura@mxp.nes.nec.co.jp\u003e\nCc: KAMEZAWA Hiroyuki \u003ckamezawa.hiroyu@jp.fujitsu.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6034f7e603cd2dae8ed9a1d8d2ccfeb6b5c48d73", "tree": "dc18a4d1374dbd4e15414c67cb44bd359aefd62d", "parents": [ "b119cbab3aecd19dbd748a9823c02d200b96b2f8" ], "author": { "name": "Lai Jiangshan", "email": "laijs@cn.fujitsu.com", "time": "Tue Mar 15 18:07:57 2011 +0800" }, "committer": { "name": "Paul E. McKenney", "email": "paulmck@linux.vnet.ibm.com", "time": "Wed Jul 20 11:05:30 2011 -0700" }, "message": "security,rcu: Convert call_rcu(whitelist_item_free) to kfree_rcu()\n\nThe rcu callback whitelist_item_free() just calls a kfree(),\nso we use kfree_rcu() instead of the call_rcu(whitelist_item_free).\n\nSigned-off-by: Lai Jiangshan \u003claijs@cn.fujitsu.com\u003e\nSigned-off-by: Paul E. McKenney \u003cpaulmck@linux.vnet.ibm.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nReviewed-by: Josh Triplett \u003cjosh@joshtriplett.org\u003e\n" }, { "commit": "482e0cd3dbaa70f2a2bead4b5f2c0d203ef654ba", "tree": "68d885682da34a08c29908d012a356344882a487", "parents": [ "8e833fd2e1f0107ee7a4b6bc4de3c9f0e9b0ed41" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jun 19 13:01:04 2011 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Jun 20 10:46:04 2011 -0400" }, "message": "devcgroup_inode_permission: take \"is it a device node\" checks to inlined wrapper\n\ninode_permission() calls devcgroup_inode_permission() and almost all such\ncalls are _not_ for device nodes; let\u0027s at least keep the common path\nstraight...\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "f780bdb7c1c73009cb57adcf99ef50027d80bf3c", "tree": "d15668ffcc40a2aaa31723b87cfda0b166f84d57", "parents": [ "4714d1d32d97239fb5ae3e10521d3f133a899b66" ], "author": { "name": "Ben Blum", "email": "bblum@andrew.cmu.edu", "time": "Thu May 26 16:25:19 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu May 26 17:12:34 2011 -0700" }, "message": "cgroups: add per-thread subsystem callbacks\n\nAdd cgroup subsystem callbacks for per-thread attachment in atomic contexts\n\nAdd can_attach_task(), pre_attach(), and attach_task() as new callbacks\nfor cgroups\u0027s subsystem interface. Unlike can_attach and attach, these\nare for per-thread operations, to be called potentially many times when\nattaching an entire threadgroup.\n\nAlso, the old \"bool threadgroup\" interface is removed, as replaced by\nthis. All subsystems are modified for the new interface - of note is\ncpuset, which requires from/to nodemasks for attach to be globally scoped\n(though per-cpuset would work too) to persist from its pre_attach to\nattach_task and attach.\n\nThis is a pre-patch for cgroup-procs-writable.patch.\n\nSigned-off-by: Ben Blum \u003cbblum@andrew.cmu.edu\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nCc: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nCc: Matt Helsley \u003cmatthltc@us.ibm.com\u003e\nReviewed-by: Paul Menage \u003cmenage@google.com\u003e\nCc: Oleg Nesterov \u003coleg@redhat.com\u003e\nCc: David Rientjes \u003crientjes@google.com\u003e\nCc: Miao Xie \u003cmiaox@cn.fujitsu.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "0ffbe2699cda6afbe08501098dff8a8c2fe6ae09", "tree": "81b1a2305d16c873371b65c5a863c0268036cefe", "parents": [ "4e5d6f7ec3833c0da9cf34fa5c53c6058c5908b6", "7ebd467551ed6ae200d7835a84bbda0dcadaa511" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu May 06 10:56:07 2010 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu May 06 10:56:07 2010 +1000" }, "message": "Merge branch \u0027master\u0027 into next\n" }, { "commit": "c5b60b5e67af8be4c58d3ffcc36894f69c4fbdc1", "tree": "5ca471fad635ee8d91a24c7b5448dbcad3de74ef", "parents": [ "822cceec7248013821d655545ea45d1c6a9d15b3" ], "author": { "name": "Justin P. Mattock", "email": "justinmattock@gmail.com", "time": "Wed Apr 21 00:02:11 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Apr 23 10:10:23 2010 +1000" }, "message": "security: whitespace coding style fixes\n\nWhitespace coding style fixes.\n\nSigned-off-by: Justin P. Mattock \u003cjustinmattock@gmail.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5a0e3ad6af8660be21ca98a971cd00f331318c05", "tree": "5bfb7be11a03176a87296a43ac6647975c00a1d1", "parents": [ "ed391f4ebf8f701d3566423ce8f17e614cde9806" ], "author": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Wed Mar 24 17:04:11 2010 +0900" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Tue Mar 30 22:02:32 2010 +0900" }, "message": "include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h\n\npercpu.h is included by sched.h and module.h and thus ends up being\nincluded when building most .c files. percpu.h includes slab.h which\nin turn includes gfp.h making everything defined by the two files\nuniversally available and complicating inclusion dependencies.\n\npercpu.h -\u003e slab.h dependency is about to be removed. Prepare for\nthis change by updating users of gfp and slab facilities include those\nheaders directly instead of assuming availability. As this conversion\nneeds to touch large number of source files, the following script is\nused as the basis of conversion.\n\n http://userweb.kernel.org/~tj/misc/slabh-sweep.py\n\nThe script does the followings.\n\n* Scan files for gfp and slab usages and update includes such that\n only the necessary includes are there. ie. if only gfp is used,\n gfp.h, if slab is used, slab.h.\n\n* When the script inserts a new include, it looks at the include\n blocks and try to put the new include such that its order conforms\n to its surrounding. It\u0027s put in the include block which contains\n core kernel includes, in the same order that the rest are ordered -\n alphabetical, Christmas tree, rev-Xmas-tree or at the end if there\n doesn\u0027t seem to be any matching order.\n\n* If the script can\u0027t find a place to put a new include (mostly\n because the file doesn\u0027t have fitting include block), it prints out\n an error message indicating which .h file needs to be added to the\n file.\n\nThe conversion was done in the following steps.\n\n1. The initial automatic conversion of all .c files updated slightly\n over 4000 files, deleting around 700 includes and adding ~480 gfp.h\n and ~3000 slab.h inclusions. The script emitted errors for ~400\n files.\n\n2. Each error was manually checked. Some didn\u0027t need the inclusion,\n some needed manual addition while adding it to implementation .h or\n embedding .c file was more appropriate for others. This step added\n inclusions to around 150 files.\n\n3. The script was run again and the output was compared to the edits\n from #2 to make sure no file was left behind.\n\n4. Several build tests were done and a couple of problems were fixed.\n e.g. lib/decompress_*.c used malloc/free() wrappers around slab\n APIs requiring slab.h to be added manually.\n\n5. The script was run on all .h files but without automatically\n editing them as sprinkling gfp.h and slab.h inclusions around .h\n files could easily lead to inclusion dependency hell. Most gfp.h\n inclusion directives were ignored as stuff from gfp.h was usually\n wildly available and often used in preprocessor macros. Each\n slab.h inclusion directive was examined and added manually as\n necessary.\n\n6. percpu.h was updated not to include slab.h.\n\n7. Build test were done on the following configurations and failures\n were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my\n distributed build env didn\u0027t work with gcov compiles) and a few\n more options had to be turned off depending on archs to make things\n build (like ipr on powerpc/64 which failed due to missing writeq).\n\n * x86 and x86_64 UP and SMP allmodconfig and a custom test config.\n * powerpc and powerpc64 SMP allmodconfig\n * sparc and sparc64 SMP allmodconfig\n * ia64 SMP allmodconfig\n * s390 SMP allmodconfig\n * alpha SMP allmodconfig\n * um on x86_64 SMP allmodconfig\n\n8. percpu.h modifications were reverted so that it could be applied as\n a separate patch and serve as bisection point.\n\nGiven the fact that I had only a couple of failures from tests on step\n6, I\u0027m fairly confident about the coverage of this conversion patch.\nIf there is a breakage, it\u0027s likely to be something in one of the arch\nheaders which should be easily discoverable easily on most builds of\nthe specific arch.\n\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\nGuess-its-ok-by: Christoph Lameter \u003ccl@linux-foundation.org\u003e\nCc: Ingo Molnar \u003cmingo@redhat.com\u003e\nCc: Lee Schermerhorn \u003cLee.Schermerhorn@hp.com\u003e\n" }, { "commit": "be367d09927023d081f9199665c8500f69f14d22", "tree": "f0c5b9da037506da3c5890cf11b51b39a7d3c427", "parents": [ "c378369d8b4fa516ff2b1e79c3eded4e0e955ebb" ], "author": { "name": "Ben Blum", "email": "bblum@google.com", "time": "Wed Sep 23 15:56:31 2009 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Sep 24 07:20:58 2009 -0700" }, "message": "cgroups: let ss-\u003ecan_attach and ss-\u003eattach do whole threadgroups at a time\n\nAlter the ss-\u003ecan_attach and ss-\u003eattach functions to be able to deal with\na whole threadgroup at a time, for use in cgroup_attach_proc. (This is a\npre-patch to cgroup-procs-writable.patch.)\n\nCurrently, new mode of the attach function can only tell the subsystem\nabout the old cgroup of the threadgroup leader. No subsystem currently\nneeds that information for each thread that\u0027s being moved, but if one were\nto be added (for example, one that counts tasks within a group) this bit\nwould need to be reworked a bit to tell the subsystem the right\ninformation.\n\n[hidave.darkstar@gmail.com: fix build]\nSigned-off-by: Ben Blum \u003cbblum@google.com\u003e\nSigned-off-by: Paul Menage \u003cmenage@google.com\u003e\nAcked-by: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nReviewed-by: Matt Helsley \u003cmatthltc@us.ibm.com\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nCc: Oleg Nesterov \u003coleg@redhat.com\u003e\nCc: Peter Zijlstra \u003ca.p.zijlstra@chello.nl\u003e\nCc: Ingo Molnar \u003cmingo@elte.hu\u003e\nCc: Dave Young \u003chidave.darkstar@gmail.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "cd5008196f7e583f4c558531a2bca59f6c674c5b", "tree": "c91a3d15b09545eddebbc09577b2763ef2e34235", "parents": [ "f9ab5b5b0f5be506640321d710b0acd3dca6154a" ], "author": { "name": "Li Zefan", "email": "lizf@cn.fujitsu.com", "time": "Wed Jun 17 16:26:33 2009 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Jun 18 13:03:47 2009 -0700" }, "message": "devcgroup: skip superfluous checks when found the DEV_ALL elem\n\nWhile walking through the whitelist, if the DEV_ALL item is found, no more\ncheck is needed.\n\nSigned-off-by: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "b4046f00ee7c1e5615261b496cf7309683275b29", "tree": "8ef312b95b03f362f7780a37620167c54bf55e8f", "parents": [ "d969fbe69e07fcceb0558b35d4c75eb046041c5e" ], "author": { "name": "Li Zefan", "email": "lizf@cn.fujitsu.com", "time": "Thu Apr 02 16:57:32 2009 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Apr 02 19:04:55 2009 -0700" }, "message": "devcgroup: avoid using cgroup_lock\n\nThere is nothing special that has to be protected by cgroup_lock,\nso introduce devcgroup_mtuex for it\u0027s own use.\n\nSigned-off-by: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nCc: Paul Menage \u003cmenage@google.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Balbir Singh \u003cbalbir@in.ibm.com\u003e\nCc: KAMEZAWA Hiroyuki \u003ckamezawa.hiroyu@jp.fujitsu.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "0b82ac37b889ec881b645860da3775118effb3ca", "tree": "93407311725ac2588df5f37e261304a51064e200", "parents": [ "116e05751285c20edf5768ca3bcc00dad86181bb" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Wed Jan 07 18:07:46 2009 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Jan 08 08:31:03 2009 -0800" }, "message": "devices cgroup: allow mkfifo\n\nThe devcgroup_inode_permission() hook in the devices whitelist cgroup has\nalways bypassed access checks on fifos. But the mknod hook did not. The\ndevices whitelist is only about block and char devices, and fifos can\u0027t\neven be added to the whitelist, so fifos can\u0027t be created at all except by\ntasks which have \u0027a\u0027 in their whitelist (meaning they have access to all\ndevices).\n\nFix the behavior by bypassing access checks to mkfifo.\n\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nCc: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nCc: Paul Menage \u003cmenage@google.com\u003e\nCc: Lai Jiangshan \u003claijs@cn.fujitsu.com\u003e\nCc: KOSAKI Motohiro \u003ckosaki.motohiro@jp.fujitsu.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nReported-by: Daniel Lezcano \u003cdlezcano@fr.ibm.com\u003e\nCc: \u003cstable@kernel.org\u003e\t\t[2.6.27.x]\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "116e05751285c20edf5768ca3bcc00dad86181bb", "tree": "a95c51476e30fb1374dc50d6051c7216f23afa2f", "parents": [ "a47295e6bc42ad35f9c15ac66f598aa24debd4e2" ], "author": { "name": "Lai Jiangshan", "email": "laijs@cn.fujitsu.com", "time": "Wed Jan 07 18:07:45 2009 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Jan 08 08:31:03 2009 -0800" }, "message": "devcgroup: use list_for_each_entry_rcu()\n\nWe should use list_for_each_entry_rcu in RCU read site.\n\nSigned-off-by: Lai Jiangshan \u003claijs@cn.fujitsu.com\u003e\nCc: Paul Menage \u003cmenage@google.com\u003e\nCc: KAMEZAWA Hiroyuki \u003ckamezawa.hiroyu@jp.fujitsu.com\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nCc: Balbir Singh \u003cbalbir@in.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "47c59803becb55b72b26cdab3838d621a15badc8", "tree": "63711f3e41f46288e2fa18db0b4ed734e9b1f668", "parents": [ "c012a54ae0b2ee2c73499f54596e0f5257288fec" ], "author": { "name": "Lai Jiangshan", "email": "laijs@cn.fujitsu.com", "time": "Sat Oct 18 20:28:07 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Oct 20 08:52:38 2008 -0700" }, "message": "devcgroup: remove spin_lock()\n\nSince we introduced rcu for read side, spin_lock is used only for update.\nBut we always hold cgroup_lock() when update, so spin_lock() is not need.\n\nAdditional cleanup:\n1) include linux/rcupdate.h explicitly\n2) remove unused variable cur_devcgroup in devcgroup_update_access()\n\nSigned-off-by: Lai Jiangshan \u003claijs@cn.fujitsu.com\u003e\nAcked-by: \"Serge E. Hallyn\" \u003cserue@us.ibm.com\u003e\nCc: Paul Menage \u003cmenage@google.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "c012a54ae0b2ee2c73499f54596e0f5257288fec", "tree": "4fab77415948c241c563a4de1e8e29fcc0604828", "parents": [ "2cdc7241a290bb2b9ef4c2e2969a4a3ed92abb63" ], "author": { "name": "Li Zefan", "email": "lizf@cn.fujitsu.com", "time": "Sat Oct 18 20:28:07 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Oct 20 08:52:38 2008 -0700" }, "message": "devcgroup: remove unused variable\n\nSigned-off-by: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Paul Menage \u003cmenage@google.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "2cdc7241a290bb2b9ef4c2e2969a4a3ed92abb63", "tree": "c544eeca8ed7777580ebd91f97778792d5ff6d07", "parents": [ "886465f407e57d6c3c81013c919ea670ce1ae0d0" ], "author": { "name": "Li Zefan", "email": "lizf@cn.fujitsu.com", "time": "Sat Oct 18 20:28:06 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Oct 20 08:52:38 2008 -0700" }, "message": "devcgroup: use kmemdup()\n\nThis saves 40 bytes on my x86_32 box.\n\nSigned-off-by: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Paul Menage \u003cmenage@google.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "36fd71d293898a59b14e49da1f6e81c1a58f2035", "tree": "e67d5a0f6fc6caa83558f57588d9f69a46e5f4c9", "parents": [ "09a2910e54646f7a334702fbafa7a6129dc072e6" ], "author": { "name": "Li Zefan", "email": "lizf@cn.fujitsu.com", "time": "Tue Sep 02 14:35:52 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Sep 02 19:21:38 2008 -0700" }, "message": "devcgroup: fix race against rmdir()\n\nDuring the use of a dev_cgroup, we should guarantee the corresponding\ncgroup won\u0027t be deleted (i.e. via rmdir). This can be done through\ncss_get(\u0026dev_cgroup-\u003ecss), but here we can just get and use the dev_cgroup\nunder rcu_read_lock.\n\nAnd also remove checking NULL dev_cgroup, it won\u0027t be NULL since a task\nalways belongs to a cgroup.\n\nSigned-off-by: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Paul Menage \u003cmenage@google.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "7759fc9d10d3559f365cb122d81e0c0a185fe0fe", "tree": "2674cb439f9d27b5c0ef9ef078f6c8f7dac3b758", "parents": [ "4efd1a1b2f09a4b746dd9dc057986c6dadcb1317" ], "author": { "name": "Li Zefan", "email": "lizf@cn.fujitsu.com", "time": "Fri Jul 25 01:47:08 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jul 25 10:53:37 2008 -0700" }, "message": "devcgroup: code cleanup\n\n- clean up set_majmin()\n- use simple_strtoul() to parse major/minor\n\n[akpm@linux-foundation.org: fix simple_strtoul() usage]\n[kosaki.motohiro@jp.fujitsu.com: fix warnings]\nSigned-off-by: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Paul Menage \u003cmenage@google.com\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nSigned-off-by: KOSAKI Motohiro \u003ckosaki.motohiro@jp.fujitsu.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "4efd1a1b2f09a4b746dd9dc057986c6dadcb1317", "tree": "048b7c286be2f17efce9b3482d9618cd150ee3f7", "parents": [ "e885dcde75685e09f23cffae1f6d5169c105b8a0" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@openvz.org", "time": "Fri Jul 25 01:47:07 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jul 25 10:53:37 2008 -0700" }, "message": "devcgroup: relax white-list protection down to RCU\n\nCurrently this list is protected with a simple spinlock, even for reading\nfrom one. This is OK, but can be better.\n\nActually I want it to be better very much, since after replacing the\nOpenVZ device permissions engine with the cgroup-based one I noticed, that\nwe set 12 default device permissions for each newly created container (for\n/dev/null, full, terminals, ect devices), and people sometimes have up to\n20 perms more, so traversing the ~30-40 elements list under a spinlock\ndoesn\u0027t seem very good.\n\nHere\u0027s the RCU protection for white-list - dev_whitelist_item-s are added\nand removed under the devcg-\u003elock, but are looked up in permissions\nchecking under the rcu_read_lock.\n\nSigned-off-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Balbir Singh \u003cbalbir@in.ibm.com\u003e\nCc: Paul Menage \u003cmenage@google.com\u003e\nCc: \"Paul E. McKenney\" \u003cpaulmck@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "f92523e3a7861f5dbd76021e0719a35fe8771f2d", "tree": "933c9e6e1f0683ac1c6bc019da5b91c9e567bf7c", "parents": [ "e37123953292146445c8629b3950d0513fd10ae2" ], "author": { "name": "Paul Menage", "email": "menage@google.com", "time": "Fri Jul 25 01:47:03 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jul 25 10:53:36 2008 -0700" }, "message": "cgroup files: convert devcgroup_access_write() into a cgroup write_string() handler\n\nThis patch converts devcgroup_access_write() from a raw file handler\ninto a handler for the cgroup write_string() method. This allows some\nboilerplate copying/locking/checking to be removed and simplifies the\ncleanup path, since these functions are performed by the cgroups\nframework before calling the handler.\n\nSigned-off-by: Paul Menage \u003cmenage@google.com\u003e\nCc: Paul Jackson \u003cpj@sgi.com\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nCc: Balbir Singh \u003cbalbir@in.ibm.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: KAMEZAWA Hiroyuki \u003ckamezawa.hiroyu@jp.fujitsu.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "ec229e830060091b9be63c8f873c1b2407a82821", "tree": "505231f1cad4a3258d509dfc75e47ed445647ff6", "parents": [ "17d213f806dad629e9af36fc45f082b87ed7bceb" ], "author": { "name": "Li Zefan", "email": "lizf@cn.fujitsu.com", "time": "Sun Jul 13 12:14:04 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Jul 13 12:51:18 2008 -0700" }, "message": "devcgroup: fix permission check when adding entry to child cgroup\n\n # cat devices.list\n c 1:3 r\n # echo \u0027c 1:3 w\u0027 \u003e sub/devices.allow\n # cat sub/devices.list\n c 1:3 w\n\nAs illustrated, the parent group has no write permission to /dev/null, so\nit\u0027s child should not be allowed to add this write permission.\n\nSigned-off-by: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Paul Menage \u003cmenage@google.com\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "17d213f806dad629e9af36fc45f082b87ed7bceb", "tree": "bbb91f06c39cddd1a05b0bdb8470f472c39c81c6", "parents": [ "0302c01b4b793cfbc5c7bf8723f6d14bf9bd7cf4" ], "author": { "name": "Li Zefan", "email": "lizf@cn.fujitsu.com", "time": "Sun Jul 13 12:14:02 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Jul 13 12:51:18 2008 -0700" }, "message": "devcgroup: always show positive major/minor num\n\n # echo \"b $((0x7fffffff)):$((0x80000000)) rwm\" \u003e devices.allow\n # cat devices.list\n b 214748364:-21474836 rwm\n\nthough a major/minor number of 0x800000000 is meaningless, we\nshould not cast it to a negative value.\n\nSigned-off-by: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Paul Menage \u003cmenage@google.com\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "d823f6bfec2844493c05961133895de21fa0e02d", "tree": "853fac4a97ab842f9ee52adfbf72297e8b90688d", "parents": [ "26ff8c697a2c8f6974c2357d3f01cca91b20c964" ], "author": { "name": "Li Zefan", "email": "lizf@cn.fujitsu.com", "time": "Fri Jul 04 10:00:07 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jul 04 10:40:10 2008 -0700" }, "message": "devcgroup: fix odd behaviour when writing \u0027a\u0027 to devices.allow\n\n # cat /devcg/devices.list\n a *:* rwm\n # echo a \u003e devices.allow\n # cat /devcg/devices.list\n a *:* rwm\n a 0:0 rwm\n\nThis is odd and maybe confusing. With this patch, writing \u0027a\u0027 to\ndevices.allow will add \u0027a *:* rwm\u0027 to the whitelist.\n\nAlso a few fixes and updates to the document.\n\nSigned-off-by: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nCc: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nCc: Paul Menage \u003cmenage@google.com\u003e\nCc: Balbir Singh \u003cbalbir@in.ibm.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: KAMEZAWA Hiroyuki \u003ckamezawa.hiroyu@jp.fujitsu.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "d1ee2971f5bd8a16bc5ecfe1b00e14b4fe407c4f", "tree": "733c51b66dda47216ca1526fdd85004206fd0ec8", "parents": [ "7db9cfd380205f6b50afdc3bc3619f876a5eaf0d" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@openvz.org", "time": "Thu Jun 05 22:46:28 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jun 06 11:29:11 2008 -0700" }, "message": "devscgroup: make white list more compact in some cases\n\nConsider you added a \u0027c foo:bar r\u0027 permission to some cgroup and then (a\nbit later) \u0027c\u0027foo:bar w\u0027 for it. After this you\u0027ll see the\n\nc foo:bar r\nc foo:bar w\n\nlines in a devices.list file.\n\nAnother example - consider you added 10 \u0027c foo:bar r\u0027 permissions to some\ncgroup (e.g. by mistake). After this you\u0027ll see 10 c foo:bar r lines in\na list file.\n\nThis is weird. This situation also has one more annoying consequence.\nHaving many items in a white list makes permissions checking slower, sine\nit has to walk a longer list.\n\nThe proposal is to merge permissions for items, that correspond to the\nsame device.\n\nSigned-off-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "cc9cb219aac24ffc711566c8f372c2b3a3bf840f", "tree": "efa678227596922a00b2a7744c33707041c78316", "parents": [ "b66862f7663332aa1ecb3ebda4086360ddb8befc" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@openvz.org", "time": "Thu Jun 05 22:46:26 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jun 06 11:29:11 2008 -0700" }, "message": "devscgroup: relax task to dev_cgroup conversion\n\nTwo functions, that need to get a device_cgroup from a task (they are\ndevcgroup_inode_permission and devcgroup_inode_mknod) make it in a strange\nway:\n\nThey get a css_set from task, then a subsys_state from css_set, then a\ncgroup from the state and then a subsys_state again from the cgroup.\nBesides, the devices_subsys_id is read from memory, whilst there\u0027s a\nenum-ed constant for it.\n\nOptimize this part a bit:\n1. Get the subsys_stats form the task and be done - no 2 extra\n dereferences,\n2. Use the device_subsys_id constant, not the value from memory\n (i.e. one less dereference).\n\nFound while preparing 2.6.26 OpenVZ port.\n\nSigned-off-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: Paul Menage \u003cmenage@google.com\u003e\nCc: Balbir Singh \u003cbalbir@in.ibm.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "b66862f7663332aa1ecb3ebda4086360ddb8befc", "tree": "8ba5a907f4bafad460cef4d6c573b9f5aae957e5", "parents": [ "93b071139a956e51c98cdefd50a47981a4eb852e" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@openvz.org", "time": "Thu Jun 05 22:46:24 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jun 06 11:29:11 2008 -0700" }, "message": "devcgroup: make a helper to convert cgroup_subsys_state to devs_cgroup\n\nThis is just picking the container_of out of cgroup_to_devcgroup into a\nseparate function.\n\nThis new css_to_devcgroup will be used in the 2nd patch.\n\nSigned-off-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Paul Menage \u003cmenage@google.com\u003e\nCc: Balbir Singh \u003cbalbir@in.ibm.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "29486df325e1fe6e1764afcb19e3370804c2b002", "tree": "d69a96bb829940f3ae5171fde481edb20a9e468a", "parents": [ "28fd5dfc12bde391981dfdcf20755952b6e916af" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Tue Apr 29 01:00:14 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 29 08:06:10 2008 -0700" }, "message": "cgroups: introduce cft-\u003eread_seq()\n\nIntroduce a read_seq() helper in cftype, which uses seq_file to print out\nlists. Use it in the devices cgroup. Also split devices.allow into two\nfiles, so now devices.deny and devices.allow are the ones to use to manipulate\nthe whitelist, while devices.list outputs the cgroup\u0027s current whitelist.\n\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: Paul Menage \u003cmenage@google.com\u003e\nCc: Balbir Singh \u003cbalbir@in.ibm.com\u003e\nCc: KAMEZAWA Hiroyuki \u003ckamezawa.hiroyu@jp.fujitsu.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "08ce5f16ee466ffc5bf243800deeecd77d9eaf50", "tree": "8fb921137a677d463f11727dab7e683db426b810", "parents": [ "d447ea2f30ec60370ddb99a668e5ac12995f043d" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Tue Apr 29 01:00:10 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 29 08:06:09 2008 -0700" }, "message": "cgroups: implement device whitelist\n\nImplement a cgroup to track and enforce open and mknod restrictions on device\nfiles. A device cgroup associates a device access whitelist with each cgroup.\n A whitelist entry has 4 fields. \u0027type\u0027 is a (all), c (char), or b (block).\n\u0027all\u0027 means it applies to all types and all major and minor numbers. Major\nand minor are either an integer or * for all. Access is a composition of r\n(read), w (write), and m (mknod).\n\nThe root device cgroup starts with rwm to \u0027all\u0027. A child devcg gets a copy of\nthe parent. Admins can then remove devices from the whitelist or add new\nentries. A child cgroup can never receive a device access which is denied its\nparent. However when a device access is removed from a parent it will not\nalso be removed from the child(ren).\n\nAn entry is added using devices.allow, and removed using\ndevices.deny. For instance\n\n\techo \u0027c 1:3 mr\u0027 \u003e /cgroups/1/devices.allow\n\nallows cgroup 1 to read and mknod the device usually known as\n/dev/null. Doing\n\n\techo a \u003e /cgroups/1/devices.deny\n\nwill remove the default \u0027a *:* mrw\u0027 entry.\n\nCAP_SYS_ADMIN is needed to change permissions or move another task to a new\ncgroup. A cgroup may not be granted more permissions than the cgroup\u0027s parent\nhas. Any task can move itself between cgroups. This won\u0027t be sufficient, but\nwe can decide the best way to adequately restrict movement later.\n\n[akpm@linux-foundation.org: coding-style fixes]\n[akpm@linux-foundation.org: fix may-be-used-uninitialized warning]\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nLooks-good-to: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nCc: Daniel Hokka Zakrisson \u003cdaniel@hozac.com\u003e\nCc: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nCc: Paul Menage \u003cmenage@google.com\u003e\nCc: Balbir Singh \u003cbalbir@in.ibm.com\u003e\nCc: KAMEZAWA Hiroyuki \u003ckamezawa.hiroyu@jp.fujitsu.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" } ] }