cgroup: replace cftype->mode with CFTYPE_WORLD_WRITABLE

cftype->mode allows controllers to give arbitrary permissions to
interface knobs.  Except for "cgroup.event_control", the existing uses
are spurious.

* Some explicitly specify S_IRUGO | S_IWUSR even though that's the
  default.

* "cpuset.memory_pressure" specifies S_IRUGO while also setting a
  write callback which returns -EACCES.  All it needs to do is simply
  not setting a write callback.

"cgroup.event_control" uses cftype->mode to make the file
world-writable.  It's a misdesigned interface and we don't want
controllers to be tweaking interface file permissions in general.
This patch removes cftype->mode and all its spurious uses and
implements CFTYPE_WORLD_WRITABLE for "cgroup.event_control" which is
marked as compatibility-only.

Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Li Zefan <lizefan@huawei.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>

diff --git a/include/linux/cgroup-defs.h b/include/linux/cgroup-defs.h
index d95cc88e9dc28e09f87e0b16e29c211982444afd..10d814bcd487d5c541006463063bb64642c677bc 100644 (file)
--- a/include/linux/cgroup-defs.h
+++ b/include/linux/cgroup-defs.h
@@ -76,6 +76,7 @@ enum {
        CFTYPE_ONLY_ON_ROOT     = (1 << 0),     /* only create on root cgrp */
        CFTYPE_NOT_ON_ROOT      = (1 << 1),     /* don't create on root cgrp */
        CFTYPE_NO_PREFIX        = (1 << 3),     /* (DON'T USE FOR NEW FILES) no subsys prefix */
+       CFTYPE_WORLD_WRITABLE   = (1 << 4),     /* (DON'T USE FOR NEW FILES) S_IWUGO */
 
        /* internal flags, do not use outside cgroup core proper */
        __CFTYPE_ONLY_ON_DFL    = (1 << 16),    /* only on default hierarchy */
@@ -324,11 +325,6 @@ struct cftype {
         */
        char name[MAX_CFTYPE_NAME];
        unsigned long private;
-       /*
-        * If not 0, file mode is set to this value, otherwise it will
-        * be figured out automatically
-        */
-       umode_t mode;
 
        /*
         * The maximum length of string, excluding trailing nul, that can

diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index 75eba25d8dfded3f0d1c89020c8bfbba5b592abb..5031edc6f077a0e14480356e910d9c3cf5040771 100644 (file)
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -1139,23 +1139,21 @@ static char *cgroup_file_name(struct cgroup *cgrp, const struct cftype *cft,
  * cgroup_file_mode - deduce file mode of a control file
  * @cft: the control file in question
  *
- * returns cft->mode if ->mode is not 0
- * returns S_IRUGO|S_IWUSR if it has both a read and a write handler
- * returns S_IRUGO if it has only a read handler
- * returns S_IWUSR if it has only a write hander
+ * S_IRUGO for read, S_IWUSR for write.
  */
 static umode_t cgroup_file_mode(const struct cftype *cft)
 {
        umode_t mode = 0;
 
-       if (cft->mode)
-               return cft->mode;
-
        if (cft->read_u64 || cft->read_s64 || cft->seq_show)
                mode |= S_IRUGO;
 
-       if (cft->write_u64 || cft->write_s64 || cft->write)
-               mode |= S_IWUSR;
+       if (cft->write_u64 || cft->write_s64 || cft->write) {
+               if (cft->flags & CFTYPE_WORLD_WRITABLE)
+                       mode |= S_IWUGO;
+               else
+                       mode |= S_IWUSR;
+       }
 
        return mode;
 }
@@ -4371,7 +4369,6 @@ static struct cftype cgroup_dfl_base_files[] = {
                .seq_show = cgroup_pidlist_show,
                .private = CGROUP_FILE_PROCS,
                .write = cgroup_procs_write,
-               .mode = S_IRUGO | S_IWUSR,
        },
        {
                .name = "cgroup.controllers",
@@ -4406,7 +4403,6 @@ static struct cftype cgroup_legacy_base_files[] = {
                .seq_show = cgroup_pidlist_show,
                .private = CGROUP_FILE_PROCS,
                .write = cgroup_procs_write,
-               .mode = S_IRUGO | S_IWUSR,
        },
        {
                .name = "cgroup.clone_children",
@@ -4426,7 +4422,6 @@ static struct cftype cgroup_legacy_base_files[] = {
                .seq_show = cgroup_pidlist_show,
                .private = CGROUP_FILE_TASKS,
                .write = cgroup_tasks_write,
-               .mode = S_IRUGO | S_IWUSR,
        },
        {
                .name = "notify_on_release",

diff --git a/kernel/cpuset.c b/kernel/cpuset.c
index 20eedd8098c063ae648ee5d522efe913b052572a..312961ef3ccc3320159784bd9d04d810108bea9a 100644 (file)
--- a/kernel/cpuset.c
+++ b/kernel/cpuset.c
@@ -1597,9 +1597,6 @@ static int cpuset_write_u64(struct cgroup_subsys_state *css, struct cftype *cft,
        case FILE_MEMORY_PRESSURE_ENABLED:
                cpuset_memory_pressure_enabled = !!val;
                break;
-       case FILE_MEMORY_PRESSURE:
-               retval = -EACCES;
-               break;
        case FILE_SPREAD_PAGE:
                retval = update_flag(CS_SPREAD_PAGE, cs, val);
                break;
@@ -1866,9 +1863,6 @@ static struct cftype files[] = {
        {
                .name = "memory_pressure",
                .read_u64 = cpuset_read_u64,
-               .write_u64 = cpuset_write_u64,
-               .private = FILE_MEMORY_PRESSURE,
-               .mode = S_IRUGO,
        },
 
        {

diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index b35c4cc47a30ae1e33c59d31b9bb2c54fb84d41a..e672f2689326a11a35d67377b2e1905fbf17ae15 100644 (file)
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -4060,8 +4060,7 @@ static struct cftype mem_cgroup_legacy_files[] = {
        {
                .name = "cgroup.event_control",         /* XXX: for compat */
                .write = memcg_write_event_control,
-               .flags = CFTYPE_NO_PREFIX,
-               .mode = S_IWUGO,
+               .flags = CFTYPE_NO_PREFIX | CFTYPE_WORLD_WRITABLE,
        },
        {
                .name = "swappiness",