From 5877019d97ab827b808e8759c71ef8d31490907a Mon Sep 17 00:00:00 2001 From: Tejun Heo Date: Fri, 16 May 2014 13:22:48 -0400 Subject: [PATCH] device_cgroup: remove direct access to cgroup->children Currently, devcg::has_children() directly tests cgroup->children for list emptiness. The field is not a published field and scheduled to go away. In addition, the test isn't strictly correct as devcg should only care about children which are visible to userland. This patch converts has_children() to use css_next_child() instead. The subtle incorrectness is noted and will be dealt with later. Signed-off-by: Tejun Heo Acked-by: Aristeu Rozanski Acked-by: Serge Hallyn Acked-by: Li Zefan --- security/device_cgroup.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/security/device_cgroup.c b/security/device_cgroup.c index ce14a31b1337..084c8e417564 100644 --- a/security/device_cgroup.c +++ b/security/device_cgroup.c @@ -589,9 +589,17 @@ static int propagate_exception(struct dev_cgroup *devcg_root, static inline bool has_children(struct dev_cgroup *devcgroup) { - struct cgroup *cgrp = devcgroup->css.cgroup; + bool ret; - return !list_empty(&cgrp->children); + /* + * FIXME: There may be lingering offline csses and this function + * may return %true when there isn't any userland-visible child + * which is incorrect for our purposes. + */ + rcu_read_lock(); + ret = css_next_child(NULL, &devcgroup->css); + rcu_read_unlock(); + return ret; } /* -- 2.20.1