Re: [PATCH v1 2/3] cgroup: allow for unprivileged subtree management

From: Aleksa Sarai
Date: Wed Jul 20 2016 - 18:53:59 EST

+static int cgroup_permission(struct inode *inode, struct kernfs_node *kn,
+ int mask)
+ int ret;
+ struct cgroup *cgroup;
+ struct cgroup_namespace *cgroupns;
+ /*
+ * First, compute the generic_permission return value. In most cases
+ * this will succeed and we can also avoid duplicating this code.
+ */
+ cgroup = kn->priv;
+ cgroup_get(cgroup);

This pattern which is repated for cgroupns doesn't make sense. The
code is already assuming that the cgroup is safe to deref. Getting
its reference doesn't do anything. Getting it here would only make
sense if the pointer is passed to an asynchronous context.

I'll send out a fixed patchset once we figure out the cgroups_proc_write_permission() stuff.

Aleksa Sarai
Software Engineer (Containers)
SUSE Linux GmbH