In 4cef7299b4786879a3e113e84084a72b24590c5b the cgroup parent usage is
unchecked. root will not have a parent and trying to use
device.{allow,deny} will cause problems. For some reason my stressing
scripts didn't test the root directory so I didn't catch it on my
regular tests.Andrew, Tejun, this patch needs to make Linus tree ASAP or a revert for 4cef7299b4786879a3e113e84084a72b24590c5b. Cc: Andrew Morton <[email protected]> Cc: Tejun Heo <[email protected]> Cc: Li Zefan <[email protected]> Cc: James Morris <[email protected]> Cc: Pavel Emelyanov <[email protected]> Cc: Serge Hallyn <[email protected]> Cc: Jiri Slaby <[email protected]> Signed-off-by: Aristeu Rozanski <[email protected]> --- github.orig/security/device_cgroup.c 2012-10-26 17:18:01.739366780 -0400 +++ github/security/device_cgroup.c 2012-10-29 10:03:33.221918003 -0400 @@ -352,6 +352,8 @@ */ static inline int may_allow_all(struct dev_cgroup *parent) { + if (!parent) + return 1; return parent->behavior == DEVCG_DEFAULT_ALLOW; } @@ -376,11 +378,14 @@ int count, rc; struct dev_exception_item ex; struct cgroup *p = devcgroup->css.cgroup; - struct dev_cgroup *parent = cgroup_to_devcgroup(p->parent); + struct dev_cgroup *parent = NULL; if (!capable(CAP_SYS_ADMIN)) return -EPERM; + if (p->parent) + parent = cgroup_to_devcgroup(p->parent); + memset(&ex, 0, sizeof(ex)); b = buffer; @@ -391,11 +396,14 @@ if (!may_allow_all(parent)) return -EPERM; dev_exception_clean(devcgroup); + devcgroup->behavior = DEVCG_DEFAULT_ALLOW; + if (!parent) + break; + rc = dev_exceptions_copy(&devcgroup->exceptions, &parent->exceptions); if (rc) return rc; - devcgroup->behavior = DEVCG_DEFAULT_ALLOW; break; case DEVCG_DENY: dev_exception_clean(devcgroup); -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
