lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 9 Jun 2015 13:41:33 +0900 From: Tejun Heo <tj@...nel.org> To: Aleksa Sarai <cyphar@...har.com> Cc: lizefan@...wei.com, mingo@...hat.com, peterz@...radead.org, richard@....at, fweisbec@...il.com, linux-kernel@...r.kernel.org, cgroups@...r.kernel.org Subject: Re: [PATCH v13 4/5] cgroup: allow a cgroup subsystem to reject a fork Hello, Aleksa. Looks pretty good to me in general. Some minor comments below. On Sat, Jun 06, 2015 at 10:02:17AM +1000, Aleksa Sarai wrote: > diff --git a/include/linux/cgroup.h b/include/linux/cgroup.h > index a593e29..17d0046 100644 > --- a/include/linux/cgroup.h > +++ b/include/linux/cgroup.h > @@ -62,9 +62,15 @@ int proc_cgroup_show(struct seq_file *m, struct pid_namespace *ns, > struct pid *pid, struct task_struct *tsk); > void cgroup_fork(struct task_struct *p); > -void cgroup_post_fork(struct task_struct *p); > +extern int cgroup_can_fork(struct task_struct *p, > + void *ss_priv[CGROUP_CANFORK_COUNT]); > +extern void cgroup_cancel_fork(struct task_struct *p, > + void *ss_priv[CGROUP_CANFORK_COUNT]); > +extern void cgroup_post_fork(struct task_struct *p, > + void *old_ss_priv[CGROUP_CANFORK_COUNT]); > void cgroup_exit(struct task_struct *p); > > + Is this blank line intentional? > int cgroup_init_early(void); > int cgroup_init(void); ... > @@ -4924,6 +4927,7 @@ static void __init cgroup_init_subsys(struct cgroup_subsys *ss, bool early) > > have_fork_callback |= (bool)ss->fork << ss->id; > have_exit_callback |= (bool)ss->exit << ss->id; > + have_canfork_callback |= (bool)ss->can_fork << ss->id; Hmmm.... do we still need this mask? We're already restricting iteration pretty heavily. I'd even suggest dropping both have_fork_callback and have_exit_callback too and just put them inside CGROUP_FORK_EXIT_START / STOP although that doesn't belong in this patchset. ... > +static void *subsys_canfork_priv(void *ss_priv[CGROUP_CANFORK_COUNT], int i) > +{ > + void **private; > + if ((private = subsys_canfork_priv_p(ss_priv, i)) != NULL) > + return *private; > + return NULL; > +} void **private = subsys_canfork...; if (private) return *private; return NULL; or even just return private ? *private : NULL; We conventionally don't put assignments in if conditionals. > +void cgroup_cancel_fork(struct task_struct *child, > + void *ss_priv[CGROUP_CANFORK_COUNT]) > +{ > + struct cgroup_subsys *ss; > + int i; > + > + for_each_subsys(ss, i) > + if(ss->cancel_fork) ^ space > + ss->cancel_fork(child, subsys_canfork_priv(ss_priv, i)); > +} > + > +/** > * cgroup_post_fork - called on a new task after adding it to the task list > * @child: the task in question > * Thanks. -- tejun -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists