lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20150609044133.GQ21465@mtj.duckdns.org>
Date:	Tue, 9 Jun 2015 13:41:33 +0900
From:	Tejun Heo <tj@...nel.org>
To:	Aleksa Sarai <cyphar@...har.com>
Cc:	lizefan@...wei.com, mingo@...hat.com, peterz@...radead.org,
	richard@....at, fweisbec@...il.com, linux-kernel@...r.kernel.org,
	cgroups@...r.kernel.org
Subject: Re: [PATCH v13 4/5] cgroup: allow a cgroup subsystem to reject a fork

Hello, Aleksa.

Looks pretty good to me in general.  Some minor comments below.

On Sat, Jun 06, 2015 at 10:02:17AM +1000, Aleksa Sarai wrote:

> diff --git a/include/linux/cgroup.h b/include/linux/cgroup.h
> index a593e29..17d0046 100644
> --- a/include/linux/cgroup.h
> +++ b/include/linux/cgroup.h
> @@ -62,9 +62,15 @@ int proc_cgroup_show(struct seq_file *m, struct pid_namespace *ns,
>                      struct pid *pid, struct task_struct *tsk);

>  void cgroup_fork(struct task_struct *p);
> -void cgroup_post_fork(struct task_struct *p);
> +extern int cgroup_can_fork(struct task_struct *p,
> +                          void *ss_priv[CGROUP_CANFORK_COUNT]);
> +extern void cgroup_cancel_fork(struct task_struct *p,
> +                              void *ss_priv[CGROUP_CANFORK_COUNT]);
> +extern void cgroup_post_fork(struct task_struct *p,
> +                            void *old_ss_priv[CGROUP_CANFORK_COUNT]);
>  void cgroup_exit(struct task_struct *p);
> 
> +

Is this blank line intentional?

>  int cgroup_init_early(void);
>  int cgroup_init(void);
...
> @@ -4924,6 +4927,7 @@ static void __init cgroup_init_subsys(struct cgroup_subsys *ss, bool early)
>  
>  	have_fork_callback |= (bool)ss->fork << ss->id;
>  	have_exit_callback |= (bool)ss->exit << ss->id;
> +	have_canfork_callback |= (bool)ss->can_fork << ss->id;

Hmmm.... do we still need this mask?  We're already restricting
iteration pretty heavily.  I'd even suggest dropping both
have_fork_callback and have_exit_callback too and just put them inside
CGROUP_FORK_EXIT_START / STOP although that doesn't belong in this
patchset.

...
> +static void *subsys_canfork_priv(void *ss_priv[CGROUP_CANFORK_COUNT], int i)
> +{
> +	void **private;
> +	if ((private = subsys_canfork_priv_p(ss_priv, i)) != NULL)
> +		return *private;
> +	return NULL;
> +}

	void **private = subsys_canfork...;

	if (private)
		return *private;
	return NULL;

or even just

	return private ? *private : NULL;

We conventionally don't put assignments in if conditionals.

> +void cgroup_cancel_fork(struct task_struct *child,
> +			void *ss_priv[CGROUP_CANFORK_COUNT])
> +{
> +	struct cgroup_subsys *ss;
> +	int i;
> +
> +	for_each_subsys(ss, i)
> +		if(ss->cancel_fork)
                  ^
		  space

> +			ss->cancel_fork(child, subsys_canfork_priv(ss_priv, i));
> +}
> +
> +/**
>   * cgroup_post_fork - called on a new task after adding it to the task list
>   * @child: the task in question
>   *

Thanks.

-- 
tejun
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ