FROMLIST: arm64: dts: rockchip: add Type-C phy for RK3399

[firefly-linux-kernel-4.4.55.git] / kernel / cgroup.c

diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index 1c9d701f7a72916155759c56561b084f0fc4900d..47851dbc893d1ee1e952bf6ef37792c59f1af77b 100644 (file)
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -2671,6 +2671,45 @@ static int cgroup_attach_task(struct cgroup *dst_cgrp,
        return ret;
 }
 
+int subsys_cgroup_allow_attach(struct cgroup_taskset *tset)
+{
+       const struct cred *cred = current_cred(), *tcred;
+       struct task_struct *task;
+       struct cgroup_subsys_state *css;
+
+       if (capable(CAP_SYS_NICE))
+               return 0;
+
+       cgroup_taskset_for_each(task, css, tset) {
+               tcred = __task_cred(task);
+
+               if (current != task && !uid_eq(cred->euid, tcred->uid) &&
+                   !uid_eq(cred->euid, tcred->suid))
+                       return -EACCES;
+       }
+
+       return 0;
+}
+
+static int cgroup_allow_attach(struct cgroup *cgrp, struct cgroup_taskset *tset)
+{
+       struct cgroup_subsys_state *css;
+       int i;
+       int ret;
+
+       for_each_css(css, i, cgrp) {
+               if (css->ss->allow_attach) {
+                       ret = css->ss->allow_attach(tset);
+                       if (ret)
+                               return ret;
+               } else {
+                       return -EACCES;
+               }
+       }
+
+       return 0;
+}
+
 static int cgroup_procs_write_permission(struct task_struct *task,
                                         struct cgroup *dst_cgrp,
                                         struct kernfs_open_file *of)
@@ -2685,8 +2724,24 @@ static int cgroup_procs_write_permission(struct task_struct *task,
         */
        if (!uid_eq(cred->euid, GLOBAL_ROOT_UID) &&
            !uid_eq(cred->euid, tcred->uid) &&
-           !uid_eq(cred->euid, tcred->suid))
-               ret = -EACCES;
+           !uid_eq(cred->euid, tcred->suid)) {
+               /*
+                * if the default permission check fails, give each
+                * cgroup a chance to extend the permission check
+                */
+               struct cgroup_taskset tset = {
+                       .src_csets = LIST_HEAD_INIT(tset.src_csets),
+                       .dst_csets = LIST_HEAD_INIT(tset.dst_csets),
+                       .csets = &tset.src_csets,
+               };
+               struct css_set *cset;
+               cset = task_css_set(task);
+               list_add(&cset->mg_node, &tset.src_csets);
+               ret = cgroup_allow_attach(dst_cgrp, &tset);
+               list_del(&tset.src_csets);
+               if (ret)
+                       ret = -EACCES;
+       }
 
        if (!ret && cgroup_on_dfl(dst_cgrp)) {
                struct super_block *sb = of->file->f_path.dentry->d_sb;