Commit 64e10477 authored by Aristeu Rozanski's avatar Aristeu Rozanski Committed by Tejun Heo

device_cgroup: fix unchecked cgroup parent usage

In 4cef7299 ("device_cgroup: add proper checking when changing
default behavior") the cgroup parent usage is unchecked.  root will not
have a parent and trying to use device.{allow,deny} will cause problems.
For some reason my stressing scripts didn't test the root directory so I
didn't catch it on my regular tests.
Signed-off-by: default avatarAristeu Rozanski <>
Cc: Li Zefan <>
Cc: James Morris <>
Cc: Pavel Emelyanov <>
Acked-by: default avatarSerge E. Hallyn <>
Cc: Jiri Slaby <>
Cc: Tejun Heo <>
Signed-off-by: default avatarTejun Heo <>
parent 3d70f8c6
......@@ -352,6 +352,8 @@ static int parent_has_perm(struct dev_cgroup *childcg,
static inline int may_allow_all(struct dev_cgroup *parent)
if (!parent)
return 1;
return parent->behavior == DEVCG_DEFAULT_ALLOW;
......@@ -376,11 +378,14 @@ static int devcgroup_update_access(struct dev_cgroup *devcgroup,
int count, rc;
struct dev_exception_item ex;
struct cgroup *p = devcgroup->css.cgroup;
struct dev_cgroup *parent = cgroup_to_devcgroup(p->parent);
struct dev_cgroup *parent = NULL;
if (!capable(CAP_SYS_ADMIN))
return -EPERM;
if (p->parent)
parent = cgroup_to_devcgroup(p->parent);
memset(&ex, 0, sizeof(ex));
b = buffer;
......@@ -391,11 +396,14 @@ static int devcgroup_update_access(struct dev_cgroup *devcgroup,
if (!may_allow_all(parent))
return -EPERM;
devcgroup->behavior = DEVCG_DEFAULT_ALLOW;
if (!parent)
rc = dev_exceptions_copy(&devcgroup->exceptions,
if (rc)
return rc;
devcgroup->behavior = DEVCG_DEFAULT_ALLOW;
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment