From patchwork Tue Mar  6 23:46:57 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Matt Roper <matthew.d.roper@intel.com>
X-Patchwork-Id: 10263133
Return-Path: <dri-devel-bounces@lists.freedesktop.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	CE03260211 for <patchwork-dri-devel@patchwork.kernel.org>;
	Tue,  6 Mar 2018 23:47:46 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C0B7628DCC
	for <patchwork-dri-devel@patchwork.kernel.org>;
	Tue,  6 Mar 2018 23:47:46 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id B507D28E46; Tue,  6 Mar 2018 23:47:46 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED
	autolearn=unavailable version=3.3.1
Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177])
	(using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 703AA28DCC
	for <patchwork-dri-devel@patchwork.kernel.org>;
	Tue,  6 Mar 2018 23:47:46 +0000 (UTC)
Received: from gabe.freedesktop.org (localhost [127.0.0.1])
	by gabe.freedesktop.org (Postfix) with ESMTP id 7816589E3E;
	Tue,  6 Mar 2018 23:47:44 +0000 (UTC)
X-Original-To: dri-devel@lists.freedesktop.org
Delivered-To: dri-devel@lists.freedesktop.org
Received: from mga05.intel.com (mga05.intel.com [192.55.52.43])
	by gabe.freedesktop.org (Postfix) with ESMTPS id 83F5A89E3E;
	Tue,  6 Mar 2018 23:47:43 +0000 (UTC)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga002.jf.intel.com ([10.7.209.21])
	by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
	06 Mar 2018 15:47:42 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.47,433,1515484800"; d="scan'208";a="39764590"
Received: from mdroper-desk.fm.intel.com ([10.1.134.220])
	by orsmga002.jf.intel.com with ESMTP; 06 Mar 2018 15:47:42 -0800
From: Matt Roper <matthew.d.roper@intel.com>
To: dri-devel@lists.freedesktop.org, intel-gfx@lists.freedesktop.org,
	cgroups@vger.kernel.org
Subject: [PATCH v3 3/6] cgroup: Introduce cgroup_permission()
Date: Tue,  6 Mar 2018 15:46:57 -0800
Message-Id: <20180306234700.6562-4-matthew.d.roper@intel.com>
X-Mailer: git-send-email 2.14.3
In-Reply-To: <20180306234700.6562-1-matthew.d.roper@intel.com>
References: <20180306234700.6562-1-matthew.d.roper@intel.com>
X-BeenThere: dri-devel@lists.freedesktop.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Direct Rendering Infrastructure - Development
	<dri-devel.lists.freedesktop.org>
List-Unsubscribe: <https://lists.freedesktop.org/mailman/options/dri-devel>,
	<mailto:dri-devel-request@lists.freedesktop.org?subject=unsubscribe>
List-Archive: <https://lists.freedesktop.org/archives/dri-devel>
List-Post: <mailto:dri-devel@lists.freedesktop.org>
List-Help: <mailto:dri-devel-request@lists.freedesktop.org?subject=help>
List-Subscribe: <https://lists.freedesktop.org/mailman/listinfo/dri-devel>,
	<mailto:dri-devel-request@lists.freedesktop.org?subject=subscribe>
Cc: Tejun Heo <tj@kernel.org>
MIME-Version: 1.0
Errors-To: dri-devel-bounces@lists.freedesktop.org
Sender: "dri-devel" <dri-devel-bounces@lists.freedesktop.org>
X-Virus-Scanned: ClamAV using ClamSMTP

Non-controller kernel subsystems may base access restrictions for
cgroup-related syscalls/ioctls on a process' access to the cgroup.
Let's make it easy for other parts of the kernel to check these cgroup
permissions.

Cc: Tejun Heo <tj@kernel.org>
Cc: cgroups@vger.kernel.org
Signed-off-by: Matt Roper <matthew.d.roper@intel.com>
---
 include/linux/cgroup.h |  1 +
 kernel/cgroup/cgroup.c | 42 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 43 insertions(+)

diff --git a/include/linux/cgroup.h b/include/linux/cgroup.h
index b1ea2064f247..dd1d1d9813e8 100644
--- a/include/linux/cgroup.h
+++ b/include/linux/cgroup.h
@@ -100,6 +100,7 @@ struct cgroup_subsys_state *css_tryget_online_from_dir(struct dentry *dentry,
 
 struct cgroup *cgroup_get_from_path(const char *path);
 struct cgroup *cgroup_get_from_fd(int fd);
+int cgroup_permission(int fd, int mask);
 
 int cgroup_attach_task_all(struct task_struct *from, struct task_struct *);
 int cgroup_transfer_tasks(struct cgroup *to, struct cgroup *from);
diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index 9e576dc8b566..52d68b226867 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -5781,6 +5781,48 @@ struct cgroup *cgroup_get_from_fd(int fd)
 }
 EXPORT_SYMBOL_GPL(cgroup_get_from_fd);
 
+/**
+ * cgroup_permission - check cgroup fd permissions
+ * @fd: fd obtained by open(cgroup)
+ * @mask: Right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC)
+ *
+ * Check for read/write/execute permissions on a cgroup.
+ */
+int cgroup_permission(int fd, int mask)
+{
+	struct file *f;
+	struct inode *inode;
+	struct cgroup_subsys_state *css;
+	int ret;
+
+	f = fget_raw(fd);
+	if (!f)
+		return -EBADF;
+
+	css = css_tryget_online_from_dir(f->f_path.dentry, NULL);
+	if (IS_ERR(css)) {
+		ret = PTR_ERR(css);
+		goto out_file;
+	}
+
+	inode = kernfs_get_inode(f->f_path.dentry->d_sb, css->cgroup->kn);
+	if (!inode) {
+		ret = -ENOMEM;
+		goto out_cgroup;
+	}
+
+	ret = inode_permission(inode, mask);
+	iput(inode);
+
+out_cgroup:
+	cgroup_put(css->cgroup);
+out_file:
+	fput(f);
+
+	return ret;
+}
+EXPORT_SYMBOL_GPL(cgroup_permission);
+
 /*
  * sock->sk_cgrp_data handling.  For more info, see sock_cgroup_data
  * definition in cgroup-defs.h.