Merge tag 'imx-fixes-4.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo...

[cascardo/linux.git] / kernel / cgroup.c

diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index 9624db8..d1c51b7 100644 (file)
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -2209,12 +2209,8 @@ static struct dentry *cgroup_mount(struct file_system_type *fs_type,
                goto out_unlock;
        }
 
-       /*
-        * We know this subsystem has not yet been bound.  Users in a non-init
-        * user namespace may only mount hierarchies with no bound subsystems,
-        * i.e. 'none,name=user1'
-        */
-       if (!opts.none && !capable(CAP_SYS_ADMIN)) {
+       /* Hierarchies may only be created in the initial cgroup namespace. */
+       if (ns != &init_cgroup_ns) {
                ret = -EPERM;
                goto out_unlock;
        }
@@ -2956,6 +2952,7 @@ int cgroup_attach_task_all(struct task_struct *from, struct task_struct *tsk)
        int retval = 0;
 
        mutex_lock(&cgroup_mutex);
+       percpu_down_write(&cgroup_threadgroup_rwsem);
        for_each_root(root) {
                struct cgroup *from_cgrp;
 
@@ -2970,6 +2967,7 @@ int cgroup_attach_task_all(struct task_struct *from, struct task_struct *tsk)
                if (retval)
                        break;
        }
+       percpu_up_write(&cgroup_threadgroup_rwsem);
        mutex_unlock(&cgroup_mutex);
 
        return retval;
@@ -4337,6 +4335,8 @@ int cgroup_transfer_tasks(struct cgroup *to, struct cgroup *from)
 
        mutex_lock(&cgroup_mutex);
 
+       percpu_down_write(&cgroup_threadgroup_rwsem);
+
        /* all tasks in @from are being moved, all csets are source */
        spin_lock_irq(&css_set_lock);
        list_for_each_entry(link, &from->cset_links, cset_link)
@@ -4365,6 +4365,7 @@ int cgroup_transfer_tasks(struct cgroup *to, struct cgroup *from)
        } while (task && !ret);
 out_err:
        cgroup_migrate_finish(&preloaded_csets);
+       percpu_up_write(&cgroup_threadgroup_rwsem);
        mutex_unlock(&cgroup_mutex);
        return ret;
 }
@@ -6339,14 +6340,11 @@ struct cgroup_namespace *copy_cgroup_ns(unsigned long flags,
        if (!ns_capable(user_ns, CAP_SYS_ADMIN))
                return ERR_PTR(-EPERM);
 
-       mutex_lock(&cgroup_mutex);
+       /* It is not safe to take cgroup_mutex here */
        spin_lock_irq(&css_set_lock);
-
        cset = task_css_set(current);
        get_css_set(cset);
-
        spin_unlock_irq(&css_set_lock);
-       mutex_unlock(&cgroup_mutex);
 
        new_ns = alloc_cgroup_ns();
        if (IS_ERR(new_ns)) {