From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753127AbdKENSG (ORCPT <rfc822;w@1wt.eu>);
        Sun, 5 Nov 2017 08:18:06 -0500
Received: from mx0b-00082601.pphosted.com ([67.231.153.30]:47760 "EHLO
        mx0a-00082601.pphosted.com" rhost-flags-OK-OK-OK-FAIL)
        by vger.kernel.org with ESMTP id S1752639AbdKENQk (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 5 Nov 2017 08:16:40 -0500
From: Roman Gushchin <guro@fb.com>
To: <netdev@vger.kernel.org>
CC: Tejun Heo <tj@kernel.org>, Alexei Starovoitov <ast@kernel.org>,
        Daniel Borkmann <daniel@iogearbox.net>, <linux-kernel@vger.kernel.org>,
        <kernel-team@fb.com>, Roman Gushchin <guro@fb.com>
Subject: [PATCH v3 net-next 2/5] device_cgroup: prepare code for bpf-based device controller
Date: Sun, 5 Nov 2017 08:15:31 -0500
Message-ID: <20171105131534.25040-3-guro@fb.com>
X-Mailer: git-send-email 2.13.6
In-Reply-To: <20171105131534.25040-1-guro@fb.com>
References: <20171104.224008.1289480268047106418.davem@davemloft.net>
 <20171105131534.25040-1-guro@fb.com>
MIME-Version: 1.0
Content-Type: text/plain
X-Originating-IP: [2620:10d:c091:180::1:3064]
X-ClientProxiedBy: DM3PR12CA0094.namprd12.prod.outlook.com
 (2603:10b6:0:55::14) To DM3PR15MB1082.namprd15.prod.outlook.com
 (2603:10b6:0:12::8)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 6390d71b-8a7d-4bab-f83e-08d5244f5e94
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(2017052603199);SRVR:DM3PR15MB1082;
X-Microsoft-Exchange-Diagnostics: 1;DM3PR15MB1082;3:qC8uJ4olkPqWpcr83+zc0Vv0nKHEqhhZylp7yYpgsUhvNAksdlBrwJK+tye4ij3yYOhFADUPiiXUghqkDUSlE0Zk8n+4xTOg6PkSXB6WB7AI5Tn2hgPa2DJrWMP0ndMrVgnnqtYypf1BRYTVrnXlujGupSApUDRubo1zzoqfeoa/FK9LRbEheybeYUH3T7+KzCI4c7VHr5+mlSbm/atrTMSvZms3E1I2atDcYdA3hNpIXhP7602P3r4UFyFT4QhX;25:OUe+/Sqne0ifLQwQkgUX5vCM1B/c1NxLAUccmJtfp5PYlAw6TqK+HJ1tBM+he//WBwIhhBzG+g8jVasFlXwSHI2dkpmOwj1Mrumx2bkvsg/EPBur5XjEfpAKx4uaO0qGJnpMLO8qmuMvpc3+G+Xt1wDySgXCEgf09wp2syR0pGbt8I2TGxky6+HbhBMwH2nVr/R1OwQ0qCuwk1LXI8Nl2Ww337ZtJ2unpPCdlA9H+CaKgwgS6OnwUg2wc0tx9qrHPATOo7CpK+55fk864LfqywLcgt5ucNXndy1xs+43tyfBLVh4xaI+XSTn3m3gshjnXDQmOG0IEOpg8UnREaqUFQ==;31:6rP+bHDLqy/fi0lX4B692tZPXDpFhM5+6LbtxUcXVCsybTWdQFWpJopk+rUrX2ddRzPLs3meAlg6RJDpttkBivRR9VKLNWoXXxlrSgQ80pV8qSkaXP6gBAkUGcaQ8OLvv4g5X2Kdm3H6A8U/98lMXWHKDSXDEFKLQncL+GYps4y75mdtr78rcLgexXEUeq+8yihwUCa/0VduElcVaWPHz9vhf8Im1UkRZtLGoItW02U=
X-MS-TrafficTypeDiagnostic: DM3PR15MB1082:
X-Microsoft-Exchange-Diagnostics: 1;DM3PR15MB1082;20:iv1OcdNlTaszujajTT7iBoaDTbKcH2d9d+wXrnfU2PKEhxiDLGmMFTLLs7DPyssy3HS/VIY41jIlaz2X4ckNkATPm1rSRBPzrLCyWLIXR3e+gIXPu8DmFuHH9CIkKVlwMFrz77onjP1YFdx3Ddbs8QtyIgBmHh6/2/Y0nn1aiB9Et4LWLgwyaIlw3bjAL52M+Ks2X5ZbKnNYseUmJYVg+UW6nu6XU8FbY4Xx7mTHzhpd4/kt5ajLwrS14/K+IOFLYDOO+taWnsjHmew3aOKQZmVx4I1M4qnrRJixRncMYL5xDxLFEAaERiDNUkTkuNWBM4aCPMI79jMETDjLLwzPwsz9lVTujsPy22rM3dRDUmoRE4UrAVYbXcOSm9ratuvJUdtd79CeGF8rLQx6JVZw/0Zo3AeXQoM610xMF5q0otvwUfPYai/yBtVjBlUqIJ9q6AQrtd5AGBrWL7EZhi8UA9uQD+Wcy7P9krYw2Fav29fBKdvMLrMPwjAyMcmUNupn;4:EWk6fzl6N4y3lI4K/qxpTtgEJq5qQ24hqL2oxTOjBW5JfEyF99ogZQJ+XEzLABZZwfOMVAnXotG5xWIfkI8frDU/CIAB5gfHYIzt1ZCE0nLbeDS9vGKY/Ndi0E2RUMeJnY4BvpRKE6/sWRYpbMOZxtHFI+ASOMRiHUq/88eghQ99Dm9/PSvC9p8iSTagtkaBIWSsjKjtHIniQenB7Bc8cY4CE8btmRynfuvjliyCFS7g8h4BMUhV0VcO47755idddgm/PjVrAFL5HkE1DRRfw7li1ceApUODeyuU6hFOsqJ5dpycM/R28XA/sw8f/LCO70i41F6SEMFuiMnj7Gc6ApAHtnClvx6s/DSS8szrny4=
X-Exchange-Antispam-Report-Test: UriScan:(192374486261705)(67672495146484);
X-Microsoft-Antispam-PRVS: <DM3PR15MB10820EF3C4143566E75E06B9BE530@DM3PR15MB1082.namprd15.prod.outlook.com>
X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(11241501159)(6040450)(2401047)(5005006)(8121501046)(3231021)(100000703101)(100105400095)(3002001)(93006095)(93001095)(10201501046)(6041248)(20161123564025)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123558100)(20161123555025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095);SRVR:DM3PR15MB1082;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:DM3PR15MB1082;
X-Forefront-PRVS: 04825EA361
X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10019020)(979002)(6009001)(346002)(376002)(189002)(199003)(5660300001)(25786009)(316002)(305945005)(76176999)(6486002)(50466002)(50986999)(8936002)(6506006)(50226002)(4326008)(101416001)(68736007)(54906003)(97736004)(36756003)(16586007)(53416004)(6512007)(478600001)(69596002)(47776003)(5003940100001)(2950100002)(2361001)(33646002)(106356001)(6666003)(53936002)(1076002)(48376002)(189998001)(2906002)(81156014)(81166006)(8676002)(6116002)(105586002)(2351001)(86362001)(6916009)(7736002)(42262002)(969003)(989001)(999001)(1009001)(1019001);DIR:OUT;SFP:1102;SCL:1;SRVR:DM3PR15MB1082;H:castle.thefacebook.com;FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en;
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1;DM3PR15MB1082;23:vGFCkVjIY7gXD5Nr2hIH8GWAaRUE/0GlRH5sGMUrC?=
 =?us-ascii?Q?safhcfLxVOrJmfdV8mP1rv2OmjCPqrKiU/6S28jsGbTEuquW4MqVA3qqtnJ/?=
 =?us-ascii?Q?+DKBq1pmOni1Iw71zsGgTTbKP223ZbkBDbkSqpJQgh+a9e6NzZiMVcGLEmCv?=
 =?us-ascii?Q?B358XDE9bmj5ouWEd+841zT1tYHFBU8Y+FPXEWr9uWN/EhVyhfHhKT++k59C?=
 =?us-ascii?Q?44AB47kt/F/NZz7OZU+ihst7RkeFAg4LkwxdYFyG36MZP4xhnb5j6HiI3/j+?=
 =?us-ascii?Q?jYoPu79jMf/EAVUqs00+MIF3SPmtIdxr8njMmhvddg8brnpf2fx+VeeutEWT?=
 =?us-ascii?Q?DhRsNuC9eOUV+B3gsg/DAdQzg8B3p5TEhuGJ4yP1MRri5OhEQalY95v/RyCF?=
 =?us-ascii?Q?SmqdrO4b9ysugEP2MCL/9rnDXzb1r19U24Yxut/U57JH7h8J/Y0kr0w+udj+?=
 =?us-ascii?Q?mHduSqkiL+A5/AFdk4QP3cvac9KCaIJ/c9jRjY5Jqtq2oRprtRoT24NUqHbq?=
 =?us-ascii?Q?NCyILNk/CS0z1vZLqNPpLNnnONTUZx1Uawgbc9pIzeRd8zP3fQolLqf1DsWN?=
 =?us-ascii?Q?uEGaY7QHrClNOzvHg4tnQ57ASG+DiPOliNAl2e4RLi3ZkJSMQQBkuHOMOjdY?=
 =?us-ascii?Q?szhnlpe7tWw4JrftWn1O70qDgoHxrRxv2EmaCSMCLByCvFhPjpMytgA3BNWD?=
 =?us-ascii?Q?QqXxrmyFPz35auTwDfRYqB8OEILZM9DyMRxaydbpNBS2OF2+yDwgCZSISLJY?=
 =?us-ascii?Q?9nNEMlPjlY+793XNSN5JHWDh4OoB8SpcBMS0/sIGB6FEFzUOdpgeHrdAXyMe?=
 =?us-ascii?Q?bUYYFv/QtEKbqZfx0Fvw1Zmlk/WcguzJvF0MywsV9ExzHIrjAIvtojae10lB?=
 =?us-ascii?Q?oWudy2HP08l31RBKiQiDdOwnppFB4US9fZOjgXF3/i6UaeETTGjq6ekrI8qS?=
 =?us-ascii?Q?M8zGgnyJKC+exseu5iABiSpk6NIIo3QfxBEjXQgeNipenbGYKgfUghac5Txd?=
 =?us-ascii?Q?DDrVJYYCzwG7mE0aKwl0174DIP5+8kHx3ytbRiMoOQA/jZVqD3ZL6+vkH7sB?=
 =?us-ascii?Q?Pp6J9AlfCcjOhc8vcIJWECaX9PMzqUZh/x7F4C9p9nLtIyDdAsuCDKmR+MRs?=
 =?us-ascii?Q?smvcBRXnMnVKkD4NZUXHxK9oinXYj5i9ys2ajJB52wzSBIvaStuSKDFk4Fds?=
 =?us-ascii?Q?nEFGQjAHLfYfZMFK5zmlpTDBIe4a7FJ6NLHD3JLGc0BQg6SVEzNd3IvsntN0?=
 =?us-ascii?Q?fF+RA3peIIiRXIGfs8=3D?=
X-Microsoft-Exchange-Diagnostics: 1;DM3PR15MB1082;6:ZJIff1V99XwCdh4xaTqIGNCTTspJJvAjrjb9dgynTz9UHtzTTvPKRDrzdDUOjM9ul/2GOf2m43HT+O+0CcU+pSnV/wFRAEF5U478ZV20KgrtAyhuXJ1x4tafriUzpitua7RwqQ/9gGwWzb6QqTXFK5C2tAKiPhVTH+mGl2/9aKZrbCIxJo2Wl2jffyjbCki6e43RdVVh3dHy/EBBA+M+T0AlPWMwQWgZfYmEQZOsMSg0uzBVIZiZOC9PLNcXSuz0/GpKtrhokWtwYj/z9tDJmISttRLdxQe8hJDpJseZmCf2AMskqt3+Ne1XfrytK14FvSCnl8A7skWwyud0FDSA5c9CF17eW70gBaM14GI4W/4=;5:jFl5Qr3NjyLmYI6aeyXLBITCa+cJBoZdHkbQZ9DrWH6fG0oJyyecSyKzg/EeBCO0pKt6GSjLlfyrJ5Sl5sBqxUORK3LY5c2aGX+fbURc5/7UHHWsCvyKDKx4qTkp8YWH90R87P77lyaRJXapIMnpo9OPu9uzEUiGITIzcSh1hYQ=;24:3uY//z8dweVLp2IARgcmbgQBCgVsvMO7u2UlfeDJUMEOIQfvh4vAg5fL745zYykLG7ZNiDj8yNCVfXL6kBhcxC+tLJdvEOnWaUAoyIkRpSo=;7:reTRgzwTCygQumrJWsZDc/ljZI62vNv9WJXoAmxkIkRaiTc6NO5TKt+CibtZBGkjn8coTbkpyhK5QfqfrMhNnU+hEAwo3YnXS4WWrcOJ3KfH6SLnWXqBW+0wuHc6YJY4TDf8bXEhTTOqBzxggxW23zKuFnFCebUlCEWZQBN2Yq0lJhmUbBZSl06O73cVZDvcgJCzxluzz1hY/WPsQk6YvpAK6LT1nOUSSIoXehyciyCJMC/CR5U/l8UrGjczF4g9
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1;DM3PR15MB1082;20:xphpCD1X9zsxgHpAVImwkzRjtJ7MCOzA913YVdEEtH/2CUdXUFRNhdMM0vDWNDcELvWu6VN/3TUwORaU/qbDCtSTQk117UNC9Sx9kf/pfL26khGySeK0e3dAIJSY4LPj8DyBWNJXUOJvvNyqhFIyK8+Qya6BVMrsdudA3rkgFLM=
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Nov 2017 13:16:04.1255 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 6390d71b-8a7d-4bab-f83e-08d5244f5e94
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM3PR15MB1082
X-OriginatorOrg: fb.com
X-Proofpoint-Spam-Reason: safe
X-FB-Internal: Safe
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2017-11-05_03:,,
 signatures=0
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

This is non-functional change to prepare the device cgroup code
for adding eBPF-based controller for cgroups v2.

The patch performs the following changes:
1) __devcgroup_inode_permission() and devcgroup_inode_mknod()
   are moving to the device-cgroup.h and converting into static inline.
2) __devcgroup_check_permission() is exported.
3) devcgroup_check_permission() wrapper is introduced to be used
   by both existing and new bpf-based implementations.

Signed-off-by: Roman Gushchin <guro@fb.com>
Acked-by: Tejun Heo <tj@kernel.org>
Acked-by: Alexei Starovoitov <ast@kernel.org>
---
 include/linux/device_cgroup.h | 61 ++++++++++++++++++++++++++++++++++++++++---
 security/device_cgroup.c      | 47 ++-------------------------------
 2 files changed, 59 insertions(+), 49 deletions(-)

diff --git a/include/linux/device_cgroup.h b/include/linux/device_cgroup.h
index cdbc344a92e4..2d93d7ecd479 100644
--- a/include/linux/device_cgroup.h
+++ b/include/linux/device_cgroup.h
@@ -1,17 +1,70 @@
 /* SPDX-License-Identifier: GPL-2.0 */
 #include <linux/fs.h>
 
+#define DEVCG_ACC_MKNOD 1
+#define DEVCG_ACC_READ  2
+#define DEVCG_ACC_WRITE 4
+#define DEVCG_ACC_MASK (DEVCG_ACC_MKNOD | DEVCG_ACC_READ | DEVCG_ACC_WRITE)
+
+#define DEVCG_DEV_BLOCK 1
+#define DEVCG_DEV_CHAR  2
+#define DEVCG_DEV_ALL   4  /* this represents all devices */
+
+#ifdef CONFIG_CGROUP_DEVICE
+extern int __devcgroup_check_permission(short type, u32 major, u32 minor,
+					short access);
+#else
+static inline int __devcgroup_check_permission(short type, u32 major, u32 minor,
+					       short access)
+{ return 0; }
+#endif
+
 #ifdef CONFIG_CGROUP_DEVICE
-extern int __devcgroup_inode_permission(struct inode *inode, int mask);
-extern int devcgroup_inode_mknod(int mode, dev_t dev);
+static inline int devcgroup_check_permission(short type, u32 major, u32 minor,
+					     short access)
+{
+	return __devcgroup_check_permission(type, major, minor, access);
+}
+
 static inline int devcgroup_inode_permission(struct inode *inode, int mask)
 {
+	short type, access = 0;
+
 	if (likely(!inode->i_rdev))
 		return 0;
-	if (!S_ISBLK(inode->i_mode) && !S_ISCHR(inode->i_mode))
+
+	if (S_ISBLK(inode->i_mode))
+		type = DEVCG_DEV_BLOCK;
+	else if (S_ISCHR(inode->i_mode))
+		type = DEVCG_DEV_CHAR;
+	else
 		return 0;
-	return __devcgroup_inode_permission(inode, mask);
+
+	if (mask & MAY_WRITE)
+		access |= DEVCG_ACC_WRITE;
+	if (mask & MAY_READ)
+		access |= DEVCG_ACC_READ;
+
+	return devcgroup_check_permission(type, imajor(inode), iminor(inode),
+					  access);
 }
+
+static inline int devcgroup_inode_mknod(int mode, dev_t dev)
+{
+	short type;
+
+	if (!S_ISBLK(mode) && !S_ISCHR(mode))
+		return 0;
+
+	if (S_ISBLK(mode))
+		type = DEVCG_DEV_BLOCK;
+	else
+		type = DEVCG_DEV_CHAR;
+
+	return devcgroup_check_permission(type, MAJOR(dev), MINOR(dev),
+					  DEVCG_ACC_MKNOD);
+}
+
 #else
 static inline int devcgroup_inode_permission(struct inode *inode, int mask)
 { return 0; }
diff --git a/security/device_cgroup.c b/security/device_cgroup.c
index 968c21557ba7..c65b39bafdfe 100644
--- a/security/device_cgroup.c
+++ b/security/device_cgroup.c
@@ -15,15 +15,6 @@
 #include <linux/rcupdate.h>
 #include <linux/mutex.h>
 
-#define DEVCG_ACC_MKNOD 1
-#define DEVCG_ACC_READ  2
-#define DEVCG_ACC_WRITE 4
-#define DEVCG_ACC_MASK (DEVCG_ACC_MKNOD | DEVCG_ACC_READ | DEVCG_ACC_WRITE)
-
-#define DEVCG_DEV_BLOCK 1
-#define DEVCG_DEV_CHAR  2
-#define DEVCG_DEV_ALL   4  /* this represents all devices */
-
 static DEFINE_MUTEX(devcgroup_mutex);
 
 enum devcg_behavior {
@@ -810,8 +801,8 @@ struct cgroup_subsys devices_cgrp_subsys = {
  *
  * returns 0 on success, -EPERM case the operation is not permitted
  */
-static int __devcgroup_check_permission(short type, u32 major, u32 minor,
-				        short access)
+int __devcgroup_check_permission(short type, u32 major, u32 minor,
+				 short access)
 {
 	struct dev_cgroup *dev_cgroup;
 	bool rc;
@@ -833,37 +824,3 @@ static int __devcgroup_check_permission(short type, u32 major, u32 minor,
 
 	return 0;
 }
-
-int __devcgroup_inode_permission(struct inode *inode, int mask)
-{
-	short type, access = 0;
-
-	if (S_ISBLK(inode->i_mode))
-		type = DEVCG_DEV_BLOCK;
-	if (S_ISCHR(inode->i_mode))
-		type = DEVCG_DEV_CHAR;
-	if (mask & MAY_WRITE)
-		access |= DEVCG_ACC_WRITE;
-	if (mask & MAY_READ)
-		access |= DEVCG_ACC_READ;
-
-	return __devcgroup_check_permission(type, imajor(inode), iminor(inode),
-			access);
-}
-
-int devcgroup_inode_mknod(int mode, dev_t dev)
-{
-	short type;
-
-	if (!S_ISBLK(mode) && !S_ISCHR(mode))
-		return 0;
-
-	if (S_ISBLK(mode))
-		type = DEVCG_DEV_BLOCK;
-	else
-		type = DEVCG_DEV_CHAR;
-
-	return __devcgroup_check_permission(type, MAJOR(dev), MINOR(dev),
-			DEVCG_ACC_MKNOD);
-
-}
-- 
2.13.6