add boot partition size

hc

2023-12-11 d2ccde1c8e90d38cee87a1b0309ad2827f3fd30d

 kernel/security/device_cgroup.c
..
..
@@ -15,6 +15,8 @@
15
15
 #include <linux/rcupdate.h>
16
16
 #include <linux/mutex.h>
17
17
 
18
+#ifdef CONFIG_CGROUP_DEVICE
19
+
18
20
 static DEFINE_MUTEX(devcgroup_mutex);
19
21
 
20
22
 enum devcg_behavior {
..
..
@@ -352,7 +354,8 @@
352
354
 {
353
355
 	struct dev_exception_item *ex;
354
356
 
355
-	list_for_each_entry_rcu(ex, exceptions, list) {
357
+	list_for_each_entry_rcu(ex, exceptions, list,
358
+				lockdep_is_held(&devcgroup_mutex)) {
356
359
 		if ((type & DEVCG_DEV_BLOCK) && !(ex->type & DEVCG_DEV_BLOCK))
357
360
 			continue;
358
361
 		if ((type & DEVCG_DEV_CHAR) && !(ex->type & DEVCG_DEV_CHAR))
..
..
@@ -509,7 +512,7 @@
509
512
  * This is one of the three key functions for hierarchy implementation.
510
513
  * This function is responsible for re-evaluating all the cgroup's active
511
514
  * exceptions due to a parent's exception change.
512
- * Refer to Documentation/cgroup-v1/devices.txt for more details.
515
+ * Refer to Documentation/admin-guide/cgroup-v1/devices.rst for more details.
513
516
  */
514
517
 static void revalidate_active_exceptions(struct dev_cgroup *devcg)
515
518
 {
..
..
@@ -792,7 +795,7 @@
792
795
 };
793
796
 
794
797
 /**
795
- * __devcgroup_check_permission - checks if an inode operation is permitted
798
+ * devcgroup_legacy_check_permission - checks if an inode operation is permitted
796
799
  * @dev_cgroup: the dev cgroup to be tested against
797
800
  * @type: device type
798
801
  * @major: device major number
..
..
@@ -801,8 +804,8 @@
801
804
  *
802
805
  * returns 0 on success, -EPERM case the operation is not permitted
803
806
  */
804
-int __devcgroup_check_permission(short type, u32 major, u32 minor,
805
-				 short access)
807
+static int devcgroup_legacy_check_permission(short type, u32 major, u32 minor,
808
+					short access)
806
809
 {
807
810
 	struct dev_cgroup *dev_cgroup;
808
811
 	bool rc;
..
..
@@ -824,3 +827,25 @@
824
827
 
825
828
 	return 0;
826
829
 }
830
+
831
+#endif /* CONFIG_CGROUP_DEVICE */
832
+
833
+#if defined(CONFIG_CGROUP_DEVICE) || defined(CONFIG_CGROUP_BPF)
834
+
835
+int devcgroup_check_permission(short type, u32 major, u32 minor, short access)
836
+{
837
+	int rc = BPF_CGROUP_RUN_PROG_DEVICE_CGROUP(type, major, minor, access);
838
+
839
+	if (rc)
840
+		return -EPERM;
841
+
842
+	#ifdef CONFIG_CGROUP_DEVICE
843
+	return devcgroup_legacy_check_permission(type, major, minor, access);
844
+
845
+	#else /* CONFIG_CGROUP_DEVICE */
846
+	return 0;
847
+
848
+	#endif /* CONFIG_CGROUP_DEVICE */
849
+}
850
+EXPORT_SYMBOL(devcgroup_check_permission);
851
+#endif /* defined(CONFIG_CGROUP_DEVICE) || defined(CONFIG_CGROUP_BPF) */