cgroup: add cgroup_may_write() helper

Add a cgroup_may_write() helper which we can use in the
CLONE_INTO_CGROUP patch series to verify that we can write to the
destination cgroup.

Cc: Tejun Heo <tj@kernel.org>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Li Zefan <lizefan@huawei.com>
Cc: cgroups@vger.kernel.org
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Tejun Heo <tj@kernel.org>

diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index 502769b..6d8bddd 100644 (file)
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -4654,13 +4654,28 @@ static int cgroup_procs_show(struct seq_file *s, void *v)
        return 0;
 }
 
+static int cgroup_may_write(const struct cgroup *cgrp, struct super_block *sb)
+{
+       int ret;
+       struct inode *inode;
+
+       lockdep_assert_held(&cgroup_mutex);
+
+       inode = kernfs_get_inode(sb, cgrp->procs_file.kn);
+       if (!inode)
+               return -ENOMEM;
+
+       ret = inode_permission(inode, MAY_WRITE);
+       iput(inode);
+       return ret;
+}
+
 static int cgroup_procs_write_permission(struct cgroup *src_cgrp,
                                         struct cgroup *dst_cgrp,
                                         struct super_block *sb)
 {
        struct cgroup_namespace *ns = current->nsproxy->cgroup_ns;
        struct cgroup *com_cgrp = src_cgrp;
-       struct inode *inode;
        int ret;
 
        lockdep_assert_held(&cgroup_mutex);
@@ -4670,12 +4685,7 @@ static int cgroup_procs_write_permission(struct cgroup *src_cgrp,
                com_cgrp = cgroup_parent(com_cgrp);
 
        /* %current should be authorized to migrate to the common ancestor */
-       inode = kernfs_get_inode(sb, com_cgrp->procs_file.kn);
-       if (!inode)
-               return -ENOMEM;
-
-       ret = inode_permission(inode, MAY_WRITE);
-       iput(inode);
+       ret = cgroup_may_write(com_cgrp, sb);
        if (ret)
                return ret;