提交 f5f3cf6f 编写于 作者: A Aristeu Rozanski 提交者: Tejun Heo

device_cgroup: fix the comment format for recently added functions

Moving more extensive explanations to the end of the comment.

Cc: Li Zefan <lizefan@huawei.com>
Signed-off-by: NAristeu Rozanski <arozansk@redhat.com>
Acked-by: NSerge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: NTejun Heo <tj@kernel.org>
上级 79d71974
...@@ -306,17 +306,17 @@ static int devcgroup_seq_show(struct seq_file *m, void *v) ...@@ -306,17 +306,17 @@ static int devcgroup_seq_show(struct seq_file *m, void *v)
} }
/** /**
* match_exception - iterates the exception list trying to match a rule * match_exception - iterates the exception list trying to find a complete match
* based on type, major, minor and access type. It is
* considered a match if an exception is found that
* will contain the entire range of provided parameters.
* @exceptions: list of exceptions * @exceptions: list of exceptions
* @type: device type (DEV_BLOCK or DEV_CHAR) * @type: device type (DEV_BLOCK or DEV_CHAR)
* @major: device file major number, ~0 to match all * @major: device file major number, ~0 to match all
* @minor: device file minor number, ~0 to match all * @minor: device file minor number, ~0 to match all
* @access: permission mask (ACC_READ, ACC_WRITE, ACC_MKNOD) * @access: permission mask (ACC_READ, ACC_WRITE, ACC_MKNOD)
* *
* returns: true in case it matches an exception completely * It is considered a complete match if an exception is found that will
* contain the entire range of provided parameters.
*
* Return: true in case it matches an exception completely
*/ */
static bool match_exception(struct list_head *exceptions, short type, static bool match_exception(struct list_head *exceptions, short type,
u32 major, u32 minor, short access) u32 major, u32 minor, short access)
...@@ -341,20 +341,19 @@ static bool match_exception(struct list_head *exceptions, short type, ...@@ -341,20 +341,19 @@ static bool match_exception(struct list_head *exceptions, short type,
} }
/** /**
* match_exception_partial - iterates the exception list trying to match a rule * match_exception_partial - iterates the exception list trying to find a partial match
* based on type, major, minor and access type. It is
* considered a match if an exception's range is
* found to contain *any* of the devices specified by
* provided parameters. This is used to make sure no
* extra access is being granted that is forbidden by
* any of the exception list.
* @exceptions: list of exceptions * @exceptions: list of exceptions
* @type: device type (DEV_BLOCK or DEV_CHAR) * @type: device type (DEV_BLOCK or DEV_CHAR)
* @major: device file major number, ~0 to match all * @major: device file major number, ~0 to match all
* @minor: device file minor number, ~0 to match all * @minor: device file minor number, ~0 to match all
* @access: permission mask (ACC_READ, ACC_WRITE, ACC_MKNOD) * @access: permission mask (ACC_READ, ACC_WRITE, ACC_MKNOD)
* *
* returns: true in case the provided range mat matches an exception completely * It is considered a partial match if an exception's range is found to
* contain *any* of the devices specified by provided parameters. This is
* used to make sure no extra access is being granted that is forbidden by
* any of the exception list.
*
* Return: true in case the provided range mat matches an exception completely
*/ */
static bool match_exception_partial(struct list_head *exceptions, short type, static bool match_exception_partial(struct list_head *exceptions, short type,
u32 major, u32 minor, short access) u32 major, u32 minor, short access)
...@@ -387,13 +386,13 @@ static bool match_exception_partial(struct list_head *exceptions, short type, ...@@ -387,13 +386,13 @@ static bool match_exception_partial(struct list_head *exceptions, short type,
} }
/** /**
* verify_new_ex - verifies if a new exception is part of what is allowed * verify_new_ex - verifies if a new exception is allowed by parent cgroup's permissions
* by a dev cgroup based on the default policy +
* exceptions. This is used to make sure a child cgroup
* won't have more privileges than its parent
* @dev_cgroup: dev cgroup to be tested against * @dev_cgroup: dev cgroup to be tested against
* @refex: new exception * @refex: new exception
* @behavior: behavior of the exception's dev_cgroup * @behavior: behavior of the exception's dev_cgroup
*
* This is used to make sure a child cgroup won't have more privileges
* than its parent
*/ */
static bool verify_new_ex(struct dev_cgroup *dev_cgroup, static bool verify_new_ex(struct dev_cgroup *dev_cgroup,
struct dev_exception_item *refex, struct dev_exception_item *refex,
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册