__sched_setscheduler: don't do any policy checks when not "user"

The "user" parameter to __sched_setscheduler indicates whether the
change is being done on behalf of a user process or not.  If not, we
shouldn't apply any permissions checks, so don't call
security_task_setscheduler().

Signed-off-by: Jeremy Fitzhardinge <jeremy@goop.org>
Tested-by: Steve Wise <swise@opengridcomputing.com>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: "Rafael J. Wysocki" <rjw@sisk.pl>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

diff --git a/kernel/sched.c b/kernel/sched.c
index 21f7da94662e20fb5bd31182d784ca02420495c3..04160d277e7aeafe5b34e58da1bcb5a786b1696d 100644 (file)
--- a/kernel/sched.c
+++ b/kernel/sched.c
@@ -5004,19 +5004,21 @@ recheck:
                        return -EPERM;
        }
 
+       if (user) {
 #ifdef CONFIG_RT_GROUP_SCHED
-       /*
-        * Do not allow realtime tasks into groups that have no runtime
-        * assigned.
-        */
-       if (user
-           && rt_policy(policy) && task_group(p)->rt_bandwidth.rt_runtime == 0)
-               return -EPERM;
+               /*
+                * Do not allow realtime tasks into groups that have no runtime
+                * assigned.
+                */
+               if (rt_policy(policy) && task_group(p)->rt_bandwidth.rt_runtime == 0)
+                       return -EPERM;
 #endif
 
-       retval = security_task_setscheduler(p, policy, param);
-       if (retval)
-               return retval;
+               retval = security_task_setscheduler(p, policy, param);
+               if (retval)
+                       return retval;
+       }
+
        /*
         * make sure no PI-waiters arrive (or leave) while we are
         * changing the priority of the task: