[Devel] [PATCH RH9] cgroup/ve: fix ve_hide_cgroups calling in cgroup_get_tree
Pavel Tikhomirov
ptikhomirov at virtuozzo.com
Sat Mar 5 12:40:19 MSK 2022
Variable ret was used uninitialized in case of !ve_hide_cgroups() and
also reference on cgrp_dfl_root.cgrp was leaked in the oposite case.
Fixes: 360077892030 ("ve/cgroup: hide non-virtualized cgroups in container")
Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
---
kernel/cgroup/cgroup.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index be154b5eed77..f0c844087964 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -2475,15 +2475,14 @@ static int cgroup_get_tree(struct fs_context *fc)
struct cgroup_fs_context *ctx = cgroup_fc2context(fc);
int ret;
+ if (ve_hide_cgroups(ctx->root))
+ return -EPERM;
+
cgrp_dfl_visible = true;
cgroup_get_live(&cgrp_dfl_root.cgrp);
ctx->root = &cgrp_dfl_root;
- if (ve_hide_cgroups(ctx->root))
- ret = -EPERM;
-
- if (!ret)
- ret = cgroup_do_get_tree(fc);
+ ret = cgroup_do_get_tree(fc);
if (!ret)
apply_cgroup_root_flags(ctx->flags);
return ret;
--
2.35.1
More information about the Devel
mailing list