[Devel] [PATCH RH9 1/4] cgroup: fix uninitiallized use of ctx->root
Pavel Tikhomirov
ptikhomirov at virtuozzo.com
Mon Aug 28 12:22:39 MSK 2023
In vfs_get_tree we explicitly check that fc->root is NULL before calling
->get_tree helper. So when mounting cgroup2 filesystem in the begining
of cgroup_get_tree the fc->root is uninitializled. We were lucky that
ve_hide_cgroups never dereferenced it on this code path, as mounting
cgroup2 from container was prohibited and from host ve_hide_cgroups does
not dereference root.
But if we will allow mounting cgroup2 filesystem in container, this use
of ctx->root in cgroup_get_tree will leed to crash, let's fix it.
https://jira.vzint.dev/browse/PSBM-149975
Fixes: e8e4834b833c ("ve/cgroup: hide non-virtualized cgroups in container")
Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
---
kernel/cgroup/cgroup.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index 3f685035076a..b0cf5cf66d20 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -2543,7 +2543,7 @@ static int cgroup_get_tree(struct fs_context *fc)
struct cgroup_fs_context *ctx = cgroup_fc2context(fc);
int ret;
- if (ve_hide_cgroups(ctx->root))
+ if (ve_hide_cgroups(&cgrp_dfl_root))
return -EPERM;
cgrp_dfl_visible = true;
--
2.41.0
More information about the Devel
mailing list