[Devel] [PATCH vz10] cgroup-v2: Validate controllers are enabled before hide/show
Konstantin Khorenko
khorenko at virtuozzo.com
Fri Dec 12 16:35:07 MSK 2025
Add validation to check that controllers are enabled in cgroup_ss_mask
before attempting to hide or show them. This prevents silent no-op
operations and returns -ENOENT error, consistent with the validation
logic in cgroup_subtree_control_write().
https://virtuozzo.atlassian.net/browse/VSTOR-119803
Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
---
kernel/cgroup/cgroup.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index f99f1672bde8c..5ab96088eee31 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -4003,11 +4003,21 @@ static ssize_t cgroup_controllers_hidden_write(struct kernfs_open_file *of,
hide &= ~(1 << ssid);
continue;
}
+ /* Validate that controller is enabled in this cgroup */
+ if (!(cgroup_ss_mask(cgrp) & (1 << ssid))) {
+ ret = -ENOENT;
+ goto out_unlock;
+ }
} else if (show & (1 << ssid)) {
if (!(cgrp->hidden_ss_mask & (1 << ssid))) {
show &= ~(1 << ssid);
continue;
}
+ /* Validate that controller is enabled in this cgroup */
+ if (!(cgroup_ss_mask(cgrp) & (1 << ssid))) {
+ ret = -ENOENT;
+ goto out_unlock;
+ }
}
}
--
2.43.0
More information about the Devel
mailing list