kernel / kernel-source

Clone
Source Code
GIT

Blame patches.suse/cgroup-cgroup-Honor-caller-s-cgroup-NS-when-resolving-cgroup-id.patch

ALP-current ALP-current-GA ALP-current-RT ALP-current-RT-GA SLE12-SP5 SLE12-SP5-AZURE SLE12-SP5-RT SLE15-SP2-EB SLE15-SP3-RT-LTSS SLE15-SP4-RT-LTSS SLE15-SP5 SLE15-SP5-AZURE SLE15-SP5-RT SLE15-SP6 SLE15-SP6-AZURE SLE15-SP6-AZURE-GA SLE15-SP6-GA SLE15-SP6-RT SLE15-SP6-RT-GA linux-next master packaging scripts slowroll stable vanilla
  1.   dfd6624d5b6f67113463b1f26370d2be5dea3cfc
  2.   patches.suse
  3.   cgroup-cgroup-Honor-caller-s-cgroup-NS-when-resolving-cgroup-id.patch
Blob History Raw
Michal Koutný 15e7e5 
From: =?utf-8?b?TWljaGFsIEtvdXRuw70gPG1rb3V0bnlAc3VzZS5jb20+?=
Michal Koutný 15e7e5 
Date: Fri, 26 Aug 2022 18:52:36 +0200
Michal Koutný 15e7e5 
Subject: cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id
Michal Koutný 15e7e5 
MIME-Version: 1.0
Michal Koutný 15e7e5 
Content-Type: text/plain; charset=UTF-8
Michal Koutný 15e7e5 
Content-Transfer-Encoding: 8bit
Michal Koutný 15e7e5 
Git-commit: 4534dee941056a4ab9dca4a9e2edff28692800b2
Michal Koutný 15e7e5 
Patch-mainline: v6.1-rc1
Michal Koutný 15e7e5 
References: bsc#1205650
Michal Koutný 15e7e5
Michal Koutný 15e7e5 
Cgroup ids are resolved in the global scope. That may be needed sometime
Michal Koutný 15e7e5 
(in future) but currently it violates virtual view provided through
Michal Koutný 15e7e5 
cgroup namespaces.
Michal Koutný 15e7e5
Michal Koutný 15e7e5 
There are currently following users of the resolution:
Michal Koutný 15e7e5 
- fc_appid_store
Michal Koutný 15e7e5 
- bpf_iter_attach_cgroup
Michal Koutný 15e7e5 
- mem_cgroup_get_from_ino
Michal Koutný 15e7e5
Michal Koutný 15e7e5 
None of the is a called on behalf of kernel but the resolution is made
Michal Koutný 15e7e5 
with proper userspace context, hence the default to current->nsproxy
Michal Koutný 15e7e5 
makes sens. (This doesn't rule out cgroup_get_from_id with cgroup NS
Michal Koutný 15e7e5 
parameter in the future.)
Michal Koutný 15e7e5
Michal Koutný 15e7e5 
Since cgroup ids are defined on v2 hierarchy only, we simply check
Michal Koutný 15e7e5 
existence in the cgroup namespace by looking at ancestry on the default
Michal Koutný 15e7e5 
hierarchy.
Michal Koutný 15e7e5
Michal Koutný 15e7e5 
Fixes: 6b658c4863c1 ("scsi: cgroup: Add cgroup_get_from_id()")
Michal Koutný 15e7e5 
Signed-off-by: Michal Koutný <mkoutny@suse.com>
Michal Koutný 15e7e5 
Signed-off-by: Tejun Heo <tj@kernel.org>
Michal Koutný 15e7e5 
---
Michal Koutný 15e7e5 
 kernel/cgroup/cgroup.c |   14 +++++++++++++-
Michal Koutný 15e7e5 
 1 file changed, 13 insertions(+), 1 deletion(-)
Michal Koutný 15e7e5
Michal Koutný 15e7e5 
--- a/kernel/cgroup/cgroup.c
Michal Koutný 15e7e5 
+++ b/kernel/cgroup/cgroup.c
Michal Koutný 15e7e5 
@@ -6003,11 +6003,12 @@ void cgroup_path_from_kernfs_id(u64 id,
Michal Koutný 15e7e5 
  * cgroup_get_from_id : get the cgroup associated with cgroup id
Michal Koutný 15e7e5 
  * @id: cgroup id
Michal Koutný 15e7e5 
  * On success return the cgrp, on failure return NULL
Michal Koutný 15e7e5 
+ * Only cgroups within current task's cgroup NS are valid.
Michal Koutný 15e7e5 
  */
Michal Koutný 15e7e5 
 struct cgroup *cgroup_get_from_id(u64 id)
Michal Koutný 15e7e5 
 {
Michal Koutný 15e7e5 
 	struct kernfs_node *kn;
Michal Koutný 15e7e5 
-	struct cgroup *cgrp = NULL;
Michal Koutný 15e7e5 
+	struct cgroup *cgrp = NULL, *root_cgrp;
Michal Koutný 15e7e5
Michal Koutný 15e7e5 
 	kn = kernfs_find_and_get_node_by_id(cgrp_dfl_root.kf_root, id);
Michal Koutný 15e7e5 
 	if (!kn)
Michal Koutný 15e7e5 
@@ -6025,6 +6026,17 @@ struct cgroup *cgroup_get_from_id(u64 id
Michal Koutný 15e7e5 
 	rcu_read_unlock();
Michal Koutný 15e7e5 
 put:
Michal Koutný 15e7e5 
 	kernfs_put(kn);
Michal Koutný 15e7e5 
+
Michal Koutný 15e7e5 
+	if (!cgrp)
Michal Koutný 15e7e5 
+		goto out;
Michal Koutný 15e7e5 
+
Michal Koutný 15e7e5 
+	spin_lock_irq(&css_set_lock);
Michal Koutný 15e7e5 
+	root_cgrp = current_cgns_cgroup_from_root(&cgrp_dfl_root);
Michal Koutný 15e7e5 
+	spin_unlock_irq(&css_set_lock);
Michal Koutný 15e7e5 
+	if (!cgroup_is_descendant(cgrp, root_cgrp)) {
Michal Koutný 15e7e5 
+		cgroup_put(cgrp);
Michal Koutný 15e7e5 
+		cgrp = NULL;
Michal Koutný 15e7e5 
+	}
Michal Koutný 15e7e5 
 out:
Michal Koutný 15e7e5 
 	return cgrp;
Michal Koutný 15e7e5 
 }
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.