From e9ed91bbedda9eb389009a5ce89bd005bb4a06f0 Mon Sep 17 00:00:00 2001 From: Michal Koutný Date: May 29 2023 13:51:35 +0000 Subject: cgroup: Honor caller's cgroup NS when resolving path (bsc#1205650). --- diff --git a/patches.suse/cgroup-Honor-caller-s-cgroup-NS-when-resolving-path.patch b/patches.suse/cgroup-Honor-caller-s-cgroup-NS-when-resolving-path.patch new file mode 100644 index 0000000..1ef4ee1 --- /dev/null +++ b/patches.suse/cgroup-Honor-caller-s-cgroup-NS-when-resolving-path.patch @@ -0,0 +1,44 @@ +From: =?utf-8?b?TWljaGFsIEtvdXRuw70gPG1rb3V0bnlAc3VzZS5jb20+?= +Date: Fri, 26 Aug 2022 18:52:35 +0200 +Subject: cgroup: Honor caller's cgroup NS when resolving path +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Git-commit: 74e4b956eb1cac0e4c10c240339b1bbfbc9a4c48 +Patch-mainline: v6.1-rc1 +References: bsc#1205650 + +cgroup_get_from_path() is not widely used function. Its callers presume +the path is resolved under cgroup namespace. (There is one caller +currently and resolving in init NS won't make harm (netfilter). However, +future users may be subject to different effects when resolving +globally.) +Since, there's currently no use for the global resolution, modify the +existing function to take cgroup NS into account. + +Fixes: a79a908fd2b0 ("cgroup: introduce cgroup namespaces") +Signed-off-by: Michal Koutný +Signed-off-by: Tejun Heo +--- + kernel/cgroup/cgroup.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c +index 627ff0f07da7..1c7ab4109251 100644 +--- a/kernel/cgroup/cgroup.c ++++ b/kernel/cgroup/cgroup.c +@@ -6602,8 +6602,12 @@ struct cgroup *cgroup_get_from_path(const char *path) + { + struct kernfs_node *kn; + struct cgroup *cgrp = ERR_PTR(-ENOENT); ++ struct cgroup *root_cgrp; + +- kn = kernfs_walk_and_get(cgrp_dfl_root.cgrp.kn, path); ++ spin_lock_irq(&css_set_lock); ++ root_cgrp = current_cgns_cgroup_from_root(&cgrp_dfl_root); ++ kn = kernfs_walk_and_get(root_cgrp->kn, path); ++ spin_unlock_irq(&css_set_lock); + if (!kn) + goto out; + + diff --git a/series.conf b/series.conf index 5018a77..6198100 100644 --- a/series.conf +++ b/series.conf @@ -16706,6 +16706,7 @@ patches.suse/sched-core-Introduce-sched_asym_cpucap_active.patch patches.suse/perf-x86-uncore-Add-new-Raptor-Lake-S-support.patch patches.suse/locking-rwsem-Disable-preemption-while-trying-for-rw.patch + patches.suse/cgroup-Honor-caller-s-cgroup-NS-when-resolving-path.patch patches.suse/cgroup-cpuset-Enable-update_tasks_cpumask-on-top_cpuset.patch patches.suse/livepatch-fix-race-between-fork-and-KLP-transition.patch patches.suse/livepatch-Add-a-missing-newline-character-in-klp_mod.patch