[PATCH] cgroup: Fix crash with CLONE_INTO_CGROUP and v1 cgroups
From: Christian A. Ehrhardt
Date: Sun Oct 09 2022 - 09:12:19 EST
Since commit f3a2aebdd6, Version 1 cgroups no longer cause an
error when used with CLONE_INTO_CGROUP. However, the permission
checks performed during clone assume a Version 2 cgroup.
Restore the error check for V1 cgroups in the clone() path.
Reported-by: syzbot+534ee3d24c37c411f37f@xxxxxxxxxxxxxxxxxxxxxxxxx
Link: https://lore.kernel.org/lkml/000000000000385cbf05ea3f1862@xxxxxxxxxx/
Fixes: f3a2aebdd6 ("cgroup: enable cgroup_get_from_file() on cgroup1")
Signed-off-by: Christian A. Ehrhardt <lk@xxxxxxx>
---
kernel/cgroup/cgroup.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index b6e3110b3ea7..f7fc3afa88c1 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -6244,6 +6244,11 @@ static int cgroup_css_set_fork(struct kernel_clone_args *kargs)
goto err;
}
+ if (!cgroup_on_dfl(dst_cgrp)) {
+ ret = -EBADF;
+ goto err;
+ }
+
if (cgroup_is_dead(dst_cgrp)) {
ret = -ENODEV;
goto err;
--
2.34.1