Re: [PATCH] cgroup: Fix crash with CLONE_INTO_CGROUP and v1 cgroups

From: Tejun Heo
Date: Mon Oct 10 2022 - 14:44:07 EST


Hello,

On Sun, Oct 09, 2022 at 03:10:36PM +0200, Christian A. Ehrhardt wrote:
>
> Since commit f3a2aebdd6, Version 1 cgroups no longer cause an
> error when used with CLONE_INTO_CGROUP. However, the permission
> checks performed during clone assume a Version 2 cgroup.
>
> Restore the error check for V1 cgroups in the clone() path.
>
> Reported-by: syzbot+534ee3d24c37c411f37f@xxxxxxxxxxxxxxxxxxxxxxxxx
> Link: https://lore.kernel.org/lkml/000000000000385cbf05ea3f1862@xxxxxxxxxx/
> Fixes: f3a2aebdd6 ("cgroup: enable cgroup_get_from_file() on cgroup1")
> Signed-off-by: Christian A. Ehrhardt <lk@xxxxxxx>

This feels too error prone. I'd rather revert the original commit. Yosry,
imma revert f3a2aebdd6. Can you please add a separate function which allows
looking up IDs for cgroup1 hierarchies if absolutely necessary? But,
frankly, given how inherently confusing using IDs for cgroup1 hierarchies is
(fd for cgroup1 identifies both the hierarchy and the cgroup, id is
inherently partial which is super confusing), I'd rather just not do it.

Thanks.

--
tejun