[RH7] cgroup: Fixed null pointer dereference at cgroup_mount #PSBM-107596

Submitted by Valeriy Vdovin on Sept. 3, 2020, 4:18 p.m.

Details

Message ID 1599149881-56450-1-git-send-email-valeriy.vdovin@virtuozzo.com
State New
Series "cgroup: Fixed null pointer dereference at cgroup_mount #PSBM-107596"
Headers show

Commit Message

Valeriy Vdovin Sept. 3, 2020, 4:18 p.m.
At cgroup_mount new_root a call to cgroup_root_from_opts may return
early and not allocate a new cgroup root object, instead returning NULL.
In that case we should not initialize ve_owner field for cgroup root.

https://jira.sw.ru/browse/PSBM-107596

Signed-off-by: Valeriy Vdovin <valeriy.vdovin@virtuozzo.com>
---
 kernel/cgroup.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

Patch hide | download patch | download mbox

diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index 5f311180..691505c 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -1749,6 +1749,9 @@  static struct cgroupfs_root *cgroup_root_from_opts(struct cgroup_sb_opts *opts)
 		strcpy(root->name, opts->name);
 	if (opts->cpuset_clone_children)
 		set_bit(CGRP_CPUSET_CLONE_CHILDREN, &root->top_cgroup.flags);
+
+	RCU_INIT_POINTER(root->top_cgroup.ve_owner, &ve0);
+
 	return root;
 }
 
@@ -1859,7 +1862,6 @@  static struct dentry *cgroup_mount(struct file_system_type *fs_type,
 		goto drop_modules;
 	}
 
-	RCU_INIT_POINTER(new_root->top_cgroup.ve_owner, &ve0);
 	opts.new_root = new_root;
 
 	/* Locate an existing or new sb for this hierarchy */

Comments

Pavel Tikhomirov Sept. 3, 2020, 5:07 p.m.
Looks good.

On 9/3/20 7:18 PM, Valeriy Vdovin wrote:
> At cgroup_mount new_root a call to cgroup_root_from_opts may return
> early and not allocate a new cgroup root object, instead returning NULL.
> In that case we should not initialize ve_owner field for cgroup root.
> 
> https://jira.sw.ru/browse/PSBM-107596
> 

Reviewed-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>

> Signed-off-by: Valeriy Vdovin <valeriy.vdovin@virtuozzo.com>
> ---
>   kernel/cgroup.c | 4 +++-
>   1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/kernel/cgroup.c b/kernel/cgroup.c
> index 5f311180..691505c 100644
> --- a/kernel/cgroup.c
> +++ b/kernel/cgroup.c
> @@ -1749,6 +1749,9 @@ static struct cgroupfs_root *cgroup_root_from_opts(struct cgroup_sb_opts *opts)
>   		strcpy(root->name, opts->name);
>   	if (opts->cpuset_clone_children)
>   		set_bit(CGRP_CPUSET_CLONE_CHILDREN, &root->top_cgroup.flags);
> +
> +	RCU_INIT_POINTER(root->top_cgroup.ve_owner, &ve0);
> +
>   	return root;
>   }
>   
> @@ -1859,7 +1862,6 @@ static struct dentry *cgroup_mount(struct file_system_type *fs_type,
>   		goto drop_modules;
>   	}
>   
> -	RCU_INIT_POINTER(new_root->top_cgroup.ve_owner, &ve0);
>   	opts.new_root = new_root;
>   
>   	/* Locate an existing or new sb for this hierarchy */
>