[RHEL7] cgroup: fixed NULL-pointer dereference in cgroup_release_agent

Submitted by Valeriy Vdovin on Sept. 21, 2020, 9:18 a.m.

Details

Message ID 1600679906-606452-1-git-send-email-valeriy.vdovin@virtuozzo.com
State New
Series "cgroup: fixed NULL-pointer dereference in cgroup_release_agent"
Headers show

Commit Message

Valeriy Vdovin Sept. 21, 2020, 9:18 a.m.
The fix checks that ve->init_task is not referenced during warning
message decision if ve == ve0, because ve0 init_task is always NULL.

https://jira.sw.ru/browse/PSBM-107673
Signed-off-by: Valeriy Vdovin <valeriy.vdovin@virtuozzo.com>
---
 kernel/cgroup.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Patch hide | download patch | download mbox

diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index 691505c..27d7a5e 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -5934,7 +5934,7 @@  void cgroup_release_agent(struct work_struct *work)
 			envp, UMH_WAIT_EXEC, NULL, NULL, NULL);
 
 		ve_task = ve->init_task;
-		if (err < 0 && (!(ve_task->flags & PF_EXITING)))
+		if (err < 0 && (ve == &ve0 || !(ve_task->flags & PF_EXITING)))
 			pr_warn_ratelimited("cgroup release_agent "
 					    "%s %s failed: %d\n",
 					    agentbuf, pathbuf, err);

Comments

Kirill Tkhai Sept. 22, 2020, 8:31 a.m.
On 21.09.2020 12:18, Valeriy Vdovin wrote:
> The fix checks that ve->init_task is not referenced during warning
> message decision if ve == ve0, because ve0 init_task is always NULL.
> 
> https://jira.sw.ru/browse/PSBM-107673
> Signed-off-by: Valeriy Vdovin <valeriy.vdovin@virtuozzo.com>

Reviewed-by: Kirill Tkhai <ktkhai@virtuozzo.com>

> ---
>  kernel/cgroup.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/kernel/cgroup.c b/kernel/cgroup.c
> index 691505c..27d7a5e 100644
> --- a/kernel/cgroup.c
> +++ b/kernel/cgroup.c
> @@ -5934,7 +5934,7 @@ void cgroup_release_agent(struct work_struct *work)
>  			envp, UMH_WAIT_EXEC, NULL, NULL, NULL);
>  
>  		ve_task = ve->init_task;
> -		if (err < 0 && (!(ve_task->flags & PF_EXITING)))
> +		if (err < 0 && (ve == &ve0 || !(ve_task->flags & PF_EXITING)))
>  			pr_warn_ratelimited("cgroup release_agent "
>  					    "%s %s failed: %d\n",
>  					    agentbuf, pathbuf, err);
>