From: Chen Zhou chenzhou10@huawei.com
Commit 61e960b07b637f0295308ad91268501d744c21b5 upstream.
[ This backport uses invalf() instead of invalfc() since the latter is only available starting with v5.6 ]
When mounting a cgroup hierarchy with disabled controller in cgroup v1, all available controllers will be attached. For example, boot with cgroup_no_v1=cpu or cgroup_disable=cpu, and then mount with "mount -t cgroup -ocpu cpu /sys/fs/cgroup/cpu", then all enabled controllers will be attached except cpu.
Fix this by adding disabled controller check in cgroup1_parse_param(). If the specified controller is disabled, just return error with information "Disabled controller xx" rather than attaching all the other enabled controllers.
Fixes: f5dfb5315d34 ("cgroup: take options parsing into ->parse_monolithic()") Signed-off-by: Chen Zhou chenzhou10@huawei.com Reviewed-by: Zefan Li lizefan.x@bytedance.com Reviewed-by: Michal Koutný mkoutny@suse.com Signed-off-by: Tejun Heo tj@kernel.org Signed-off-by: Luiz Capitulino luizcap@amazon.com --- kernel/cgroup/cgroup-v1.c | 3 +++ 1 file changed, 3 insertions(+)
Reviewers,
Only 5.4-stable is affected. The issue was introduced in 5.1 and fixed by Chen in 5.11 and 5.10-stable.
I tested the same reproducer on Amazon Linux 2 as described in the commit message (well, except that I used the cpuset controller).
diff --git a/kernel/cgroup/cgroup-v1.c b/kernel/cgroup/cgroup-v1.c index 9e847e71cedd..759a931f278b 100644 --- a/kernel/cgroup/cgroup-v1.c +++ b/kernel/cgroup/cgroup-v1.c @@ -944,6 +944,9 @@ int cgroup1_parse_param(struct fs_context *fc, struct fs_parameter *param) for_each_subsys(ss, i) { if (strcmp(param->key, ss->legacy_name)) continue; + if (!cgroup_ssid_enabled(i) || cgroup1_ssid_disabled(i)) + return invalf(fc, "Disabled controller '%s'", + param->key); ctx->subsys_mask |= (1 << i); return 0; }
On Fri, Oct 28, 2022 at 07:11:13PM +0000, Luiz Capitulino wrote:
From: Chen Zhou chenzhou10@huawei.com
Commit 61e960b07b637f0295308ad91268501d744c21b5 upstream.
[ This backport uses invalf() instead of invalfc() since the latter is only available starting with v5.6 ]
When mounting a cgroup hierarchy with disabled controller in cgroup v1, all available controllers will be attached. For example, boot with cgroup_no_v1=cpu or cgroup_disable=cpu, and then mount with "mount -t cgroup -ocpu cpu /sys/fs/cgroup/cpu", then all enabled controllers will be attached except cpu.
Fix this by adding disabled controller check in cgroup1_parse_param(). If the specified controller is disabled, just return error with information "Disabled controller xx" rather than attaching all the other enabled controllers.
Fixes: f5dfb5315d34 ("cgroup: take options parsing into ->parse_monolithic()") Signed-off-by: Chen Zhou chenzhou10@huawei.com Reviewed-by: Zefan Li lizefan.x@bytedance.com Reviewed-by: Michal Koutný mkoutny@suse.com Signed-off-by: Tejun Heo tj@kernel.org Signed-off-by: Luiz Capitulino luizcap@amazon.com
kernel/cgroup/cgroup-v1.c | 3 +++ 1 file changed, 3 insertions(+)
Reviewers,
Only 5.4-stable is affected. The issue was introduced in 5.1 and fixed by Chen in 5.11 and 5.10-stable.
I tested the same reproducer on Amazon Linux 2 as described in the commit message (well, except that I used the cpuset controller).
Now queued up, thanks.
greg k-h
linux-stable-mirror@lists.linaro.org
-
Greg KH -
Luiz Capitulino