From: Tejun Heo <tj@kernel.org>
To: "Christian A. Ehrhardt" <lk@c--e.de>
Cc: Christian Brauner <brauner@kernel.org>,
syzbot <syzbot+534ee3d24c37c411f37f@syzkaller.appspotmail.com>,
gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org,
syzkaller-bugs@googlegroups.com,
Yosry Ahmed <yosryahmed@google.com>
Subject: Re: [PATCH] cgroup: Fix crash with CLONE_INTO_CGROUP and v1 cgroups
Date: Mon, 10 Oct 2022 08:43:50 -1000 [thread overview]
Message-ID: <Y0Rn5qzP6MjayoCz@slm.duckdns.org> (raw)
In-Reply-To: <Y0LITEA/22Z7YVSa@cae.in-ulm.de>
Hello,
On Sun, Oct 09, 2022 at 03:10:36PM +0200, Christian A. Ehrhardt wrote:
>
> Since commit f3a2aebdd6, Version 1 cgroups no longer cause an
> error when used with CLONE_INTO_CGROUP. However, the permission
> checks performed during clone assume a Version 2 cgroup.
>
> Restore the error check for V1 cgroups in the clone() path.
>
> Reported-by: syzbot+534ee3d24c37c411f37f@syzkaller.appspotmail.com
> Link: https://lore.kernel.org/lkml/000000000000385cbf05ea3f1862@google.com/
> Fixes: f3a2aebdd6 ("cgroup: enable cgroup_get_from_file() on cgroup1")
> Signed-off-by: Christian A. Ehrhardt <lk@c--e.de>
This feels too error prone. I'd rather revert the original commit. Yosry,
imma revert f3a2aebdd6. Can you please add a separate function which allows
looking up IDs for cgroup1 hierarchies if absolutely necessary? But,
frankly, given how inherently confusing using IDs for cgroup1 hierarchies is
(fd for cgroup1 identifies both the hierarchy and the cgroup, id is
inherently partial which is super confusing), I'd rather just not do it.
Thanks.
--
tejun
next prev parent reply other threads:[~2022-10-10 18:44 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-05 0:59 [syzbot] general protection fault in kernfs_get_inode syzbot
2022-10-05 2:19 ` syzbot
2022-10-07 21:35 ` Tejun Heo
2022-10-08 5:46 ` Christian Brauner
2022-10-08 5:51 ` Christian Brauner
2022-10-08 11:15 ` syzbot
2022-10-08 18:29 ` Christian A. Ehrhardt
2022-10-09 8:42 ` Christian Brauner
2022-10-09 13:10 ` [PATCH] cgroup: Fix crash with CLONE_INTO_CGROUP and v1 cgroups Christian A. Ehrhardt
2022-10-09 17:35 ` Christian Brauner
2022-10-09 18:16 ` Greg KH
2022-10-10 18:48 ` Tejun Heo
2022-10-09 18:42 ` Yosry Ahmed
2022-10-10 18:38 ` Martin KaFai Lau
2022-10-10 18:43 ` Tejun Heo [this message]
2022-10-10 18:50 ` Yosry Ahmed
2022-10-10 19:51 ` Tejun Heo
2022-10-10 19:57 ` Yosry Ahmed
2022-10-10 20:07 ` Tejun Heo
2022-10-10 20:09 ` Yosry Ahmed
2022-11-17 7:26 ` [syzbot] general protection fault in kernfs_get_inode syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y0Rn5qzP6MjayoCz@slm.duckdns.org \
--to=tj@kernel.org \
--cc=brauner@kernel.org \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lk@c--e.de \
--cc=syzbot+534ee3d24c37c411f37f@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=yosryahmed@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).