In vfs_get_tree we explicitly check that fc->root is NULL before calling ->get_tree helper. So when mounting cgroup2 filesystem in the begining of cgroup_get_tree the fc->root is uninitializled. We were lucky that ve_hide_cgroups never dereferenced it on this code path, as mounting cgroup2 from container was prohibited and from host ve_hide_cgroups does not dereference root.
But if we will allow mounting cgroup2 filesystem in container, this use of ctx->root in cgroup_get_tree will leed to crash, let's fix it. https://jira.vzint.dev/browse/PSBM-149975 Fixes: e8e4834b833c ("ve/cgroup: hide non-virtualized cgroups in container") Signed-off-by: Pavel Tikhomirov <ptikhomi...@virtuozzo.com> --- kernel/cgroup/cgroup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c index 3f685035076a..b0cf5cf66d20 100644 --- a/kernel/cgroup/cgroup.c +++ b/kernel/cgroup/cgroup.c @@ -2543,7 +2543,7 @@ static int cgroup_get_tree(struct fs_context *fc) struct cgroup_fs_context *ctx = cgroup_fc2context(fc); int ret; - if (ve_hide_cgroups(ctx->root)) + if (ve_hide_cgroups(&cgrp_dfl_root)) return -EPERM; cgrp_dfl_visible = true; -- 2.41.0 _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel
