Received: by 2002:a05:6358:45e:b0:b5:b6eb:e1f9 with SMTP id 30csp576698rwe; Fri, 26 Aug 2022 10:07:45 -0700 (PDT) X-Google-Smtp-Source: AA6agR54lZU01G8U1zEdUerINFZKuWgOTcNIy95TslyzdAkqvRmZJXMHLqtN4Mfn5tMBJ15EKAw6 X-Received: by 2002:a05:6a00:1ac7:b0:52f:4e43:5ace with SMTP id f7-20020a056a001ac700b0052f4e435acemr4775718pfv.59.1661533664692; Fri, 26 Aug 2022 10:07:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1661533664; cv=none; d=google.com; s=arc-20160816; b=jE/UxtDdg6qd0eY5+VJhStEetyZ+8w0BXRdzY2GcbCa7gJ6PCaszpf/6r6NP53iGWF gl030olHF1AtiRwYfU/VEveI7Cc61hd1oPkvTM4GLJwyG4nBYrm9Gu3MJgAPTn06I/VW edZe5Kt+jvnjPEc2OoAV2uq+G8GJLWl8dcYABmdI1smioczQpwhZjC9wn6M9UI8YnbHL 2ngW7IHFrRwUty3Q4hoAlNaPZ1FPgZV3fg6GlJBkLUqIwp0fvih7nMAjG73OLuHXJcsb 0PlR+2+vg0Upc5F4VyNKUVLm4dVf6v7yf/0vlhvMKfdGNewFgwZ5VvVTMjkfu5/+5OoU VW0A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=pqsTghk3lUf2zHqs/aiods7p+Uf7TePr7J7612j6zrs=; b=q7AIfYrAOgUzsOkb5ma2xeMwTpEeSt0B2Wr/XzAx6D71jzdjfn+f/xQcHyZ/tSexPs VRF8mcYYSfYzZ8s7WqNckCYVFrBy38Vly4gRymIVct0I1B3mAFlZVM9WFNxxwXAvK3yw /YBWG6EV0FcwU3SqLJJW10lP3nnJ9uNhqKe8yg9CfXQrZVwX+eSGceh9mIQP9NqYmrP6 jAmitcCuoL1f6xTDm1gpx7MIpSIIWEgrOneaehYxLgmzv/CTuOGDgd8aPyyYpQYeOJ9e gOBrEkqvNwfm3PbTdmWMJu1NkPDHQrzXFv0urEValFSVbbZjs9yybSZxbvLfQCC8N3xh +Kpw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=p34Dq3Vu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e70-20020a636949000000b003fc61e0fb47si1994699pgc.799.2022.08.26.10.07.33; Fri, 26 Aug 2022 10:07:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=p34Dq3Vu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344836AbiHZQxH (ORCPT + 99 others); Fri, 26 Aug 2022 12:53:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57390 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344311AbiHZQxB (ORCPT ); Fri, 26 Aug 2022 12:53:01 -0400 Received: from smtp-out2.suse.de (smtp-out2.suse.de [IPv6:2001:67c:2178:6::1d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3C21CB3D; Fri, 26 Aug 2022 09:53:00 -0700 (PDT) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id BE3A81F940; Fri, 26 Aug 2022 16:52:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1661532778; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=pqsTghk3lUf2zHqs/aiods7p+Uf7TePr7J7612j6zrs=; b=p34Dq3Vuy2HqGPFdeYH7O52fSFA8g/UAZmA7N24XfyIGdml3BtgZVdhx2Ej3Y+oAbrTlKY Ex0mtRWCzPU8+v7ioOeQRhqkNknKuL4HiP1/msumCtrA/zMXjEFZl3H51bRZznXNrCWaPm cepNDpurKY/9ucFIoDCyWyVnaQi/rus= Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 86C8113A7E; Fri, 26 Aug 2022 16:52:58 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id OL79H2r6CGMofAAAMHmgww (envelope-from ); Fri, 26 Aug 2022 16:52:58 +0000 From: =?UTF-8?q?Michal=20Koutn=C3=BD?= To: linux-kernel@vger.kernel.org, cgroups@vger.kernel.org, bpf@vger.kernel.org Cc: Tejun Heo , Aditya Kali , Serge Hallyn , Roman Gushchin , Yonghong Song , Muneendra Kumar , Yosry Ahmed , Hao Luo Subject: [PATCH 2/4] cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id Date: Fri, 26 Aug 2022 18:52:36 +0200 Message-Id: <20220826165238.30915-3-mkoutny@suse.com> X-Mailer: git-send-email 2.37.0 In-Reply-To: <20220826165238.30915-1-mkoutny@suse.com> References: <20220826165238.30915-1-mkoutny@suse.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Cgroup ids are resolved in the global scope. That may be needed sometime (in future) but currently it violates virtual view provided through cgroup namespaces. There are currently following users of the resolution: - fc_appid_store - bpf_iter_attach_cgroup - mem_cgroup_get_from_ino None of the is a called on behalf of kernel but the resolution is made with proper userspace context, hence the default to current->nsproxy makes sens. (This doesn't rule out cgroup_get_from_id with cgroup NS parameter in the future.) Since cgroup ids are defined on v2 hierarchy only, we simply check existence in the cgroup namespace by looking at ancestry on the default hierarchy. Fixes: 6b658c4863c1 ("scsi: cgroup: Add cgroup_get_from_id()") Signed-off-by: Michal Koutný --- kernel/cgroup/cgroup.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c index 1a8b50d15ebf..4ca90ee6b902 100644 --- a/kernel/cgroup/cgroup.c +++ b/kernel/cgroup/cgroup.c @@ -6007,11 +6007,12 @@ void cgroup_path_from_kernfs_id(u64 id, char *buf, size_t buflen) * cgroup_get_from_id : get the cgroup associated with cgroup id * @id: cgroup id * On success return the cgrp, on failure return NULL + * Only cgroups within current task's cgroup NS are valid. */ struct cgroup *cgroup_get_from_id(u64 id) { struct kernfs_node *kn; - struct cgroup *cgrp = NULL; + struct cgroup *cgrp = NULL, *root_cgrp; kn = kernfs_find_and_get_node_by_id(cgrp_dfl_root.kf_root, id); if (!kn) @@ -6024,8 +6025,18 @@ struct cgroup *cgroup_get_from_id(u64 id) cgrp = NULL; rcu_read_unlock(); - kernfs_put(kn); + + if (!cgrp) + goto out; + + spin_lock_irq(&css_set_lock); + root_cgrp = current_cgns_cgroup_from_root(&cgrp_dfl_root); + spin_unlock_irq(&css_set_lock); + if (!cgroup_is_descendant(cgrp, root_cgrp)) { + cgroup_put(cgrp); + cgrp = NULL; + } out: return cgrp; } -- 2.37.0