Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp1175306rwb;
        Fri, 23 Sep 2022 09:06:36 -0700 (PDT)
X-Google-Smtp-Source: AMsMyM4n15CUzq8nVQjm3dBiQUrvoqCnmXKi5AEEaKyNE3zmYCmhvAp22VlR8vIBtniOmXpZMyVs
X-Received: by 2002:a17:902:d58a:b0:177:f86c:4456 with SMTP id k10-20020a170902d58a00b00177f86c4456mr9162154plh.171.1663949196192;
        Fri, 23 Sep 2022 09:06:36 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1663949196; cv=none;
        d=google.com; s=arc-20160816;
        b=AhRkA+0yz43Sfx7+fP5JKwQdvS3WYG93RpmR//SUikQOjjl0FseNRU3ZxUtgSYMvYC
         LNqktOxI4WYYyELEWevZIJu5oSbgKV9MP/SBPb1KapUZ2KQuTcP5mqlOqH450yyOo6Yu
         2tYU+3C9PiJXUtYcYqZ69ArML/J4NcRm8r9mUcMOZrdOZ5jhuHOaLJ1H2sPwy22mnaN7
         3rvp91AGx0lrzV4EjTld05eOFID7FGnB66Mte6AEbyRZTN1iZ1hyQowd2jcFOyBNPQWw
         SnpgcPkjModbarSQ9zEFGjh5g9fruwxY2i0oSp71FgAEr0wJgnLMwuodhQd3IeZ1b9l+
         TK2Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:in-reply-to:from
         :references:cc:to:content-language:subject:user-agent:mime-version
         :date:message-id:dkim-signature;
        bh=B0Z6lO/AYPTVpzI8xvjmvs6lklWmO2tJS2Pwo6sfTgo=;
        b=cKUkepaO8UxbJM9aeOJolALsk0+gbHX0/AIETbrRRzOTZcOSLjwKhGWdSPaWoK10Yl
         22MrGOYupPVaPvgNRY+U4cNWKw9OntXDCf4KQ3VBYxTmKJvnL/1wDZVxmv3APw6Snipy
         WPpBhMAmjcr7O7hbaJyokJawkrGH+HUOQXXX1+1pYRLy9pIKzEHwjrF6jQYCcimnE/pQ
         G/lr96q1TE8No5fBxpG4CaYHiIQhggW/CmMT7spnJx2lSLu3wZB1nIYkTlym3nXne9/w
         1XoGKCynGDCa1wW8ARPwEUDVwKAIlidUn65kjT7awM6ZT6KwzCtthqhUv6Y53kiTZ6DN
         Od8g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@quicinc.com header.s=qcdkim header.b=RqJVAeYb;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=quicinc.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id q67-20020a17090a1b4900b00202c47d9c2bsi3156622pjq.27.2022.09.23.09.06.23;
        Fri, 23 Sep 2022 09:06:36 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@quicinc.com header.s=qcdkim header.b=RqJVAeYb;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=quicinc.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232801AbiIWPqL (ORCPT
        <rfc822;andriy.druk.mailinglists@gmail.com> + 99 others);
        Fri, 23 Sep 2022 11:46:11 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48078 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230431AbiIWPpm (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 23 Sep 2022 11:45:42 -0400
X-Greylist: delayed 123 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Fri, 23 Sep 2022 08:45:26 PDT
Received: from alexa-out-sd-01.qualcomm.com (alexa-out-sd-01.qualcomm.com [199.106.114.38])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 85416FA0DF
        for <linux-kernel@vger.kernel.org>; Fri, 23 Sep 2022 08:45:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
  d=quicinc.com; i=@quicinc.com; q=dns/txt; s=qcdkim;
  t=1663947926; x=1695483926;
  h=message-id:date:mime-version:subject:to:cc:references:
   from:in-reply-to:content-transfer-encoding;
  bh=B0Z6lO/AYPTVpzI8xvjmvs6lklWmO2tJS2Pwo6sfTgo=;
  b=RqJVAeYb85F+7KjDbW7D4vMPDC41nP72lEwNmxBiBPeoYqsqfnC70U6b
   0ksqr5Z8MuD99PWjfAZdF5yL6IdPE7geodDu4FXng8ndemzltF2cnzEJJ
   sflMv6iE7AchuTHFv+NGUY+u3xw4dv8p89N8PMumBp7ewaCEa1NTTvTcO
   E=;
Received: from unknown (HELO ironmsg04-sd.qualcomm.com) ([10.53.140.144])
  by alexa-out-sd-01.qualcomm.com with ESMTP; 23 Sep 2022 08:43:22 -0700
X-QCInternal: smtphost
Received: from nasanex01c.na.qualcomm.com ([10.45.79.139])
  by ironmsg04-sd.qualcomm.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Sep 2022 08:43:21 -0700
Received: from [10.216.63.150] (10.80.80.8) by nasanex01c.na.qualcomm.com
 (10.45.79.139) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.29; Fri, 23 Sep
 2022 08:43:19 -0700
Message-ID: <5b013fa2-4ad7-5995-ae6d-52770106272a@quicinc.com>
Date:   Fri, 23 Sep 2022 21:13:15 +0530
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101
 Thunderbird/91.13.0
Subject: Re: [PATCH] cgroup: fix cgroup_get_from_id
Content-Language: en-US
To:     Ming Lei <ming.lei@redhat.com>, Tejun Heo <tj@kernel.org>,
        <linux-kernel@vger.kernel.org>
CC:     <cgroups@vger.kernel.org>, Marco Patalano <mpatalan@redhat.com>,
        Muneendra <muneendra.kumar@broadcom.com>
References: <20220923115119.2035603-1-ming.lei@redhat.com>
From:   Mukesh Ojha <quic_mojha@quicinc.com>
In-Reply-To: <20220923115119.2035603-1-ming.lei@redhat.com>
Content-Type: text/plain; charset="UTF-8"; format=flowed
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.80.80.8]
X-ClientProxiedBy: nasanex01b.na.qualcomm.com (10.46.141.250) To
 nasanex01c.na.qualcomm.com (10.45.79.139)
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_MED,
        SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi,

On 9/23/2022 5:21 PM, Ming Lei wrote:
> cgroup has to be one kernfs dir, otherwise kernel panic is caused,
> especially cgroup id is provide from userspace.
> 
> Reported-by: Marco Patalano <mpatalan@redhat.com>
> Fixes: 6b658c4863c1 ("scsi: cgroup: Add cgroup_get_from_id()")
> Cc: Muneendra <muneendra.kumar@broadcom.com>
> Signed-off-by: Ming Lei <ming.lei@redhat.com>
> ---
>   kernel/cgroup/cgroup.c | 5 ++++-
>   1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
> index e4bb5d57f4d1..5f2090d051ac 100644
> --- a/kernel/cgroup/cgroup.c
> +++ b/kernel/cgroup/cgroup.c
> @@ -6049,6 +6049,9 @@ struct cgroup *cgroup_get_from_id(u64 id)
>   	if (!kn)
>   		goto out;
>   
> +	if (kernfs_type(kn) != KERNFS_DIR)
> +		goto put;
> +
>   	rcu_read_lock();
>   
>   	cgrp = rcu_dereference(*(void __rcu __force **)&kn->priv);
> @@ -6056,7 +6059,7 @@ struct cgroup *cgroup_get_from_id(u64 id)
>   		cgrp = NULL;
>   
>   	rcu_read_unlock();
> -
> +put:
>   	kernfs_put(kn);
>   out:
>   	return cgrp;

Good catch.

Acked-by: Mukesh Ojha <quic_mojha@quicinc.com>

-Mukesh