* [PATCH] cgroup1: don't allow '\n' in renaming
@ 2021-06-09 7:17 Alexander Kuznetsov
[not found] ` <1623223039-35764-1-git-send-email-wwfq-XoJtRXgx1JseBXzfvpsJ4g@public.gmane.org>
0 siblings, 1 reply; 2+ messages in thread
From: Alexander Kuznetsov @ 2021-06-09 7:17 UTC (permalink / raw)
To: cgroups-u79uwXL29TY76Z2rM5mHXA
Cc: zeil-XoJtRXgx1JseBXzfvpsJ4g, dmtrmonakhov-XoJtRXgx1JseBXzfvpsJ4g
cgroup_mkdir() have restriction on newline usage in names:
$ mkdir $'/sys/fs/cgroup/cpu/test\ntest2'
mkdir: cannot create directory
'/sys/fs/cgroup/cpu/test\ntest2': Invalid argument
But in cgroup1_rename() such check is missed.
This allows us to make /proc/<pid>/cgroup unparsable:
$ mkdir /sys/fs/cgroup/cpu/test
$ mv /sys/fs/cgroup/cpu/test $'/sys/fs/cgroup/cpu/test\ntest2'
$ echo $$ > $'/sys/fs/cgroup/cpu/test\ntest2'
$ cat /proc/self/cgroup
11:pids:/
10:freezer:/
9:hugetlb:/
8:cpuset:/
7:blkio:/user.slice
6:memory:/user.slice
5:net_cls,net_prio:/
4:perf_event:/
3:devices:/user.slice
2:cpu,cpuacct:/test
test2
1:name=systemd:/
0::/
Signed-off-by: Alexander Kuznetsov <wwfq-XoJtRXgx1JseBXzfvpsJ4g@public.gmane.org>
Reported-by: Andrey Krasichkov <buglloc-XoJtRXgx1JseBXzfvpsJ4g@public.gmane.org>
Acked-by: Dmitry Yakunin <zeil-XoJtRXgx1JseBXzfvpsJ4g@public.gmane.org>
---
kernel/cgroup/cgroup-v1.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/kernel/cgroup/cgroup-v1.c b/kernel/cgroup/cgroup-v1.c
index 391aa57..cf2a3e8 100644
--- a/kernel/cgroup/cgroup-v1.c
+++ b/kernel/cgroup/cgroup-v1.c
@@ -820,6 +820,10 @@ static int cgroup1_rename(struct kernfs_node *kn, struct kernfs_node *new_parent
struct cgroup *cgrp = kn->priv;
int ret;
+ /* do not accept '\n' to prevent making /proc/<pid>/cgroup unparsable */
+ if (strchr(new_name_str, '\n'))
+ return -EINVAL;
+
if (kernfs_type(kn) != KERNFS_DIR)
return -ENOTDIR;
if (kn->parent != new_parent)
--
2.7.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] cgroup1: don't allow '\n' in renaming
[not found] ` <1623223039-35764-1-git-send-email-wwfq-XoJtRXgx1JseBXzfvpsJ4g@public.gmane.org>
@ 2021-06-10 14:03 ` Tejun Heo
0 siblings, 0 replies; 2+ messages in thread
From: Tejun Heo @ 2021-06-10 14:03 UTC (permalink / raw)
To: Alexander Kuznetsov
Cc: cgroups-u79uwXL29TY76Z2rM5mHXA, zeil-XoJtRXgx1JseBXzfvpsJ4g,
dmtrmonakhov-XoJtRXgx1JseBXzfvpsJ4g
On Wed, Jun 09, 2021 at 10:17:19AM +0300, Alexander Kuznetsov wrote:
> cgroup_mkdir() have restriction on newline usage in names:
> $ mkdir $'/sys/fs/cgroup/cpu/test\ntest2'
> mkdir: cannot create directory
> '/sys/fs/cgroup/cpu/test\ntest2': Invalid argument
>
> But in cgroup1_rename() such check is missed.
> This allows us to make /proc/<pid>/cgroup unparsable:
> $ mkdir /sys/fs/cgroup/cpu/test
> $ mv /sys/fs/cgroup/cpu/test $'/sys/fs/cgroup/cpu/test\ntest2'
> $ echo $$ > $'/sys/fs/cgroup/cpu/test\ntest2'
> $ cat /proc/self/cgroup
> 11:pids:/
> 10:freezer:/
> 9:hugetlb:/
> 8:cpuset:/
> 7:blkio:/user.slice
> 6:memory:/user.slice
> 5:net_cls,net_prio:/
> 4:perf_event:/
> 3:devices:/user.slice
> 2:cpu,cpuacct:/test
> test2
> 1:name=systemd:/
> 0::/
>
> Signed-off-by: Alexander Kuznetsov <wwfq-XoJtRXgx1JseBXzfvpsJ4g@public.gmane.org>
> Reported-by: Andrey Krasichkov <buglloc-XoJtRXgx1JseBXzfvpsJ4g@public.gmane.org>
> Acked-by: Dmitry Yakunin <zeil-XoJtRXgx1JseBXzfvpsJ4g@public.gmane.org>
Applied to cgroup/for-5.13-fixes
Thanks.
--
tejun
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-06-10 14:03 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-06-09 7:17 [PATCH] cgroup1: don't allow '\n' in renaming Alexander Kuznetsov
[not found] ` <1623223039-35764-1-git-send-email-wwfq-XoJtRXgx1JseBXzfvpsJ4g@public.gmane.org>
2021-06-10 14:03 ` Tejun Heo
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).