[Devel] [PATCH VZ10 2/4] ve_namespace: Fix races when linking namespace to cgroup

Pavel Tikhomirov Tue, 02 Dec 2025 02:23:57 -0800

First, we have to protect the use of task->cgroups with rcu_read_lock(),
let's also use correct access helper - task_css().


Second, disallow new namespace creation for processes without ve cgroup,
as in cgroup-v2, the task might legally have no ve controller enabled,
in its cgroup.

Fixes: 8a771a3d6bea ("ve: Introduce VE namespace")
https://virtuozzo.atlassian.net/browse/VSTOR-118289
Signed-off-by: Pavel Tikhomirov <[email protected]>

Feature: ve: ve generic structures
---
 kernel/ve/ve_namespace.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/kernel/ve/ve_namespace.c b/kernel/ve/ve_namespace.c
index 6dae8487735f..d3985d52e0e5 100644
--- a/kernel/ve/ve_namespace.c
+++ b/kernel/ve/ve_namespace.c
@@ -54,9 +54,17 @@ static struct ve_namespace *clone_ve_ns(struct 
user_namespace *user_ns,
         * VE namespace links to current ve cgroup
         * FIXME it should be a 1:1 link
         */
-       ns->ve = get_ve(css_to_ve(current->cgroups->subsys[ve_cgrp_id]));
+       scoped_guard(rcu)
+               ns->ve = get_ve(css_to_ve(task_css(current, ve_cgrp_id)));
+       if (!ns->ve) {
+               err = -EINVAL;
+               goto err_free_inum;
+       }
 
        return ns;
+err_free_inum:
+       put_user_ns(ns->user_ns);
+       ns_free_inum(&ns->ns);
 err_free_ns:
        kfree(ns);
 err_dec_ucount:
-- 
2.51.1

_______________________________________________
Devel mailing list
[email protected]
https://lists.openvz.org/mailman/listinfo/devel

[Devel] [PATCH VZ10 2/4] ve_namespace: Fix races when linking namespace to cgroup

Reply via email to