The commit is pushed to "branch-rh10-6.12.0-55.13.1.2.x.vz10-ovz" and will
appear at [email protected]:openvz/vzkernel.git
after rh10-6.12.0-55.13.1.2.22.vz10
------>
commit b748e407fc43ef97103415cb653adc09d5a44c28
Author: Pavel Tikhomirov <[email protected]>
Date: Tue Dec 2 18:17:46 2025 +0800
ve_namespace: Fix races when linking namespace to cgroup
First, we have to protect the use of task->cgroups with rcu_read_lock(),
let's also use correct access helper - task_css().
Second, disallow new namespace creation for processes without ve cgroup,
as in cgroup-v2, the task might legally have no ve controller enabled,
in its cgroup.
Fixes: 8a771a3d6bea ("ve: Introduce VE namespace")
https://virtuozzo.atlassian.net/browse/VSTOR-118289
Signed-off-by: Pavel Tikhomirov <[email protected]>
Feature: ve: ve generic structures
---
kernel/ve/ve_namespace.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/kernel/ve/ve_namespace.c b/kernel/ve/ve_namespace.c
index 6dae8487735f9..a8dcc63b023af 100644
--- a/kernel/ve/ve_namespace.c
+++ b/kernel/ve/ve_namespace.c
@@ -54,9 +54,18 @@ static struct ve_namespace *clone_ve_ns(struct
user_namespace *user_ns,
* VE namespace links to current ve cgroup
* FIXME it should be a 1:1 link
*/
- ns->ve = get_ve(css_to_ve(current->cgroups->subsys[ve_cgrp_id]));
+ scoped_guard(rcu) {
+ ns->ve = get_ve(css_to_ve(task_css(current, ve_cgrp_id)));
+ }
+ if (!ns->ve) {
+ err = -EINVAL;
+ goto err_free_inum;
+ }
return ns;
+err_free_inum:
+ put_user_ns(ns->user_ns);
+ ns_free_inum(&ns->ns);
err_free_ns:
kfree(ns);
err_dec_ucount:
_______________________________________________
Devel mailing list
[email protected]
https://lists.openvz.org/mailman/listinfo/devel
