The commit is pushed to "branch-rh10-6.12.0-55.13.1.2.x.vz10-ovz" and will
appear at [email protected]:openvz/vzkernel.git
after rh10-6.12.0-55.13.1.2.22.vz10
------>
commit 7117d493a68c3a5d279f7ac1a46bb6b729d6b5ae
Author: Pavel Tikhomirov <[email protected]>
Date: Tue Dec 2 18:17:46 2025 +0800
ve_namespace: Fix races when linking namespace to cgroup
First, we have to protect the use of task->cgroups with rcu_read_lock(),
let's also use correct access helper - task_css().
Second, disallow new namespace creation for processes without ve cgroup,
as in cgroup-v2, the task might legally have no ve controller enabled,
in its cgroup.
Fixes: 8a771a3d6bea ("ve: Introduce VE namespace")
https://virtuozzo.atlassian.net/browse/VSTOR-118289
Signed-off-by: Pavel Tikhomirov <[email protected]>
Feature: ve: ve generic structures
---
kernel/ve/ve_namespace.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/kernel/ve/ve_namespace.c b/kernel/ve/ve_namespace.c
index 6dae8487735f9..d3985d52e0e5b 100644
--- a/kernel/ve/ve_namespace.c
+++ b/kernel/ve/ve_namespace.c
@@ -54,9 +54,17 @@ static struct ve_namespace *clone_ve_ns(struct
user_namespace *user_ns,
* VE namespace links to current ve cgroup
* FIXME it should be a 1:1 link
*/
- ns->ve = get_ve(css_to_ve(current->cgroups->subsys[ve_cgrp_id]));
+ scoped_guard(rcu)
+ ns->ve = get_ve(css_to_ve(task_css(current, ve_cgrp_id)));
+ if (!ns->ve) {
+ err = -EINVAL;
+ goto err_free_inum;
+ }
return ns;
+err_free_inum:
+ put_user_ns(ns->user_ns);
+ ns_free_inum(&ns->ns);
err_free_ns:
kfree(ns);
err_dec_ucount:
_______________________________________________
Devel mailing list
[email protected]
https://lists.openvz.org/mailman/listinfo/devel
