Add validation to check that controllers are enabled in cgroup_ss_mask before attempting to hide or show them. This prevents silent no-op operations and returns -ENOENT error, consistent with the validation logic in cgroup_subtree_control_write().
https://virtuozzo.atlassian.net/browse/VSTOR-119803 Signed-off-by: Konstantin Khorenko <[email protected]> --- kernel/cgroup/cgroup.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c index f99f1672bde8c..5ab96088eee31 100644 --- a/kernel/cgroup/cgroup.c +++ b/kernel/cgroup/cgroup.c @@ -4003,11 +4003,21 @@ static ssize_t cgroup_controllers_hidden_write(struct kernfs_open_file *of, hide &= ~(1 << ssid); continue; } + /* Validate that controller is enabled in this cgroup */ + if (!(cgroup_ss_mask(cgrp) & (1 << ssid))) { + ret = -ENOENT; + goto out_unlock; + } } else if (show & (1 << ssid)) { if (!(cgrp->hidden_ss_mask & (1 << ssid))) { show &= ~(1 << ssid); continue; } + /* Validate that controller is enabled in this cgroup */ + if (!(cgroup_ss_mask(cgrp) & (1 << ssid))) { + ret = -ENOENT; + goto out_unlock; + } } } -- 2.43.0 _______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
