--- /dev/null
+From f169007b2773f285e098cb84c74aac0154d65ff7 Mon Sep 17 00:00:00 2001
+From: Li Zefan <lizefan@huawei.com>
+Date: Mon, 18 Feb 2013 14:13:35 +0800
+Subject: cgroup: fail if monitored file and event_control are in different cgroup
+
+From: Li Zefan <lizefan@huawei.com>
+
+commit f169007b2773f285e098cb84c74aac0154d65ff7 upstream.
+
+If we pass fd of memory.usage_in_bytes of cgroup A to cgroup.event_control
+of cgroup B, then we won't get memory usage notification from A but B!
+
+What's worse, if A and B are in different mount hierarchy, we'll end up
+accessing NULL pointer!
+
+Disallow this kind of invalid usage.
+
+Signed-off-by: Li Zefan <lizefan@huawei.com>
+Acked-by: Kirill A. Shutemov <kirill@shutemov.name>
+Signed-off-by: Tejun Heo <tj@kernel.org>
+Cc: Weng Meiling <wengmeiling.weng@huawei.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/cgroup.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+--- a/kernel/cgroup.c
++++ b/kernel/cgroup.c
+@@ -3476,6 +3476,7 @@ static int cgroup_write_event_control(st
+ const char *buffer)
+ {
+ struct cgroup_event *event = NULL;
++ struct cgroup *cgrp_cfile;
+ unsigned int efd, cfd;
+ struct file *efile = NULL;
+ struct file *cfile = NULL;
+@@ -3531,6 +3532,16 @@ static int cgroup_write_event_control(st
+ goto fail;
+ }
+
++ /*
++ * The file to be monitored must be in the same cgroup as
++ * cgroup.event_control is.
++ */
++ cgrp_cfile = __d_cgrp(cfile->f_dentry->d_parent);
++ if (cgrp_cfile != cgrp) {
++ ret = -EINVAL;
++ goto fail;
++ }
++
+ if (!event->cft->register_event || !event->cft->unregister_event) {
+ ret = -EINVAL;
+ goto fail;
projects / thirdparty / kernel / stable-queue.git / commitdiff
