Fixes for 5.4

Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/queue-5.4/cgroup-fix-potential-overflow-issue-when-checking-ma.patch b/queue-5.4/cgroup-fix-potential-overflow-issue-when-checking-ma.patch
new file mode 100644 (file)
index 0000000..eac3f13
--- /dev/null
+++ b/queue-5.4/cgroup-fix-potential-overflow-issue-when-checking-ma.patch
@@ -0,0 +1,59 @@
+From 88da2d06242f6999930e55a755e843cae1c76ecc Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 12 Oct 2024 07:22:46 +0000
+Subject: cgroup: Fix potential overflow issue when checking max_depth
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Xiu Jianfeng <xiujianfeng@huawei.com>
+
+[ Upstream commit 3cc4e13bb1617f6a13e5e6882465984148743cf4 ]
+
+cgroup.max.depth is the maximum allowed descent depth below the current
+cgroup. If the actual descent depth is equal or larger, an attempt to
+create a new child cgroup will fail. However due to the cgroup->max_depth
+is of int type and having the default value INT_MAX, the condition
+'level > cgroup->max_depth' will never be satisfied, and it will cause
+an overflow of the level after it reaches to INT_MAX.
+
+Fix it by starting the level from 0 and using '>=' instead.
+
+It's worth mentioning that this issue is unlikely to occur in reality,
+as it's impossible to have a depth of INT_MAX hierarchy, but should be
+be avoided logically.
+
+Fixes: 1a926e0bbab8 ("cgroup: implement hierarchy limits")
+Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com>
+Reviewed-by: Michal Koutný <mkoutny@suse.com>
+Signed-off-by: Tejun Heo <tj@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ kernel/cgroup/cgroup.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
+index 16ae868941211..79e57b6df7316 100644
+--- a/kernel/cgroup/cgroup.c
++++ b/kernel/cgroup/cgroup.c
+@@ -5502,7 +5502,7 @@ static bool cgroup_check_hierarchy_limits(struct cgroup *parent)
+ {
+       struct cgroup *cgroup;
+       int ret = false;
+-      int level = 1;
++      int level = 0;
+ 
+       lockdep_assert_held(&cgroup_mutex);
+ 
+@@ -5510,7 +5510,7 @@ static bool cgroup_check_hierarchy_limits(struct cgroup *parent)
+               if (cgroup->nr_descendants >= cgroup->max_descendants)
+                       goto fail;
+ 
+-              if (level > cgroup->max_depth)
++              if (level >= cgroup->max_depth)
+                       goto fail;
+ 
+               level++;
+-- 
+2.43.0
+

diff --git a/queue-5.4/series b/queue-5.4/series
index 22cb57f3ef2104025e51322c9386c0fe686ede00..0509ac6235a56fb6dfb8023832d986357022a308 100644 (file)
--- a/queue-5.4/series
+++ b/queue-5.4/series
@@ -423,3 +423,4 @@ hv_netvsc-fix-vf-namespace-also-in-synthetic-nic-netdev_register-event.patch
 selinux-improve-error-checking-in-sel_write_load.patch
 arm64-uprobes-change-the-uprobe_opcode_t-typedef-to-fix-the-sparse-warning.patch
 xfrm-validate-new-sa-s-prefixlen-using-sa-family-whe.patch
+cgroup-fix-potential-overflow-issue-when-checking-ma.patch