From: Sasha Levin Date: Fri, 1 Nov 2024 03:01:31 +0000 (-0400) Subject: Fixes for 5.4 X-Git-Tag: v4.19.323~127 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e39c6dd2761bc9a1e87abf5e8334cbb2799bacc6;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 5.4 Signed-off-by: Sasha Levin --- diff --git a/queue-5.4/cgroup-fix-potential-overflow-issue-when-checking-ma.patch b/queue-5.4/cgroup-fix-potential-overflow-issue-when-checking-ma.patch new file mode 100644 index 00000000000..eac3f133c84 --- /dev/null +++ b/queue-5.4/cgroup-fix-potential-overflow-issue-when-checking-ma.patch @@ -0,0 +1,59 @@ +From 88da2d06242f6999930e55a755e843cae1c76ecc Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 12 Oct 2024 07:22:46 +0000 +Subject: cgroup: Fix potential overflow issue when checking max_depth +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Xiu Jianfeng + +[ Upstream commit 3cc4e13bb1617f6a13e5e6882465984148743cf4 ] + +cgroup.max.depth is the maximum allowed descent depth below the current +cgroup. If the actual descent depth is equal or larger, an attempt to +create a new child cgroup will fail. However due to the cgroup->max_depth +is of int type and having the default value INT_MAX, the condition +'level > cgroup->max_depth' will never be satisfied, and it will cause +an overflow of the level after it reaches to INT_MAX. + +Fix it by starting the level from 0 and using '>=' instead. + +It's worth mentioning that this issue is unlikely to occur in reality, +as it's impossible to have a depth of INT_MAX hierarchy, but should be +be avoided logically. + +Fixes: 1a926e0bbab8 ("cgroup: implement hierarchy limits") +Signed-off-by: Xiu Jianfeng +Reviewed-by: Michal Koutný +Signed-off-by: Tejun Heo +Signed-off-by: Sasha Levin +--- + kernel/cgroup/cgroup.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c +index 16ae868941211..79e57b6df7316 100644 +--- a/kernel/cgroup/cgroup.c ++++ b/kernel/cgroup/cgroup.c +@@ -5502,7 +5502,7 @@ static bool cgroup_check_hierarchy_limits(struct cgroup *parent) + { + struct cgroup *cgroup; + int ret = false; +- int level = 1; ++ int level = 0; + + lockdep_assert_held(&cgroup_mutex); + +@@ -5510,7 +5510,7 @@ static bool cgroup_check_hierarchy_limits(struct cgroup *parent) + if (cgroup->nr_descendants >= cgroup->max_descendants) + goto fail; + +- if (level > cgroup->max_depth) ++ if (level >= cgroup->max_depth) + goto fail; + + level++; +-- +2.43.0 + diff --git a/queue-5.4/series b/queue-5.4/series index 22cb57f3ef2..0509ac6235a 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -423,3 +423,4 @@ hv_netvsc-fix-vf-namespace-also-in-synthetic-nic-netdev_register-event.patch selinux-improve-error-checking-in-sel_write_load.patch arm64-uprobes-change-the-uprobe_opcode_t-typedef-to-fix-the-sparse-warning.patch xfrm-validate-new-sa-s-prefixlen-using-sa-family-whe.patch +cgroup-fix-potential-overflow-issue-when-checking-ma.patch