From 767f5ccd772e406f493e85edcb3503e4ef8d1ca7 Mon Sep 17 00:00:00 2001
From: Alban Crequy <alban.crequy@collabora.co.uk>
Date: Mon, 18 Aug 2014 12:20:20 +0100
Subject: [PATCH] cgroup: reject cgroup names with '\n'

commit 71b1fb5c4473a5b1e601d41b109bdfe001ec82e0 upstream.

/proc/<pid>/cgroup contains one cgroup path on each line. If cgroup names are
allowed to contain "\n", applications cannot parse /proc/<pid>/cgroup safely.

Signed-off-by: Alban Crequy <alban.crequy@collabora.co.uk>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 kernel/cgroup.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index 3bb40d98a892e..c89e9a9049f44 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -4393,6 +4393,11 @@ static int cgroup_mkdir(struct kernfs_node *parent_kn, const char *name,
 	struct kernfs_node *kn;
 	int ssid, ret;
 
+	/* Do not accept '\n' to prevent making /proc/<pid>/cgroup unparsable.
+	 */
+	if (strchr(name, '\n'))
+		return -EINVAL;
+
 	parent = cgroup_kn_lock_live(parent_kn);
 	if (!parent)
 		return -ENODEV;
-- 
2.47.3