Offering: HULK hulk inclusion category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBP72X CVE: CVE-2022-49647 ---------------------------------------------------------------------- The threaded_csets_node is used as mg_dst_preload_node after commit a8fc543c86fc ("cgroup: fix kabi for css_set") It means that, cgroup.type will never be supported. To prevent the illegal option, disable the cgroup.type. Fixes: 8b2cb8df18cb ("cgroup: fix kabi for css_set") Signed-off-by: Chen Ridong <chenridong@huawei.com> --- kernel/cgroup/cgroup.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c index 338e17f70569..98661f968789 100644 --- a/kernel/cgroup/cgroup.c +++ b/kernel/cgroup/cgroup.c @@ -3390,6 +3390,12 @@ static ssize_t cgroup_type_write(struct kernfs_open_file *of, char *buf, if (strcmp(strstrip(buf), "threaded")) return -EINVAL; + /* This is forbidden in 4.18/4.19 */ + pr_warn_once("cgroup.type is forbidden to be set to threaded, " + "which is only used in cgroup v2, but cgroup v2 is " + "not supported this OS version.\n"); + return -EPERM; + /* drain dying csses before we re-apply (threaded) subtree control */ cgrp = cgroup_kn_lock_live(of->kn, true); if (!cgrp) -- 2.34.1