[PATCH openEuler-1.0-LTS 2/7] cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv

17 Jan 2022

From: Tejun Heo tj@kernel.org
mainline inclusion
from mainline-v5.16-9
commit 0d2b5955b36250a9428c832664f2079cbf723bec
category: bugfix
bugzilla: NA
CVE: CVE-2021-4197
-------------------------------------------------------------------------
of->priv is currently used by each interface file implementation to store
private information. This patch collects the current two private data usages
into struct cgroup_file_ctx which is allocated and freed by the common path.
This allows generic private data which applies to multiple files, which will
be used to in the following patch.
Note that cgroup_procs iterator is now embedded as procs.iter in the new
cgroup_file_ctx so that it doesn't need to be allocated and freed
separately.
v2: union dropped from cgroup_file_ctx and the procs iterator is embedded in
    cgroup_file_ctx as suggested by Linus.
v3: Michal pointed out that cgroup1's procs pidlist uses of->priv too.
    Converted. Didn't change to embedded allocation as cgroup1 pidlists get
    stored for caching.
Signed-off-by: Tejun Heo tj@kernel.org
Cc: Linus Torvalds torvalds@linux-foundation.org
Reviewed-by: Michal Koutný mkoutny@suse.com
Conflicts:
    kernel/cgroup/cgroup-internal.h
    kernel/cgroup/cgroup.c
Signed-off-by: Lu Jialin lujialin4@huawei.com
Reviewed-by: weiyang wang wangweiyang2@huawei.com
Signed-off-by: Yang Yingliang yangyingliang@huawei.com
---
 kernel/cgroup/cgroup-internal.h | 13 ++++++++++
 kernel/cgroup/cgroup-v1.c       | 26 ++++++++++----------
 kernel/cgroup/cgroup.c          | 42 ++++++++++++++++++++-------------
 3 files changed, 53 insertions(+), 28 deletions(-)

diff --git a/kernel/cgroup/cgroup-internal.h b/kernel/cgroup/cgroup-internal.h
index 6f02be18e1d5b..88bc8352ae9f3 100644
--- a/kernel/cgroup/cgroup-internal.h
+++ b/kernel/cgroup/cgroup-internal.h
@@ -34,6 +34,19 @@ extern char trace_cgroup_path[TRACE_CGROUP_PATH_LEN];
    	}							\
    } while (0)
+struct cgroup_pidlist;
+
+struct cgroup_file_ctx {
+	struct {
+		bool			started;
+		struct css_task_iter	iter;
+	} procs;
+
+	struct {
+		struct cgroup_pidlist	*pidlist;
+	} procs1;
+};
+
 /*
  * A cgroup can be associated with multiple css_sets as different tasks may
  * belong to different cgroups on different hierarchies.  In the other
diff --git a/kernel/cgroup/cgroup-v1.c b/kernel/cgroup/cgroup-v1.c
index 7a3ea4d6b54cf..f833fe71fa5f6 100644
--- a/kernel/cgroup/cgroup-v1.c
+++ b/kernel/cgroup/cgroup-v1.c
@@ -426,6 +426,7 @@ static void *cgroup_pidlist_start(struct seq_file *s, loff_t *pos)
     * next pid to display, if any
     */
    struct kernfs_open_file *of = s->private;
+	struct cgroup_file_ctx *ctx = of->priv;
    struct cgroup *cgrp = seq_css(s)->cgroup;
    struct cgroup_pidlist *l;
    enum cgroup_filetype type = seq_cft(s)->private;
@@ -435,25 +436,24 @@ static void *cgroup_pidlist_start(struct seq_file *s, loff_t *pos)
    mutex_lock(&cgrp->pidlist_mutex);
/*
-	 * !NULL @of->priv indicates that this isn't the first start()
-	 * after open.  If the matching pidlist is around, we can use that.
-	 * Look for it.  Note that @of->priv can't be used directly.  It
-	 * could already have been destroyed.
+	 * !NULL @ctx->procs1.pidlist indicates that this isn't the first
+	 * start() after open. If the matching pidlist is around, we can use
+	 * that. Look for it. Note that @ctx->procs1.pidlist can't be used
+	 * directly. It could already have been destroyed.
     */
-	if (of->priv)
-		of->priv = cgroup_pidlist_find(cgrp, type);
+	if (ctx->procs1.pidlist)
+		ctx->procs1.pidlist = cgroup_pidlist_find(cgrp, type);
/*
     * Either this is the first start() after open or the matching
     * pidlist has been destroyed inbetween.  Create a new one.
     */
-	if (!of->priv) {
-		ret = pidlist_array_load(cgrp, type,
-					 (struct cgroup_pidlist **)&of->priv);
+	if (!ctx->procs1.pidlist) {
+		ret = pidlist_array_load(cgrp, type, &ctx->procs1.pidlist);
    	if (ret)
    		return ERR_PTR(ret);
    }
-	l = of->priv;
+	l = ctx->procs1.pidlist;
if (pid) {
    	int end = l->length;
@@ -481,7 +481,8 @@ static void *cgroup_pidlist_start(struct seq_file *s, loff_t *pos)
 static void cgroup_pidlist_stop(struct seq_file *s, void *v)
 {
    struct kernfs_open_file *of = s->private;
-	struct cgroup_pidlist *l = of->priv;
+	struct cgroup_file_ctx *ctx = of->priv;
+	struct cgroup_pidlist *l = ctx->procs1.pidlist;
if (l)
    	mod_delayed_work(cgroup_pidlist_destroy_wq, &l->destroy_dwork,
@@ -492,7 +493,8 @@ static void cgroup_pidlist_stop(struct seq_file *s, void *v)
 static void *cgroup_pidlist_next(struct seq_file *s, void *v, loff_t *pos)
 {
    struct kernfs_open_file *of = s->private;
-	struct cgroup_pidlist *l = of->priv;
+	struct cgroup_file_ctx *ctx = of->priv;
+	struct cgroup_pidlist *l = ctx->procs1.pidlist;
    pid_t *p = v;
    pid_t *end = l->list + l->length;
    /*
diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index 49e8bf7ee9c73..e6c77e3df1041 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -3454,18 +3454,31 @@ static int cpu_stat_show(struct seq_file *seq, void *v)
 static int cgroup_file_open(struct kernfs_open_file *of)
 {
    struct cftype *cft = of->kn->priv;
+	struct cgroup_file_ctx *ctx;
+	int ret;
-	if (cft->open)
-		return cft->open(of);
-	return 0;
+	ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
+	if (!ctx)
+		return -ENOMEM;
+	of->priv = ctx;
+
+	if (!cft->open)
+		return 0;
+
+	ret = cft->open(of);
+	if (ret)
+		kfree(ctx);
+	return ret;
 }
static void cgroup_file_release(struct kernfs_open_file *of)
 {
    struct cftype *cft = of->kn->priv;
+	struct cgroup_file_ctx *ctx = of->priv;
if (cft->release)
    	cft->release(of);
+	kfree(ctx);
 }
static ssize_t cgroup_file_write(struct kernfs_open_file *of, char *buf,
@@ -4379,21 +4392,21 @@ void css_task_iter_end(struct css_task_iter *it)
static void cgroup_procs_release(struct kernfs_open_file *of)
 {
-	if (of->priv) {
-		css_task_iter_end(of->priv);
-		kfree(of->priv);
-	}
+	struct cgroup_file_ctx *ctx = of->priv;
+
+	if (ctx->procs.started)
+		css_task_iter_end(&ctx->procs.iter);
 }
static void *cgroup_procs_next(struct seq_file *s, void *v, loff_t *pos)
 {
    struct kernfs_open_file *of = s->private;
-	struct css_task_iter *it = of->priv;
+	struct cgroup_file_ctx *ctx = of->priv;
if (pos)
    	(*pos)++;
-	return css_task_iter_next(it);
+	return css_task_iter_next(&ctx->procs.iter);
 }
static void *__cgroup_procs_start(struct seq_file *s, loff_t *pos,
@@ -4401,21 +4414,18 @@ static void *__cgroup_procs_start(struct seq_file *s, loff_t *pos,
 {
    struct kernfs_open_file *of = s->private;
    struct cgroup *cgrp = seq_css(s)->cgroup;
-	struct css_task_iter *it = of->priv;
+	struct cgroup_file_ctx *ctx = of->priv;
+	struct css_task_iter *it = &ctx->procs.iter;
/*
     * When a seq_file is seeked, it's always traversed sequentially
     * from position 0, so we can simply keep iterating on !0 *pos.
     */
-	if (!it) {
+	if (!ctx->procs.started) {
    	if (WARN_ON_ONCE((*pos)))
    		return ERR_PTR(-EINVAL);
-
-		it = kzalloc(sizeof(*it), GFP_KERNEL);
-		if (!it)
-			return ERR_PTR(-ENOMEM);
-		of->priv = it;
    	css_task_iter_start(&cgrp->self, iter_flags, it);
+		ctx->procs.started = true;
    } else if (!(*pos)) {
    	css_task_iter_end(it);
    	css_task_iter_start(&cgrp->self, iter_flags, it);
-- 
2.25.1

    

2024

2023

2022

2021

2020

2019

[PATCH openEuler-1.0-LTS 2/7] cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv