From e4d57366e955a3cd95fe4227f967464c81fca993 Mon Sep 17 00:00:00 2001 From: Alexander Mikhalitsyn Date: Wed, 27 Mar 2024 14:47:55 +0100 Subject: [PATCH] cgroup_utils: explicitly check for cgroup2 FDs in cgroup_walkup_to_root See: https://github.com/lxc/lxcfs/pull/617#discussion_r1533524372 Suggested-by: Christian Brauner (Microsoft) Signed-off-by: Alexander Mikhalitsyn --- src/cgroups/cgroup_utils.c | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/src/cgroups/cgroup_utils.c b/src/cgroups/cgroup_utils.c index 83e4cbf7..672354d5 100644 --- a/src/cgroups/cgroup_utils.c +++ b/src/cgroups/cgroup_utils.c @@ -80,6 +80,21 @@ bool is_cgroup_fd(int fd) return false; } +bool is_cgroup2_fd(int fd) +{ + int ret; + struct statfs fs; + + ret = fstatfs(fd, &fs); + if (ret) + return false; + + if (is_fs_type(&fs, CGROUP2_SUPER_MAGIC)) + return true; + + return false; +} + void *must_realloc(void *orig, size_t sz) { void *ret; @@ -766,11 +781,14 @@ int cgroup_walkup_to_root(int cgroup2_root_fd, int hierarchy_fd, return 0; } + if (!is_cgroup2_fd(dir_fd)) + return -EINVAL; + /* * Legacy cgroup hierarchies should always show a valid value in the * file of the cgroup. So no need to do this upwards walking crap. */ - if (cgroup2_root_fd < 0) + if (cgroup2_root_fd < 0 || !is_cgroup2_fd(cgroup2_root_fd)) return -EINVAL; else if (same_file(cgroup2_root_fd, dir_fd)) return 1; @@ -791,6 +809,9 @@ int cgroup_walkup_to_root(int cgroup2_root_fd, int hierarchy_fd, if (dir_fd < 0) return -errno; + if (!is_cgroup2_fd(dir_fd)) + return log_error_errno(-ELOOP, ELOOP, "Found non-cgroup2 directory during cgroup2 tree walkup. Terminating walk"); + /* * We're at the root of the cgroup2 tree so stop walking * upwards.