cgroup: reject cgroup names with ' ' commit 71b1fb5c4473a5b1e601d41b109bdfe001ec82e0 upstream. /proc/<pid>/cgroup contains one cgroup path on each line. If cgroup names are allowed to contain "\n", applications cannot parse /proc/<pid>/cgroup safely. Signed-off-by: Alban Crequy <alban.crequy@collabora.co.uk> Signed-off-by: Tejun Heo <tj@kernel.org> [lizf: Backported to 3.4: - adjust context - s/name/dentry->d_name.name/] Signed-off-by: Zefan Li <lizefan@huawei.com>

commit: 74238f8395a71c24683a20e28d683d8ff545f5de [log] [tgz]
author: Alban Crequy <alban.crequy@collabora.co.uk> Mon Aug 18 12:20:20 2014 +0100
committer: chrmhoffmann <chrmhoffmann@gmail.com> Sun Apr 05 10:20:41 2020 +0200
tree: 1e71dbfb446e487711b8cba2e250fc9709d737d0
parent: c33fb8a5029e86a633b3946d0be4497549f2692d [diff]
diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index 24e15ba..b89ff1c 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c

@@ -3877,6 +3877,11 @@
 {
 	struct cgroup *c_parent = dentry->d_parent->d_fsdata;
 
+	/* Do not accept '\n' to prevent making /proc/<pid>/cgroup unparsable.
+	 */
+	if (strchr(dentry->d_name.name, '\n'))
+		return -EINVAL;
+
 	/* the vfs holds inode->i_mutex already */
 	return cgroup_create(c_parent, dentry, mode | S_IFDIR);
 }
commit	74238f8395a71c24683a20e28d683d8ff545f5de	[log] [tgz]
author	Alban Crequy <alban.crequy@collabora.co.uk>	Mon Aug 18 12:20:20 2014 +0100
committer	chrmhoffmann <chrmhoffmann@gmail.com>	Sun Apr 05 10:20:41 2020 +0200
tree	1e71dbfb446e487711b8cba2e250fc9709d737d0
parent	c33fb8a5029e86a633b3946d0be4497549f2692d [diff]