cgroup dentry insufficiently initialized prior to calling d_instantiate.

Casey Schaufler casey at schaufler-ca.com
Fri May 10 22:02:36 UTC 2013


In kernel/cgroup.c in cgroup_add_file() we have:


        dentry = lookup_one_len(name, dir, strlen(name));
        if (IS_ERR(dentry)) {
                error = PTR_ERR(dentry);
                goto out;
        }

        mode = cgroup_file_mode(cft);
        error = cgroup_create_file(dentry, mode | S_IFREG, cgrp->root->sb);
        if (!error) {
                cfe->type = (void *)cft;
                cfe->dentry = dentry;
                dentry->d_fsdata = cfe;
                simple_xattrs_init(&cfe->xattrs);
                list_add_tail(&cfe->node, &parent->files);
                cfe = NULL;
        }
        dput(dentry);

cgroup_create_file() calls d_instantiate, which may
decide to look at the xattrs on the file. Smack always
does this and SELinux can be configured to do so, although
no one seems to be using that option. Since the dentry
has not been initialized panics in __d_xattr ensue. See
bugzilla 57791.



More information about the Containers mailing list