From: Mike Yuan <me@yhndnzj.com>
Date: Thu, 26 Feb 2026 10:06:00 +0000 (+0100)
Subject: core/cgroup: avoid one unnecessary strjoina()
X-Git-Tag: archive/raspbian/247.3-7+rpi1+deb11u8^2~5
X-Git-Url: https://dgit.raspbian.org/%22http:/www.example.com/%22mailto:kde%40ewsoftware.de//%22style.css/%22/%22http:/www.example.com/%22mailto:kde%40ewsoftware.de/%22style.css/%22?a=commitdiff_plain;h=e7fbc8f48bbbbc8f70b9b9b30cbfb296dde86e39;p=systemd.git

core/cgroup: avoid one unnecessary strjoina()

(cherry picked from commit 42aee39107fbdd7db1ccd402a2151822b2805e9f)
(cherry picked from commit 80acea4ef80a4bb78560ed970c34952299b890d6)
(cherry picked from commit b5fd14693057e5f2c9b4a49603be64ec3608ff6c)

Origin: backport, https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412

Gbp-Pq: Name CVE-2026-29111-3.patch
---

diff --git a/src/core/cgroup.c b/src/core/cgroup.c
index 7dc6c20b..946962cc 100644
--- a/src/core/cgroup.c
+++ b/src/core/cgroup.c
@@ -1930,12 +1930,13 @@ static int unit_update_cgroup(
         return 0;
 }
 
-static int unit_attach_pid_to_cgroup_via_bus(Unit *u, pid_t pid, const char *suffix_path) {
+static int unit_attach_pid_to_cgroup_via_bus(Unit *u, const char *cgroup_path, pid_t pid) {
         _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        char *pp;
         int r;
 
         assert(u);
+        assert(cgroup_path);
+        assert(pid_is_valid(pid));
 
         if (MANAGER_IS_SYSTEM(u->manager))
                 return -EINVAL;
@@ -1943,17 +1944,13 @@ static int unit_attach_pid_to_cgroup_via_bus(Unit *u, pid_t pid, const char *suf
         if (!u->manager->system_bus)
                 return -EIO;
 
-        if (!u->cgroup_path)
-                return -EINVAL;
-
         /* Determine this unit's cgroup path relative to our cgroup root */
-        pp = path_startswith(u->cgroup_path, u->manager->cgroup_root);
+        const char *pp = path_startswith_full(cgroup_path,
+                                              u->manager->cgroup_root,
+                                              PATH_STARTSWITH_RETURN_LEADING_SLASH|PATH_STARTSWITH_REFUSE_DOT_DOT);
         if (!pp)
                 return -EINVAL;
 
-        pp = strjoina("/", pp, suffix_path);
-        path_simplify(pp, false);
-
         r = sd_bus_call_method(u->manager->system_bus,
                                "org.freedesktop.systemd1",
                                "/org/freedesktop/systemd1",
@@ -1993,9 +1990,12 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) {
                 return r;
 
         if (isempty(suffix_path))
-                p = u->cgroup_path;
-        else
+                p = empty_to_root(u->cgroup_path);
+        else {
+                assert(path_is_absolute(suffix_path));
+
                 p = prefix_roota(u->cgroup_path, suffix_path);
+        }
 
         delegated_mask = unit_get_delegate_mask(u);
 
@@ -2017,7 +2017,7 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) {
                                  * privileged it might be able to move the process across the leaves of a subtree who's
                                  * top node is not owned by us. */
 
-                                z = unit_attach_pid_to_cgroup_via_bus(u, pid, suffix_path);
+                                z = unit_attach_pid_to_cgroup_via_bus(u, p, pid);
                                 if (z < 0)
                                         log_unit_debug_errno(u, z, "Couldn't move process " PID_FMT " to requested cgroup '%s' via the system bus either: %m", pid, p);
                                 else