From: Mike Yuan Date: Thu, 26 Feb 2026 10:06:00 +0000 (+0100) Subject: core/cgroup: avoid one unnecessary strjoina() X-Git-Tag: archive/raspbian/252.39-1_deb12u2+rpi1^2~5 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=0742056a718291e96c96babf04df848a97833804;p=systemd.git core/cgroup: avoid one unnecessary strjoina() (cherry picked from commit 42aee39107fbdd7db1ccd402a2151822b2805e9f) (cherry picked from commit 80acea4ef80a4bb78560ed970c34952299b890d6) (cherry picked from commit b5fd14693057e5f2c9b4a49603be64ec3608ff6c) Origin: backport, https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412 Gbp-Pq: Name CVE-2026-29111-3.patch --- diff --git a/src/core/cgroup.c b/src/core/cgroup.c index 89087a27..515debcf 100644 --- a/src/core/cgroup.c +++ b/src/core/cgroup.c @@ -2268,12 +2268,13 @@ static int unit_update_cgroup( return 0; } -static int unit_attach_pid_to_cgroup_via_bus(Unit *u, pid_t pid, const char *suffix_path) { +static int unit_attach_pid_to_cgroup_via_bus(Unit *u, const char *cgroup_path, pid_t pid) { _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; - char *pp; int r; assert(u); + assert(cgroup_path); + assert(pid_is_valid(pid)); if (MANAGER_IS_SYSTEM(u->manager)) return -EINVAL; @@ -2281,17 +2282,13 @@ static int unit_attach_pid_to_cgroup_via_bus(Unit *u, pid_t pid, const char *suf if (!u->manager->system_bus) return -EIO; - if (!u->cgroup_path) - return -EINVAL; - /* Determine this unit's cgroup path relative to our cgroup root */ - pp = path_startswith(u->cgroup_path, u->manager->cgroup_root); + const char *pp = path_startswith_full(cgroup_path, + u->manager->cgroup_root, + PATH_STARTSWITH_RETURN_LEADING_SLASH|PATH_STARTSWITH_REFUSE_DOT_DOT); if (!pp) return -EINVAL; - pp = strjoina("/", pp, suffix_path); - path_simplify(pp); - r = bus_call_method(u->manager->system_bus, bus_systemd_mgr, "AttachProcessesToUnit", @@ -2330,8 +2327,10 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) { return r; if (isempty(suffix_path)) - p = u->cgroup_path; + p = empty_to_root(u->cgroup_path); else { + assert(path_is_absolute(suffix_path)); + joined = path_join(u->cgroup_path, suffix_path); if (!joined) return -ENOMEM; @@ -2352,7 +2351,7 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) { log_unit_full_errno(u, again ? LOG_DEBUG : LOG_INFO, r, "Couldn't move process "PID_FMT" to%s requested cgroup '%s': %m", - pid, again ? " directly" : "", empty_to_root(p)); + pid, again ? " directly" : "", p); if (again) { int z; @@ -2362,9 +2361,9 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) { * Since it's more privileged it might be able to move the process across the * leaves of a subtree whose top node is not owned by us. */ - z = unit_attach_pid_to_cgroup_via_bus(u, pid, suffix_path); + z = unit_attach_pid_to_cgroup_via_bus(u, p, pid); if (z < 0) - log_unit_info_errno(u, z, "Couldn't move process "PID_FMT" to requested cgroup '%s' (directly or via the system bus): %m", pid, empty_to_root(p)); + log_unit_info_errno(u, z, "Couldn't move process "PID_FMT" to requested cgroup '%s' (directly or via the system bus): %m", pid, p); else { if (ret >= 0) ret++; /* Count successful additions */ @@ -2408,7 +2407,7 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) { continue; /* Success! */ log_unit_debug_errno(u, r, "Failed to attach PID " PID_FMT " to requested cgroup %s in controller %s, falling back to unit's cgroup: %m", - pid, empty_to_root(p), cgroup_controller_to_string(c)); + pid, p, cgroup_controller_to_string(c)); } /* So this controller is either not delegate or realized, or something else weird happened. In