From 2953a9273ea610a18f489b7edb8eafd8e5a38732 Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@google.com>
Date: Tue, 14 Nov 2023 07:33:00 -0800
Subject: [PATCH] libprocessgroup: Reject JoinCgroup actions for v2 controllers

A JoinCgroup action for a v2 cgroup controller migrates a process or task
from the uid_%d/pid_%d cgroup into another cgroup, e.g. the root cgroup.
This may make services unkillable because Service::Stop() only stops a
service if the uid_%d/pid_%d cgroup still exists when Service::Stop() is
called.

Bug: 309674654
Change-Id: I20b797afdf596125ff5a6ed41cb33fe59b84ac88
Signed-off-by: Bart Van Assche <bvanassche@google.com>
---
 libprocessgroup/task_profiles.cpp | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/libprocessgroup/task_profiles.cpp b/libprocessgroup/task_profiles.cpp
index fe3c37565..d5bd47cb2 100644
--- a/libprocessgroup/task_profiles.cpp
+++ b/libprocessgroup/task_profiles.cpp
@@ -868,7 +868,13 @@ bool TaskProfiles::Load(const CgroupMap& cg_map, const std::string& file_name) {
 
                 auto controller = cg_map.FindController(controller_name);
                 if (controller.HasValue()) {
-                    profile->Add(std::make_unique<SetCgroupAction>(controller, path));
+                    if (controller.version() == 1) {
+                        profile->Add(std::make_unique<SetCgroupAction>(controller, path));
+                    } else {
+                        LOG(WARNING) << "A JoinCgroup action in the " << profile_name
+                                     << " profile is used for controller " << controller_name
+                                     << " in the cgroup v2 hierarchy and will be ignored";
+                    }
                 } else {
                     LOG(WARNING) << "JoinCgroup: controller " << controller_name << " is not found";
                 }