cgroup: cgroup_get_from_id() must check the looked-up kn is a directory

cgroup has to be one kernfs dir, otherwise kernel panic is caused,
especially cgroup id is provide from userspace.

Reported-by: Marco Patalano <[email protected]>
Fixes: 6b658c4 ("scsi: cgroup: Add cgroup_get_from_id()")
Cc: Muneendra <[email protected]>
Signed-off-by: Ming Lei <[email protected]>
Acked-by: Mukesh Ojha <[email protected]>
Cc: [email protected] # v5.14+
Signed-off-by: Tejun Heo <[email protected]>

kernel/cgroup/cgroup.c

@@ -6049,14 +6049,17 @@ struct cgroup *cgroup_get_from_id(u64 id)
 	if (!kn)
 		goto out;
 
+	if (kernfs_type(kn) != KERNFS_DIR)
+		goto put;
+
 	rcu_read_lock();
 
 	cgrp = rcu_dereference(*(void __rcu __force **)&kn->priv);
 	if (cgrp && !cgroup_tryget(cgrp))
 		cgrp = NULL;
 
 	rcu_read_unlock();
-
+put:
 	kernfs_put(kn);
 out:
 	return cgrp;