cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug

maillist inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4TR86 CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup.git/commit/?id=05c7b7a92cc87ff8d7fde189d0fade250697573c -------------------------------- As previously discussed(https://lkml.org/lkml/2022/1/20/51), cpuset_attach() is affected with similar cpu hotplug race, as follow scenario: cpuset_attach() cpu hotplug --------------------------- ---------------------- down_write(cpuset_rwsem) guarantee_online_cpus() // (load cpus_attach) sched_cpu_deactivate set_cpu_active() // will change cpu_active_mask set_cpus_allowed_ptr(cpus_attach) __set_cpus_allowed_ptr_locked() // (if the intersection of cpus_attach and cpu_active_mask is empty, will return -EINVAL) up_write(cpuset_rwsem) To avoid races such as described above, protect cpuset_attach() call with cpu_hotplug_lock. Fixes: be367d09 ("cgroups: let ss->can_attach and ss->attach do whole threadgroups at a time") Cc: stable@vger.kernel.org # v2.6.32+ Reported-by: N Zhao Gongyi <zhaogongyi@huawei.com> Signed-off-by: N Zhang Qiao <zhangqiao22@huawei.com> Acked-by: N Waiman Long <longman@redhat.com> Reviewed-by: N Michal Koutný <mkoutny@suse.com> Signed-off-by: N Tejun Heo <tj@kernel.org> Reviewed-by: N Chen Hui <judy.chenhui@huawei.com> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com>

cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug
maillist inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4TR86 CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup.git/commit/?id=05c7b7a92cc87ff8d7fde189d0fade250697573c -------------------------------- As previously discussed(https://lkml.org/lkml/2022/1/20/51), cpuset_attach() is affected with similar cpu hotplug race, as follow scenario: cpuset_attach() cpu hotplug --------------------------- ---------------------- down_write(cpuset_rwsem) guarantee_online_cpus() // (load cpus_attach) sched_cpu_deactivate set_cpu_active() // will change cpu_active_mask set_cpus_allowed_ptr(cpus_attach) __set_cpus_allowed_ptr_locked() // (if the intersection of cpus_attach and cpu_active_mask is empty, will return -EINVAL) up_write(cpuset_rwsem) To avoid races such as described above, protect cpuset_attach() call with cpu_hotplug_lock. Fixes: be367d09 ("cgroups: let ss->can_attach and ss->attach do whole threadgroups at a time") Cc: stable@vger.kernel.org # v2.6.32+ Reported-by: N Zhao Gongyi <zhaogongyi@huawei.com> Signed-off-by: N Zhang Qiao <zhangqiao22@huawei.com> Acked-by: N Waiman Long <longman@redhat.com> Reviewed-by: N Michal Koutný <mkoutny@suse.com> Signed-off-by: N Tejun Heo <tj@kernel.org> Reviewed-by: N Chen Hui <judy.chenhui@huawei.com> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com>
f90dfed3 · Zhang Qiao · Zheng Zengkai · 7ec2ec68 · f90dfed3
显示空白变更内容
内联并排

Showing with 2 addition and 0 deletion

kernel/cgroup/cpuset.c kernel/cgroup/cpuset.c +2 -0

未找到文件。
--- a/kernel/cgroup/cpuset.c
+++ b/kernel/cgroup/cpuset.c
@@ -2211,6 +2211,7 @@ static void cpuset_attach(struct cgroup_taskset *tset)
 	cgroup_taskset_first(tset, &css);
 	cs = css_cs(css);
+	cpus_read_lock();
 	percpu_down_write(&cpuset_rwsem);
 	/* prepare for attach */
@@ -2266,6 +2267,7 @@ static void cpuset_attach(struct cgroup_taskset *tset)
 		wake_up(&cpuset_attach_wq);
 	percpu_up_write(&cpuset_rwsem);
+	cpus_read_unlock();
 }
 /* The various types of files and directories in a cpuset file system */