From nobody Sun Feb 8 12:14:59 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2652CC001B0 for ; Sat, 1 Jul 2023 06:56:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231867AbjGAG4V (ORCPT ); Sat, 1 Jul 2023 02:56:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46872 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229695AbjGAGza (ORCPT ); Sat, 1 Jul 2023 02:55:30 -0400 Received: from szxga01-in.huawei.com (szxga01-in.huawei.com [45.249.212.187]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 11539423B; Fri, 30 Jun 2023 23:50:27 -0700 (PDT) Received: from canpemm500002.china.huawei.com (unknown [172.30.72.53]) by szxga01-in.huawei.com (SkyGuard) with ESMTP id 4QtN966WN7zqSKb; Sat, 1 Jul 2023 14:50:02 +0800 (CST) Received: from huawei.com (10.174.151.185) by canpemm500002.china.huawei.com (7.192.104.244) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Sat, 1 Jul 2023 14:50:23 +0800 From: Miaohe Lin To: , , , CC: , , Subject: [PATCH] cgroup/cpuset: update parent subparts cpumask while holding css refcnt Date: Sat, 1 Jul 2023 14:50:49 +0800 Message-ID: <20230701065049.1758266-1-linmiaohe@huawei.com> X-Mailer: git-send-email 2.33.0 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Originating-IP: [10.174.151.185] X-ClientProxiedBy: dggems705-chm.china.huawei.com (10.3.19.182) To canpemm500002.china.huawei.com (7.192.104.244) X-CFilter-Loop: Reflected Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" update_parent_subparts_cpumask() is called outside RCU read-side critical section without holding extra css refcnt of cp. In theroy, cp could be freed at any time. Holding extra css refcnt to ensure cp is valid while updating parent subparts cpumask. Fixes: d7c8142d5a55 ("cgroup/cpuset: Make partition invalid if cpumask chan= ge violates exclusivity rule") Signed-off-by: Miaohe Lin Reviewed-by: Waiman Long --- kernel/cgroup/cpuset.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kernel/cgroup/cpuset.c b/kernel/cgroup/cpuset.c index 58e6f18f01c1..632a9986d5de 100644 --- a/kernel/cgroup/cpuset.c +++ b/kernel/cgroup/cpuset.c @@ -1806,9 +1806,12 @@ static int update_cpumask(struct cpuset *cs, struct = cpuset *trialcs, cpuset_for_each_child(cp, css, parent) if (is_partition_valid(cp) && cpumask_intersects(trialcs->cpus_allowed, cp->cpus_allowed)) { + if (!css_tryget_online(&cp->css)) + continue; rcu_read_unlock(); update_parent_subparts_cpumask(cp, partcmd_invalidate, NULL, &tmp); rcu_read_lock(); + css_put(&cp->css); } rcu_read_unlock(); retval =3D 0; --=20 2.33.0