lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 30 Aug 2017 18:23:50 +0530 From: Neeraj Upadhyay <neeraju@...eaurora.org> To: tj@...nel.org, lizefan@...wei.com, mingo@...nel.org, longman@...hat.com, akpm@...ux-foundation.org Cc: linux-kernel@...r.kernel.org, sramana@...eaurora.org, prsood@...eaurora.org, Neeraj Upadhyay <neeraju@...eaurora.org> Subject: [PATCH] cgroup: Fix potential race between cgroup_exit and cpuset_attach There is a potential race between cgroup_exit() and the taskset migration path. This race happens when all tasks associated with the cg_list entries in mg_tasks, detach themselves before the tasks can be attached to the destination cpuset in cpuset_attach(). Below is the sequence where race is observed: cpuset_hotplug_workfn() cgroup_transfer_tasks() cgroup_migrate() cgroup_migrate_execute() <TASK EXIT> list_del_init(&task->cg_list) cpuset_attach() cgroup_taskset_first(tset, &css) // css is not set guarantee_online_mems(cs, ...) // data abort Fix this by adding a checking to verify that css is set from cgroup_taskset_first(), before proceeding. Signed-off-by: Neeraj Upadhyay <neeraju@...eaurora.org> --- Hi, We observed this issue for cgroup code corresponding to stable v4.4.85 snapshot 3144d81 ("cgroup, kthread: close race window where new kthreads can be migrated to non-root cgroups"). Can you please tell us, if there are any patches in latest code, which fixes these issue? kernel/cgroup/cpuset.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/kernel/cgroup/cpuset.c b/kernel/cgroup/cpuset.c index 87a1213..7e245f26 100644 --- a/kernel/cgroup/cpuset.c +++ b/kernel/cgroup/cpuset.c @@ -1510,11 +1510,17 @@ static void cpuset_attach(struct cgroup_taskset *tset) static nodemask_t cpuset_attach_nodemask_to; struct task_struct *task; struct task_struct *leader; - struct cgroup_subsys_state *css; + struct cgroup_subsys_state *css = NULL; struct cpuset *cs; struct cpuset *oldcs = cpuset_attach_old_cs; cgroup_taskset_first(tset, &css); + /* If all mg_tasks detached (from cgroup_exit()) + * before we started scanning the mg_tasks in + * cgroup_taskset_next(). + */ + if (css == NULL) + return; cs = css_cs(css); mutex_lock(&cpuset_mutex); -- QUALCOMM INDIA, on behalf of Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum, hosted by The Linux Foundation
Powered by blists - more mailing lists