[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <84f3e74b-42ae-4cee-aace-c1e77372b940@huaweicloud.com>
Date: Tue, 6 May 2025 09:36:28 +0800
From: Chen Ridong <chenridong@...weicloud.com>
To: Michal Koutný <mkoutny@...e.com>
Cc: tj@...nel.org, hannes@...xchg.org, longman@...hat.com,
roman.gushchin@...ux.dev, cgroups@...r.kernel.org,
linux-kernel@...r.kernel.org, bpf@...r.kernel.org, chenridong@...wei.com,
wangweiyang2@...wei.com
Subject: Re: [PATCH v1] cgroup/cpuset: remove kernfs active break
On 2025/5/1 2:33, Michal Koutný wrote:
> On Fri, Jan 03, 2025 at 10:22:33AM +0800, Chen Ridong <chenridong@...weicloud.com> wrote:
>> I think the commit 76bb5ab8f6e3 ("cpuset: break kernfs active protection
>> in cpuset_write_resmask()") is causing the warning I observed.
>
>
> I was considering
> bdb2fd7fc56e1 ("kernfs: Skip kernfs_drain_open_files() more aggressively")
> in conjunction (the warning didn't exist back then).
>
Thank you, Michal, I added two fixes:
Fixes: bdb2fd7fc56e ("kernfs: Skip kernfs_drain_open_files() more
aggressively")
Fixes: 76bb5ab8f6e3 ("cpuset: break kernfs active protection in
cpuset_write_resmask()")
The patch "kernfs: Relax constraint in draining guard" makes sense to me.
Thanks,
Ridong
>
>> writing to 'cpuset_write_resmask' cannot avoid concurrent removal of
>> the cgroup directory. Therefore, this could cause the warning.
>>
>>> As I read kernfs_break_active_protection() comment, I don't see cpuset
>>> code violating its conditions:
>>> a) it's broken/unbroken from withing a kernfs file operation handler,
>>> b) it pins the needed struct cpuset independently of kernfs_node (it's
>>> ok to be removed)
>>>
>> I am not sure if it is safe to call
>> kernfs_unbreak_active_protection(atomic_inc(&kn->active)); after the
>> 'kn' has been removed.
>
> Thit'd render the break/unbreak mechanism useless if unbreak cannot be
> safely used. Users of unbreak know that they may get an inactive
> reference. IOW in this part of the race:
>
> kernfs_unbreak_active_protection
> // active = 0x80000002
> ...
> kernfs_should_drain_open_files
> WARN_ON_ONCE(atomic_read(&kn->active) != KN_DEACTIVATED_BIAS);
> kernfs_put_active
>
> the WARN_ON_ONCE seems misplaced if there are expected users of
> inactivated reference.
>
> For your concern about atomic_inc(&kn->active)); after the 'kn' has been
> removed -- that's a different reference tracking (kn->count) and that
> should be enshured by generic VFS due to existence of inode that pins
> inode->i_private form kerfs_init_node().
>
> All in all, the patch makes sense as a code cleanup (the deadlock is
> gone already) but it doesn't tackle any reference underflow (I'm
> bringing this up again because of CVE-2025-21634).
>
> If anything, the warning in kernfs_should_drain_open_files() should be
> reviewed.
>
> WDYT?
>
> Michal
Powered by blists - more mailing lists