| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ed4962d3-d54c-4b05-bfd1-dd71d6ae169e@redhat.com>
Date: Mon, 15 Sep 2025 14:43:51 -0400
From: Waiman Long <llong@...hat.com>
To: Chen Ridong <chenridong@...weicloud.com>, tj@...nel.org,
hannes@...xchg.org, mkoutny@...e.com
Cc: cgroups@...r.kernel.org, linux-kernel@...r.kernel.org,
lujialin4@...wei.com, chenridong@...wei.com
Subject: Re: [PATCH -next RFC -v2 01/11] cpuset: move the root cpuset write
check earlier
On 9/8/25 11:32 PM, Chen Ridong wrote:
> From: Chen Ridong <chenridong@...wei.com>
>
> The 'cpus' or 'mems' lists of the top_cpuset cannot be modified.
> This check can be moved before acquiring any locks as a common code
> block to improve efficiency and maintainability.
>
> Signed-off-by: Chen Ridong <chenridong@...wei.com>
> ---
> kernel/cgroup/cpuset.c | 17 ++++-------------
> 1 file changed, 4 insertions(+), 13 deletions(-)
>
> diff --git a/kernel/cgroup/cpuset.c b/kernel/cgroup/cpuset.c
> index c0c281a8860d..7e1bc1e1bde1 100644
> --- a/kernel/cgroup/cpuset.c
> +++ b/kernel/cgroup/cpuset.c
> @@ -2337,10 +2337,6 @@ static int update_cpumask(struct cpuset *cs, struct cpuset *trialcs,
> bool force = false;
> int old_prs = cs->partition_root_state;
>
> - /* top_cpuset.cpus_allowed tracks cpu_active_mask; it's read-only */
> - if (cs == &top_cpuset)
> - return -EACCES;
> -
> /*
> * An empty cpus_allowed is ok only if the cpuset has no tasks.
> * Since cpulist_parse() fails on an empty mask, we special case
> @@ -2786,15 +2782,6 @@ static int update_nodemask(struct cpuset *cs, struct cpuset *trialcs,
> {
> int retval;
>
> - /*
> - * top_cpuset.mems_allowed tracks node_stats[N_MEMORY];
> - * it's read-only
> - */
> - if (cs == &top_cpuset) {
> - retval = -EACCES;
> - goto done;
> - }
> -
> /*
> * An empty mems_allowed is ok iff there are no tasks in the cpuset.
> * Since nodelist_parse() fails on an empty mask, we special case
> @@ -3260,6 +3247,10 @@ ssize_t cpuset_write_resmask(struct kernfs_open_file *of,
> struct cpuset *trialcs;
> int retval = -ENODEV;
>
> + /* root is read-only */
> + if (cs == &top_cpuset)
> + return -EACCES;
> +
> buf = strstrip(buf);
> cpuset_full_lock();
> if (!is_cpuset_online(cs))
Reviewed-by: Waiman Long <longman@...hat.com>
> 3. The 'cpuset.cpus' of one cpuset must not form a subset of another
> cpuset's 'cpuset.cpus.exclusive'.
>
> Signed-off-by: Chen Ridong <chenridong@...wei.com>
> ---
> kernel/cgroup/cpuset.c | 74 +++++++++++++++++++++++++-----------------
> 1 file changed, 44 insertions(+), 30 deletions(-)
>
> diff --git a/kernel/cgroup/cpuset.c b/kernel/cgroup/cpuset.c
> index 55674a5ad2f9..389dfd5be6c8 100644
> --- a/kernel/cgroup/cpuset.c
> +++ b/kernel/cgroup/cpuset.c
> @@ -582,6 +582,47 @@ static inline bool cpusets_are_exclusive(struct cpuset *cs1, struct cpuset *cs2)
> return true;
> }
>
> +/**
> + * cpus_excl_conflict - Check if two cpusets have exclusive CPU conflicts
> + * @cs1: first cpuset to check
> + * @cs2: second cpuset to check
> + *
> + * Returns: true if CPU exclusivity conflict exists, false otherwise
> + *
> + * Conflict detection rules:
> + * 1. If either cpuset is CPU exclusive, they must be mutually exclusive
> + * 2. exclusive_cpus masks cannot intersect between cpusets
> + * 3. The allowed CPUs of one cpuset cannot be a subset of another's exclusive CPUs
> + */
> +static inline bool cpus_excl_conflict(struct cpuset *cs1, struct cpuset *cs2)
> +{
> + /* If either cpuset is exclusive, check if they are mutually exclusive */
> + if (is_cpu_exclusive(cs1) || is_cpu_exclusive(cs2))
> + return !cpusets_are_exclusive(cs1, cs2);
> +
> + /* Exclusive_cpus cannot intersect */
> + if (cpumask_intersects(cs1->exclusive_cpus, cs2->exclusive_cpus))
> + return true;
> +
> + /* The cpus_allowed of one cpuset cannot be a subset of another cpuset's exclusive_cpus */
> + if (!cpumask_empty(cs1->cpus_allowed) &&
> + cpumask_subset(cs1->cpus_allowed, cs2->exclusive_cpus))
> + return true;
> +
> + if (!cpumask_empty(cs2->cpus_allowed) &&
> + cpumask_subset(cs2->cpus_allowed, cs1->exclusive_cpus))
> + return true;
> +
> + return false;
> +}
> +
> +static inline bool mems_excl_conflict(struct cpuset *cs1, struct cpuset *cs2)
> +{
> + if ((is_mem_exclusive(cs1) || is_mem_exclusive(cs2)))
> + return nodes_intersects(cs1->mems_allowed, cs2->mems_allowed);
> + return false;
> +}
> +
> /*
> * validate_change() - Used to validate that any proposed cpuset change
> * follows the structural rules for cpusets.
> @@ -663,38 +704,11 @@ static int validate_change(struct cpuset *cur, struct cpuset *trial)
> */
> ret = -EINVAL;
> cpuset_for_each_child(c, css, par) {
> - bool txset, cxset; /* Are exclusive_cpus set? */
> -
> if (c == cur)
> continue;
> -
> - txset = !cpumask_empty(trial->exclusive_cpus);
> - cxset = !cpumask_empty(c->exclusive_cpus);
> - if (is_cpu_exclusive(trial) || is_cpu_exclusive(c) ||
> - (txset && cxset)) {
> - if (!cpusets_are_exclusive(trial, c))
> - goto out;
> - } else if (txset || cxset) {
> - struct cpumask *xcpus, *acpus;
> -
> - /*
> - * When just one of the exclusive_cpus's is set,
> - * cpus_allowed of the other cpuset, if set, cannot be
> - * a subset of it or none of those CPUs will be
> - * available if these exclusive CPUs are activated.
> - */
> - if (txset) {
> - xcpus = trial->exclusive_cpus;
> - acpus = c->cpus_allowed;
> - } else {
> - xcpus = c->exclusive_cpus;
> - acpus = trial->cpus_allowed;
> - }
> - if (!cpumask_empty(acpus) && cpumask_subset(acpus, xcpus))
> - goto out;
> - }
> - if ((is_mem_exclusive(trial) || is_mem_exclusive(c)) &&
> - nodes_intersects(trial->mems_allowed, c->mems_allowed))
> + if (cpus_excl_conflict(trial, c))
> + goto out;
> + if (mems_excl_conflict(trial, c))
> goto out;
> }
>
Powered by blists - more mailing lists