lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20251117043516.1019183-1-sunshaojie@kylinos.cn>
Date: Mon, 17 Nov 2025 12:35:16 +0800
From: Sun Shaojie <sunshaojie@...inos.cn>
To: chenridong@...weicloud.com
Cc: cgroups@...r.kernel.org,
	hannes@...xchg.org,
	linux-kernel@...r.kernel.org,
	longman@...hat.com,
	mkoutny@...e.com,
	tj@...nel.org
Subject: Re: [PATCH -next] cpuset: treate root invalid trialcs as exclusive

On 2025/11/15 09:31, Chen Ridong wrote:
>A test scenario revealed inconsistent results based on operation order:
>Scenario 1:
>	#cd /sys/fs/cgroup/
>	#mkdir A1
>	#mkdir B1
>	#echo 1-2 > B1/cpuset.cpus
>	#echo 0-1 > A1/cpuset.cpus
>	#echo root > A1/cpuset.cpus.partition
>	#cat A1/cpuset.cpus.partition
>	root invalid (Cpu list in cpuset.cpus not exclusive)
>
>Scenario 2:
>	#cd /sys/fs/cgroup/
>	#mkdir A1
>	#mkdir B1
>	#echo 1-2 > B1/cpuset.cpus
>	#echo root > A1/cpuset.cpus.partition
>	#echo 0-1 > A1/cpuset.cpus
>	#cat A1/cpuset.cpus.partition
>	root
>
>The second scenario produces an unexpected result: A1 should be marked
>as invalid but is incorrectly recognized as valid. This occurs because
>when validate_change is invoked, A1 (in root-invalid state) may
>automatically transition to a valid partition, with non-exclusive state
>checks against siblings, leading to incorrect validation.
>
>To fix this inconsistency, treat trialcs in root-invalid state as exclusive
>during validation and set the corresponding exclusive flags, ensuring
>consistent behavior regardless of operation order.
>
>Signed-off-by: Chen Ridong <chenridong@...wei.com>
>---
> kernel/cgroup/cpuset.c | 19 ++++++++++++++-----
> 1 file changed, 14 insertions(+), 5 deletions(-)
>
>diff --git a/kernel/cgroup/cpuset.c b/kernel/cgroup/cpuset.c
>index daf813386260..a189f356b5f1 100644
>--- a/kernel/cgroup/cpuset.c
>+++ b/kernel/cgroup/cpuset.c
>@@ -2526,6 +2526,18 @@ static void partition_cpus_change(struct cpuset *cs, struct cpuset *trialcs,
> 	}
> }
> 
>+static int init_trialcs(struct cpuset *cs, struct cpuset *trialcs)
>+{
>+	trialcs->prs_err = PERR_NONE;
>+	/*
>+	 * If partition_root_state != 0, it may automatically change to a partition,
>+	 * Therefore, we should treat trialcs as exclusive during validation
>+	 */
>+	if (trialcs->partition_root_state)
>+		set_bit(CS_CPU_EXCLUSIVE, &trialcs->flags);
>+	return compute_trialcs_excpus(trialcs, cs);
>+}
>+
> /**
>  * update_cpumask - update the cpus_allowed mask of a cpuset and all tasks in it
>  * @cs: the cpuset to consider
>@@ -2551,9 +2563,7 @@ static int update_cpumask(struct cpuset *cs, struct cpuset *trialcs,
> 	if (alloc_tmpmasks(&tmp))
> 		return -ENOMEM;
> 
>-	compute_trialcs_excpus(trialcs, cs);
>-	trialcs->prs_err = PERR_NONE;
>-
>+	init_trialcs(cs, trialcs);
> 	retval = cpus_allowed_validate_change(cs, trialcs, &tmp);
> 	if (retval < 0)
> 		goto out_free;
>@@ -2612,7 +2622,7 @@ static int update_exclusive_cpumask(struct cpuset *cs, struct cpuset *trialcs,
> 	 * Reject the change if there is exclusive CPUs conflict with
> 	 * the siblings.
> 	 */
>-	if (compute_trialcs_excpus(trialcs, cs))
>+	if (init_trialcs(cs, trialcs))
> 		return -EINVAL;
> 
> 	/*
>@@ -2628,7 +2638,6 @@ static int update_exclusive_cpumask(struct cpuset *cs, struct cpuset *trialcs,
> 	if (alloc_tmpmasks(&tmp))
> 		return -ENOMEM;
> 
>-	trialcs->prs_err = PERR_NONE;
> 	partition_cpus_change(cs, trialcs, &tmp);
> 
> 	spin_lock_irq(&callback_lock);

Hi, Ridong,

Maybe, this patch does not apply to the following cases:
 Step
 #1> echo "root" > A1/cpuset.cpus.partition
 #1> echo "0-1" > B1/cpuset.cpus
 #2> echo "1-2" > A1/cpuset.cpus.exclusive  -> return error
 It should return success here.

Please consider the following modification.

diff --git a/kernel/cgroup/cpuset.c b/kernel/cgroup/cpuset.c
index 52468d2c178a..b4085438368c 100644
--- a/kernel/cgroup/cpuset.c
+++ b/kernel/cgroup/cpuset.c
@@ -609,6 +609,9 @@ static inline bool cpus_excl_conflict(struct cpuset *cs1, struct cpuset *cs2)
 	    cpumask_subset(cs2->cpus_allowed, cs1->exclusive_cpus))
 		return true;
 
+	if (cpumask_empty(cs1->exclusive_cpus))
+		return cpumask_intersects(cs1->cpus_allowed, cs2->cpus_allowed);
+
 	return false;
 }
 
Thanks,
Sun Shaojie

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ