From: Sasha Levin <sashal@kernel.org>
To: Greg Thelen <gthelen@google.com>
Cc: Chen Ridong <chenridong@huawei.com>, Tejun Heo <tj@kernel.org>,
Shivani Agarwal <shivani.agarwal@broadcom.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org
Subject: Re: 5.10.225 stable kernel cgroup_mutex not held assertion failure
Date: Mon, 23 Sep 2024 04:50:40 -0400 [thread overview]
Message-ID: <ZvEr4IGyZ2x9FRU1@sashalap> (raw)
In-Reply-To: <xr93ikus2nd1.fsf@gthelen-cloudtop.c.googlers.com>
On Wed, Sep 18, 2024 at 11:01:30PM -0700, Greg Thelen wrote:
>Linux stable v5.10.226 suffers a lockdep warning when accessing
>/proc/PID/cpuset. cset_cgroup_from_root() is called without cgroup_mutex
>is held, which causes assertion failure.
>
>Bisect blames 5.10.225 commit 688325078a8b ("cgroup/cpuset: Prevent UAF
>in proc_cpuset_show()"). I've have not easily reproduced the problem
>that this change fixes, so I'm not sure if it's best to revert the fix
>or adapt it to meet the 5.10 locking expectations.
>
>The lockdep complaint:
>
>$ cat /proc/1/cpuset
>$ dmesg
>[ 198.744891] ------------[ cut here ]------------
>[ 198.744918] WARNING: CPU: 4 PID: 9301 at
>kernel/cgroup/cgroup.c:1395 cset_cgroup_from_root+0xb2/0xd0
>[ 198.744957] RIP: 0010:cset_cgroup_from_root+0xb2/0xd0
>[ 198.744960] Code: 02 00 00 74 11 48 8b 09 48 39 cb 75 eb eb 19 49
>83 c6 10 4c 89 f0 48 85 c0 74 0d 5b 41 5e c3 48 8b 43 60 48 85 c0 75
>f3 0f 0b <0f> 0b 83 3d 69 01 ee 01 00 0f 85 78 ff ff ff eb 8b 0f 0b eb
>87 66
>[ 198.744962] RSP: 0018:ffffb492608a7ce8 EFLAGS: 00010046
>[ 198.744977] RAX: 0000000000000000 RBX: ffffffff8f4171b8 RCX:
>cc949de848c33e00
>[ 198.744979] RDX: 0000000000001000 RSI: ffffffff8f415450 RDI:
>ffff92e5417c4dc0
>[ 198.744981] RBP: ffff9303467e3f00 R08: 0000000000000008 R09:
>ffffffff9122d568
>[ 198.744983] R10: ffff92e5417c4380 R11: 0000000000000000 R12:
>ffff92e3d9506000
>[ 198.744984] R13: 0000000000000000 R14: ffff92e443a96000 R15:
>ffff92e3d9506000
>[ 198.744987] FS: 00007f15d94ed740(0000) GS:ffff9302bf500000(0000)
>knlGS:0000000000000000
>[ 198.744988] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>[ 198.744990] CR2: 00007f15d94ca000 CR3: 00000002816ca003 CR4:
>00000000001706e0
>[ 198.744992] Call Trace:
>[ 198.744996] ? __warn+0xcd/0x1c0
>[ 198.745000] ? cset_cgroup_from_root+0xb2/0xd0
>[ 198.745008] ? report_bug+0x87/0xf0
>[ 198.745015] ? handle_bug+0x42/0x80
>[ 198.745017] ? exc_invalid_op+0x16/0x70
>[ 198.745021] ? asm_exc_invalid_op+0x12/0x20
>[ 198.745030] ? cset_cgroup_from_root+0xb2/0xd0
>[ 198.745034] ? cset_cgroup_from_root+0x28/0xd0
>[ 198.745038] cgroup_path_ns_locked+0x23/0x50
>[ 198.745044] proc_cpuset_show+0x115/0x210
>[ 198.745049] proc_single_show+0x4a/0xa0
>[ 198.745056] seq_read_iter+0x14d/0x400
>[ 198.745063] seq_read+0x103/0x130
>[ 198.745074] vfs_read+0xea/0x320
>[ 198.745078] ? do_user_addr_fault+0x25b/0x390
>[ 198.745085] ? do_user_addr_fault+0x25b/0x390
>[ 198.745090] ksys_read+0x70/0xe0
>[ 198.745096] do_syscall_64+0x2d/0x40
>[ 198.745099] entry_SYSCALL_64_after_hwframe+0x61/0xcb
I'll queue up d23b5c577715 ("cgroup: Make operations on the cgroup
root_list RCU safe") onto 5.15/5.10. Thanks for reporting!
--
Thanks,
Sasha
next prev parent reply other threads:[~2024-09-23 8:50 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-19 6:01 5.10.225 stable kernel cgroup_mutex not held assertion failure Greg Thelen
2024-09-19 8:47 ` Fedor Pchelkin
2024-09-19 8:51 ` [PATCH 5.10/5.15 1/2] cgroup: Make operations on the cgroup root_list RCU safe Fedor Pchelkin
2024-09-19 8:51 ` [PATCH 5.10/5.15 2/2] cgroup: Move rcu_head up near the top of cgroup_root Fedor Pchelkin
2024-09-19 9:26 ` 5.10.225 stable kernel cgroup_mutex not held assertion failure chenridong
2024-09-20 9:28 ` Shivani Agarwal
2024-10-30 7:29 ` Siddh Raman Pant
2024-11-06 6:10 ` gregkh
2024-11-06 6:24 ` Siddh Raman Pant
2024-11-20 14:46 ` Siddh Raman Pant
2024-11-20 14:58 ` gregkh
2024-11-20 17:47 ` Siddh Raman Pant
2024-11-28 10:40 ` Siddh Raman Pant
2024-12-02 9:45 ` gregkh
2024-12-02 9:59 ` [PATCH 1/2] cgroup: Make operations on the cgroup root_list RCU safe Siddh Raman Pant
2024-12-02 9:59 ` [PATCH 2/2] cgroup: Move rcu_head up near the top of cgroup_root Siddh Raman Pant
2024-12-02 10:01 ` [PATCH 1/2] cgroup: Make operations on the cgroup root_list RCU safe Siddh Raman Pant
2024-12-02 10:06 ` gregkh
2024-12-02 10:11 ` Siddh Raman Pant
2024-12-02 10:11 ` [PATCH 2/2] cgroup: Move rcu_head up near the top of cgroup_root Siddh Raman Pant
2024-12-02 10:17 ` [PATCH 1/2] cgroup: Make operations on the cgroup root_list RCU safe Greg Kroah-Hartman
2024-12-02 10:26 ` Siddh Raman Pant
2024-12-02 10:30 ` gregkh
2024-09-20 9:29 ` [PATCH v4.19] " Shivani Agarwal
2024-09-20 9:29 ` [PATCH v4.19] cgroup: Move rcu_head up near the top of cgroup_root Shivani Agarwal
2024-09-20 9:30 ` [PATCH v5.4] cgroup: Make operations on the cgroup root_list RCU safe Shivani Agarwal
2024-09-20 9:33 ` [PATCH v5.4] cgroup: Move rcu_head up near the top of cgroup_root Shivani Agarwal
2024-09-23 8:50 ` Sasha Levin [this message]
2024-09-29 0:42 ` 5.10.225 stable kernel cgroup_mutex not held assertion failure Greg Thelen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZvEr4IGyZ2x9FRU1@sashalap \
--to=sashal@kernel.org \
--cc=chenridong@huawei.com \
--cc=gregkh@linuxfoundation.org \
--cc=gthelen@google.com \
--cc=shivani.agarwal@broadcom.com \
--cc=stable@vger.kernel.org \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.