From: Waiman Long <llong@redhat.com>
To: "Ashay Jaiswal" <quic_ashayj@quicinc.com>,
"Tejun Heo" <tj@kernel.org>,
"Johannes Weiner" <hannes@cmpxchg.org>,
"Michal Koutný" <mkoutny@suse.com>,
"Peter Zijlstra (Intel)" <peterz@infradead.org>
Cc: cgroups@vger.kernel.org, linux-kernel@vger.kernel.org,
stable@vger.kernel.org
Subject: Re: [PATCH] cpuset: prevent freeing unallocated cpumask in hotplug handling
Date: Tue, 2 Sep 2025 13:14:31 -0400 [thread overview]
Message-ID: <533633c5-90cc-4a35-9ec3-9df2720a6e9e@redhat.com> (raw)
In-Reply-To: <20250902-cpuset-free-on-condition-v1-1-f46ffab53eac@quicinc.com>
On 9/2/25 12:26 AM, Ashay Jaiswal wrote:
> In cpuset hotplug handling, temporary cpumasks are allocated only when
> running under cgroup v2. The current code unconditionally frees these
> masks, which can lead to a crash on cgroup v1 case.
>
> Free the temporary cpumasks only when they were actually allocated.
>
> Fixes: 4b842da276a8 ("cpuset: Make CPU hotplug work with partition")
> Cc: stable@vger.kernel.org
> Signed-off-by: Ashay Jaiswal <quic_ashayj@quicinc.com>
> ---
> kernel/cgroup/cpuset.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/kernel/cgroup/cpuset.c b/kernel/cgroup/cpuset.c
> index a78ccd11ce9b43c2e8b0e2c454a8ee845ebdc808..a4f908024f3c0a22628a32f8a5b0ae96c7dccbb9 100644
> --- a/kernel/cgroup/cpuset.c
> +++ b/kernel/cgroup/cpuset.c
> @@ -4019,7 +4019,8 @@ static void cpuset_handle_hotplug(void)
> if (force_sd_rebuild)
> rebuild_sched_domains_cpuslocked();
>
> - free_tmpmasks(ptmp);
> + if (on_dfl && ptmp)
> + free_tmpmasks(ptmp);
> }
>
> void cpuset_update_active_cpus(void)
The patch that introduces the bug is actually commit 5806b3d05165
("cpuset: decouple tmpmasks and cpumasks freeing in cgroup") which
removes the NULL check. The on_dfl check is not necessary and I would
suggest adding the NULL check in free_tmpmasks().
Cheers,
Longman
next prev parent reply other threads:[~2025-09-02 17:14 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-02 4:26 [PATCH] cpuset: prevent freeing unallocated cpumask in hotplug handling Ashay Jaiswal
2025-09-02 9:51 ` Michal Koutný
2025-09-02 17:06 ` Waiman Long
2025-09-02 17:14 ` Waiman Long [this message]
2025-09-02 18:21 ` Waiman Long
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=533633c5-90cc-4a35-9ec3-9df2720a6e9e@redhat.com \
--to=llong@redhat.com \
--cc=cgroups@vger.kernel.org \
--cc=hannes@cmpxchg.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mkoutny@suse.com \
--cc=peterz@infradead.org \
--cc=quic_ashayj@quicinc.com \
--cc=stable@vger.kernel.org \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).