* [PATCH] cpuset: prevent freeing unallocated cpumask in hotplug handling
@ 2025-09-02 4:26 Ashay Jaiswal
2025-09-02 9:51 ` Michal Koutný
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Ashay Jaiswal @ 2025-09-02 4:26 UTC (permalink / raw)
To: Waiman Long, Tejun Heo, Johannes Weiner, Michal Koutný,
Peter Zijlstra (Intel)
Cc: cgroups, linux-kernel, stable, Ashay Jaiswal
In cpuset hotplug handling, temporary cpumasks are allocated only when
running under cgroup v2. The current code unconditionally frees these
masks, which can lead to a crash on cgroup v1 case.
Free the temporary cpumasks only when they were actually allocated.
Fixes: 4b842da276a8 ("cpuset: Make CPU hotplug work with partition")
Cc: stable@vger.kernel.org
Signed-off-by: Ashay Jaiswal <quic_ashayj@quicinc.com>
---
kernel/cgroup/cpuset.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/kernel/cgroup/cpuset.c b/kernel/cgroup/cpuset.c
index a78ccd11ce9b43c2e8b0e2c454a8ee845ebdc808..a4f908024f3c0a22628a32f8a5b0ae96c7dccbb9 100644
--- a/kernel/cgroup/cpuset.c
+++ b/kernel/cgroup/cpuset.c
@@ -4019,7 +4019,8 @@ static void cpuset_handle_hotplug(void)
if (force_sd_rebuild)
rebuild_sched_domains_cpuslocked();
- free_tmpmasks(ptmp);
+ if (on_dfl && ptmp)
+ free_tmpmasks(ptmp);
}
void cpuset_update_active_cpus(void)
---
base-commit: 33bcf93b9a6b028758105680f8b538a31bc563cf
change-id: 20250902-cpuset-free-on-condition-85cf4eadb18c
Best regards,
--
Ashay Jaiswal <quic_ashayj@quicinc.com>
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] cpuset: prevent freeing unallocated cpumask in hotplug handling
2025-09-02 4:26 [PATCH] cpuset: prevent freeing unallocated cpumask in hotplug handling Ashay Jaiswal
@ 2025-09-02 9:51 ` Michal Koutný
2025-09-02 17:06 ` Waiman Long
2025-09-02 17:14 ` Waiman Long
2 siblings, 0 replies; 5+ messages in thread
From: Michal Koutný @ 2025-09-02 9:51 UTC (permalink / raw)
To: Ashay Jaiswal
Cc: Waiman Long, Tejun Heo, Johannes Weiner, Peter Zijlstra (Intel),
cgroups, linux-kernel, stable
[-- Attachment #1: Type: text/plain, Size: 1203 bytes --]
On Tue, Sep 02, 2025 at 09:56:17AM +0530, Ashay Jaiswal <quic_ashayj@quicinc.com> wrote:
> In cpuset hotplug handling, temporary cpumasks are allocated only when
> running under cgroup v2. The current code unconditionally frees these
> masks, which can lead to a crash on cgroup v1 case.
>
> Free the temporary cpumasks only when they were actually allocated.
>
> Fixes: 4b842da276a8 ("cpuset: Make CPU hotplug work with partition")
> Cc: stable@vger.kernel.org
> Signed-off-by: Ashay Jaiswal <quic_ashayj@quicinc.com>
> ---
> kernel/cgroup/cpuset.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/kernel/cgroup/cpuset.c b/kernel/cgroup/cpuset.c
> index a78ccd11ce9b43c2e8b0e2c454a8ee845ebdc808..a4f908024f3c0a22628a32f8a5b0ae96c7dccbb9 100644
> --- a/kernel/cgroup/cpuset.c
> +++ b/kernel/cgroup/cpuset.c
> @@ -4019,7 +4019,8 @@ static void cpuset_handle_hotplug(void)
> if (force_sd_rebuild)
> rebuild_sched_domains_cpuslocked();
>
> - free_tmpmasks(ptmp);
> + if (on_dfl && ptmp)
> + free_tmpmasks(ptmp);
> }
Can you do
if (ptmp)
free_tmpmasks(ptmp);
so that v2 check in concentrated in one place only?
Thanks,
Michal
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 265 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] cpuset: prevent freeing unallocated cpumask in hotplug handling
2025-09-02 4:26 [PATCH] cpuset: prevent freeing unallocated cpumask in hotplug handling Ashay Jaiswal
2025-09-02 9:51 ` Michal Koutný
@ 2025-09-02 17:06 ` Waiman Long
2025-09-02 17:14 ` Waiman Long
2 siblings, 0 replies; 5+ messages in thread
From: Waiman Long @ 2025-09-02 17:06 UTC (permalink / raw)
To: Ashay Jaiswal, Tejun Heo, Johannes Weiner, Michal Koutný,
Peter Zijlstra (Intel)
Cc: cgroups, linux-kernel, stable
On 9/2/25 12:26 AM, Ashay Jaiswal wrote:
> In cpuset hotplug handling, temporary cpumasks are allocated only when
> running under cgroup v2. The current code unconditionally frees these
> masks, which can lead to a crash on cgroup v1 case.
>
> Free the temporary cpumasks only when they were actually allocated.
>
> Fixes: 4b842da276a8 ("cpuset: Make CPU hotplug work with partition")
> Cc: stable@vger.kernel.org
> Signed-off-by: Ashay Jaiswal <quic_ashayj@quicinc.com>
> ---
> kernel/cgroup/cpuset.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/kernel/cgroup/cpuset.c b/kernel/cgroup/cpuset.c
> index a78ccd11ce9b43c2e8b0e2c454a8ee845ebdc808..a4f908024f3c0a22628a32f8a5b0ae96c7dccbb9 100644
> --- a/kernel/cgroup/cpuset.c
> +++ b/kernel/cgroup/cpuset.c
> @@ -4019,7 +4019,8 @@ static void cpuset_handle_hotplug(void)
> if (force_sd_rebuild)
> rebuild_sched_domains_cpuslocked();
>
> - free_tmpmasks(ptmp);
> + if (on_dfl && ptmp)
> + free_tmpmasks(ptmp);
> }
>
> void cpuset_update_active_cpus(void)
The patch that introduces the bug is actually commit 5806b3d05165
("cpuset: decouple tmpmasks and cpumasks freeing in cgroup") which
removes the NULL check. The on_dfl check is not necessary and I would
suggest adding the NULL check in free_tmpmasks().
Cheers,
Longman
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] cpuset: prevent freeing unallocated cpumask in hotplug handling
2025-09-02 4:26 [PATCH] cpuset: prevent freeing unallocated cpumask in hotplug handling Ashay Jaiswal
2025-09-02 9:51 ` Michal Koutný
2025-09-02 17:06 ` Waiman Long
@ 2025-09-02 17:14 ` Waiman Long
2025-09-02 18:21 ` Waiman Long
2 siblings, 1 reply; 5+ messages in thread
From: Waiman Long @ 2025-09-02 17:14 UTC (permalink / raw)
To: Ashay Jaiswal, Tejun Heo, Johannes Weiner, Michal Koutný,
Peter Zijlstra (Intel)
Cc: cgroups, linux-kernel, stable
On 9/2/25 12:26 AM, Ashay Jaiswal wrote:
> In cpuset hotplug handling, temporary cpumasks are allocated only when
> running under cgroup v2. The current code unconditionally frees these
> masks, which can lead to a crash on cgroup v1 case.
>
> Free the temporary cpumasks only when they were actually allocated.
>
> Fixes: 4b842da276a8 ("cpuset: Make CPU hotplug work with partition")
> Cc: stable@vger.kernel.org
> Signed-off-by: Ashay Jaiswal <quic_ashayj@quicinc.com>
> ---
> kernel/cgroup/cpuset.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/kernel/cgroup/cpuset.c b/kernel/cgroup/cpuset.c
> index a78ccd11ce9b43c2e8b0e2c454a8ee845ebdc808..a4f908024f3c0a22628a32f8a5b0ae96c7dccbb9 100644
> --- a/kernel/cgroup/cpuset.c
> +++ b/kernel/cgroup/cpuset.c
> @@ -4019,7 +4019,8 @@ static void cpuset_handle_hotplug(void)
> if (force_sd_rebuild)
> rebuild_sched_domains_cpuslocked();
>
> - free_tmpmasks(ptmp);
> + if (on_dfl && ptmp)
> + free_tmpmasks(ptmp);
> }
>
> void cpuset_update_active_cpus(void)
The patch that introduces the bug is actually commit 5806b3d05165
("cpuset: decouple tmpmasks and cpumasks freeing in cgroup") which
removes the NULL check. The on_dfl check is not necessary and I would
suggest adding the NULL check in free_tmpmasks().
Cheers,
Longman
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] cpuset: prevent freeing unallocated cpumask in hotplug handling
2025-09-02 17:14 ` Waiman Long
@ 2025-09-02 18:21 ` Waiman Long
0 siblings, 0 replies; 5+ messages in thread
From: Waiman Long @ 2025-09-02 18:21 UTC (permalink / raw)
To: Ashay Jaiswal
Cc: cgroups, linux-kernel, stable, Michal Koutný, Tejun Heo,
Peter Zijlstra (Intel), Johannes Weiner
On 9/2/25 1:14 PM, Waiman Long wrote:
>
> On 9/2/25 12:26 AM, Ashay Jaiswal wrote:
>> In cpuset hotplug handling, temporary cpumasks are allocated only when
>> running under cgroup v2. The current code unconditionally frees these
>> masks, which can lead to a crash on cgroup v1 case.
>>
>> Free the temporary cpumasks only when they were actually allocated.
>>
>> Fixes: 4b842da276a8 ("cpuset: Make CPU hotplug work with partition")
>> Cc: stable@vger.kernel.org
>> Signed-off-by: Ashay Jaiswal <quic_ashayj@quicinc.com>
>> ---
>> kernel/cgroup/cpuset.c | 3 ++-
>> 1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/kernel/cgroup/cpuset.c b/kernel/cgroup/cpuset.c
>> index
>> a78ccd11ce9b43c2e8b0e2c454a8ee845ebdc808..a4f908024f3c0a22628a32f8a5b0ae96c7dccbb9
>> 100644
>> --- a/kernel/cgroup/cpuset.c
>> +++ b/kernel/cgroup/cpuset.c
>> @@ -4019,7 +4019,8 @@ static void cpuset_handle_hotplug(void)
>> if (force_sd_rebuild)
>> rebuild_sched_domains_cpuslocked();
>> - free_tmpmasks(ptmp);
>> + if (on_dfl && ptmp)
>> + free_tmpmasks(ptmp);
>> }
>> void cpuset_update_active_cpus(void)
> The patch that introduces the bug is actually commit 5806b3d05165
> ("cpuset: decouple tmpmasks and cpumasks freeing in cgroup") which
> removes the NULL check. The on_dfl check is not necessary and I would
> suggest adding the NULL check in free_tmpmasks().
As this email was bounced back from your email account because it is
full, I decide to send out another patch on your behalf. Note that this
affects only the linux-next tree as the commit to be fixed isn't merged
into the mainline yet. There is no need for stable branch backport.
Cheers,
Longman
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2025-09-02 18:21 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-09-02 4:26 [PATCH] cpuset: prevent freeing unallocated cpumask in hotplug handling Ashay Jaiswal
2025-09-02 9:51 ` Michal Koutný
2025-09-02 17:06 ` Waiman Long
2025-09-02 17:14 ` Waiman Long
2025-09-02 18:21 ` Waiman Long
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).