From: "Michal Koutný" <mkoutny@suse.com>
To: cgroups@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-hardening@vger.kernel.org
Cc: "Michal Koutný" <mkoutny@suse.com>,
"Gustavo A. R. Silva" <gustavo@embeddedor.com>,
"Tejun Heo" <tj@kernel.org>,
"Johannes Weiner" <hannes@cmpxchg.org>,
"Kees Cook" <kees@kernel.org>,
"Gustavo A. R. Silva" <gustavoars@kernel.org>
Subject: [PATCH 3/4] cgroup: Use __counted_by for cgroup::ancestors
Date: Wed, 17 Dec 2025 17:27:35 +0100 [thread overview]
Message-ID: <20251217162744.352391-4-mkoutny@suse.com> (raw)
In-Reply-To: <20251217162744.352391-1-mkoutny@suse.com>
cgroup::ancestors includes self, i.e. root cgroups have one ancestor but
their level is 0. Change the value that we store inside struct cgroup
and use an inlined helper where we need to know the level. This way we
preserve the concept of 0-based levels and we can utilize __counted_by
constraint to guard ancestors access. (We could've used level value as a
counter for _low_ancestors but that would have no benefit since we never
access data through this flexible array alias.)
Cc: "Gustavo A. R. Silva" <gustavo@embeddedor.com>
Signed-off-by: Michal Koutný <mkoutny@suse.com>
---
include/linux/cgroup-defs.h | 19 ++++++++-----------
include/linux/cgroup.h | 2 +-
kernel/cgroup/cgroup.c | 3 ++-
3 files changed, 11 insertions(+), 13 deletions(-)
diff --git a/include/linux/cgroup-defs.h b/include/linux/cgroup-defs.h
index 9247e437da5ce..8ce1ae9bea909 100644
--- a/include/linux/cgroup-defs.h
+++ b/include/linux/cgroup-defs.h
@@ -475,14 +475,6 @@ struct cgroup {
unsigned long flags; /* "unsigned long" so bitops work */
- /*
- * The depth this cgroup is at. The root is at depth zero and each
- * step down the hierarchy increments the level. This along with
- * ancestors[] can determine whether a given cgroup is a
- * descendant of another without traversing the hierarchy.
- */
- int level;
-
/* Maximum allowed descent tree depth */
int max_depth;
@@ -625,13 +617,18 @@ struct cgroup {
struct bpf_local_storage __rcu *bpf_cgrp_storage;
#endif
- /* All ancestors including self */
union {
struct {
- void *_sentinel[0]; /* XXX to avoid 'flexible array member in a struct with no named members' */
- struct cgroup *ancestors[];
+ int nr_ancestors; /* do not use directly but via cgroup_level() */
+ /*
+ * All ancestors including self.
+ * ancestors[] can determine whether a given cgroup is a
+ * descendant of another without traversing the hierarchy.
+ */
+ struct cgroup *ancestors[] __counted_by(nr_ancestors);
};
struct {
+ int _nr_ancestors; /* auxiliary padding, see nr_ancestors above */
struct cgroup *_root_ancestor;
struct cgroup *_low_ancestors[];
};
diff --git a/include/linux/cgroup.h b/include/linux/cgroup.h
index 0290878ebad26..45f720b9ecedd 100644
--- a/include/linux/cgroup.h
+++ b/include/linux/cgroup.h
@@ -534,7 +534,7 @@ static inline struct cgroup *cgroup_parent(struct cgroup *cgrp)
*/
static inline int cgroup_level(struct cgroup *cgrp)
{
- return cgrp->level;
+ return cgrp->nr_ancestors - 1;
}
/**
diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index e011f1dd6d87f..5110d3e13d125 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -2197,6 +2197,7 @@ int cgroup_setup_root(struct cgroup_root *root, u16 ss_mask)
}
root_cgrp->kn = kernfs_root_to_node(root->kf_root);
WARN_ON_ONCE(cgroup_ino(root_cgrp) != 1);
+ root_cgrp->nr_ancestors = 1; /* stored in _root_ancestor */
root_cgrp->ancestors[0] = root_cgrp;
ret = css_populate_dir(&root_cgrp->self);
@@ -5869,7 +5870,7 @@ static struct cgroup *cgroup_create(struct cgroup *parent, const char *name,
cgrp->self.parent = &parent->self;
cgrp->root = root;
- cgrp->level = level;
+ cgrp->nr_ancestors = parent->nr_ancestors + 1;
/*
* Now that init_cgroup_housekeeping() has been called and cgrp->self
--
2.52.0
next prev parent reply other threads:[~2025-12-17 16:28 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-17 16:27 [PATCH 0/4] Use __counted_by for ancestor arrays Michal Koutný
2025-12-17 16:27 ` Michal Koutný [this message]
2025-12-18 7:09 ` [PATCH 3/4] cgroup: Use __counted_by for cgroup::ancestors Chen Ridong
2025-12-18 16:09 ` Tejun Heo
2025-12-18 16:32 ` Michal Koutný
2026-01-06 6:53 ` Gustavo A. R. Silva
2025-12-19 8:33 ` Kees Cook
2025-12-17 16:27 ` [PATCH 4/4] blk-iocost: Correct comment ioc_gq::level Michal Koutný
2025-12-17 16:57 ` Tejun Heo
2025-12-17 19:02 ` Michal Koutný
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251217162744.352391-4-mkoutny@suse.com \
--to=mkoutny@suse.com \
--cc=cgroups@vger.kernel.org \
--cc=gustavo@embeddedor.com \
--cc=gustavoars@kernel.org \
--cc=hannes@cmpxchg.org \
--cc=kees@kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox