From: sashiko-bot@kernel.org
To: "Waiman Long" <longman@redhat.com>
Cc: linux-hwmon@vger.kernel.org, mkoutny@suse.com,
hannes@cmpxchg.org, tj@kernel.org
Subject: Re: [PATCH 21/23] cgroup/cpuset: Limit the side effect of using CPU hotplug on isolated partition
Date: Wed, 22 Apr 2026 03:09:06 +0000 [thread overview]
Message-ID: <20260422030907.471D2C2BCB0@smtp.kernel.org> (raw)
In-Reply-To: <20260421030351.281436-22-longman@redhat.com>
Sashiko AI review found 3 potential issue(s):
- [High] The fallback CPU mask is overwritten and ignored in `cpuset_update_tasks_cpumask`, causing task migration to fail silently.
- [High] The `cpuhp_offline_cb_mode` hack bypasses partition invalidation globally, but its fallback logic only protects `PRS_ISOLATED`, breaking standard `PRS_ROOT` partitions.
- [High] Unsynchronized access to the global `cpuhp_offline_cb_mode` flag creates a data race and TOCTOU vulnerability in partition validation.
--
commit 273c35c4b20a0b62c4d54c5410e48d5450b71df4
Author: Waiman Long <longman@redhat.com>
cgroup/cpuset: Limit the side effect of using CPU hotplug on isolated partition
CPU hotplug is used to facilitate the modification of the
HK_TYPE_KERNEL_NOISE and HK_TYPE_MANAGED_IRQ cpumasks. However, tearing
down and bringing up CPUs can impact the cpuset partition states
as well. This patch attempts to work around partition invalidation by
pretending partitions are empty during cpuhp_offline_cb_mode, and
temporarily mapping tasks in isolated partitions to their parent's
effective CPUs.
> diff --git a/kernel/cgroup/cpuset.c b/kernel/cgroup/cpuset.c
> index a927b9cd4f718..5f6b4e67748f2 100644
> --- a/kernel/cgroup/cpuset.c
> +++ b/kernel/cgroup/cpuset.c
> @@ -434,6 +434,13 @@ static inline bool partition_is_populated(struct cpuset *cs,
> struct cpuset *cp;
> struct cgroup_subsys_state *pos_css;
>
> + /*
> + * Hack: In cpuhp_offline_cb_mode, pretend all partitions are empty
> + * to prevent unnecessary partition invalidation.
> + */
> + if (cpuhp_offline_cb_mode)
> + return false;
> +
Is it safe to read cpuhp_offline_cb_mode here without synchronization?
The hotplug thread sets this flag while holding lock_device_hotplug(). A
concurrent userspace write to cpuset.cpus.partition triggers
validate_partition(), which holds cpuset_mutex and cpus_read_lock(), but not
lock_device_hotplug().
Could validate_partition() read cpuhp_offline_cb_mode as true before the
hotplug thread acquires cpus_write_lock(), causing the safety checks to
falsely conclude the partition is empty and bypassing cgroup validation?
[ ... ]
> @@ -3881,6 +3888,17 @@ hotplug_update_tasks(struct cpuset *cs,
> cs->effective_mems = *new_mems;
> spin_unlock_irq(&callback_lock);
>
> + /*
> + * When cpuhp_offline_cb_mode is active, valid isolated partition
> + * with tasks may have no online CPUs available for a short while.
> + * In that case, we fall back to parent's effective CPUs temporarily
> + * which will be reset back to their rightful value once the affected
> + * CPUs are online again.
> + */
> + if (cpuhp_offline_cb_mode && cpumask_empty(new_cpus) &&
> + (cs->partition_root_state == PRS_ISOLATED))
> + cpumask_copy(new_cpus, parent_cs(cs)->effective_cpus);
> +
By bypassing partition_is_populated() globally during cpuhp_offline_cb_mode,
all partitions skip normal invalidation. However, this fallback logic strictly
checks for PRS_ISOLATED.
If a standard PRS_ROOT partition loses its last online CPU, it gets bypassed
for invalidation but receives no fallback mask. Won't this leave the PRS_ROOT
partition with a completely empty effective_cpus mask, breaking its isolation
and causing subsequent cgroup_attach() operations to fail with -ENOSPC?
> if (cpus_updated)
> cpuset_update_tasks_cpumask(cs, new_cpus);
Does the temporary fallback mask actually get applied to the tasks?
Earlier in hotplug_update_tasks(), cs->effective_cpus is overwritten with the
empty incoming new_cpus mask. Then, inside cpuset_update_tasks_cpumask(),
new_cpus is overwritten again by intersecting it with cs->effective_cpus:
kernel/cgroup/cpuset.c:cpuset_update_tasks_cpumask() {
...
} else {
cpumask_and(new_cpus, possible_mask, cs->effective_cpus);
}
set_cpus_allowed_ptr(task, new_cpus);
...
}
Since cs->effective_cpus is already empty, the resulting new_cpus mask passed
to set_cpus_allowed_ptr() will also be empty. Doesn't set_cpus_allowed_ptr()
fail with -EINVAL when given an empty mask, leaving the task's affinity
unchanged and forcing the scheduler to migrate the tasks to arbitrary fallback
CPUs system-wide?
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260421030351.281436-1-longman@redhat.com?part=21
next prev parent reply other threads:[~2026-04-22 3:09 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-21 3:03 [PATCH-next 00/23] cgroup/cpuset: Enable runtime update of nohz_full and managed_irq CPUs Waiman Long
2026-04-21 3:03 ` [PATCH 01/23] sched/isolation: Add HK_TYPE_KERNEL_NOISE_BOOT & HK_TYPE_MANAGED_IRQ_BOOT Waiman Long
2026-04-21 3:03 ` [PATCH 02/23] sched/isolation: Enhance housekeeping_update() to support updating more than one HK cpumask Waiman Long
2026-04-22 3:08 ` sashiko-bot
2026-04-22 6:39 ` Chen Ridong
2026-04-21 3:03 ` [PATCH 03/23] tick/nohz: Make nohz_full parameter optional Waiman Long
2026-04-21 8:32 ` Thomas Gleixner
2026-04-21 14:14 ` Waiman Long
2026-04-22 3:08 ` sashiko-bot
2026-04-21 3:03 ` [PATCH 04/23] tick/nohz: Allow runtime changes in full dynticks CPUs Waiman Long
2026-04-21 8:50 ` Thomas Gleixner
2026-04-21 14:24 ` Waiman Long
2026-04-22 3:08 ` sashiko-bot
2026-04-21 3:03 ` [PATCH 05/23] tick: Pass timer tick job to an online HK CPU in tick_cpu_dying() Waiman Long
2026-04-21 8:55 ` Thomas Gleixner
2026-04-21 14:22 ` Waiman Long
2026-04-21 3:03 ` [PATCH 06/23] rcu/nocbs: Allow runtime changes in RCU NOCBS cpumask Waiman Long
2026-04-22 3:08 ` sashiko-bot
2026-04-21 3:03 ` [PATCH 07/23] watchdog: Sync up with runtime change of isolated CPUs Waiman Long
2026-04-22 3:08 ` sashiko-bot
2026-04-21 3:03 ` [PATCH 08/23] arm64: topology: Use RCU to protect access to HK_TYPE_TICK cpumask Waiman Long
2026-04-22 3:08 ` sashiko-bot
2026-04-22 9:34 ` Chen Ridong
2026-04-21 3:03 ` [PATCH 09/23] workqueue: Use RCU to protect access of HK_TYPE_TIMER cpumask Waiman Long
2026-04-21 3:03 ` [PATCH 10/23] cpu: " Waiman Long
2026-04-21 8:57 ` Thomas Gleixner
2026-04-21 14:25 ` Waiman Long
2026-04-21 3:03 ` [PATCH 11/23] hrtimer: " Waiman Long
2026-04-21 8:59 ` Thomas Gleixner
2026-04-22 3:09 ` sashiko-bot
2026-04-21 3:03 ` [PATCH 12/23] net: Use boot time housekeeping cpumask settings for now Waiman Long
2026-04-21 3:03 ` [PATCH 13/23] sched/core: Use RCU to protect access of HK_TYPE_KERNEL_NOISE cpumask Waiman Long
2026-04-22 3:09 ` sashiko-bot
2026-04-21 3:03 ` [PATCH 14/23] hwmon/coretemp: Use RCU to protect access of HK_TYPE_MISC cpumask Waiman Long
2026-04-22 3:09 ` sashiko-bot
2026-04-21 3:03 ` [PATCH 15/23] Drivers: hv: Use RCU to protect access of HK_TYPE_MANAGED_IRQ cpumask Waiman Long
2026-04-22 3:09 ` sashiko-bot
2026-04-21 3:03 ` [PATCH 16/23] genirq/cpuhotplug: " Waiman Long
2026-04-21 9:02 ` Thomas Gleixner
2026-04-21 14:29 ` Waiman Long
2026-04-21 3:03 ` [PATCH 17/23] sched/isolation: Extend housekeeping_dereference_check() to cover changes in nohz_full or manged_irqs cpumasks Waiman Long
2026-04-22 3:09 ` sashiko-bot
2026-04-21 3:03 ` [PATCH 18/23] cpu/hotplug: Add a new cpuhp_offline_cb() API Waiman Long
2026-04-21 16:17 ` Thomas Gleixner
2026-04-21 17:29 ` Waiman Long
2026-04-21 18:43 ` Thomas Gleixner
2026-04-22 3:09 ` sashiko-bot
2026-04-21 3:03 ` [PATCH 19/23] cgroup/cpuset: Improve check for calling housekeeping_update() Waiman Long
2026-04-21 3:03 ` [PATCH 20/23] cgroup/cpuset: Enable runtime update of HK_TYPE_{KERNEL_NOISE,MANAGED_IRQ} cpumasks Waiman Long
2026-04-22 3:09 ` sashiko-bot
2026-04-21 3:03 ` [PATCH 21/23] cgroup/cpuset: Limit the side effect of using CPU hotplug on isolated partition Waiman Long
2026-04-22 3:09 ` sashiko-bot [this message]
2026-04-21 3:03 ` [PATCH 22/23] cgroup/cpuset: Prevent offline_disabled CPUs from being used in " Waiman Long
2026-04-22 3:09 ` sashiko-bot
2026-04-21 3:03 ` [PATCH 23/23] cgroup/cpuset: Documentation and kselftest updates Waiman Long
2026-04-22 3:09 ` sashiko-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260422030907.471D2C2BCB0@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=hannes@cmpxchg.org \
--cc=linux-hwmon@vger.kernel.org \
--cc=longman@redhat.com \
--cc=mkoutny@suse.com \
--cc=sashiko@lists.linux.dev \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox