[PATCH AUTOSEL 5.15 39/47] cgroup: Protect css->cgroup write under css_set_lock

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Waiman Long <longman@redhat.com>, Tejun Heo <tj@kernel.org>,
	Sasha Levin <sashal@kernel.org>,
	lizefan.x@bytedance.com, hannes@cmpxchg.org, mkoutny@suse.com,
	cgroups@vger.kernel.org
Subject: [PATCH AUTOSEL 5.15 39/47] cgroup: Protect css->cgroup write under css_set_lock
Date: Wed, 31 Jul 2024 20:31:29 -0400	[thread overview]
Message-ID: <20240801003256.3937416-39-sashal@kernel.org> (raw)
In-Reply-To: <20240801003256.3937416-1-sashal@kernel.org>

From: Waiman Long <longman@redhat.com>

[ Upstream commit 57b56d16800e8961278ecff0dc755d46c4575092 ]

The writing of css->cgroup associated with the cgroup root in
rebind_subsystems() is currently protected only by cgroup_mutex.
However, the reading of css->cgroup in both proc_cpuset_show() and
proc_cgroup_show() is protected just by css_set_lock. That makes the
readers susceptible to racing problems like data tearing or caching.
It is also a problem that can be reported by KCSAN.

This can be fixed by using READ_ONCE() and WRITE_ONCE() to access
css->cgroup. Alternatively, the writing of css->cgroup can be moved
under css_set_lock as well which is done by this patch.

Signed-off-by: Waiman Long <longman@redhat.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 kernel/cgroup/cgroup.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index be467aea457e7..84e85561a87c0 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -1802,9 +1802,9 @@ int rebind_subsystems(struct cgroup_root *dst_root, u16 ss_mask)
 		RCU_INIT_POINTER(scgrp->subsys[ssid], NULL);
 		rcu_assign_pointer(dcgrp->subsys[ssid], css);
 		ss->root = dst_root;
-		css->cgroup = dcgrp;
 
 		spin_lock_irq(&css_set_lock);
+		css->cgroup = dcgrp;
 		WARN_ON(!list_empty(&dcgrp->e_csets[ss->id]));
 		list_for_each_entry_safe(cset, cset_pos, &scgrp->e_csets[ss->id],
 					 e_cset_node[ss->id]) {
-- 
2.43.0

next prev parent reply	other threads:[~2024-08-01  0:35 UTC|newest]

Thread overview: 48+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-08-01  0:30 [PATCH AUTOSEL 5.15 01/47] drm/amd/display: Assign linear_pitch_alignment even for VM Sasha Levin
2024-08-01  0:30 ` [PATCH AUTOSEL 5.15 02/47] drm/amdgpu: fix overflowed array index read warning Sasha Levin
2024-08-01  0:30 ` [PATCH AUTOSEL 5.15 03/47] drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc Sasha Levin
2024-08-01  0:30 ` [PATCH AUTOSEL 5.15 04/47] drm/amd/pm: fix warning using uninitialized value of max_vid_step Sasha Levin
2024-08-01  0:30 ` [PATCH AUTOSEL 5.15 05/47] drm/amd/pm: fix the Out-of-bounds read warning Sasha Levin
2024-08-01  0:30 ` [PATCH AUTOSEL 5.15 06/47] drm/amdgpu: fix uninitialized scalar variable warning Sasha Levin
2024-08-01  0:30 ` [PATCH AUTOSEL 5.15 07/47] drm/amd/display: Check gpio_id before used as array index Sasha Levin
2024-08-01  0:30 ` [PATCH AUTOSEL 5.15 08/47] drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 Sasha Levin
2024-08-01  0:30 ` [PATCH AUTOSEL 5.15 09/47] drm/amd/display: Add array index check for hdcp ddc access Sasha Levin
2024-08-01  0:31 ` [PATCH AUTOSEL 5.15 10/47] drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] Sasha Levin
2024-08-01  0:31 ` [PATCH AUTOSEL 5.15 11/47] drm/amd/display: Check msg_id before processing transcation Sasha Levin
2024-08-01  0:31 ` [PATCH AUTOSEL 5.15 12/47] drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create Sasha Levin
2024-08-01  0:31 ` [PATCH AUTOSEL 5.15 13/47] drm/amd/amdgpu: Check tbo resource pointer Sasha Levin
2024-08-01  0:31 ` [PATCH AUTOSEL 5.15 14/47] drm/amdgpu: Fix out-of-bounds write warning Sasha Levin
2024-08-01  0:31 ` [PATCH AUTOSEL 5.15 15/47] drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number Sasha Levin
2024-08-01  0:31 ` [PATCH AUTOSEL 5.15 16/47] drm/amdgpu: fix ucode out-of-bounds read warning Sasha Levin
2024-08-01  0:31 ` [PATCH AUTOSEL 5.15 17/47] drm/amdgpu: fix mc_data " Sasha Levin
2024-08-01  0:31 ` [PATCH AUTOSEL 5.15 18/47] drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device Sasha Levin
2024-08-01  0:31 ` [PATCH AUTOSEL 5.15 19/47] drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs Sasha Levin
2024-08-01  0:31 ` [PATCH AUTOSEL 5.15 20/47] drm/amdgpu: fix the waring dereferencing hive Sasha Levin
2024-08-01  0:31 ` [PATCH AUTOSEL 5.15 21/47] drm/amdgpu: the warning dereferencing obj for nbio_v7_4 Sasha Levin
2024-08-01  0:31 ` [PATCH AUTOSEL 5.15 22/47] drm/amdgpu: update type of buf size to u32 for eeprom functions Sasha Levin
2024-08-01  0:31 ` [PATCH AUTOSEL 5.15 23/47] cpufreq: scmi: Avoid overflow of target_freq in fast switch Sasha Levin
2024-08-01  0:31 ` [PATCH AUTOSEL 5.15 24/47] bpf, net: Use DEV_STAT_INC() Sasha Levin
2024-08-01  0:31 ` [PATCH AUTOSEL 5.15 25/47] PCI: al: Check IORESOURCE_BUS existence during probe Sasha Levin
2024-08-27 12:23   ` Pavel Machek
2024-08-01  0:31 ` [PATCH AUTOSEL 5.15 26/47] hwspinlock: Introduce hwspin_lock_bust() Sasha Levin
2024-08-01  0:31 ` [PATCH AUTOSEL 5.15 27/47] gpiolib: cdev: Add INIT_KFIFO() for linereq events Sasha Levin
2024-08-01  0:31 ` [PATCH AUTOSEL 5.15 28/47] smack: tcp: ipv4, fix incorrect labeling Sasha Levin
2024-08-01  0:31 ` [PATCH AUTOSEL 5.15 29/47] drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ Sasha Levin
2024-08-01  0:31 ` [PATCH AUTOSEL 5.15 30/47] wifi: cfg80211: make hash table duplicates more survivable Sasha Levin
2024-08-01  0:31 ` [PATCH AUTOSEL 5.15 31/47] drm/amd/display: added NULL check at start of dc_validate_stream Sasha Levin
2024-08-01  0:31 ` [PATCH AUTOSEL 5.15 32/47] drm/amd/display: Skip wbscl_set_scaler_filter if filter is null Sasha Levin
2024-08-01  0:31 ` [PATCH AUTOSEL 5.15 33/47] ALSA: vmaster: Return error for invalid input values Sasha Levin
2024-08-01  0:31 ` [PATCH AUTOSEL 5.15 34/47] ELF: fix kernel.randomize_va_space double read Sasha Levin
2024-08-01  0:31 ` [PATCH AUTOSEL 5.15 35/47] udf: Avoid excessive partition lengths Sasha Levin
2024-08-01  0:31 ` [PATCH AUTOSEL 5.15 36/47] riscv: mm: Take memory hotplug read-lock during kernel page table dump Sasha Levin
2024-08-01  0:31 ` [PATCH AUTOSEL 5.15 37/47] usb: uas: set host status byte on data completion error Sasha Levin
2024-08-01  0:31 ` [PATCH AUTOSEL 5.15 38/47] drm/amd/display: Check HDCP returned status Sasha Levin
2024-08-01  0:31 ` Sasha Levin [this message]
2024-08-01  0:31 ` [PATCH AUTOSEL 5.15 40/47] um: line: always fill *error_out in setup_one_line() Sasha Levin
2024-08-01  0:31 ` [PATCH AUTOSEL 5.15 41/47] devres: Initialize an uninitialized struct member Sasha Levin
2024-08-01  0:31 ` [PATCH AUTOSEL 5.15 42/47] pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv Sasha Levin
2024-08-01  0:31 ` [PATCH AUTOSEL 5.15 43/47] hwmon: (lm95234) Fix underflows seen when writing limit attributes Sasha Levin
2024-08-01  0:31 ` [PATCH AUTOSEL 5.15 44/47] hwmon: (w83627ehf) " Sasha Levin
2024-08-01  0:31 ` [PATCH AUTOSEL 5.15 45/47] libbpf: Add NULL checks to bpf_object__{prev_map,next_map} Sasha Levin
2024-08-01  0:31 ` [PATCH AUTOSEL 5.15 46/47] wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() Sasha Levin
2024-08-01  0:31 ` [PATCH AUTOSEL 5.15 47/47] i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup Sasha Levin

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:be467aea457e dfblob:84e85561a87c )
 OR (
bs:"[PATCH AUTOSEL 5.15 39/47] cgroup: Protect css->cgroup write under css_set_lock" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240801003256.3937416-39-sashal@kernel.org \
    --to=sashal@kernel.org \
    --cc=cgroups@vger.kernel.org \
    --cc=hannes@cmpxchg.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=lizefan.x@bytedance.com \
    --cc=longman@redhat.com \
    --cc=mkoutny@suse.com \
    --cc=stable@vger.kernel.org \
    --cc=tj@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox