From: Sasha Levin <sashal@kernel.org>
To: Greg Thelen <gthelen@google.com>
Cc: Chen Ridong <chenridong@huawei.com>, Tejun Heo <tj@kernel.org>,
Shivani Agarwal <shivani.agarwal@broadcom.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org
Subject: Re: 5.10.225 stable kernel cgroup_mutex not held assertion failure
Date: Mon, 23 Sep 2024 04:50:40 -0400 [thread overview]
Message-ID: <ZvEr4IGyZ2x9FRU1@sashalap> (raw)
In-Reply-To: <xr93ikus2nd1.fsf@gthelen-cloudtop.c.googlers.com>
On Wed, Sep 18, 2024 at 11:01:30PM -0700, Greg Thelen wrote:
>Linux stable v5.10.226 suffers a lockdep warning when accessing
>/proc/PID/cpuset. cset_cgroup_from_root() is called without cgroup_mutex
>is held, which causes assertion failure.
>
>Bisect blames 5.10.225 commit 688325078a8b ("cgroup/cpuset: Prevent UAF
>in proc_cpuset_show()"). I've have not easily reproduced the problem
>that this change fixes, so I'm not sure if it's best to revert the fix
>or adapt it to meet the 5.10 locking expectations.
>
>The lockdep complaint:
>
>$ cat /proc/1/cpuset
>$ dmesg
>[ 198.744891] ------------[ cut here ]------------
>[ 198.744918] WARNING: CPU: 4 PID: 9301 at
>kernel/cgroup/cgroup.c:1395 cset_cgroup_from_root+0xb2/0xd0
>[ 198.744957] RIP: 0010:cset_cgroup_from_root+0xb2/0xd0
>[ 198.744960] Code: 02 00 00 74 11 48 8b 09 48 39 cb 75 eb eb 19 49
>83 c6 10 4c 89 f0 48 85 c0 74 0d 5b 41 5e c3 48 8b 43 60 48 85 c0 75
>f3 0f 0b <0f> 0b 83 3d 69 01 ee 01 00 0f 85 78 ff ff ff eb 8b 0f 0b eb
>87 66
>[ 198.744962] RSP: 0018:ffffb492608a7ce8 EFLAGS: 00010046
>[ 198.744977] RAX: 0000000000000000 RBX: ffffffff8f4171b8 RCX:
>cc949de848c33e00
>[ 198.744979] RDX: 0000000000001000 RSI: ffffffff8f415450 RDI:
>ffff92e5417c4dc0
>[ 198.744981] RBP: ffff9303467e3f00 R08: 0000000000000008 R09:
>ffffffff9122d568
>[ 198.744983] R10: ffff92e5417c4380 R11: 0000000000000000 R12:
>ffff92e3d9506000
>[ 198.744984] R13: 0000000000000000 R14: ffff92e443a96000 R15:
>ffff92e3d9506000
>[ 198.744987] FS: 00007f15d94ed740(0000) GS:ffff9302bf500000(0000)
>knlGS:0000000000000000
>[ 198.744988] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>[ 198.744990] CR2: 00007f15d94ca000 CR3: 00000002816ca003 CR4:
>00000000001706e0
>[ 198.744992] Call Trace:
>[ 198.744996] ? __warn+0xcd/0x1c0
>[ 198.745000] ? cset_cgroup_from_root+0xb2/0xd0
>[ 198.745008] ? report_bug+0x87/0xf0
>[ 198.745015] ? handle_bug+0x42/0x80
>[ 198.745017] ? exc_invalid_op+0x16/0x70
>[ 198.745021] ? asm_exc_invalid_op+0x12/0x20
>[ 198.745030] ? cset_cgroup_from_root+0xb2/0xd0
>[ 198.745034] ? cset_cgroup_from_root+0x28/0xd0
>[ 198.745038] cgroup_path_ns_locked+0x23/0x50
>[ 198.745044] proc_cpuset_show+0x115/0x210
>[ 198.745049] proc_single_show+0x4a/0xa0
>[ 198.745056] seq_read_iter+0x14d/0x400
>[ 198.745063] seq_read+0x103/0x130
>[ 198.745074] vfs_read+0xea/0x320
>[ 198.745078] ? do_user_addr_fault+0x25b/0x390
>[ 198.745085] ? do_user_addr_fault+0x25b/0x390
>[ 198.745090] ksys_read+0x70/0xe0
>[ 198.745096] do_syscall_64+0x2d/0x40
>[ 198.745099] entry_SYSCALL_64_after_hwframe+0x61/0xcb
I'll queue up d23b5c577715 ("cgroup: Make operations on the cgroup
root_list RCU safe") onto 5.15/5.10. Thanks for reporting!
--
Thanks,
Sasha
next prev parent reply other threads:[~2024-09-23 8:50 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-19 6:01 5.10.225 stable kernel cgroup_mutex not held assertion failure Greg Thelen
2024-09-19 8:47 ` Fedor Pchelkin
2024-09-19 8:51 ` [PATCH 5.10/5.15 1/2] cgroup: Make operations on the cgroup root_list RCU safe Fedor Pchelkin
2024-09-19 8:51 ` [PATCH 5.10/5.15 2/2] cgroup: Move rcu_head up near the top of cgroup_root Fedor Pchelkin
2024-09-19 9:26 ` 5.10.225 stable kernel cgroup_mutex not held assertion failure chenridong
2024-09-20 9:28 ` Shivani Agarwal
2024-10-30 7:29 ` Siddh Raman Pant
2024-11-06 6:10 ` gregkh
2024-11-06 6:24 ` Siddh Raman Pant
2024-11-20 14:46 ` Siddh Raman Pant
2024-11-20 14:58 ` gregkh
2024-11-20 17:47 ` Siddh Raman Pant
2024-11-28 10:40 ` Siddh Raman Pant
2024-12-02 9:45 ` gregkh
2024-12-02 9:59 ` [PATCH 1/2] cgroup: Make operations on the cgroup root_list RCU safe Siddh Raman Pant
2024-12-02 9:59 ` [PATCH 2/2] cgroup: Move rcu_head up near the top of cgroup_root Siddh Raman Pant
2024-12-02 10:01 ` [PATCH 1/2] cgroup: Make operations on the cgroup root_list RCU safe Siddh Raman Pant
2024-12-02 10:06 ` gregkh
2024-12-02 10:11 ` Siddh Raman Pant
2024-12-02 10:11 ` [PATCH 2/2] cgroup: Move rcu_head up near the top of cgroup_root Siddh Raman Pant
2024-12-02 10:17 ` [PATCH 1/2] cgroup: Make operations on the cgroup root_list RCU safe Greg Kroah-Hartman
2024-12-02 10:26 ` Siddh Raman Pant
2024-12-02 10:30 ` gregkh
2024-09-20 9:29 ` [PATCH v4.19] " Shivani Agarwal
2024-09-20 9:29 ` [PATCH v4.19] cgroup: Move rcu_head up near the top of cgroup_root Shivani Agarwal
2024-09-20 9:30 ` [PATCH v5.4] cgroup: Make operations on the cgroup root_list RCU safe Shivani Agarwal
2024-09-20 9:33 ` [PATCH v5.4] cgroup: Move rcu_head up near the top of cgroup_root Shivani Agarwal
2024-09-23 8:50 ` Sasha Levin [this message]
2024-09-29 0:42 ` 5.10.225 stable kernel cgroup_mutex not held assertion failure Greg Thelen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZvEr4IGyZ2x9FRU1@sashalap \
--to=sashal@kernel.org \
--cc=chenridong@huawei.com \
--cc=gregkh@linuxfoundation.org \
--cc=gthelen@google.com \
--cc=shivani.agarwal@broadcom.com \
--cc=stable@vger.kernel.org \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox