Commit c2d83556 authored Mar 29, 2023 by Tetsuo Handa Committed by Yongqiang Liu Mar 29, 2023

cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()

mainline inclusion
from mainline-v6.0-rc3
commit 43626dad
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I6L46J
CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=43626dade36fa74d3329046f4ae2d7fdefe401c6

--------------------------------

syzbot is hitting percpu_rwsem_assert_held(&cpu_hotplug_lock) warning at
cpuset_attach() [1], for commit 4f7e7236 ("cgroup: Fix
threadgroup_rwsem <-> cpus_read_lock() deadlock") missed that
cpuset_attach() is also called from cgroup_attach_task_all().
Add cpus_read_lock() like what cgroup_procs_write_start() does.

Link: https://syzkaller.appspot.com/bug?extid=29d3a3b4d86c8136ad9e

 [1]
Reported-by: syzbot <syzbot+29d3a3b4d86c8136ad9e@syzkaller.appspotmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Fixes: 4f7e7236 ("cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock")
Signed-off-by: Tejun Heo <tj@kernel.org>

conflicts:
	kernel/cgroup/cgroup-internal.h
	kernel/cgroup/cgroup-v1.c
	kernel/cgroup/cgroup.c

Signed-off-by: Cai Xinchen <caixinchen1@huawei.com>
Reviewed-by: Wang Weiyang <wangweiyang2@huawei.com>
Reviewed-by: Xiu Jianfeng <xiujianfeng@huawei.com>
Reviewed-by: Wang Weiyang <wangweiyang2@huawei.com>
Signed-off-by: Yongqiang Liu <liuyongqiang13@huawei.com>

parent 4924308a

kernel/cgroup/cgroup-internal.h

+2 −0

Original line number	Diff line number	Diff line
		@@ -226,6 +226,8 @@ int cgroup_migrate(struct task_struct *leader, bool threadgroup,

		int cgroup_attach_task(struct cgroup dst_cgrp, struct task_struct leader,
		bool threadgroup);
		void cgroup_attach_lock(void);
		void cgroup_attach_unlock(void);
		struct task_struct cgroup_procs_write_start(char buf, bool threadgroup)
		__acquires(&cgroup_threadgroup_rwsem);
		void cgroup_procs_write_finish(struct task_struct *task)

kernel/cgroup/cgroup-v1.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -55,7 +55,7 @@ int cgroup_attach_task_all(struct task_struct from, struct task_struct tsk)
		int retval = 0;

		mutex_lock(&cgroup_mutex);
		percpu_down_write(&cgroup_threadgroup_rwsem);
		cgroup_attach_lock();
		for_each_root(root) {
		struct cgroup *from_cgrp;

		@@ -70,7 +70,7 @@ int cgroup_attach_task_all(struct task_struct from, struct task_struct tsk)
		if (retval)
		break;
		}
		percpu_up_write(&cgroup_threadgroup_rwsem);
		cgroup_attach_unlock();
		mutex_unlock(&cgroup_mutex);

		return retval;

kernel/cgroup/cgroup.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -2236,7 +2236,7 @@ EXPORT_SYMBOL_GPL(task_cgroup_path);
		* write-locking cgroup_threadgroup_rwsem. This allows ->attach() to assume that
		* CPU hotplug is disabled on entry.
		*/
		static void cgroup_attach_lock(void)
		void cgroup_attach_lock(void)
		{
		cpus_read_lock();
		percpu_down_write(&cgroup_threadgroup_rwsem);
		@@ -2246,7 +2246,7 @@ static void cgroup_attach_lock(void)
		* cgroup_attach_unlock - Undo cgroup_attach_lock()
		* @lock_threadgroup: whether to up_write cgroup_threadgroup_rwsem
		*/
		static void cgroup_attach_unlock(void)
		void cgroup_attach_unlock(void)
		{
		percpu_up_write(&cgroup_threadgroup_rwsem);
		cpus_read_unlock();