ANDROID: cgroup/cpuset: Do not access task_cs(p) outside of RCU

task_cs(p) is protected by RCU, so ensure that we have entered an RCU read-side critical section before accessing it in guarantee_online_cpus(). This issue was introduced by 4045a05f88 ("BACKPORT: FROMLIST: cpuset: Honour task_cpu_possible_mask() in guarantee_online_cpus()") and spotted during upstream review. Reported-by: Qais Yousef <qais.yousef@arm.com> Link: https://lore.kernel.org/r/20210521162524.22cwmrao3df7m4jb@e107158-lin.cambridge.arm.com Fixes: 4045a05f88 ("BACKPORT: FROMLIST: cpuset: Honour task_cpu_possible_mask() in guarantee_online_cpus()") Bug: 178507149 Change-Id: Ia8b8b89b5fcf72eefe9c2667951e24f315176ed5 Signed-off-by: Will Deacon <willdeacon@google.com>
2021-06-03 12:03:56 +01:00
parent 1099a4407d
commit 71b39cf2e5
1 changed files with 8 additions and 2 deletions
--- a/kernel/cgroup/cpuset.c
+++ b/kernel/cgroup/cpuset.c
@@ -378,12 +378,15 @@ static inline bool is_in_v2_mode(void)
 static void guarantee_online_cpus(struct task_struct *tsk,
 				  struct cpumask *pmask)
 {
-	struct cpuset *cs = task_cs(tsk);
 	const struct cpumask *possible_mask = task_cpu_possible_mask(tsk);
+	struct cpuset *cs;

 	if (WARN_ON(!cpumask_and(pmask, possible_mask, cpu_active_mask)))
 		cpumask_copy(pmask, cpu_active_mask);

+	rcu_read_lock();
+	cs = task_cs(tsk);
+
 	while (!cpumask_intersects(cs->effective_cpus, pmask)) {
 		cs = parent_cs(cs);
 		if (unlikely(!cs)) {
@@ -394,10 +397,13 @@ static void guarantee_online_cpus(struct task_struct *tsk,
 			 * cpuset's effective_cpus is on its way to be
 			 * identical to cpu_online_mask.
 			 */
-			return;
+			goto out_unlock;
 		}
 	}
 	cpumask_and(pmask, pmask, cs->effective_cpus);
+
+out_unlock:
+	rcu_read_unlock();
 }

 /*