From 71b39cf2e57b8f73a9cc4d98f2da28c3ae8087d5 Mon Sep 17 00:00:00 2001 From: Will Deacon Date: Thu, 3 Jun 2021 12:03:56 +0100 Subject: [PATCH] ANDROID: cgroup/cpuset: Do not access task_cs(p) outside of RCU task_cs(p) is protected by RCU, so ensure that we have entered an RCU read-side critical section before accessing it in guarantee_online_cpus(). This issue was introduced by 4045a05f889d ("BACKPORT: FROMLIST: cpuset: Honour task_cpu_possible_mask() in guarantee_online_cpus()") and spotted during upstream review. Reported-by: Qais Yousef Link: https://lore.kernel.org/r/20210521162524.22cwmrao3df7m4jb@e107158-lin.cambridge.arm.com Fixes: 4045a05f889d ("BACKPORT: FROMLIST: cpuset: Honour task_cpu_possible_mask() in guarantee_online_cpus()") Bug: 178507149 Change-Id: Ia8b8b89b5fcf72eefe9c2667951e24f315176ed5 Signed-off-by: Will Deacon --- kernel/cgroup/cpuset.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/kernel/cgroup/cpuset.c b/kernel/cgroup/cpuset.c index 1da5f4980b92..a373654da841 100644 --- a/kernel/cgroup/cpuset.c +++ b/kernel/cgroup/cpuset.c @@ -378,12 +378,15 @@ static inline bool is_in_v2_mode(void) static void guarantee_online_cpus(struct task_struct *tsk, struct cpumask *pmask) { - struct cpuset *cs = task_cs(tsk); const struct cpumask *possible_mask = task_cpu_possible_mask(tsk); + struct cpuset *cs; if (WARN_ON(!cpumask_and(pmask, possible_mask, cpu_active_mask))) cpumask_copy(pmask, cpu_active_mask); + rcu_read_lock(); + cs = task_cs(tsk); + while (!cpumask_intersects(cs->effective_cpus, pmask)) { cs = parent_cs(cs); if (unlikely(!cs)) { @@ -394,10 +397,13 @@ static void guarantee_online_cpus(struct task_struct *tsk, * cpuset's effective_cpus is on its way to be * identical to cpu_online_mask. */ - return; + goto out_unlock; } } cpumask_and(pmask, pmask, cs->effective_cpus); + +out_unlock: + rcu_read_unlock(); } /*