[bug report] cgroup: Honor caller's cgroup NS when resolving path

kernel-janitors.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [bug report] cgroup: Honor caller's cgroup NS when resolving path
@ 2022-08-31  7:08 Dan Carpenter
  2022-08-31  9:00 ` Michal Koutný
  0 siblings, 1 reply; 4+ messages in thread
From: Dan Carpenter @ 2022-08-31  7:08 UTC (permalink / raw)
  To: mkoutny; +Cc: Tejun Heo, kernel-janitors

Hello Michal Koutný,

The patch 74e4b956eb1c: "cgroup: Honor caller's cgroup NS when
resolving path" from Aug 26, 2022, leads to the following Smatch
static checker warning:

	./include/linux/kernfs.h:600 kernfs_walk_and_get()
	warn: sleeping in atomic context

kernel/cgroup/cgroup.c
  6639  struct cgroup *cgroup_get_from_path(const char *path)
  6640  {
  6641          struct kernfs_node *kn;
  6642          struct cgroup *cgrp = ERR_PTR(-ENOENT);
  6643          struct cgroup *root_cgrp;
  6644  
  6645          spin_lock_irq(&css_set_lock);
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  6646          root_cgrp = current_cgns_cgroup_from_root(&cgrp_dfl_root);
  6647          kn = kernfs_walk_and_get(root_cgrp->kn, path);
                     ^^^^^^^^^^^^^^^^^^^
The kernfs_walk_and_get() function calls down_read() (a semaphore) so
it can't be called while holding a spinlock.

  6648          spin_unlock_irq(&css_set_lock);
  6649          if (!kn)
  6650                  goto out;

regards,
dan carpenter

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [bug report] cgroup: Honor caller's cgroup NS when resolving path
  2022-08-31  7:08 [bug report] cgroup: Honor caller's cgroup NS when resolving path Dan Carpenter
@ 2022-08-31  9:00 ` Michal Koutný
  2022-08-31 10:07   ` Dan Carpenter
  2022-09-04 19:40   ` Tejun Heo
  0 siblings, 2 replies; 4+ messages in thread
From: Michal Koutný @ 2022-08-31  9:00 UTC (permalink / raw)
  To: Dan Carpenter; +Cc: Tejun Heo, kernel-janitors

[-- Attachment #1: Type: text/plain, Size: 3526 bytes --]

Hello Dan Carpenter.

On Wed, Aug 31, 2022 at 10:08:09AM +0300, Dan Carpenter <dan.carpenter@oracle.com> wrote:
> The kernfs_walk_and_get() function calls down_read() (a semaphore) so
> it can't be called while holding a spinlock.

Thanks for the report (I should have looked deeper into
kernfs_walk_and_get).

I'd propose a patch like bellow.

Are you OK with adding 
> Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
as I'll send the proposed patch to public mailing lists.

Thanks,
Michal

----8<----
From e2de5c76969e5ac4c7fe5e00a54229cbe59bd86a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20Koutn=C3=BD?= <mkoutny@suse.com>
Date: Wed, 31 Aug 2022 10:36:19 +0200
Subject: [PATCH] cgroup: Reorganize css_set_lock and kernfs path processing
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The commit 74e4b956eb1c incorrectly wrapped kernfs_walk_and_get under
css_set_lock. That lock is needed by __cset_cgroup_from_root to ensure
stable cset->cgrp_links. The returned cgroup object is pinned by the
css_set. Kernfs code that traverses paths to this cgroup does not need
css_set_lock (lowest cgroup pins its ancestry and cgroup pins its
cgroup->kn).

TODO root(s) of named v1 hierarchies

Fixes: 74e4b956eb1c: ("cgroup: Honor caller's cgroup NS when resolving path")
Reported-by: FIXME
Signed-off-by: Michal Koutný <mkoutny@suse.com>
---
 kernel/cgroup/cgroup.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index 0005de2e2ed9..0f91dc6d16cc 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -1391,11 +1391,16 @@ static void cgroup_destroy_root(struct cgroup_root *root)
 	cgroup_free_root(root);
 }
 
+/*
+ * Returned cgroup is without refcount but it's valid as long as cset pins it.
+ */
 static inline struct cgroup *__cset_cgroup_from_root(struct css_set *cset,
 					    struct cgroup_root *root)
 {
 	struct cgroup *res_cgroup = NULL;
 
+	lockdep_assert_held(&css_set_lock);
+
 	if (cset == &init_css_set) {
 		res_cgroup = &root->cgrp;
 	} else if (root == &cgrp_dfl_root) {
@@ -1426,8 +1431,6 @@ current_cgns_cgroup_from_root(struct cgroup_root *root)
 	struct cgroup *res = NULL;
 	struct css_set *cset;
 
-	lockdep_assert_held(&css_set_lock);
-
 	rcu_read_lock();
 
 	cset = current->nsproxy->cgroup_ns->root_cset;
@@ -1446,7 +1449,6 @@ static struct cgroup *cset_cgroup_from_root(struct css_set *cset,
 	struct cgroup *res = NULL;
 
 	lockdep_assert_held(&cgroup_mutex);
-	lockdep_assert_held(&css_set_lock);
 
 	res = __cset_cgroup_from_root(cset, root);
 
@@ -1861,8 +1863,8 @@ int cgroup_show_path(struct seq_file *sf, struct kernfs_node *kf_node,
 
 	spin_lock_irq(&css_set_lock);
 	ns_cgroup = current_cgns_cgroup_from_root(kf_cgroot);
-	len = kernfs_path_from_node(kf_node, ns_cgroup->kn, buf, PATH_MAX);
 	spin_unlock_irq(&css_set_lock);
+	len = kernfs_path_from_node(kf_node, ns_cgroup->kn, buf, PATH_MAX);
 
 	if (len >= PATH_MAX)
 		len = -ERANGE;
@@ -6649,8 +6651,8 @@ struct cgroup *cgroup_get_from_path(const char *path)
 
 	spin_lock_irq(&css_set_lock);
 	root_cgrp = current_cgns_cgroup_from_root(&cgrp_dfl_root);
-	kn = kernfs_walk_and_get(root_cgrp->kn, path);
 	spin_unlock_irq(&css_set_lock);
+	kn = kernfs_walk_and_get(root_cgrp->kn, path);
 	if (!kn)
 		goto out;
 

base-commit: c0f2df49cf2471289d5aabf16f50ac26eb268f7d
-- 
2.37.0


[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 228 bytes --]

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [bug report] cgroup: Honor caller's cgroup NS when resolving path
  2022-08-31  9:00 ` Michal Koutný
@ 2022-08-31 10:07   ` Dan Carpenter
  2022-09-04 19:40   ` Tejun Heo
  1 sibling, 0 replies; 4+ messages in thread
From: Dan Carpenter @ 2022-08-31 10:07 UTC (permalink / raw)
  To: Michal Koutný; +Cc: Tejun Heo, kernel-janitors

On Wed, Aug 31, 2022 at 11:00:42AM +0200, Michal Koutný wrote:
> Hello Dan Carpenter.
> 
> On Wed, Aug 31, 2022 at 10:08:09AM +0300, Dan Carpenter <dan.carpenter@oracle.com> wrote:
> > The kernfs_walk_and_get() function calls down_read() (a semaphore) so
> > it can't be called while holding a spinlock.
> 
> Thanks for the report (I should have looked deeper into
> kernfs_walk_and_get).
> 
> I'd propose a patch like bellow.
> 
> Are you OK with adding 
> > Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> as I'll send the proposed patch to public mailing lists.
> 

Yes, please.  Thanks!

regards,
dan carpenter


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [bug report] cgroup: Honor caller's cgroup NS when resolving path
  2022-08-31  9:00 ` Michal Koutný
  2022-08-31 10:07   ` Dan Carpenter
@ 2022-09-04 19:40   ` Tejun Heo
  1 sibling, 0 replies; 4+ messages in thread
From: Tejun Heo @ 2022-09-04 19:40 UTC (permalink / raw)
  To: Michal Koutný; +Cc: Dan Carpenter, kernel-janitors

Hello,

On Wed, Aug 31, 2022 at 11:00:42AM +0200, Michal Koutný wrote:
> +/*
> + * Returned cgroup is without refcount but it's valid as long as cset pins it.
> + */
>  static inline struct cgroup *__cset_cgroup_from_root(struct css_set *cset,
>  					    struct cgroup_root *root)

Yeah but what prevents the task from migrating away unpinning the whole
thing? Can you just get the ref on the cgroup before releasing css_set?
That's not an expensive operation and a lot more straightforward.

Thanks.

-- 
tejun

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2022-09-04 19:40 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-08-31  7:08 [bug report] cgroup: Honor caller's cgroup NS when resolving path Dan Carpenter
2022-08-31  9:00 ` Michal Koutný
2022-08-31 10:07   ` Dan Carpenter
2022-09-04 19:40   ` Tejun Heo

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).