Re: Bug in cgroup_do_mount()?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello, David.

On Tue, Jun 13, 2017 at 03:27:27PM +0100, David Howells wrote:
> I'm having a go at converting cgroups to use my fs_context stuff, and I've
> spotted a potential bug in the existing code.  In cgroup_do_mount(), there is
> the following snippet:
> 
> 		mutex_lock(&cgroup_mutex);
> 		spin_lock_irq(&css_set_lock);
> 
> 		cgrp = cset_cgroup_from_root(ns->root_cset, root);
> 
> 		spin_unlock_irq(&css_set_lock);
> 		mutex_unlock(&cgroup_mutex);
> 
> 		nsdentry = kernfs_node_dentry(cgrp->kn, dentry->d_sb);
> 
> Given that locks must be taken to call cset_cgroup_from_root(), is the value
> of cgrp trustworthy once the locks are dropped?

Heh, yeah, that does look suspicious.  The css_set_lock is protecting
the list structure itself and cgroup_mutex is required to exclude
cgroup destruction and migration; however, the ns is pinning the
root_cset which is immutable and in turn pins the cgroups which are
associated with it, so the cgroup will stay pinned even after the
mutex is dropped.

The mutex lock there is to satisfy the lockdep assertion inside
cset_cgroup_from_root().  We definitely should add a comment there
explaining what's going on.

Thanks.

-- 
tejun
--
To unsubscribe from this list: send the line "unsubscribe cgroups" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]     [Monitors]

  Powered by Linux