Re: [PATCH v4.4.y] sched/cgroup: Move sched_online_group() back into css_online() to fix crash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Jul 20, 2017 at 02:53:09PM +0100, Matt Fleming wrote:
> From: Konstantin Khlebnikov <khlebnikov@xxxxxxxxxxxxxx>
> 
> commit 96b777452d8881480fd5be50112f791c17db4b6b upstream.
> 
> Commit:
> 
>   2f5177f0fd7e ("sched/cgroup: Fix/cleanup cgroup teardown/init")
> 
> .. moved sched_online_group() from css_online() to css_alloc().
> It exposes half-baked task group into global lists before initializing
> generic cgroup stuff.
> 
> LTP testcase (third in cgroup_regression_test) written for testing
> similar race in kernels 2.6.26-2.6.28 easily triggers this oops:
> 
>   BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
>   IP: kernfs_path_from_node_locked+0x260/0x320
>   CPU: 1 PID: 30346 Comm: cat Not tainted 4.10.0-rc5-test #4
>   Call Trace:
>   ? kernfs_path_from_node+0x4f/0x60
>   kernfs_path_from_node+0x3e/0x60
>   print_rt_rq+0x44/0x2b0
>   print_rt_stats+0x7a/0xd0
>   print_cpu+0x2fc/0xe80
>   ? __might_sleep+0x4a/0x80
>   sched_debug_show+0x17/0x30
>   seq_read+0xf2/0x3b0
>   proc_reg_read+0x42/0x70
>   __vfs_read+0x28/0x130
>   ? security_file_permission+0x9b/0xc0
>   ? rw_verify_area+0x4e/0xb0
>   vfs_read+0xa5/0x170
>   SyS_read+0x46/0xa0
>   entry_SYSCALL_64_fastpath+0x1e/0xad
> 
> Here the task group is already linked into the global RCU-protected 'task_groups'
> list, but the css->cgroup pointer is still NULL.
> 
> This patch reverts this chunk and moves online back to css_online().
> 
> Signed-off-by: Konstantin Khlebnikov <khlebnikov@xxxxxxxxxxxxxx>
> Signed-off-by: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx>
> Cc: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
> Cc: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
> Cc: Tejun Heo <tj@xxxxxxxxxx>
> Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
> Fixes: 2f5177f0fd7e ("sched/cgroup: Fix/cleanup cgroup teardown/init")
> Link: http://lkml.kernel.org/r/148655324740.424917.5302984537258726349.stgit@buzz
> Signed-off-by: Ingo Molnar <mingo@xxxxxxxxxx>
> Signed-off-by: Matt Fleming <matt@xxxxxxxxxxxxxxxxxxx>
> ---
>  kernel/sched/core.c | 14 ++++++++++++--
>  1 file changed, 12 insertions(+), 2 deletions(-)

What about 4.9-stable, this should go there too, right?

thanks,

greg k-h
[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]