On Wed, Jul 26, 2017 at 01:05:23PM +0100, Matt Fleming wrote: > On Tue, 25 Jul, at 11:04:39AM, Greg KH wrote: > > On Thu, Jul 20, 2017 at 02:53:09PM +0100, Matt Fleming wrote: > > > From: Konstantin Khlebnikov <khlebnikov@xxxxxxxxxxxxxx> > > > > > > commit 96b777452d8881480fd5be50112f791c17db4b6b upstream. > > > > > > Commit: > > > > > > 2f5177f0fd7e ("sched/cgroup: Fix/cleanup cgroup teardown/init") > > > > > > .. moved sched_online_group() from css_online() to css_alloc(). > > > It exposes half-baked task group into global lists before initializing > > > generic cgroup stuff. > > > > > > LTP testcase (third in cgroup_regression_test) written for testing > > > similar race in kernels 2.6.26-2.6.28 easily triggers this oops: > > > > > > BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 > > > IP: kernfs_path_from_node_locked+0x260/0x320 > > > CPU: 1 PID: 30346 Comm: cat Not tainted 4.10.0-rc5-test #4 > > > Call Trace: > > > ? kernfs_path_from_node+0x4f/0x60 > > > kernfs_path_from_node+0x3e/0x60 > > > print_rt_rq+0x44/0x2b0 > > > print_rt_stats+0x7a/0xd0 > > > print_cpu+0x2fc/0xe80 > > > ? __might_sleep+0x4a/0x80 > > > sched_debug_show+0x17/0x30 > > > seq_read+0xf2/0x3b0 > > > proc_reg_read+0x42/0x70 > > > __vfs_read+0x28/0x130 > > > ? security_file_permission+0x9b/0xc0 > > > ? rw_verify_area+0x4e/0xb0 > > > vfs_read+0xa5/0x170 > > > SyS_read+0x46/0xa0 > > > entry_SYSCALL_64_fastpath+0x1e/0xad > > > > > > Here the task group is already linked into the global RCU-protected 'task_groups' > > > list, but the css->cgroup pointer is still NULL. > > > > > > This patch reverts this chunk and moves online back to css_online(). > > > > > > Signed-off-by: Konstantin Khlebnikov <khlebnikov@xxxxxxxxxxxxxx> > > > Signed-off-by: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx> > > > Cc: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> > > > Cc: Peter Zijlstra <peterz@xxxxxxxxxxxxx> > > > Cc: Tejun Heo <tj@xxxxxxxxxx> > > > Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx> > > > Fixes: 2f5177f0fd7e ("sched/cgroup: Fix/cleanup cgroup teardown/init") > > > Link: http://lkml.kernel.org/r/148655324740.424917.5302984537258726349.stgit@buzz > > > Signed-off-by: Ingo Molnar <mingo@xxxxxxxxxx> > > > Signed-off-by: Matt Fleming <matt@xxxxxxxxxxxxxxxxxxx> > > > --- > > > kernel/sched/core.c | 14 ++++++++++++-- > > > 1 file changed, 12 insertions(+), 2 deletions(-) > > > > What about 4.9-stable, this should go there too, right? > > Yes, good catch. Would you like me to send a separate patch? If it needs a backport and a simple cherry-pick does not work, yes please. thanks, greg k-h