Commit d65ce03d authored Mar 30, 2025 by Waiman Long Committed by Greg Kroah-Hartman Aug 13, 2025

UPSTREAM: cgroup/cpuset: Fix race between newly created partition and dying one



[ Upstream commit a22b3d54 ]

There is a possible race between removing a cgroup diectory that is
a partition root and the creation of a new partition.  The partition
to be removed can be dying but still online, it doesn't not currently
participate in checking for exclusive CPUs conflict, but the exclusive
CPUs are still there in subpartitions_cpus and isolated_cpus. These
two cpumasks are global states that affect the operation of cpuset
partitions. The exclusive CPUs in dying cpusets will only be removed
when cpuset_css_offline() function is called after an RCU delay.

As a result, it is possible that a new partition can be created with
exclusive CPUs that overlap with those of a dying one. When that dying
partition is finally offlined, it removes those overlapping exclusive
CPUs from subpartitions_cpus and maybe isolated_cpus resulting in an
incorrect CPU configuration.

This bug was found when a warning was triggered in
remote_partition_disable() during testing because the subpartitions_cpus
mask was empty.

One possible way to fix this is to iterate the dying cpusets as well and
avoid using the exclusive CPUs in those dying cpusets. However, this
can still cause random partition creation failures or other anomalies
due to racing. A better way to fix this race is to reset the partition
state at the moment when a cpuset is being killed.

Introduce a new css_killed() CSS function pointer and call it, if
defined, before setting CSS_DYING flag in kill_css(). Also update the
css_is_dying() helper to use the CSS_DYING flag introduced by commit
33c35aa4 ("cgroup: Prevent kill_css() from being called more than
once") for proper synchronization.

Add a new cpuset_css_killed() function to reset the partition state of
a valid partition root if it is being killed.

Fixes: ee8dde0c ("cpuset: Add new v2 cpuset.sched.partition flag")
Change-Id: I0a25bdb5641cda7c5d86c99e34ce9e47a0115641
Signed-off-by: Waiman Long <longman@redhat.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit cdb6e724)
Bug: 437846539
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>

parent a1f3f127

Show whitespace changes

Inline Side-by-side

CodeLinaro @codelinaro
mentioned in commit e7ac44a8
· Nov 05, 2025

mentioned in commit e7ac44a8

mentioned in commit e7ac44a8cab8e358200a42057a59a52391bdba49

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 0740c125
· Nov 05, 2025

mentioned in commit 0740c125

mentioned in commit 0740c125fc3d6da805ed6bb56c8e8750e9833c09

Toggle commit list

Please to comment