Commit e1b2dc17 authored by Tejun Heo's avatar Tejun Heo
Browse files

cgroup: break kernfs active_ref protection in cgroup directory operations 



cgroup_tree_mutex should nest above the kernfs active_ref protection;
however, cgroup_create() and cgroup_rename() were grabbing
cgroup_tree_mutex while under kernfs active_ref protection.  This has
actualy possibility to lead to deadlocks in case these operations race
against cgroup_rmdir() which invokes kernfs_remove() on directory
kernfs_node while holding cgroup_tree_mutex.

Neither cgroup_create() or cgroup_rename() requires active_ref
protection.  The former already has enough synchronization through
cgroup_lock_live_group() and the latter doesn't care, so this can be
fixed by updating both functions to break all active_ref protections
before grabbing cgroup_tree_mutex.

While this patch fixes the immediate issue, it probably needs further
work in the long term - kernfs directories should enable lockdep
annotations and maybe the better way to handle this is marking
directory nodes as not needing active_ref protection rather than
breaking it in each operation.

Signed-off-by: default avatarTejun Heo <tj@kernel.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 1b9aba49

kernel/cgroup.c

+26 −1
Original line number Diff line number Diff line
@@ -2324,6 +2324,14 @@ static int cgroup_rename(struct kernfs_node *kn, struct kernfs_node *new_parent, 
	if (cgroup_sane_behavior(cgrp))

		return -EPERM;



	/*

	 * We're gonna grab cgroup_tree_mutex which nests outside kernfs

	 * active_ref.  kernfs_rename() doesn't require active_ref

	 * protection.  Break them before grabbing cgroup_tree_mutex.

	 */

	kernfs_break_active_protection(new_parent);

	kernfs_break_active_protection(kn);



	mutex_lock(&cgroup_tree_mutex);

	mutex_lock(&cgroup_mutex);
@@ -2331,6 +2339,9 @@ static int cgroup_rename(struct kernfs_node *kn, struct kernfs_node *new_parent, 


	mutex_unlock(&cgroup_mutex);

	mutex_unlock(&cgroup_tree_mutex);



	kernfs_unbreak_active_protection(kn);

	kernfs_unbreak_active_protection(new_parent);

	return ret;

}
@@ -3778,8 +3789,22 @@ static int cgroup_mkdir(struct kernfs_node *parent_kn, const char *name, 
			umode_t mode)

{

	struct cgroup *parent = parent_kn->priv;

	int ret;



	return cgroup_create(parent, name, mode);

	/*

	 * cgroup_create() grabs cgroup_tree_mutex which nests outside

	 * kernfs active_ref and cgroup_create() already synchronizes

	 * properly against removal through cgroup_lock_live_group().

	 * Break it before calling cgroup_create().

	 */

	cgroup_get(parent);

	kernfs_break_active_protection(parent_kn);



	ret = cgroup_create(parent, name, mode);



	kernfs_unbreak_active_protection(parent_kn);

	cgroup_put(parent);

	return ret;

}



/*

CRA Git | Maintained and supported by SUSTech CRA and CCSE