On Tue, Sep 02, 2025 at 02:21:25PM -0400, Waiman Long wrote:
On 9/2/25 1:14 PM, Waiman Long wrote:
On 9/2/25 12:26 AM, Ashay Jaiswal wrote:
In cpuset hotplug handling, temporary cpumasks are allocated only when running under cgroup v2. The current code unconditionally frees these masks, which can lead to a crash on cgroup v1 case.
Free the temporary cpumasks only when they were actually allocated.
Fixes: 4b842da276a8 ("cpuset: Make CPU hotplug work with partition") Cc: stable@vger.kernel.org Signed-off-by: Ashay Jaiswal quic_ashayj@quicinc.com
kernel/cgroup/cpuset.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/kernel/cgroup/cpuset.c b/kernel/cgroup/cpuset.c index a78ccd11ce9b43c2e8b0e2c454a8ee845ebdc808..a4f908024f3c0a22628a32f8a5b0ae96c7dccbb9 100644 --- a/kernel/cgroup/cpuset.c +++ b/kernel/cgroup/cpuset.c @@ -4019,7 +4019,8 @@ static void cpuset_handle_hotplug(void) if (force_sd_rebuild) rebuild_sched_domains_cpuslocked(); - free_tmpmasks(ptmp); + if (on_dfl && ptmp) + free_tmpmasks(ptmp); } void cpuset_update_active_cpus(void)
The patch that introduces the bug is actually commit 5806b3d05165 ("cpuset: decouple tmpmasks and cpumasks freeing in cgroup") which removes the NULL check. The on_dfl check is not necessary and I would suggest adding the NULL check in free_tmpmasks().
As this email was bounced back from your email account because it is full, I decide to send out another patch on your behalf. Note that this affects only the linux-next tree as the commit to be fixed isn't merged into the mainline yet. There is no need for stable branch backport.
Thank you for your help, and I apologize for the email bouncing back.
Cheers, Longman