In cpuset hotplug handling, temporary cpumasks are allocated only when running under cgroup v2. The current code unconditionally frees these masks, which can lead to a crash on cgroup v1 case.
Free the temporary cpumasks only when they were actually allocated.
Fixes: 4b842da276a8 ("cpuset: Make CPU hotplug work with partition") Cc: stable@vger.kernel.org Signed-off-by: Ashay Jaiswal quic_ashayj@quicinc.com --- kernel/cgroup/cpuset.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/kernel/cgroup/cpuset.c b/kernel/cgroup/cpuset.c index a78ccd11ce9b43c2e8b0e2c454a8ee845ebdc808..a4f908024f3c0a22628a32f8a5b0ae96c7dccbb9 100644 --- a/kernel/cgroup/cpuset.c +++ b/kernel/cgroup/cpuset.c @@ -4019,7 +4019,8 @@ static void cpuset_handle_hotplug(void) if (force_sd_rebuild) rebuild_sched_domains_cpuslocked();
- free_tmpmasks(ptmp); + if (on_dfl && ptmp) + free_tmpmasks(ptmp); }
void cpuset_update_active_cpus(void)
--- base-commit: 33bcf93b9a6b028758105680f8b538a31bc563cf change-id: 20250902-cpuset-free-on-condition-85cf4eadb18c
Best regards,
On Tue, Sep 02, 2025 at 09:56:17AM +0530, Ashay Jaiswal quic_ashayj@quicinc.com wrote:
In cpuset hotplug handling, temporary cpumasks are allocated only when running under cgroup v2. The current code unconditionally frees these masks, which can lead to a crash on cgroup v1 case.
Free the temporary cpumasks only when they were actually allocated.
Fixes: 4b842da276a8 ("cpuset: Make CPU hotplug work with partition") Cc: stable@vger.kernel.org Signed-off-by: Ashay Jaiswal quic_ashayj@quicinc.com
kernel/cgroup/cpuset.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/kernel/cgroup/cpuset.c b/kernel/cgroup/cpuset.c index a78ccd11ce9b43c2e8b0e2c454a8ee845ebdc808..a4f908024f3c0a22628a32f8a5b0ae96c7dccbb9 100644 --- a/kernel/cgroup/cpuset.c +++ b/kernel/cgroup/cpuset.c @@ -4019,7 +4019,8 @@ static void cpuset_handle_hotplug(void) if (force_sd_rebuild) rebuild_sched_domains_cpuslocked();
- free_tmpmasks(ptmp);
- if (on_dfl && ptmp)
free_tmpmasks(ptmp);}
Can you do if (ptmp) free_tmpmasks(ptmp);
so that v2 check in concentrated in one place only?
Thanks, Michal
On 9/2/25 12:26 AM, Ashay Jaiswal wrote:
In cpuset hotplug handling, temporary cpumasks are allocated only when running under cgroup v2. The current code unconditionally frees these masks, which can lead to a crash on cgroup v1 case.
Free the temporary cpumasks only when they were actually allocated.
Fixes: 4b842da276a8 ("cpuset: Make CPU hotplug work with partition") Cc: stable@vger.kernel.org Signed-off-by: Ashay Jaiswal quic_ashayj@quicinc.com
kernel/cgroup/cpuset.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/kernel/cgroup/cpuset.c b/kernel/cgroup/cpuset.c index a78ccd11ce9b43c2e8b0e2c454a8ee845ebdc808..a4f908024f3c0a22628a32f8a5b0ae96c7dccbb9 100644 --- a/kernel/cgroup/cpuset.c +++ b/kernel/cgroup/cpuset.c @@ -4019,7 +4019,8 @@ static void cpuset_handle_hotplug(void) if (force_sd_rebuild) rebuild_sched_domains_cpuslocked();
- free_tmpmasks(ptmp);
- if (on_dfl && ptmp)
free_tmpmasks(ptmp);void cpuset_update_active_cpus(void)
The patch that introduces the bug is actually commit 5806b3d05165 ("cpuset: decouple tmpmasks and cpumasks freeing in cgroup") which removes the NULL check. The on_dfl check is not necessary and I would suggest adding the NULL check in free_tmpmasks().
Cheers, Longman
On 9/2/25 12:26 AM, Ashay Jaiswal wrote:
In cpuset hotplug handling, temporary cpumasks are allocated only when running under cgroup v2. The current code unconditionally frees these masks, which can lead to a crash on cgroup v1 case.
Free the temporary cpumasks only when they were actually allocated.
Fixes: 4b842da276a8 ("cpuset: Make CPU hotplug work with partition") Cc: stable@vger.kernel.org Signed-off-by: Ashay Jaiswal quic_ashayj@quicinc.com
kernel/cgroup/cpuset.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/kernel/cgroup/cpuset.c b/kernel/cgroup/cpuset.c index a78ccd11ce9b43c2e8b0e2c454a8ee845ebdc808..a4f908024f3c0a22628a32f8a5b0ae96c7dccbb9 100644 --- a/kernel/cgroup/cpuset.c +++ b/kernel/cgroup/cpuset.c @@ -4019,7 +4019,8 @@ static void cpuset_handle_hotplug(void) if (force_sd_rebuild) rebuild_sched_domains_cpuslocked();
- free_tmpmasks(ptmp);
- if (on_dfl && ptmp)
free_tmpmasks(ptmp);void cpuset_update_active_cpus(void)
The patch that introduces the bug is actually commit 5806b3d05165 ("cpuset: decouple tmpmasks and cpumasks freeing in cgroup") which removes the NULL check. The on_dfl check is not necessary and I would suggest adding the NULL check in free_tmpmasks().
Cheers, Longman
On 9/2/25 1:14 PM, Waiman Long wrote:
On 9/2/25 12:26 AM, Ashay Jaiswal wrote:
In cpuset hotplug handling, temporary cpumasks are allocated only when running under cgroup v2. The current code unconditionally frees these masks, which can lead to a crash on cgroup v1 case.
Free the temporary cpumasks only when they were actually allocated.
Fixes: 4b842da276a8 ("cpuset: Make CPU hotplug work with partition") Cc: stable@vger.kernel.org Signed-off-by: Ashay Jaiswal quic_ashayj@quicinc.com
kernel/cgroup/cpuset.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/kernel/cgroup/cpuset.c b/kernel/cgroup/cpuset.c index a78ccd11ce9b43c2e8b0e2c454a8ee845ebdc808..a4f908024f3c0a22628a32f8a5b0ae96c7dccbb9 100644 --- a/kernel/cgroup/cpuset.c +++ b/kernel/cgroup/cpuset.c @@ -4019,7 +4019,8 @@ static void cpuset_handle_hotplug(void) if (force_sd_rebuild) rebuild_sched_domains_cpuslocked(); - free_tmpmasks(ptmp); + if (on_dfl && ptmp) + free_tmpmasks(ptmp); } void cpuset_update_active_cpus(void)
The patch that introduces the bug is actually commit 5806b3d05165 ("cpuset: decouple tmpmasks and cpumasks freeing in cgroup") which removes the NULL check. The on_dfl check is not necessary and I would suggest adding the NULL check in free_tmpmasks().
As this email was bounced back from your email account because it is full, I decide to send out another patch on your behalf. Note that this affects only the linux-next tree as the commit to be fixed isn't merged into the mainline yet. There is no need for stable branch backport.
Cheers, Longman
On Tue, Sep 02, 2025 at 02:21:25PM -0400, Waiman Long wrote:
On 9/2/25 1:14 PM, Waiman Long wrote:
On 9/2/25 12:26 AM, Ashay Jaiswal wrote:
In cpuset hotplug handling, temporary cpumasks are allocated only when running under cgroup v2. The current code unconditionally frees these masks, which can lead to a crash on cgroup v1 case.
Free the temporary cpumasks only when they were actually allocated.
Fixes: 4b842da276a8 ("cpuset: Make CPU hotplug work with partition") Cc: stable@vger.kernel.org Signed-off-by: Ashay Jaiswal quic_ashayj@quicinc.com
kernel/cgroup/cpuset.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/kernel/cgroup/cpuset.c b/kernel/cgroup/cpuset.c index a78ccd11ce9b43c2e8b0e2c454a8ee845ebdc808..a4f908024f3c0a22628a32f8a5b0ae96c7dccbb9 100644 --- a/kernel/cgroup/cpuset.c +++ b/kernel/cgroup/cpuset.c @@ -4019,7 +4019,8 @@ static void cpuset_handle_hotplug(void) if (force_sd_rebuild) rebuild_sched_domains_cpuslocked(); - free_tmpmasks(ptmp); + if (on_dfl && ptmp) + free_tmpmasks(ptmp); } void cpuset_update_active_cpus(void)
The patch that introduces the bug is actually commit 5806b3d05165 ("cpuset: decouple tmpmasks and cpumasks freeing in cgroup") which removes the NULL check. The on_dfl check is not necessary and I would suggest adding the NULL check in free_tmpmasks().
As this email was bounced back from your email account because it is full, I decide to send out another patch on your behalf. Note that this affects only the linux-next tree as the commit to be fixed isn't merged into the mainline yet. There is no need for stable branch backport.
Thank you for your help, and I apologize for the email bouncing back.
Cheers, Longman
linux-stable-mirror@lists.linaro.org
-
Ashay Jaiswal -
Michal Koutný -
Waiman Long