On Fri, Jan 03, 2025 at 10:22:33AM +0800, Chen Ridong <chenridong@xxxxxxxxxxxxxxx> wrote:
> I think the commit 76bb5ab8f6e3 ("cpuset: break kernfs active protection
> in cpuset_write_resmask()") is causing the warning I observed.
I was considering
bdb2fd7fc56e1 ("kernfs: Skip kernfs_drain_open_files() more aggressively")
in conjunction (the warning didn't exist back then).
> writing to 'cpuset_write_resmask' cannot avoid concurrent removal of
> the cgroup directory. Therefore, this could cause the warning.
>
> > As I read kernfs_break_active_protection() comment, I don't see cpuset
> > code violating its conditions:
> > a) it's broken/unbroken from withing a kernfs file operation handler,
> > b) it pins the needed struct cpuset independently of kernfs_node (it's
> > ok to be removed)
> >
> I am not sure if it is safe to call
> kernfs_unbreak_active_protection(atomic_inc(&kn->active)); after the
> 'kn' has been removed.
Thit'd render the break/unbreak mechanism useless if unbreak cannot be
safely used. Users of unbreak know that they may get an inactive
reference. IOW in this part of the race:
kernfs_unbreak_active_protection
// active = 0x80000002
...
kernfs_should_drain_open_files
WARN_ON_ONCE(atomic_read(&kn->active) != KN_DEACTIVATED_BIAS);
kernfs_put_active
the WARN_ON_ONCE seems misplaced if there are expected users of
inactivated reference.
For your concern about atomic_inc(&kn->active)); after the 'kn' has been
removed -- that's a different reference tracking (kn->count) and that
should be enshured by generic VFS due to existence of inode that pins
inode->i_private form kerfs_init_node().
All in all, the patch makes sense as a code cleanup (the deadlock is
gone already) but it doesn't tackle any reference underflow (I'm
bringing this up again because of CVE-2025-21634).
If anything, the warning in kernfs_should_drain_open_files() should be
reviewed.
WDYT?
Michal
