From patchwork Mon Jun 26 20:17:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Suren Baghdasaryan X-Patchwork-Id: 113122 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp7739944vqr; Mon, 26 Jun 2023 13:36:02 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4aPloF+XTgEb6nDcuTHAG4iXTTA5XPzH/LLzkRMHz2G0V4j63vid+R81xt4cuCGjKZQUBK X-Received: by 2002:aa7:cac3:0:b0:514:a565:6e28 with SMTP id l3-20020aa7cac3000000b00514a5656e28mr21860543edt.18.1687811762716; Mon, 26 Jun 2023 13:36:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1687811762; cv=none; d=google.com; s=arc-20160816; b=Qd29ShKl5ALw7adFl0IDLdpH3FzYplH0IXZyGM6xJQVxB+tw395Huef4BuURFimQXc 2u0Ju2PdxmlFMY1MUKi0jMiTzHrzsrk3GF1ZXspfs+sOWYoFjcRZIcj9p7YFLuQ7xdyM 27qNAxFAObk3ywb65h1UIWU0lWzIHxIhu4OxjUx8b5/bodbyrlRz5EkXbH5HSdvdQaXP NpyYiUhwHpufIJ8RtKuW/GGrxuGY1ENXdNCqnIyNoPH6A51fXcI+35otfdHaEcvOzvLR UClzOoRQiCM88MRkk1DF15r63RY/8Ql9dFuysP5QtBLsUjk7ULm0+Fv5pX74cpKqH1vJ bZcw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:mime-version:date :dkim-signature; bh=vzLka2g6v99bvwFV0X8erM243tNvsLeL+nN3D/Woyf0=; fh=SG7FaKqktxjaL//GnpCiDbfE7O3hWsbA9GHbppHbLnc=; b=pGvOMHklb7IP2RjSOFwKVypVlvLKOt/+1WO1DWFyTGzbsI1qYt3VosByH+ZWgcu6H3 3Wruq0BRaYUoVqwGmocHn7iN/nOBto3ExZUFJqmHt0mX1dI9oLkGfeUdQrdU1R4hTGSV KtSC+7BurJ4r3XUtTMZEO06HE/ThKV+WCH+sFenU+BfrxdNX4TpjYCuiaFCnvo90O1Ed ed3L8bVI1iMi2w2WOu6cMxcU4Slw6WTLpL/L288yIRserqpqNmC2q9fZxLS/R/rpWGxH KaXMLoeJ7a17JPOBx8wxN4z3npZv/g0KDvvo7jHl6CdLHwSG2owQft+KYqNDTjtRyOh6 CRbw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=jl3ESW4p; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id d7-20020a50fe87000000b0051a48e2d185si2812875edt.286.2023.06.26.13.35.32; Mon, 26 Jun 2023 13:36:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=jl3ESW4p; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230138AbjFZURX (ORCPT + 99 others); Mon, 26 Jun 2023 16:17:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60496 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229771AbjFZURS (ORCPT ); Mon, 26 Jun 2023 16:17:18 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9708EE4 for ; Mon, 26 Jun 2023 13:17:17 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id 3f1490d57ef6-bfebb1beeccso4928017276.2 for ; Mon, 26 Jun 2023 13:17:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1687810637; x=1690402637; h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject :date:message-id:reply-to; bh=vzLka2g6v99bvwFV0X8erM243tNvsLeL+nN3D/Woyf0=; b=jl3ESW4pRptTgPA5siTyuZi4Dv3eIpwdoknSH2LtwJcVtjBKPOgQ/jrinpHbp8cp4s 8kSuu4XpwQmNnDQ34kEm7SQ7FU/IidUCr0Es6Oq/JpJ4mxp6PHuI8lfioEOahtA7dHsb jU4tx4EK3uBQNEedRuvCWVgDSq0ipOoGvYFPpOAkHrQncUr7IXPp19yFx8S58+RQepSu gkBV0cFLMLaTSJSqn1Ngc7VTqUzsVuRg/7f1b5T22ZqC6lJiqdZNF1Rjopj9DmlBF9SL myqVI1CiOkrEIaXqYglvWuiSxyOn57nNgpoSKfltpgNFmeWDx7k04QmqaUfYKpfF6gKB kNpg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687810637; x=1690402637; h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=vzLka2g6v99bvwFV0X8erM243tNvsLeL+nN3D/Woyf0=; b=aM3NQ7nhPmWCyubYlrCW0jAj1RES20rcTU9dvAndImd0oYzkHKDKbH/HLzJlCtaLJn iQAEJ/3uj5U0xlSOb7QmjT1lnjKY0gmbpb5DKwO2gIoDptIqGaXLJo904zPHMb6PfpbJ ZFMwAOK5DisZ9FhU6IAId0/Nnw8ie34ofRRcOc+K6ntjHGQkMvLo0xrreX1VkEPAnznV eOo+w5xn7GPk/wShW+CLkLnChrfBf2wLTvFIq+bGD7or2SUw2RNh9HoE9nHiHV3UkUSe 61h+UDAykByEuAJQjWgoT3tW+Ig5Zj92zih7359DQ48Q4QqpZJNvPtxJMsaw44t17A1l ElVw== X-Gm-Message-State: AC+VfDw3LctRoQemV8cyQfMavulm3K7Qcsgis6NNl4JBIKyiYr3qt/c4 I5S9GxCmi6MwkW1xOQdDFLY/rOqfou4= X-Received: from surenb-desktop.mtv.corp.google.com ([2620:15c:211:201:5075:f38d:ce2f:eb1b]) (user=surenb job=sendgmr) by 2002:a05:6902:91:b0:ba8:6dc0:cacf with SMTP id h17-20020a056902009100b00ba86dc0cacfmr6468725ybs.12.1687810636851; Mon, 26 Jun 2023 13:17:16 -0700 (PDT) Date: Mon, 26 Jun 2023 13:17:12 -0700 Mime-Version: 1.0 X-Mailer: git-send-email 2.41.0.162.gfafddb0af9-goog Message-ID: <20230626201713.1204982-1-surenb@google.com> Subject: [PATCH 1/2] kernfs: add kernfs_ops.free operation to free resources tied to the file From: Suren Baghdasaryan To: tj@kernel.org Cc: gregkh@linuxfoundation.org, peterz@infradead.org, lujialin4@huawei.com, lizefan.x@bytedance.com, hannes@cmpxchg.org, mingo@redhat.com, ebiggers@kernel.org, oleg@redhat.com, akpm@linux-foundation.org, viro@zeniv.linux.org.uk, brauner@kernel.org, juri.lelli@redhat.com, vincent.guittot@linaro.org, dietmar.eggemann@arm.com, rostedt@goodmis.org, bsegall@google.com, mgorman@suse.de, bristot@redhat.com, vschneid@redhat.com, linux-kernel@vger.kernel.org, cgroups@vger.kernel.org, linux-fsdevel@vger.kernel.org, kernel-team@android.com, surenb@google.com X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1769798128308158963?= X-GMAIL-MSGID: =?utf-8?q?1769798907157344137?= kernfs_ops.release operation can be called from kernfs_drain_open_files which is not tied to the file's real lifecycle. Introduce a new kernfs_ops free operation which is called only when the last fput() of the file is performed and therefore is strictly tied to the file's lifecycle. This operation will be used for freeing resources tied to the file, like waitqueues used for polling the file. Signed-off-by: Suren Baghdasaryan --- fs/kernfs/file.c | 8 +++++--- include/linux/kernfs.h | 5 +++++ 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/fs/kernfs/file.c b/fs/kernfs/file.c index 40c4661f15b7..acc52d23d8f6 100644 --- a/fs/kernfs/file.c +++ b/fs/kernfs/file.c @@ -766,7 +766,7 @@ static int kernfs_fop_open(struct inode *inode, struct file *file) /* used from release/drain to ensure that ->release() is called exactly once */ static void kernfs_release_file(struct kernfs_node *kn, - struct kernfs_open_file *of) + struct kernfs_open_file *of, bool final) { /* * @of is guaranteed to have no other file operations in flight and @@ -787,6 +787,8 @@ static void kernfs_release_file(struct kernfs_node *kn, of->released = true; of_on(of)->nr_to_release--; } + if (final && kn->attr.ops->free) + kn->attr.ops->free(of); } static int kernfs_fop_release(struct inode *inode, struct file *filp) @@ -798,7 +800,7 @@ static int kernfs_fop_release(struct inode *inode, struct file *filp) struct mutex *mutex; mutex = kernfs_open_file_mutex_lock(kn); - kernfs_release_file(kn, of); + kernfs_release_file(kn, of, true); mutex_unlock(mutex); } @@ -852,7 +854,7 @@ void kernfs_drain_open_files(struct kernfs_node *kn) } if (kn->flags & KERNFS_HAS_RELEASE) - kernfs_release_file(kn, of); + kernfs_release_file(kn, of, false); } WARN_ON_ONCE(on->nr_mmapped || on->nr_to_release); diff --git a/include/linux/kernfs.h b/include/linux/kernfs.h index 73f5c120def8..a7e404ff31bb 100644 --- a/include/linux/kernfs.h +++ b/include/linux/kernfs.h @@ -273,6 +273,11 @@ struct kernfs_ops { */ int (*open)(struct kernfs_open_file *of); void (*release)(struct kernfs_open_file *of); + /* + * Free resources tied to the lifecycle of the file, like a + * waitqueue used for polling. + */ + void (*free)(struct kernfs_open_file *of); /* * Read is handled by either seq_file or raw_read(). From patchwork Mon Jun 26 20:17:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Suren Baghdasaryan X-Patchwork-Id: 113121 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp7734051vqr; Mon, 26 Jun 2023 13:23:54 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4aUdCp+2VyU18DNEfvQPJg0H6skmGGo2r5QorSpMdTcuuvFdbNIX7R6+0qZR3RpmJIlBGY X-Received: by 2002:a17:902:7591:b0:1b5:67c6:f669 with SMTP id j17-20020a170902759100b001b567c6f669mr5369444pll.64.1687811034013; Mon, 26 Jun 2023 13:23:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1687811033; cv=none; d=google.com; s=arc-20160816; b=NK5VuBgJ+iAhhNdEX5aljDIuVTCjaOnd1XBDVOF8WycExj0dPa0o4AMYqbxHGHfQPN lyoMUMVWVwcCeyc7taDlTaWDhia5N9vjEgkDr4TEExYo08TyrtplfjDV4obo32AQl50Y VWBGmtZbNUs6zPEcyP1xlk/RbJ++moRlHOsTvluoJgk5ZHTc0hQ6mkEWo6zgQRBtY+// XavNMG6wacaDiZ4owR49ReCasgzzWFuEeO3hvMyFhyms4ooItsQfsUI0/Z/F2dcP9qA2 ABvb9H5DxUZVwhQSDv0+btVjO8y60ZvPKsU2CvoKLk/i3VUIWQetpVLX/mMCOFqWbqz2 wn5w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:dkim-signature; bh=Sq8+wU1+ftupKRzTavGvuGzAv+IrA9NsG4RPXvRV+Hg=; fh=SG7FaKqktxjaL//GnpCiDbfE7O3hWsbA9GHbppHbLnc=; b=VsC7qL6fPlLATGP3R2lm9JXph2HwFzjO43XFzlK2DJU/rdGx/elLLWeiK9/97kaK70 l5CEuxnHY6yr2vQZWDUQZrd+zPUlktsG80PuXvVddpH7++iXwE3Vm03ysNJ5ghyZLjQZ syNSJOLuqPYGsWGM3QWI2u8idnAXUuGJHq2RFh9NG7P6I7aFi8fRzAajRsMHhxWKrnx+ xgXrFlxiMy3M5d4Umb9Aoc1eRqkU0WniZYVEMzLBpYaKYu0ThOqANCE1x8Zwhn3o4s7Q W0AfHTbqsUm95RAMyn12fKosqvoUz8yOGDUrXy0WmmCl/eguVXLvnuzrWvbVFjL9jQuh 9xqw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=2d0SSP77; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id bf11-20020a170902b90b00b001a68f933777si5363580plb.245.2023.06.26.13.23.41; Mon, 26 Jun 2023 13:23:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=2d0SSP77; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229939AbjFZUR0 (ORCPT + 99 others); Mon, 26 Jun 2023 16:17:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60518 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229841AbjFZURW (ORCPT ); Mon, 26 Jun 2023 16:17:22 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C79F6F2 for ; Mon, 26 Jun 2023 13:17:19 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id 3f1490d57ef6-bfae0f532e4so4776920276.2 for ; Mon, 26 Jun 2023 13:17:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1687810639; x=1690402639; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=Sq8+wU1+ftupKRzTavGvuGzAv+IrA9NsG4RPXvRV+Hg=; b=2d0SSP77yGd4ZQlpVXn6Esny2V4NSGEGR5oafruotot9uscE8sjU7Jh7A1DGeOTqy9 CuMWKEY+FRpMia9A/yIf99c2NWkCdQ+wZHAKbW2FOxGXxyX7aZvduGJ7958Ph98CQkDu g7Kfp5+LOAEeEs5cXK4CeqrYApQd9Rj/qgUuwVTdstap1H6fmBPcQRRdWXzgb3dLOpoa lkkP4QVsYQ5JwA83o0mir5tTEY8n8DJhts7Th2lGirLGMgxwcksn5pyklD+lH2E/4Tae 5uIu1VHl7k1u5gwH52OcxLWPX8PcO/5UV3kKAsmY/m3YgBVRz/cX2PaSWor0jCNPj5ra 3jiA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687810639; x=1690402639; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Sq8+wU1+ftupKRzTavGvuGzAv+IrA9NsG4RPXvRV+Hg=; b=eW3SyU0P8vSUtNfXPtK4XxZNkGw9sj5FMb4j7RESxhyLCr42EiDQhVf3QkHRtRrpan G+WUHrOQEUDp1Qihi7iHJaznfaeNZhYTcZQmCBTPnoHDq09bM7XtnCh/MOhmyE6Hpqdr +dgbLcB5+7EQGfCqQwqpzCnhroDznnAYDwN2MAS/D8+bl1mr4FsBvRz6ANfBF9AAdUtP h10kCj+h/oW/AND9MUiPtJ1l9XezQZXNexXf/c5xwB04u/4TmlCgiXm37rjOXrvBXy/o 1W1EIyDRSIzYrBFr7ETZGpY42Bp+lCWonfETFL0EcVFIYpQrXrTJEnexEFZ4mmKgedTi 9Ldg== X-Gm-Message-State: AC+VfDwvuJNNaKOvZdwDywcaswttfXoHXHS93vBssSOBCbCLx3S77v7K +MxqCMuP7m1BlcPGO5HJeIAkAQc751k= X-Received: from surenb-desktop.mtv.corp.google.com ([2620:15c:211:201:5075:f38d:ce2f:eb1b]) (user=surenb job=sendgmr) by 2002:a25:dfc2:0:b0:c1d:b0f8:752a with SMTP id w185-20020a25dfc2000000b00c1db0f8752amr1848392ybg.3.1687810639016; Mon, 26 Jun 2023 13:17:19 -0700 (PDT) Date: Mon, 26 Jun 2023 13:17:13 -0700 In-Reply-To: <20230626201713.1204982-1-surenb@google.com> Mime-Version: 1.0 References: <20230626201713.1204982-1-surenb@google.com> X-Mailer: git-send-email 2.41.0.162.gfafddb0af9-goog Message-ID: <20230626201713.1204982-2-surenb@google.com> Subject: [PATCH 2/2] sched/psi: tie psi trigger destruction with file's lifecycle From: Suren Baghdasaryan To: tj@kernel.org Cc: gregkh@linuxfoundation.org, peterz@infradead.org, lujialin4@huawei.com, lizefan.x@bytedance.com, hannes@cmpxchg.org, mingo@redhat.com, ebiggers@kernel.org, oleg@redhat.com, akpm@linux-foundation.org, viro@zeniv.linux.org.uk, brauner@kernel.org, juri.lelli@redhat.com, vincent.guittot@linaro.org, dietmar.eggemann@arm.com, rostedt@goodmis.org, bsegall@google.com, mgorman@suse.de, bristot@redhat.com, vschneid@redhat.com, linux-kernel@vger.kernel.org, cgroups@vger.kernel.org, linux-fsdevel@vger.kernel.org, kernel-team@android.com, surenb@google.com X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1769798142806575784?= X-GMAIL-MSGID: =?utf-8?q?1769798142806575784?= Destroying psi trigger in cgroup_file_release causes UAF issues when a cgroup is removed from under a polling process. This is happening because cgroup removal causes a call to cgroup_file_release via this path: do_rmdir cgroup_rmdir kernfs_drain_open_files cgroup_file_release cgroup_pressure_release while the actual file is still alive. Destroying the trigger at this point would also destroy its waitqueue head and if there is still a polling process on that file accessing the waitqueue, it will step on a freed pointer. Patch [1] fixed this issue for epoll() case using wake_up_pollfree(), however the same issue exists for synchronous poll() case. The root cause of this issue is that the lifecycles of the psi trigger's waitqueue and of the file associated with the trigger are different. Fix this by destroying the trigger from inside kernfs_ops.free operation which is tied to the last fput() of the file. This also renders the fix in [1] obsolete, so revert it. [1] commit c2dbe32d5db5 ("sched/psi: Fix use-after-free in ep_remove_wait_queue()") Reported-by: Lu Jialin Closes: https://lore.kernel.org/all/20230613062306.101831-1-lujialin4@huawei.com/ Signed-off-by: Suren Baghdasaryan --- include/linux/cgroup-defs.h | 1 + include/linux/psi.h | 6 +++++- kernel/cgroup/cgroup.c | 29 ++++++++++++++++++++++++++++- kernel/sched/psi.c | 13 ++++++------- 4 files changed, 40 insertions(+), 9 deletions(-) diff --git a/include/linux/cgroup-defs.h b/include/linux/cgroup-defs.h index 8a0d5466c7be..6f5230a8821f 100644 --- a/include/linux/cgroup-defs.h +++ b/include/linux/cgroup-defs.h @@ -598,6 +598,7 @@ struct cftype { int (*open)(struct kernfs_open_file *of); void (*release)(struct kernfs_open_file *of); + void (*free)(struct kernfs_open_file *of); /* * read_u64() is a shortcut for the common case of returning a diff --git a/include/linux/psi.h b/include/linux/psi.h index ab26200c2803..ebb4c7efba84 100644 --- a/include/linux/psi.h +++ b/include/linux/psi.h @@ -25,7 +25,11 @@ void psi_memstall_leave(unsigned long *flags); int psi_show(struct seq_file *s, struct psi_group *group, enum psi_res res); struct psi_trigger *psi_trigger_create(struct psi_group *group, char *buf, enum psi_res res, struct file *file); -void psi_trigger_destroy(struct psi_trigger *t); +void psi_trigger_disable(struct psi_trigger *t); +static inline void psi_trigger_destroy(struct psi_trigger *t) +{ + kfree(t); +} __poll_t psi_trigger_poll(void **trigger_ptr, struct file *file, poll_table *wait); diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c index 4d42f0cbc11e..62e91ce6ca20 100644 --- a/kernel/cgroup/cgroup.c +++ b/kernel/cgroup/cgroup.c @@ -3895,6 +3895,13 @@ static void cgroup_pressure_release(struct kernfs_open_file *of) { struct cgroup_file_ctx *ctx = of->priv; + psi_trigger_disable(ctx->psi.trigger); +} + +static void cgroup_pressure_free(struct kernfs_open_file *of) +{ + struct cgroup_file_ctx *ctx = of->priv; + psi_trigger_destroy(ctx->psi.trigger); } @@ -4055,7 +4062,21 @@ static void cgroup_file_release(struct kernfs_open_file *of) if (cft->release) cft->release(of); put_cgroup_ns(ctx->ns); - kfree(ctx); + /* Keep the context alive until cft->free is called */ + if (!cft->free) + kfree(ctx); +} + +static void cgroup_file_free(struct kernfs_open_file *of) +{ + struct cftype *cft = of_cft(of); + + if (cft->free) { + struct cgroup_file_ctx *ctx = of->priv; + + cft->free(of); + kfree(ctx); + } } static ssize_t cgroup_file_write(struct kernfs_open_file *of, char *buf, @@ -4158,6 +4179,7 @@ static struct kernfs_ops cgroup_kf_single_ops = { .atomic_write_len = PAGE_SIZE, .open = cgroup_file_open, .release = cgroup_file_release, + .free = cgroup_file_free, .write = cgroup_file_write, .poll = cgroup_file_poll, .seq_show = cgroup_seqfile_show, @@ -4167,6 +4189,7 @@ static struct kernfs_ops cgroup_kf_ops = { .atomic_write_len = PAGE_SIZE, .open = cgroup_file_open, .release = cgroup_file_release, + .free = cgroup_file_free, .write = cgroup_file_write, .poll = cgroup_file_poll, .seq_start = cgroup_seqfile_start, @@ -5294,6 +5317,7 @@ static struct cftype cgroup_psi_files[] = { .write = cgroup_io_pressure_write, .poll = cgroup_pressure_poll, .release = cgroup_pressure_release, + .free = cgroup_pressure_free, }, { .name = "memory.pressure", @@ -5302,6 +5326,7 @@ static struct cftype cgroup_psi_files[] = { .write = cgroup_memory_pressure_write, .poll = cgroup_pressure_poll, .release = cgroup_pressure_release, + .free = cgroup_pressure_free, }, { .name = "cpu.pressure", @@ -5310,6 +5335,7 @@ static struct cftype cgroup_psi_files[] = { .write = cgroup_cpu_pressure_write, .poll = cgroup_pressure_poll, .release = cgroup_pressure_release, + .free = cgroup_pressure_free, }, #ifdef CONFIG_IRQ_TIME_ACCOUNTING { @@ -5319,6 +5345,7 @@ static struct cftype cgroup_psi_files[] = { .write = cgroup_irq_pressure_write, .poll = cgroup_pressure_poll, .release = cgroup_pressure_release, + .free = cgroup_pressure_free, }, #endif { diff --git a/kernel/sched/psi.c b/kernel/sched/psi.c index e072f6b31bf3..b4ad50805e08 100644 --- a/kernel/sched/psi.c +++ b/kernel/sched/psi.c @@ -622,7 +622,7 @@ static void psi_schedule_rtpoll_work(struct psi_group *group, unsigned long dela task = rcu_dereference(group->rtpoll_task); /* - * kworker might be NULL in case psi_trigger_destroy races with + * kworker might be NULL in case psi_trigger_disable races with * psi_task_change (hotpath) which can't use locks */ if (likely(task)) @@ -1372,7 +1372,7 @@ struct psi_trigger *psi_trigger_create(struct psi_group *group, return t; } -void psi_trigger_destroy(struct psi_trigger *t) +void psi_trigger_disable(struct psi_trigger *t) { struct psi_group *group; struct task_struct *task_to_destroy = NULL; @@ -1386,11 +1386,10 @@ void psi_trigger_destroy(struct psi_trigger *t) group = t->group; /* - * Wakeup waiters to stop polling and clear the queue to prevent it from - * being accessed later. Can happen if cgroup is deleted from under a - * polling process. + * Wakeup waiters to stop polling. Can happen if cgroup is deleted + * from under a polling process. */ - wake_up_pollfree(&t->event_wait); + wake_up_interruptible(&t->event_wait); if (t->aggregator == PSI_AVGS) { mutex_lock(&group->avgs_lock); @@ -1446,7 +1445,6 @@ void psi_trigger_destroy(struct psi_trigger *t) kthread_stop(task_to_destroy); atomic_set(&group->rtpoll_scheduled, 0); } - kfree(t); } __poll_t psi_trigger_poll(void **trigger_ptr, @@ -1573,6 +1571,7 @@ static int psi_fop_release(struct inode *inode, struct file *file) { struct seq_file *seq = file->private_data; + psi_trigger_disable(seq->private); psi_trigger_destroy(seq->private); return single_release(inode, file); }