From 5c2815ea50584d2506231f68e061b60641d077eb Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Wed, 12 Mar 2025 06:05:24 +0000 Subject: [PATCH] Revert "cgroup: fix race between fork and cgroup.kill" This reverts commit 28e51dd4f28bf5edb705a41475ee606d766ce375 which is commit b69bb476dee99d564d65d418e9a20acca6f32c3f upstream. It breaks the Android kernel abi and can be brought back in the future in an abi-safe way if it is really needed. Bug: 161946584 Change-Id: I679df65c191344d69cdde76cba10b66ba2bf8e1e Signed-off-by: Greg Kroah-Hartman --- include/linux/cgroup-defs.h | 6 +++--- include/linux/sched/task.h | 1 - kernel/cgroup/cgroup.c | 20 ++++++++------------ 3 files changed, 11 insertions(+), 16 deletions(-) diff --git a/include/linux/cgroup-defs.h b/include/linux/cgroup-defs.h index 79048e6d55f9..6e01f10f0d88 100644 --- a/include/linux/cgroup-defs.h +++ b/include/linux/cgroup-defs.h @@ -71,6 +71,9 @@ enum { /* Cgroup is frozen. */ CGRP_FROZEN, + + /* Control group has to be killed. */ + CGRP_KILL, }; /* cgroup_root->flags */ @@ -421,9 +424,6 @@ struct cgroup { int nr_threaded_children; /* # of live threaded child cgroups */ - /* sequence number for cgroup.kill, serialized by css_set_lock. */ - unsigned int kill_seq; - struct kernfs_node *kn; /* cgroup kernfs entry */ struct cgroup_file procs_file; /* handle for "cgroup.procs" */ struct cgroup_file events_file; /* handle for "cgroup.events" */ diff --git a/include/linux/sched/task.h b/include/linux/sched/task.h index 00135a8d5773..aaa25ed1a8fe 100644 --- a/include/linux/sched/task.h +++ b/include/linux/sched/task.h @@ -38,7 +38,6 @@ struct kernel_clone_args { void *fn_arg; struct cgroup *cgrp; struct css_set *cset; - unsigned int kill_seq; }; /* diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c index fc7dc4ebb817..af7dfdf9efc9 100644 --- a/kernel/cgroup/cgroup.c +++ b/kernel/cgroup/cgroup.c @@ -3961,7 +3961,7 @@ static void __cgroup_kill(struct cgroup *cgrp) lockdep_assert_held(&cgroup_mutex); spin_lock_irq(&css_set_lock); - cgrp->kill_seq++; + set_bit(CGRP_KILL, &cgrp->flags); spin_unlock_irq(&css_set_lock); css_task_iter_start(&cgrp->self, CSS_TASK_ITER_PROCS | CSS_TASK_ITER_THREADED, &it); @@ -3977,6 +3977,10 @@ static void __cgroup_kill(struct cgroup *cgrp) send_sig(SIGKILL, task, 0); } css_task_iter_end(&it); + + spin_lock_irq(&css_set_lock); + clear_bit(CGRP_KILL, &cgrp->flags); + spin_unlock_irq(&css_set_lock); } static void cgroup_kill(struct cgroup *cgrp) @@ -6421,10 +6425,6 @@ static int cgroup_css_set_fork(struct kernel_clone_args *kargs) spin_lock_irq(&css_set_lock); cset = task_css_set(current); get_css_set(cset); - if (kargs->cgrp) - kargs->kill_seq = kargs->cgrp->kill_seq; - else - kargs->kill_seq = cset->dfl_cgrp->kill_seq; spin_unlock_irq(&css_set_lock); if (!(kargs->flags & CLONE_INTO_CGROUP)) { @@ -6608,7 +6608,6 @@ void cgroup_post_fork(struct task_struct *child, struct kernel_clone_args *kargs) __releases(&cgroup_threadgroup_rwsem) __releases(&cgroup_mutex) { - unsigned int cgrp_kill_seq = 0; unsigned long cgrp_flags = 0; bool kill = false; struct cgroup_subsys *ss; @@ -6622,13 +6621,10 @@ void cgroup_post_fork(struct task_struct *child, /* init tasks are special, only link regular threads */ if (likely(child->pid)) { - if (kargs->cgrp) { + if (kargs->cgrp) cgrp_flags = kargs->cgrp->flags; - cgrp_kill_seq = kargs->cgrp->kill_seq; - } else { + else cgrp_flags = cset->dfl_cgrp->flags; - cgrp_kill_seq = cset->dfl_cgrp->kill_seq; - } WARN_ON_ONCE(!list_empty(&child->cg_list)); cset->nr_tasks++; @@ -6663,7 +6659,7 @@ void cgroup_post_fork(struct task_struct *child, * child down right after we finished preparing it for * userspace. */ - kill = kargs->kill_seq != cgrp_kill_seq; + kill = test_bit(CGRP_KILL, &cgrp_flags); } spin_unlock_irq(&css_set_lock);