From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 21 Sep 2022 10:25:11 +0000 (+0200)
Subject: 5.10-stable patches
X-Git-Tag: v5.19.11~13
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c6998a6f52473db115d286e78ca3757c2a689cb3;p=thirdparty%2Fkernel%2Fstable-queue.git

5.10-stable patches

added patches:
	cgroup-add-missing-cpus_read_lock-to-cgroup_attach_task_all.patch
---

diff --git a/queue-5.10/cgroup-add-missing-cpus_read_lock-to-cgroup_attach_task_all.patch b/queue-5.10/cgroup-add-missing-cpus_read_lock-to-cgroup_attach_task_all.patch
new file mode 100644
index 00000000000..f8eceba9bc5
--- /dev/null
+++ b/queue-5.10/cgroup-add-missing-cpus_read_lock-to-cgroup_attach_task_all.patch
@@ -0,0 +1,43 @@
+From 43626dade36fa74d3329046f4ae2d7fdefe401c6 Mon Sep 17 00:00:00 2001
+From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
+Date: Thu, 25 Aug 2022 17:38:38 +0900
+Subject: cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()
+
+From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
+
+commit 43626dade36fa74d3329046f4ae2d7fdefe401c6 upstream.
+
+syzbot is hitting percpu_rwsem_assert_held(&cpu_hotplug_lock) warning at
+cpuset_attach() [1], for commit 4f7e7236435ca0ab ("cgroup: Fix
+threadgroup_rwsem <-> cpus_read_lock() deadlock") missed that
+cpuset_attach() is also called from cgroup_attach_task_all().
+Add cpus_read_lock() like what cgroup_procs_write_start() does.
+
+Link: https://syzkaller.appspot.com/bug?extid=29d3a3b4d86c8136ad9e [1]
+Reported-by: syzbot <syzbot+29d3a3b4d86c8136ad9e@syzkaller.appspotmail.com>
+Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
+Fixes: 4f7e7236435ca0ab ("cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock")
+Signed-off-by: Tejun Heo <tj@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/cgroup/cgroup-v1.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/kernel/cgroup/cgroup-v1.c
++++ b/kernel/cgroup/cgroup-v1.c
+@@ -57,6 +57,7 @@ int cgroup_attach_task_all(struct task_s
+ 	int retval = 0;
+ 
+ 	mutex_lock(&cgroup_mutex);
++	cpus_read_lock();
+ 	percpu_down_write(&cgroup_threadgroup_rwsem);
+ 	for_each_root(root) {
+ 		struct cgroup *from_cgrp;
+@@ -73,6 +74,7 @@ int cgroup_attach_task_all(struct task_s
+ 			break;
+ 	}
+ 	percpu_up_write(&cgroup_threadgroup_rwsem);
++	cpus_read_unlock();
+ 	mutex_unlock(&cgroup_mutex);
+ 
+ 	return retval;
diff --git a/queue-5.10/series b/queue-5.10/series
index 9f4c7fe737c..bc26db30515 100644
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -35,3 +35,4 @@ afs-return-eagain-not-eremoteio-when-a-file-already-.patch
 mips-octeon-irq-fix-octeon_irq_force_ciu_mapping.patch
 mksysmap-fix-the-mismatch-of-l0-symbols-in-system.ma.patch
 video-fbdev-pxa3xx-gcu-fix-integer-overflow-in-pxa3x.patch
+cgroup-add-missing-cpus_read_lock-to-cgroup_attach_task_all.patch