git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Waiman Long <longman@redhat.com>
	Tue, 31 Mar 2026 15:11:08 +0000 (11:11 -0400)
committer	Tejun Heo <tj@kernel.org>
	Tue, 31 Mar 2026 19:14:13 +0000 (09:14 -1000)
commit	089f3fcd690c71cb3d8ca09f34027764e28920a0
tree	2216bed3fdb33b412d14bde7a0a0938907945150	tree \| snapshot
parent	bbe5ab8191a33572c11be8628c55b79246307125	commit \| diff

cgroup/cpuset: Skip security check for hotplug induced v1 task migration

When a CPU hot removal causes a v1 cpuset to lose all its CPUs, the
cpuset hotplug handler will schedule a work function to migrate tasks
in that cpuset with no CPU to its ancestor to enable those tasks to
continue running.

If a strict security policy is in place, however, the task migration
may fail when security_task_setscheduler() call in cpuset_can_attach()
returns a -EACCES error. That will mean that those tasks will have
no CPU to run on. The system administrators will have to explicitly
intervene to either add CPUs to that cpuset or move the tasks elsewhere
if they are aware of it.

This problem was found by a reported test failure in the LTP's
cpuset_hotplug_test.sh. Fix this problem by treating this special case as
an exception to skip the setsched security check in cpuset_can_attach()
when a v1 cpuset with tasks have no CPU left.

With that patch applied, the cpuset_hotplug_test.sh test can be run
successfully without failure.

Signed-off-by: Waiman Long <longman@redhat.com>
Signed-off-by: Tejun Heo <tj@kernel.org>