cgroup: add lockless fast-path checks to cgroup_file_notify()

Add lockless checks before acquiring cgroup_file_kn_lock:

1. READ_ONCE(cfile->kn) NULL check to skip torn-down files.
2. READ_ONCE(cfile->notified_at) rate-limit check to skip when
   within the notification interval.  If within the interval, arm
   the deferred timer via timer_reduce() and confirm it is pending
   before returning -- if the timer fired in between, fall through
   to the lock path so the notification is not lost.

Both checks have safe error directions -- a stale read can only
cause unnecessary lock acquisition, never a missed notification.

The critical section is simplified to just taking a kernfs_get()
reference and updating notified_at.

Annotate cfile->kn and cfile->notified_at write sites with
WRITE_ONCE() to pair with the lockless readers.

Reported-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Shakeel Butt <shakeel.butt@linux.dev>
Signed-off-by: Tejun Heo <tj@kernel.org>

diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index 26d8df60a59fa8670ac6f11e292ffc9274a64d78..d161bcaa68f13ace95cebf99797a3e61c20054a5 100644 (file)
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -1694,7 +1694,7 @@ static void cgroup_rm_file(struct cgroup *cgrp, const struct cftype *cft)
                struct cgroup_file *cfile = (void *)css + cft->file_offset;
 
                spin_lock_irq(&cgroup_file_kn_lock);
-               cfile->kn = NULL;
+               WRITE_ONCE(cfile->kn, NULL);
                spin_unlock_irq(&cgroup_file_kn_lock);
 
                timer_delete_sync(&cfile->notify_timer);
@@ -4375,7 +4375,7 @@ static int cgroup_add_file(struct cgroup_subsys_state *css, struct cgroup *cgrp,
                timer_setup(&cfile->notify_timer, cgroup_file_notify_timer, 0);
 
                spin_lock_irq(&cgroup_file_kn_lock);
-               cfile->kn = kn;
+               WRITE_ONCE(cfile->kn, kn);
                spin_unlock_irq(&cgroup_file_kn_lock);
        }
 
@@ -4631,21 +4631,25 @@ int cgroup_add_legacy_cftypes(struct cgroup_subsys *ss, struct cftype *cfts)
  */
 void cgroup_file_notify(struct cgroup_file *cfile)
 {
-       unsigned long flags;
+       unsigned long flags, last, next;
        struct kernfs_node *kn = NULL;
 
+       if (!READ_ONCE(cfile->kn))
+               return;
+
+       last = READ_ONCE(cfile->notified_at);
+       next = last + CGROUP_FILE_NOTIFY_MIN_INTV;
+       if (time_in_range(jiffies, last, next)) {
+               timer_reduce(&cfile->notify_timer, next);
+               if (timer_pending(&cfile->notify_timer))
+                       return;
+       }
+
        spin_lock_irqsave(&cgroup_file_kn_lock, flags);
        if (cfile->kn) {
-               unsigned long last = cfile->notified_at;
-               unsigned long next = last + CGROUP_FILE_NOTIFY_MIN_INTV;
-
-               if (time_in_range(jiffies, last, next)) {
-                       timer_reduce(&cfile->notify_timer, next);
-               } else {
-                       kn = cfile->kn;
-                       kernfs_get(kn);
-                       cfile->notified_at = jiffies;
-               }
+               kn = cfile->kn;
+               kernfs_get(kn);
+               WRITE_ONCE(cfile->notified_at, jiffies);
        }
        spin_unlock_irqrestore(&cgroup_file_kn_lock, flags);