The function current_cgns_cgroup_from_root() expects a stable
cgroup_root, which is currently ensured with RCU read side paired with
cgroup_destroy_root() called after RCU period.
The particular current_cgns_cgroup_from_root() is called from VFS code
and cgroup_root stability can be also ensured by namespace_sem. Mark it
explicitly as a preparation for further rework.
Signed-off-by: Michal Koutný <[email protected]>
---
fs/namespace.c | 5 ++++-
include/linux/mount.h | 4 ++++
kernel/cgroup/cgroup.c | 7 +++----
3 files changed, 11 insertions(+), 5 deletions(-)
diff --git a/fs/namespace.c b/fs/namespace.c
index 54847db5b819..0d2333832064 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -71,7 +71,10 @@ static DEFINE_IDA(mnt_group_ida);
static struct hlist_head *mount_hashtable __read_mostly;
static struct hlist_head *mountpoint_hashtable __read_mostly;
static struct kmem_cache *mnt_cache __read_mostly;
-static DECLARE_RWSEM(namespace_sem);
+DECLARE_RWSEM(namespace_sem);
+#ifdef CONFIG_LOCKDEP
+EXPORT_SYMBOL_GPL(namespace_sem);
+#endif
static HLIST_HEAD(unmounted); /* protected by namespace_sem */
static LIST_HEAD(ex_mountpoints); /* protected by namespace_sem */
diff --git a/include/linux/mount.h b/include/linux/mount.h
index 1ea326c368f7..6277435f6748 100644
--- a/include/linux/mount.h
+++ b/include/linux/mount.h
@@ -80,6 +80,10 @@ static inline struct mnt_idmap *mnt_idmap(const struct vfsmount *mnt)
return smp_load_acquire(&mnt->mnt_idmap);
}
+#ifdef CONFIG_LOCKDEP
+extern struct rw_semaphore namespace_sem;
+#endif
+
extern int mnt_want_write(struct vfsmount *mnt);
extern int mnt_want_write_file(struct file *file);
extern void mnt_drop_write(struct vfsmount *mnt);
diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index 55e5f0110e3b..32d693a797b9 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -1440,13 +1440,12 @@ current_cgns_cgroup_from_root(struct cgroup_root *root)
lockdep_assert_held(&css_set_lock);
- rcu_read_lock();
+ /* namespace_sem ensures `root` stability on unmount */
+ lockdep_assert(lockdep_is_held_type(&namespace_sem, -1));
cset = current->nsproxy->cgroup_ns->root_cset;
res = __cset_cgroup_from_root(cset, root);
- rcu_read_unlock();
-
return res;
}
@@ -1454,7 +1453,7 @@ current_cgns_cgroup_from_root(struct cgroup_root *root)
* Look up cgroup associated with current task's cgroup namespace on the default
* hierarchy.
*
- * Unlike current_cgns_cgroup_from_root(), this doesn't need locks:
+ * Relaxed locking requirements:
* - Internal rcu_read_lock is unnecessary because we don't dereference any rcu
* pointers.
* - css_set_lock is not needed because we just read cset->dfl_cgrp.
--
2.40.1
On 5/2/23 09:38, Michal Koutný wrote:
> The function current_cgns_cgroup_from_root() expects a stable
> cgroup_root, which is currently ensured with RCU read side paired with
> cgroup_destroy_root() called after RCU period.
>
> The particular current_cgns_cgroup_from_root() is called from VFS code
> and cgroup_root stability can be also ensured by namespace_sem. Mark it
> explicitly as a preparation for further rework.
>
> Signed-off-by: Michal Koutný <[email protected]>
> ---
> fs/namespace.c | 5 ++++-
> include/linux/mount.h | 4 ++++
> kernel/cgroup/cgroup.c | 7 +++----
> 3 files changed, 11 insertions(+), 5 deletions(-)
>
> diff --git a/fs/namespace.c b/fs/namespace.c
> index 54847db5b819..0d2333832064 100644
> --- a/fs/namespace.c
> +++ b/fs/namespace.c
> @@ -71,7 +71,10 @@ static DEFINE_IDA(mnt_group_ida);
> static struct hlist_head *mount_hashtable __read_mostly;
> static struct hlist_head *mountpoint_hashtable __read_mostly;
> static struct kmem_cache *mnt_cache __read_mostly;
> -static DECLARE_RWSEM(namespace_sem);
> +DECLARE_RWSEM(namespace_sem);
> +#ifdef CONFIG_LOCKDEP
> +EXPORT_SYMBOL_GPL(namespace_sem);
I don't think fs/namespace.o and kernel/cgroup/cgroup.o can't be built
into a kernel module. I doubt we need to export it.
> +#endif
> static HLIST_HEAD(unmounted); /* protected by namespace_sem */
> static LIST_HEAD(ex_mountpoints); /* protected by namespace_sem */
>
> diff --git a/include/linux/mount.h b/include/linux/mount.h
> index 1ea326c368f7..6277435f6748 100644
> --- a/include/linux/mount.h
> +++ b/include/linux/mount.h
> @@ -80,6 +80,10 @@ static inline struct mnt_idmap *mnt_idmap(const struct vfsmount *mnt)
> return smp_load_acquire(&mnt->mnt_idmap);
> }
>
> +#ifdef CONFIG_LOCKDEP
> +extern struct rw_semaphore namespace_sem;
> +#endif
> +
> extern int mnt_want_write(struct vfsmount *mnt);
> extern int mnt_want_write_file(struct file *file);
> extern void mnt_drop_write(struct vfsmount *mnt);
> diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
> index 55e5f0110e3b..32d693a797b9 100644
> --- a/kernel/cgroup/cgroup.c
> +++ b/kernel/cgroup/cgroup.c
> @@ -1440,13 +1440,12 @@ current_cgns_cgroup_from_root(struct cgroup_root *root)
>
> lockdep_assert_held(&css_set_lock);
>
> - rcu_read_lock();
> + /* namespace_sem ensures `root` stability on unmount */
> + lockdep_assert(lockdep_is_held_type(&namespace_sem, -1));
It will be easier if you just use lockdep_is_held() without the 2nd argment.
>
> cset = current->nsproxy->cgroup_ns->root_cset;
> res = __cset_cgroup_from_root(cset, root);
>
> - rcu_read_unlock();
> -
> return res;
> }
>
> @@ -1454,7 +1453,7 @@ current_cgns_cgroup_from_root(struct cgroup_root *root)
> * Look up cgroup associated with current task's cgroup namespace on the default
> * hierarchy.
> *
> - * Unlike current_cgns_cgroup_from_root(), this doesn't need locks:
> + * Relaxed locking requirements:
> * - Internal rcu_read_lock is unnecessary because we don't dereference any rcu
> * pointers.
> * - css_set_lock is not needed because we just read cset->dfl_cgrp.
Cheers,
Longman
On Tue, May 02, 2023 at 03:38:46PM +0200, Michal Koutný wrote:
> The function current_cgns_cgroup_from_root() expects a stable
> cgroup_root, which is currently ensured with RCU read side paired with
> cgroup_destroy_root() called after RCU period.
>
> The particular current_cgns_cgroup_from_root() is called from VFS code
> and cgroup_root stability can be also ensured by namespace_sem. Mark it
> explicitly as a preparation for further rework.
>
> Signed-off-by: Michal Koutný <[email protected]>
> ---
> fs/namespace.c | 5 ++++-
> include/linux/mount.h | 4 ++++
> kernel/cgroup/cgroup.c | 7 +++----
> 3 files changed, 11 insertions(+), 5 deletions(-)
>
> diff --git a/fs/namespace.c b/fs/namespace.c
> index 54847db5b819..0d2333832064 100644
> --- a/fs/namespace.c
> +++ b/fs/namespace.c
> @@ -71,7 +71,10 @@ static DEFINE_IDA(mnt_group_ida);
> static struct hlist_head *mount_hashtable __read_mostly;
> static struct hlist_head *mountpoint_hashtable __read_mostly;
> static struct kmem_cache *mnt_cache __read_mostly;
> -static DECLARE_RWSEM(namespace_sem);
> +DECLARE_RWSEM(namespace_sem);
> +#ifdef CONFIG_LOCKDEP
> +EXPORT_SYMBOL_GPL(namespace_sem);
> +#endif
> static HLIST_HEAD(unmounted); /* protected by namespace_sem */
> static LIST_HEAD(ex_mountpoints); /* protected by namespace_sem */
>
> diff --git a/include/linux/mount.h b/include/linux/mount.h
> index 1ea326c368f7..6277435f6748 100644
> --- a/include/linux/mount.h
> +++ b/include/linux/mount.h
> @@ -80,6 +80,10 @@ static inline struct mnt_idmap *mnt_idmap(const struct vfsmount *mnt)
> return smp_load_acquire(&mnt->mnt_idmap);
> }
>
> +#ifdef CONFIG_LOCKDEP
> +extern struct rw_semaphore namespace_sem;
> +#endif
Nope, we're not putting namespace_sem in a header. The code it protects
is massively sensitive and it interacts with mount_lock and other locks.
This stays private to fs/namespace.c as far as I'm concerned.
Hello,
On Tue, May 23, 2023 at 12:42:46PM +0200, Christian Brauner wrote:
...
> Nope, we're not putting namespace_sem in a header. The code it protects
> is massively sensitive and it interacts with mount_lock and other locks.
> This stays private to fs/namespace.c as far as I'm concerned.
Michal, would it make sense to add a separate locking in cgroup.c? It'll add
a bit more overhead but not massively so and we should be able to get
similar gain without entangling with namespace locking.
Thanks.
--
tejun