[Devel] [PATCH vz10] ve/pid: release RCU read lock on error paths in ve_pid_max_write_running_u64()
Vasileios Almpanis
vasileios.almpanis at virtuozzo.com
Fri Jun 5 14:46:14 MSK 2026
On 6/4/26 11:21 AM, Konstantin Khorenko wrote:
> Both early error returns inside the rcu_read_lock() section returned
> without dropping the lock:
>
> rcu_read_lock();
> ve_nsproxy = rcu_dereference(ve->ve_nsproxy);
> if (!ve_nsproxy || !ve_nsproxy->pid_ns_for_children)
> return -EBUSY; /* RCU read lock still held */
> if (pid_max_min > val || pid_max_max < val)
> return -EINVAL; /* RCU read lock still held */
>
> Writing an out-of-range value to the ve cgroup pid_max file, or writing
> to a CT whose pid_ns_for_children is not set up yet, returned with the
> RCU read lock held, leaving preempt_count/RCU unbalanced (RCU stalls and
> "sleeping in RCU read-side critical section" splats on the next sleeping
> call). Add rcu_read_unlock() before both error returns.
>
> Fixes: 3f103833ed3b ("ve/pid: Export kernel.pid_max via ve cgroup")
> https://virtuozzo.atlassian.net/browse/VSTOR-132310
> Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
Reviewed-by: Vasileios Almpanis <vasileios.almpanis at virtuozzo.com>
> ---
> kernel/ve/ve.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/kernel/ve/ve.c b/kernel/ve/ve.c
> index 198c82f010cc..37ac9c4ba0f5 100644
> --- a/kernel/ve/ve.c
> +++ b/kernel/ve/ve.c
> @@ -1403,9 +1403,11 @@ static int ve_pid_max_write_running_u64(struct cgroup_subsys_state *css,
> rcu_read_lock();
> ve_nsproxy = rcu_dereference(ve->ve_nsproxy);
> if (!ve_nsproxy || !ve_nsproxy->pid_ns_for_children) {
> + rcu_read_unlock();
> return -EBUSY;
> }
> if (pid_max_min > val || pid_max_max < val) {
> + rcu_read_unlock();
> return -EINVAL;
> }
>
--
Best regards, Vasileios Almpanis
Software Developer, Virtuozzo.
More information about the Devel
mailing list