[Devel] [PATCH RHEL10 COMMIT] ve/pid: release RCU read lock on error paths in ve_pid_max_write_running_u64()

Konstantin Khorenko khorenko at virtuozzo.com
Mon Jun 15 14:06:14 MSK 2026


The commit is pushed to "branch-rh10-6.12.0-211.16.1.12.x.vz10-ovz" and will appear at git at bitbucket.org:openvz/vzkernel.git
after rh10-6.12.0-211.16.1.el10
------>
commit 72674a194e74e3fa60dbd73b5c58dcc7b40de123
Author: Konstantin Khorenko <khorenko at virtuozzo.com>
Date:   Wed Jun 3 23:55:16 2026 +0200

    ve/pid: release RCU read lock on error paths in ve_pid_max_write_running_u64()
    
    Both early error returns inside the rcu_read_lock() section returned
    without dropping the lock:
    
            rcu_read_lock();
            ve_nsproxy = rcu_dereference(ve->ve_nsproxy);
            if (!ve_nsproxy || !ve_nsproxy->pid_ns_for_children)
                    return -EBUSY;          /* RCU read lock still held */
            if (pid_max_min > val || pid_max_max < val)
                    return -EINVAL;         /* RCU read lock still held */
    
    Writing an out-of-range value to the ve cgroup pid_max file, or writing
    to a CT whose pid_ns_for_children is not set up yet, returned with the
    RCU read lock held, leaving preempt_count/RCU unbalanced (RCU stalls and
    "sleeping in RCU read-side critical section" splats on the next sleeping
    call). Add rcu_read_unlock() before both error returns.
    
    Fixes: 203e56010cc6 ("ve/pid: Export kernel.pid_max via ve cgroup")
    https://virtuozzo.atlassian.net/browse/VSTOR-132310
    Feature: pidns: virtualize pid_max
    Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
---
 kernel/ve/ve.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/kernel/ve/ve.c b/kernel/ve/ve.c
index 4cd2a839b7e7..231c0300e929 100644
--- a/kernel/ve/ve.c
+++ b/kernel/ve/ve.c
@@ -1162,9 +1162,11 @@ static int ve_pid_max_write_running_u64(struct cgroup_subsys_state *css,
 	rcu_read_lock();
 	ve_nsproxy = rcu_dereference(ve->ve_nsproxy);
 	if (!ve_nsproxy || !ve_nsproxy->pid_ns_for_children) {
+		rcu_read_unlock();
 		return -EBUSY;
 	}
 	if (pid_max_min > val || pid_max_max < val) {
+		rcu_read_unlock();
 		return -EINVAL;
 	}
 


More information about the Devel mailing list