Re: [PATCH 2/4] cgroup: Move dying_tasks cleanup from cgroup_task_release() to cgroup_task_free()

Next message: Linus Torvalds: "Re: [PATCH net-next] vhost: use &quot;checked&quot; versions of get_user() and put_user()"
Previous message: Pasha Tatashin: "Re: [PATCH v1 11/13] kho: Allow memory preservation state updates after finalization"
Next in thread: Tejun Heo: "Re: [PATCH 2/4] cgroup: Move dying_tasks cleanup from cgroup_task_release() to cgroup_task_free()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Michal Koutný

Date: Fri Nov 14 2025 - 12:48:21 EST

On Tue, Oct 28, 2025 at 08:19:16PM -1000, Tejun Heo <tj@xxxxxxxxxx> wrote:
> Currently, cgroup_task_exit() adds thread group leaders with live member
> threads to their css_set's dying_tasks list (so cgroup.procs iteration can
> still see the leader), and cgroup_task_release() later removes them with
> list_del_init(&task->cg_list).
>
> An upcoming patch will defer the dying_tasks list addition, moving it from
> cgroup_task_exit() (called from do_exit()) to a new function called from
> finish_task_switch().
> However, release_task() (which calls
> cgroup_task_release()) can run either before or after finish_task_switch(),

Just for better understanding -- when can release_task() run before
finish_task_switch()?

> creating a race where cgroup_task_release() might try to remove the task from
> dying_tasks before or while it's being added.
>
> Move the list_del_init() from cgroup_task_release() to cgroup_task_free() to
> fix this race. cgroup_task_free() runs from __put_task_struct(), which is
> always after both paths, making the cleanup safe.

(Ah, now I get the reasoning of more likely pids '0' for CSS_TASK_ITER_PROCS.)

Thanks,
Michal

Attachment: signature.asc
Description: PGP signature