Re: [PATCH v3 2/2] cgroup/cpuset: Skip security check for hotplug induced v1 task migration

Next message: Stanislav Kinsburskii: "Re: [PATCH 0/7] mshv: Refactor memory region management and map pages at creation"
Previous message: Andy Shevchenko: "Re: [PATCH 4/4] iio: magnetometer: ak8975: modernize polling loops with iopoll() macros"
In reply to: Michal Koutn&#xFD;: "Re: [PATCH v3 2/2] cgroup/cpuset: Skip security check for hotplug induced v1 task migration"
Next in thread: Michal Koutn&#xFD;: "Re: [PATCH v3 2/2] cgroup/cpuset: Skip security check for hotplug induced v1 task migration"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Waiman Long

Date: Mon Apr 20 2026 - 14:12:45 EST

On 4/20/26 1:08 PM, Michal Koutný wrote:

On Tue, Mar 31, 2026 at 11:11:08AM -0400, Waiman Long <longman@xxxxxxxxxx> wrote:

If a strict security policy is in place, however, the task migration
may fail when security_task_setscheduler() call in cpuset_can_attach()
returns a -EACCESS error.

I think this should be generally safe to skip (since v2 doesn't consider
the object of cpuset migration at all).

That will mean that those tasks will have no CPU to run on. The system
administrators will have to explicitly intervene to either add CPUs to
that cpuset or move the tasks elsewhere if they are aware of it.

That "no CPU to run on" means the affected tasks would remain in
schedule() indefinitely?

I believe the scheduler has a fallback mechanism in that particular case, but it can be any CPU. So I don't think we should rely on that.

Cheers,
Longman