Re: [PATCH] cgroup: Use READ_ONCE() for task->flags in task_css_set_check()

Next message: Yan Zhao: "Re: [PATCH v8 23/46] KVM: TDX: Make source page optional for KVM_TDX_INIT_MEM_REGION"
Previous message: Koichiro Den: "Re: [PATCH 00/17] dmaengine: dw-edma: Support dynamic LL appends"
In reply to: Guopeng Zhang: "[PATCH] cgroup: Use READ_ONCE() for task-&gt;flags in task_css_set_check()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Tao Cui

Date: Tue Jun 23 2026 - 01:58:53 EST

Looks fine — this is a benign, PROVE_RCU-only race, and READ_ONCE()
documents the lockless snapshot with no functional change.

Acked-by: Tao Cui <cuitao@xxxxxxxxxx>

在 2026/6/23 10:29, Guopeng Zhang 写道:
> From: Guopeng Zhang <zhangguopeng@xxxxxxxxxx>
>
> task_css_set_check() uses rcu_dereference_check() to verify that
> task->cgroups can be dereferenced. One accepted condition is that the
> task is already exiting, tested by checking PF_EXITING in task->flags.
>
> This is a lockless snapshot used only for the CONFIG_PROVE_RCU debug
> predicate. This was found by KCSAN during fuzz testing. KCSAN can report
> a data race when another task flag bit is updated concurrently. One report
> shows pids_release() reading task->flags through task_css_set_check() while
> do_task_dead() sets PF_NOFREEZE:
> ...
> The changed bit is PF_NOFREEZE, not PF_EXITING. PF_EXITING remains set
> before and after the update, so the task_css_set_check() condition does
> not change. This is not a race on task->cgroups and does not indicate
> incorrect pids charging or uncharging.
>
> Use READ_ONCE() to document the intended lockless snapshot of task->flags.
>
> No functional change intended.
>
> Signed-off-by: Guopeng Zhang <zhangguopeng@xxxxxxxxxx>