cgroup,freezer: hold cpu_hotplug_lock before freezer_mutex in freezer_css_{online...

commit f0cc749254d12c78e93dae3b27b21dc9546843d0 upstream.

syzbot is again reporting circular locking dependency between
cpu_hotplug_lock and freezer_mutex. Do like what we did with
commit 57dcd64c7e036299 ("cgroup,freezer: hold cpu_hotplug_lock
before freezer_mutex").

Reported-by: syzbot <syzbot+2ab700fe1829880a2ec6@syzkaller.appspotmail.com>
Closes: https://syzkaller.appspot.com/bug?extid=2ab700fe1829880a2ec6
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Tested-by: syzbot <syzbot+2ab700fe1829880a2ec6@syzkaller.appspotmail.com>
Fixes: f5d39b020809 ("freezer,sched: Rewrite core freezer logic")
Cc: stable@vger.kernel.org # v6.1+
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/kernel/cgroup/legacy_freezer.c b/kernel/cgroup/legacy_freezer.c
index 936473203a6b511c2fa095a04ba219282913ab6a..122dacb3a44390825054d67530f8f894f2f7fb04 100644 (file)
--- a/kernel/cgroup/legacy_freezer.c
+++ b/kernel/cgroup/legacy_freezer.c
@@ -108,16 +108,18 @@ static int freezer_css_online(struct cgroup_subsys_state *css)
        struct freezer *freezer = css_freezer(css);
        struct freezer *parent = parent_freezer(freezer);
 
+       cpus_read_lock();
        mutex_lock(&freezer_mutex);
 
        freezer->state |= CGROUP_FREEZER_ONLINE;
 
        if (parent && (parent->state & CGROUP_FREEZING)) {
                freezer->state |= CGROUP_FREEZING_PARENT | CGROUP_FROZEN;
-               static_branch_inc(&freezer_active);
+               static_branch_inc_cpuslocked(&freezer_active);
        }
 
        mutex_unlock(&freezer_mutex);
+       cpus_read_unlock();
        return 0;
 }
 
@@ -132,14 +134,16 @@ static void freezer_css_offline(struct cgroup_subsys_state *css)
 {
        struct freezer *freezer = css_freezer(css);
 
+       cpus_read_lock();
        mutex_lock(&freezer_mutex);
 
        if (freezer->state & CGROUP_FREEZING)
-               static_branch_dec(&freezer_active);
+               static_branch_dec_cpuslocked(&freezer_active);
 
        freezer->state = 0;
 
        mutex_unlock(&freezer_mutex);
+       cpus_read_unlock();
 }
 
 static void freezer_css_free(struct cgroup_subsys_state *css)