From 3fcbad509300ac7249156d49d2ec20f30aa1a16d Mon Sep 17 00:00:00 2001
From: Rahat Mahmood <rahat@google.com>
Date: Thu, 10 Jun 2021 17:03:28 -0700
Subject: Fix lock ordering issue when enumerating cgroup tasks.

The control files enumerating tasks and threads residing in cgroupfs
incorrectly locks cgroupfs.filesystem.tasksMu before
kernel.TaskSet.mu.

The contents of these control files are inherently racy anyways, so
use a snapshot of the tasks in the cgroup and drop tasksMu before
resolving pids/tids (which acquires TaskSet.mu).

PiperOrigin-RevId: 378767060
---
 pkg/sentry/fsimpl/cgroupfs/base.go     | 21 +++++++++++++--------
 pkg/sentry/fsimpl/cgroupfs/cgroupfs.go |  5 +++--
 2 files changed, 16 insertions(+), 10 deletions(-)

(limited to 'pkg/sentry/fsimpl')

diff --git a/pkg/sentry/fsimpl/cgroupfs/base.go b/pkg/sentry/fsimpl/cgroupfs/base.go
index 6512e9cdb..fe9871bdd 100644
--- a/pkg/sentry/fsimpl/cgroupfs/base.go
+++ b/pkg/sentry/fsimpl/cgroupfs/base.go
@@ -133,6 +133,17 @@ func (c *cgroupInode) Controllers() []kernel.CgroupController {
 	return c.fs.kcontrollers
 }
 
+// tasks returns a snapshot of the tasks inside the cgroup.
+func (c *cgroupInode) tasks() []*kernel.Task {
+	c.fs.tasksMu.RLock()
+	defer c.fs.tasksMu.RUnlock()
+	ts := make([]*kernel.Task, 0, len(c.ts))
+	for t := range c.ts {
+		ts = append(ts, t)
+	}
+	return ts
+}
+
 // Enter implements kernel.CgroupImpl.Enter.
 func (c *cgroupInode) Enter(t *kernel.Task) {
 	c.fs.tasksMu.Lock()
@@ -163,10 +174,7 @@ func (d *cgroupProcsData) Generate(ctx context.Context, buf *bytes.Buffer) error
 
 	pgids := make(map[kernel.ThreadID]struct{})
 
-	d.fs.tasksMu.RLock()
-	defer d.fs.tasksMu.RUnlock()
-
-	for task := range d.ts {
+	for _, task := range d.tasks() {
 		// Map dedups pgid, since iterating over all tasks produces multiple
 		// entries for the group leaders.
 		if pgid := currPidns.IDOfThreadGroup(task.ThreadGroup()); pgid != 0 {
@@ -205,10 +213,7 @@ func (d *tasksData) Generate(ctx context.Context, buf *bytes.Buffer) error {
 
 	var pids []kernel.ThreadID
 
-	d.fs.tasksMu.RLock()
-	defer d.fs.tasksMu.RUnlock()
-
-	for task := range d.ts {
+	for _, task := range d.tasks() {
 		if pid := currPidns.IDOfTask(task); pid != 0 {
 			pids = append(pids, pid)
 		}
diff --git a/pkg/sentry/fsimpl/cgroupfs/cgroupfs.go b/pkg/sentry/fsimpl/cgroupfs/cgroupfs.go
index 54050de3c..05d7eb4ce 100644
--- a/pkg/sentry/fsimpl/cgroupfs/cgroupfs.go
+++ b/pkg/sentry/fsimpl/cgroupfs/cgroupfs.go
@@ -49,8 +49,9 @@
 //
 // kernel.CgroupRegistry.mu
 //   cgroupfs.filesystem.mu
-//     Task.mu
-//       cgroupfs.filesystem.tasksMu.
+//     kernel.TaskSet.mu
+//       kernel.Task.mu
+//         cgroupfs.filesystem.tasksMu.
 package cgroupfs
 
 import (
-- 
cgit v1.2.3