From dac521ebcf5b5b8803973f1b1076012583f57b00 Mon Sep 17 00:00:00 2001 From: Kyle Evans Date: Mon, 23 Nov 2020 02:49:53 +0000 Subject: [PATCH] cpuset_setproc: use the appropriate parent for new anonymous sets As far as I can tell, this has been the case since initially committed in 2008. cpuset_setproc is the executor of cpuset reassignment; note this excerpt from the description: * 1) Set is non-null. This reparents all anonymous sets to the provided * set and replaces all non-anonymous td_cpusets with the provided set. However, reviewing cpuset_setproc_setthread() for some jail related work unearthed the error: if tdset was not anonymous, we were replacing it with `set`. If it was anonymous, then we'd rebase it onto `set` (i.e. copy the thread's mask over and AND it with `set`) but give the new anonymous set the original tdset as the parent (i.e. the base of the set we're supposed to be leaving behind). The primary visible consequences were that: 1.) cpuset_getid() following such assignment returns the wrong result, the setid that we left behind rather than the one we joined. 2.) When a process attached to the jail, the base set of any anonymous threads was a set outside of the jail. This was initially bundled in D27298, but it's a minor fix that's fairly easy to verify the correctness of. A test is included in D27307 ("badparent"), which demonstrates the issue with, effectively: osetid = cpuset_getid() newsetid = cpuset() cpuset_setaffinity(thread) cpuset_setid(osetid) cpuset_getid(thread) -> observe that it matches newsetid instead of osetid. MFC after: 1 week --- sys/kern/kern_cpuset.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/kern/kern_cpuset.c b/sys/kern/kern_cpuset.c index 0723059544fc..e02a83d1b9ec 100644 --- a/sys/kern/kern_cpuset.c +++ b/sys/kern/kern_cpuset.c @@ -1090,7 +1090,7 @@ cpuset_setproc_setthread(struct cpuset *tdset, struct cpuset *set, if (error) return (error); - return cpuset_shadow(tdset, nsetp, &mask, &domain, freelist, + return cpuset_shadow(set, nsetp, &mask, &domain, freelist, domainlist); }