From mboxrd@z Thu Jan 1 00:00:00 1970 From: Claude Code Review Bot To: dri-devel-reviews@example.com Subject: Claude review: cgroup,cgroup/dmem: Add (dmem_)cgroup_common_ancestor helper Date: Sat, 14 Mar 2026 07:10:15 +1000 Message-ID: In-Reply-To: <20260313-dmemcg-aggressive-protect-v6-2-7c71cc1492db@gmx.de> References: <20260313-dmemcg-aggressive-protect-v6-0-7c71cc1492db@gmx.de> <20260313-dmemcg-aggressive-protect-v6-2-7c71cc1492db@gmx.de> X-Mailer: Claude Code Patch Reviewer Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Patch Review Adds `cgroup_common_ancestor()` to `include/linux/cgroup.h` and `dmem_cgrou= p_get_common_ancestor()` to dmem. The `cgroup_common_ancestor()` implementation is clean =E2=80=94 walks from= `min(a->level, b->level)` downward checking `ancestors[]`. This is correct= since two cgroups in the same hierarchy share ancestors at every level up = to and including their LCA. **Doc typo in `dmem_cgroup_get_common_ancestor()`**: ``` * @b: First pool to find the common ancestor of. ``` Should say `@b: Second pool...`. **Potential concern**: `dmem_cgroup_get_common_ancestor()` calls `cgroup_e_= css()` and then `get_cg_pool_unlocked()`. The `cgroup_e_css()` call is done= without holding `rcu_read_lock()`. Looking at the kernel, `cgroup_e_css()`= dereferences `cgroup->subsys[]` which is RCU-protected. This should be cal= led under `rcu_read_lock()`, or the caller should hold a reference that pre= vents the css from going away. The css obtained from `cgroup_e_css()` is pa= ssed to `css_to_dmemcs()` and then to `get_cg_pool_unlocked()` =E2=80=94 if= the css could be freed between these calls, this is a use-after-free. This= warrants investigation: does the fact that `a` and `b` are alive (and hold= references to their respective css) guarantee that the common ancestor's c= ss is also alive? In cgroup v2 with a unified hierarchy this should be the = case since parents can't be destroyed while children exist, but this should= be documented or protected with `rcu_read_lock()` + `css_get()`. --- Generated by Claude Code Patch Reviewer