From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1040376AbdDUOHN (ORCPT ); Fri, 21 Apr 2017 10:07:13 -0400 Received: from mx1.redhat.com ([209.132.183.28]:45946 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1161267AbdDUOFJ (ORCPT ); Fri, 21 Apr 2017 10:05:09 -0400 DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com AA1AEC0567B2 Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=longman@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com AA1AEC0567B2 From: Waiman Long To: Tejun Heo , Li Zefan , Johannes Weiner , Peter Zijlstra , Ingo Molnar Cc: cgroups@vger.kernel.org, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, kernel-team@fb.com, pjt@google.com, luto@amacapital.net, efault@gmx.de, Waiman Long Subject: [RFC PATCH 06/14] cgroup: Fix reference counting bug in cgroup_procs_write() Date: Fri, 21 Apr 2017 10:04:04 -0400 Message-Id: <1492783452-12267-7-git-send-email-longman@redhat.com> In-Reply-To: <1492783452-12267-1-git-send-email-longman@redhat.com> References: <1492783452-12267-1-git-send-email-longman@redhat.com> X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Fri, 21 Apr 2017 14:04:59 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The cgroup_procs_write_start() took a reference to the task structure which was not properly released within cgroup_procs_write() and so on. So a put_task_struct() call is added to cgroup_procs_write_finish() to match the get_task_struct() in cgroup_procs_write_start() to fix this reference counting error. Signed-off-by: Waiman Long --- kernel/cgroup/cgroup-internal.h | 2 +- kernel/cgroup/cgroup-v1.c | 2 +- kernel/cgroup/cgroup.c | 10 ++++++---- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/kernel/cgroup/cgroup-internal.h b/kernel/cgroup/cgroup-internal.h index 6ef662a..bea3928 100644 --- a/kernel/cgroup/cgroup-internal.h +++ b/kernel/cgroup/cgroup-internal.h @@ -181,7 +181,7 @@ int cgroup_attach_task(struct cgroup *dst_cgrp, struct task_struct *leader, bool threadgroup); struct task_struct *cgroup_procs_write_start(char *buf, bool threadgroup) __acquires(&cgroup_threadgroup_rwsem); -void cgroup_procs_write_finish(void) +void cgroup_procs_write_finish(struct task_struct *task) __releases(&cgroup_threadgroup_rwsem); void cgroup_lock_and_drain_offline(struct cgroup *cgrp); diff --git a/kernel/cgroup/cgroup-v1.c b/kernel/cgroup/cgroup-v1.c index b837e1a..e80bc8e 100644 --- a/kernel/cgroup/cgroup-v1.c +++ b/kernel/cgroup/cgroup-v1.c @@ -549,7 +549,7 @@ static ssize_t __cgroup1_procs_write(struct kernfs_open_file *of, ret = cgroup_attach_task(cgrp, task, threadgroup); out_finish: - cgroup_procs_write_finish(); + cgroup_procs_write_finish(task); out_unlock: cgroup_kn_unlock(of->kn); diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c index 6748207..d48eedd 100644 --- a/kernel/cgroup/cgroup.c +++ b/kernel/cgroup/cgroup.c @@ -2487,12 +2487,15 @@ struct task_struct *cgroup_procs_write_start(char *buf, bool threadgroup) return tsk; } -void cgroup_procs_write_finish(void) +void cgroup_procs_write_finish(struct task_struct *task) __releases(&cgroup_threadgroup_rwsem) { struct cgroup_subsys *ss; int ssid; + /* release reference from cgroup_procs_write_start() */ + put_task_struct(task); + percpu_up_write(&cgroup_threadgroup_rwsem); for_each_subsys(ss, ssid) if (ss->post_attach) @@ -3295,7 +3298,6 @@ static int cgroup_addrm_files(struct cgroup_subsys_state *css, static int cgroup_apply_cftypes(struct cftype *cfts, bool is_add) { - LIST_HEAD(pending); struct cgroup_subsys *ss = cfts[0].ss; struct cgroup *root = &ss->root->cgrp; struct cgroup_subsys_state *css; @@ -4060,7 +4062,7 @@ static ssize_t cgroup_procs_write(struct kernfs_open_file *of, ret = cgroup_attach_task(cgrp, task, true); out_finish: - cgroup_procs_write_finish(); + cgroup_procs_write_finish(task); out_unlock: cgroup_kn_unlock(of->kn); @@ -4130,7 +4132,7 @@ static ssize_t cgroup_threads_write(struct kernfs_open_file *of, ret = cgroup_attach_task(cgrp, task, false); out_finish: - cgroup_procs_write_finish(); + cgroup_procs_write_finish(task); out_unlock: cgroup_kn_unlock(of->kn); -- 1.8.3.1