Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753498AbdFLRS2 (ORCPT ); Mon, 12 Jun 2017 13:18:28 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:40200 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752959AbdFLPai (ORCPT ); Mon, 12 Jun 2017 11:30:38 -0400 From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Waiman Long , Tejun Heo Subject: [PATCH 4.11 096/150] cgroup: Prevent kill_css() from being called more than once Date: Mon, 12 Jun 2017 17:25:03 +0200 Message-Id: <20170612152523.492136979@linuxfoundation.org> X-Mailer: git-send-email 2.13.1 In-Reply-To: <20170612152519.404936272@linuxfoundation.org> References: <20170612152519.404936272@linuxfoundation.org> User-Agent: quilt/0.65 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1447 Lines: 47 4.11-stable review patch. If anyone has any objections, please let me know. ------------------ From: Waiman Long commit 33c35aa4817864e056fd772230b0c6b552e36ea2 upstream. The kill_css() function may be called more than once under the condition that the css was killed but not physically removed yet followed by the removal of the cgroup that is hosting the css. This patch prevents any harmm from being done when that happens. Signed-off-by: Waiman Long Signed-off-by: Tejun Heo Signed-off-by: Greg Kroah-Hartman --- include/linux/cgroup-defs.h | 1 + kernel/cgroup/cgroup.c | 5 +++++ 2 files changed, 6 insertions(+) --- a/include/linux/cgroup-defs.h +++ b/include/linux/cgroup-defs.h @@ -47,6 +47,7 @@ enum { CSS_ONLINE = (1 << 1), /* between ->css_online() and ->css_offline() */ CSS_RELEASED = (1 << 2), /* refcnt reached zero, released */ CSS_VISIBLE = (1 << 3), /* css is visible to userland */ + CSS_DYING = (1 << 4), /* css is dying */ }; /* bits in struct cgroup flags field */ --- a/kernel/cgroup/cgroup.c +++ b/kernel/cgroup/cgroup.c @@ -4265,6 +4265,11 @@ static void kill_css(struct cgroup_subsy { lockdep_assert_held(&cgroup_mutex); + if (css->flags & CSS_DYING) + return; + + css->flags |= CSS_DYING; + /* * This must happen before css is disassociated with its cgroup. * See seq_css() for details.