Received: by 2002:a25:b794:0:0:0:0:0 with SMTP id n20csp7230813ybh; Thu, 8 Aug 2019 12:11:35 -0700 (PDT) X-Google-Smtp-Source: APXvYqzneQPWAzikc+GsZVnAePY/mLSRwguKtN9ct02qk+A6jHSwT5YoMa9pzfwssfeYHk7TgE6M X-Received: by 2002:a63:6f81:: with SMTP id k123mr14405916pgc.12.1565291495178; Thu, 08 Aug 2019 12:11:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1565291495; cv=none; d=google.com; s=arc-20160816; b=EOXUmNDZ2TgJ4S1uNHXFsnPOd1xXFucmSJF5GOQbFLVQWaFcGdtsx3HA8ljaqaNsr8 5YEY7LwwloEcAVUqkXuP/kofhDr9ERt1WzLWKahvIEZ+hfJ+RXPD0YicKvYX6UpKSvY3 ZbYIh/0n85E4myyEKiCCqtOGF3OlQL3uD1bOYxiMhx4NYEjnKdSohlarbeWpeRm3wfDN ajv4E/Hyh1oSFEOxXIaH6yB+rsAmD2Gxy5VHdURqZJEvqXHaq4UIJrcSQpJ0GkCvGjEC OnN3j5T7ieMefwvZhEsF/l7aWImfCO4FqOwqqdo97dcjU0Mfz7y5zlvec4glvo6dSv+E AyVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=VtBQwAq6wfLQEbtEuGWPg0utxp3Ke2WG60AybKUBzC8=; b=qI6vNFzmrZ2BIScseY4SHIg9FpwxtewtJ5S02L5mBuicsl8UU4b/mv/bjZdGcsR/rj HlaNssGwaD7zlQdiVUiKKW+SD7dkchpHrzMzIbHBYWRKYJu1D2jfNm0Jx9tfwPXelCrd jC3ld7AhKTKITtLNtW4u4DviMEtOLVxdvT656mkxk3xYF5xuNvCYb6hhe84XHNnk+/6I qr0MFIRlNlxTdUwAXTS2uVOLbHcNbe1qVhxGo+7juQ3bA8q2hMQcqwUPiLoV2jQfiYau 7FQapVjPi3AVFNTOY35rILJTNFjp1tLtBXFjTrqiqUImrgiUXxWRERVsCp5GJiJhcAEs T9Yw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=DBi9xgWq; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n184si24886002pgn.399.2019.08.08.12.11.20; Thu, 08 Aug 2019 12:11:35 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=DBi9xgWq; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404566AbfHHTJ6 (ORCPT + 99 others); Thu, 8 Aug 2019 15:09:58 -0400 Received: from mail.kernel.org ([198.145.29.99]:44294 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2405198AbfHHTJ4 (ORCPT ); Thu, 8 Aug 2019 15:09:56 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 61C8E2173E; Thu, 8 Aug 2019 19:09:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1565291395; bh=lTIh+rR60xSDF5NEuETvZM/WBWtqBmp3S+sEd4l2e7Q=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=DBi9xgWq00t49pJkekcleGBi4Z8GxxueZ3s4vHjgypfHL6CeXAqTR1hfZVReCdEkL oY8SDGgLdv5KUXhUWUpvOIHIwTC3UIlsEAPkbCI/gU+u6H+hI7L3eY2E+wiIg1x1EZ 1DzvNF4jroWu6ITWPkrob6waupG7cZ7RNlU1UgvM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Tejun Heo Subject: [PATCH 4.19 43/45] cgroup: css_task_iter_skip()d iterators must be advanced before accessed Date: Thu, 8 Aug 2019 21:05:29 +0200 Message-Id: <20190808190456.328123880@linuxfoundation.org> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20190808190453.827571908@linuxfoundation.org> References: <20190808190453.827571908@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Tejun Heo commit cee0c33c546a93957a52ae9ab6bebadbee765ec5 upstream. b636fd38dc40 ("cgroup: Implement css_task_iter_skip()") introduced css_task_iter_skip() which is used to fix task iterations skipping dying threadgroup leaders with live threads. Skipping is implemented as a subportion of full advancing but css_task_iter_next() forgot to fully advance a skipped iterator before determining the next task to visit causing it to return invalid task pointers. Fix it by making css_task_iter_next() fully advance the iterator if it has been skipped since the previous iteration. Signed-off-by: Tejun Heo Reported-by: syzbot Link: http://lkml.kernel.org/r/00000000000097025d058a7fd785@google.com Fixes: b636fd38dc40 ("cgroup: Implement css_task_iter_skip()") Signed-off-by: Greg Kroah-Hartman --- kernel/cgroup/cgroup.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/kernel/cgroup/cgroup.c +++ b/kernel/cgroup/cgroup.c @@ -4303,6 +4303,10 @@ struct task_struct *css_task_iter_next(s spin_lock_irq(&css_set_lock); + /* @it may be half-advanced by skips, finish advancing */ + if (it->flags & CSS_TASK_ITER_SKIPPED) + css_task_iter_advance(it); + if (it->task_pos) { it->cur_task = list_entry(it->task_pos, struct task_struct, cg_list);