Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp5623896rwd; Mon, 5 Jun 2023 06:26:09 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4J2Eh9C8R6gZs2EbA7FtU5NuqR4z5ejmtrnUmXr7dWoKuCUocpe96m9zi1GoJhq6Dkg+UB X-Received: by 2002:a17:90b:1013:b0:258:7b3d:c2c7 with SMTP id gm19-20020a17090b101300b002587b3dc2c7mr2790072pjb.7.1685971569421; Mon, 05 Jun 2023 06:26:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685971569; cv=none; d=google.com; s=arc-20160816; b=LmsDR43hB72WjWYtAB+oa9HTXVfL1/QzMApAYd8WIH+NS+Aj9hyBBoS7eRFn2reWc+ WTJiqutZxZFbdf+kLJxX4Lsmd6p/KPlv+0yI2bWpNZiUYBnYrYmpechqdshraPn1C2TY +AxnsGxCJC8bEGPgU/kpkp5bm6p1WsPxkNeK2pRSJPr7sNJnswjq3oeV8DpsVoa/VC2H OktGEpxLj4kQNZkn0vJl/LjyH6C9B8dajjGoMYTWx16K3S9eOJrtoj0SLEuceNosH3BM fD/Egq7xZSexPFxizuAyd4bGOQionfYjdtS9coaEtSD5gN4DIbDZjHEJ3IlVnjK0TfMT H+lg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=PwnioUR0ZjoyRGzrp5k5mjXo7WPIskiZGVP9H/Ozl1w=; b=0W+k97kKA62dAoEJt9AQADyYTq9HgRmjJ+lyR4xJ3gpKvKBUXKhbll1RbZXJR/HOtp 72xQgQIFPyQ4xBgmtqEwDgqmLs9dm3sNv0UVWI3Kgkp3Wvp5AtqC8c5kx3pNVIvX2HTX NIBXZl/Kkb8kHZiT4UOQALOEhLcb3NrZGBof1Bk5bkSDmjC8//wSwdjMKw8JD2y+DCqs wqPdUgLe6A3ZYx3LTkU8CUOFVcJ3FPfVRTq1m9LKvSRGclA20UD5kYP9MPscTD+9i+ny HukUFTJ4ASN/QIq2ItSexlF7JzVjMAdtE0sNSj7gIiD2ZRA8YM7eCsbq7gg5F81kSmGF CewQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=ikWXlcNm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 22-20020a17090a035600b00253160141c7si7274456pjf.83.2023.06.05.06.25.54; Mon, 05 Jun 2023 06:26:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=ikWXlcNm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233290AbjFENFY (ORCPT + 99 others); Mon, 5 Jun 2023 09:05:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53238 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233966AbjFENE5 (ORCPT ); Mon, 5 Jun 2023 09:04:57 -0400 Received: from mail-pf1-x431.google.com (mail-pf1-x431.google.com [IPv6:2607:f8b0:4864:20::431]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C52D1CD; Mon, 5 Jun 2023 06:04:56 -0700 (PDT) Received: by mail-pf1-x431.google.com with SMTP id d2e1a72fcca58-655d1fc8ad8so827507b3a.1; Mon, 05 Jun 2023 06:04:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1685970296; x=1688562296; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=PwnioUR0ZjoyRGzrp5k5mjXo7WPIskiZGVP9H/Ozl1w=; b=ikWXlcNmcjTchboSGAIljatHvSG1Z4LVpxBFkZ9O1es07NKSLDjhDfsLYrkfj8J8re JLiOzSxDdNlnBMcKLYmB/eFroD/t8DpaSJZLaNskfnHACkfLND8sljVzpqiA3FtKk8Hf bl3rK/ew+hxR6lwA9ZX/w9ulk67kwP7kJZ0katk94Gpvw76pFfAoi7r6QuYK/3QqFFbD +TQ5MtVRhCOp47VRQeNhtXolsiEpyYmSczhBNeDAZh5T7LjPM1S21GZa9GtZRTVMjgeP 5WdqyznmnMtecDf/2/bMpuU9NUZKDFS1F1MIqN/S9qCaEkUnd/7tViMEV3qLUiR6vk4R 49KQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685970296; x=1688562296; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=PwnioUR0ZjoyRGzrp5k5mjXo7WPIskiZGVP9H/Ozl1w=; b=dQ2XCtinI+BmghI4xuYbqxXoa9naxvG7fvHyGG9A1dy9wM1Rx6Q8t/pxmdPWYGqPMH L0GYwjSBlxewz9kMSZ+CF2bbhWTfWKhGQSU5WdtpppHlT9PVj5vOwVPmPpjBW29Wq7Y8 vXRQv+P0rrHUFm2o/kA7/qIGJ9mlKAeGEjqTOUg6T5939JQR9HYnEhHYfKrQ4D/8D0nR fs3wimI5XO0GAfN0Ak7We36ugnWYI05w35KlTz2br7Tz7xvc4SDoMU8QAQjnXkGn3MtL eLySoN2Znt9h13TWLGiyhZtyhSErsj0AZZr3xKNgZNoOP48O8YOcnEAXQEhZvkJvLepN HWQw== X-Gm-Message-State: AC+VfDy3PQXncpcpxmaH5kaXut3IfGw6NPa8SRsoZxPXur3udoE5WtiO El+AZdjgKw8aEnfKy8zl6Gh1rfkZVhiepA== X-Received: by 2002:a05:6a20:1587:b0:115:e834:7bc1 with SMTP id h7-20020a056a20158700b00115e8347bc1mr1427573pzj.30.1685970295850; Mon, 05 Jun 2023 06:04:55 -0700 (PDT) Received: from localhost.localdomain ([162.219.34.248]) by smtp.gmail.com with ESMTPSA id j2-20020aa78d02000000b0065ebeb9bb23sm302300pfe.149.2023.06.05.06.04.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 05 Jun 2023 06:04:54 -0700 (PDT) From: Zou Cao X-Google-Original-From: Zou Cao To: linux-kernel@vger.kernel.org, tj@kernel.org Cc: cgroups@vger.kernel.org, lizefan.x@bytedance.com, hannes@cmpxchg.org, brauner@kernel.org, Zou Cao Subject: [PATCH] cgroup: fixed the cset refcnt leak when fork() failed Date: Mon, 5 Jun 2023 21:04:44 +0800 Message-Id: <20230605130444.1421-1-zoucao@kuaishou.com> X-Mailer: git-send-email 2.38.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org TeamID: B1486294 when fork, cset will be increased by commit "ef2c41cf38a7", the refcnt will be decrease by child exit, but when failed in fork(), this refcnt will be lost decrease in cgroup_cancel_fork as follow: copy_process | cgroup_can_fork // increase the css refcount ...... spin_lock_irq(&css_set_lock); cset = task_css_setcurrent); get_css_set(cset); spin_unlock_irq&css_set_lock); ...... | goto cgroup_cancel_fork // if failed in copy_process | cgroup_cancel_fork // lost the decrease refcount if flag not CLONE_INTO_CGROUP Fixes: ef2c41cf38a7 ("clone3: allow spawning processes into cgroups") Signed-off-by: Zou Cao --- kernel/cgroup/cgroup.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c index d18c2ef..5ecd706 100644 --- a/kernel/cgroup/cgroup.c +++ b/kernel/cgroup/cgroup.c @@ -6284,6 +6284,11 @@ void cgroup_cancel_fork(struct task_struct *child, if (ss->cancel_fork) ss->cancel_fork(child, kargs->cset); + if (!(kargs->flags & CLONE_INTO_CGROUP) && + kargs->cset) { + put_css_set(kargs->cset); + } + cgroup_css_set_put_fork(kargs); } -- 1.8.3.1