• Lai Jiangshan's avatar
    cgroups: fix probable race with put_css_set[_taskexit] and find_css_set · 146aa1bd
    Lai Jiangshan authored
    put_css_set_taskexit may be called when find_css_set is called on other
    cpu.  And the race will occur:
    
    put_css_set_taskexit side                    find_css_set side
    
                                            |
    atomic_dec_and_test(&kref->refcount)    |
        /* kref->refcount = 0 */            |
    ....................................................................
                                            |  read_lock(&css_set_lock)
                                            |  find_existing_css_set
                                            |  get_css_set
                                            |  read_unlock(&css_set_lock);
    ....................................................................
    __release_css_set                       |
    ....................................................................
                                            | /* use a released css_set */
                                            |
    
    [put_css_set is the same. But in the current code, all put_css_set are
    put into cgroup mutex critical region as the same as find_css_set.]
    
    [akpm@linux-foundation.org: repair comments]
    [menage@google.com: eliminate race in css_set refcounting]
    Signed-off-by: default avatarLai Jiangshan <laijs@cn.fujitsu.com>
    Cc: Balbir Singh <balbir@in.ibm.com>
    Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
    Signed-off-by: default avatarPaul Menage <menage@google.com>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    146aa1bd
cgroup.c 81.7 KB