• Li Zefan's avatar
    cgroups: fix invalid cgrp->dentry before cgroup has been completely removed · 24eb0899
    Li Zefan authored
    This fixes an oops when reading /proc/sched_debug.
    
    A cgroup won't be removed completely until finishing cgroup_diput(), so we
    shouldn't invalidate cgrp->dentry in cgroup_rmdir().  Otherwise, when a
    group is being removed while cgroup_path() gets called, we may trigger
    NULL dereference BUG.
    
    The bug can be reproduced:
    
     # cat test.sh
     #!/bin/sh
     mount -t cgroup -o cpu xxx /mnt
     for (( ; ; ))
     {
    	mkdir /mnt/sub
    	rmdir /mnt/sub
     }
     # ./test.sh &
     # cat /proc/sched_debug
    
    BUG: unable to handle kernel NULL pointer dereference at 00000038
    IP: [<c045a47f>] cgroup_path+0x39/0x90
    ...
    Call Trace:
     [<c0420344>] ? print_cfs_rq+0x6e/0x75d
     [<c0421160>] ? sched_debug_show+0x72d/0xc1e
    ...
    Signed-off-by: default avatarLi Zefan <lizf@cn.fujitsu.com>
    Acked-by: default avatarPaul Menage <menage@google.com>
    Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
    Cc: Ingo Molnar <mingo@elte.hu>
    Cc: <stable@kernel.org>		[2.6.26.x, 2.6.27.x]
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    24eb0899
cgroup.c 82.7 KB