diff options
author | Oleg Nesterov <oleg@redhat.com> | 2015-11-27 19:57:19 +0100 |
---|---|---|
committer | Tejun Heo <tj@kernel.org> | 2015-11-30 15:48:18 +0100 |
commit | c9e75f0492b248aeaa7af8991a6fc9a21506bc96 (patch) | |
tree | 65b6a47aabaa91a19d1f0c01a613d73ab3cecee3 /kernel/cgroup_pids.c | |
parent | cgroup: make css_set pin its css's to avoid use-afer-free (diff) | |
download | linux-c9e75f0492b248aeaa7af8991a6fc9a21506bc96.tar.xz linux-c9e75f0492b248aeaa7af8991a6fc9a21506bc96.zip |
cgroup: pids: fix race between cgroup_post_fork() and cgroup_migrate()
If the new child migrates to another cgroup before cgroup_post_fork() calls
subsys->fork(), then both pids_can_attach() and pids_fork() will do the same
pids_uncharge(old_pids) + pids_charge(pids) sequence twice.
Change copy_process() to call threadgroup_change_begin/threadgroup_change_end
unconditionally. percpu_down_read() is cheap and this allows other cleanups,
see the next changes.
Also, this way we can unify cgroup_threadgroup_rwsem and dup_mmap_sem.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: Zefan Li <lizefan@huawei.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Diffstat (limited to 'kernel/cgroup_pids.c')
-rw-r--r-- | kernel/cgroup_pids.c | 21 |
1 files changed, 2 insertions, 19 deletions
diff --git a/kernel/cgroup_pids.c b/kernel/cgroup_pids.c index cdd8df4e991c..15ef2e46c396 100644 --- a/kernel/cgroup_pids.c +++ b/kernel/cgroup_pids.c @@ -243,27 +243,10 @@ static void pids_cancel_fork(struct task_struct *task, void *priv) static void pids_fork(struct task_struct *task, void *priv) { - struct cgroup_subsys_state *css; - struct cgroup_subsys_state *old_css = priv; - struct pids_cgroup *pids; - struct pids_cgroup *old_pids = css_pids(old_css); - - css = task_get_css(task, pids_cgrp_id); - pids = css_pids(css); - - /* - * If the association has changed, we have to revert and reapply the - * charge/uncharge on the wrong hierarchy to the current one. Since - * the association can only change due to an organisation event, its - * okay for us to ignore the limit in this case. - */ - if (pids != old_pids) { - pids_uncharge(old_pids, 1); - pids_charge(pids, 1); - } + struct cgroup_subsys_state *css = priv; + WARN_ON(task_css_check(task, pids_cgrp_id, true) != css); css_put(css); - css_put(old_css); } static void pids_free(struct task_struct *task) |