diff options
| author | Oleg Nesterov <oleg@redhat.com> | 2015-11-27 19:57:19 +0100 |
|---|---|---|
| committer | Alex Shi <alex.shi@linaro.org> | 2016-06-08 11:09:32 +0800 |
| commit | 71050563ace9e21f95f1336a797c1d1ee84d3fd6 (patch) | |
| tree | 1ffd16a75996a54c5d7d47fd8538fbb4724d0600 | |
| parent | cf362a8f67f1de962750398796f8ddc22896be04 (diff) | |
cgroup: pids: fix race between cgroup_post_fork() and cgroup_migrate()
If the new child migrates to another cgroup before cgroup_post_fork() calls
subsys->fork(), then both pids_can_attach() and pids_fork() will do the same
pids_uncharge(old_pids) + pids_charge(pids) sequence twice.
Change copy_process() to call threadgroup_change_begin/threadgroup_change_end
unconditionally. percpu_down_read() is cheap and this allows other cleanups,
see the next changes.
Also, this way we can unify cgroup_threadgroup_rwsem and dup_mmap_sem.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: Zefan Li <lizefan@huawei.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
(cherry picked from commit c9e75f0492b248aeaa7af8991a6fc9a21506bc96)
Signed-off-by: Alex Shi <alex.shi@linaro.org>
| -rw-r--r-- | kernel/cgroup_pids.c | 21 | ||||
| -rw-r--r-- | kernel/fork.c | 9 |
2 files changed, 5 insertions, 25 deletions
diff --git a/kernel/cgroup_pids.c b/kernel/cgroup_pids.c index cdd8df4e991c..15ef2e46c396 100644 --- a/kernel/cgroup_pids.c +++ b/kernel/cgroup_pids.c @@ -243,27 +243,10 @@ static void pids_cancel_fork(struct task_struct *task, void *priv) static void pids_fork(struct task_struct *task, void *priv) { - struct cgroup_subsys_state *css; - struct cgroup_subsys_state *old_css = priv; - struct pids_cgroup *pids; - struct pids_cgroup *old_pids = css_pids(old_css); - - css = task_get_css(task, pids_cgrp_id); - pids = css_pids(css); - - /* - * If the association has changed, we have to revert and reapply the - * charge/uncharge on the wrong hierarchy to the current one. Since - * the association can only change due to an organisation event, its - * okay for us to ignore the limit in this case. - */ - if (pids != old_pids) { - pids_uncharge(old_pids, 1); - pids_charge(pids, 1); - } + struct cgroup_subsys_state *css = priv; + WARN_ON(task_css_check(task, pids_cgrp_id, true) != css); css_put(css); - css_put(old_css); } static void pids_free(struct task_struct *task) diff --git a/kernel/fork.c b/kernel/fork.c index 35e7358792c8..13d44d0ccd89 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -1363,8 +1363,7 @@ static struct task_struct *copy_process(unsigned long clone_flags, p->real_start_time = ktime_get_boot_ns(); p->io_context = NULL; p->audit_context = NULL; - if (clone_flags & CLONE_THREAD) - threadgroup_change_begin(current); + threadgroup_change_begin(current); cgroup_fork(p); #ifdef CONFIG_NUMA p->mempolicy = mpol_dup(p->mempolicy); @@ -1602,8 +1601,7 @@ static struct task_struct *copy_process(unsigned long clone_flags, proc_fork_connector(p); cgroup_post_fork(p, cgrp_ss_priv); - if (clone_flags & CLONE_THREAD) - threadgroup_change_end(current); + threadgroup_change_end(current); perf_event_fork(p); trace_task_newtask(p, clone_flags); @@ -1644,8 +1642,7 @@ bad_fork_cleanup_policy: mpol_put(p->mempolicy); bad_fork_cleanup_threadgroup_lock: #endif - if (clone_flags & CLONE_THREAD) - threadgroup_change_end(current); + threadgroup_change_end(current); delayacct_tsk_free(p); bad_fork_cleanup_count: atomic_dec(&p->cred->user->processes); |