Commit 2019f634 authored by Lai Jiangshan's avatar Lai Jiangshan Committed by Linus Torvalds

cgroups: fix cgroup_iter_next() bug

We access res->cgroups without the task_lock(), so res->cgroups may be
changed.  it's unreliable, and "if (l == &res->cgroups->tasks)" may be
false forever.

We don't need add any lock for fixing this bug.  we just access to struct
css_set by struct cg_cgroup_link, not by struct task_struct.

Since we hold css_set_lock, struct cg_cgroup_link is reliable.
Signed-off-by: default avatarLai Jiangshan <laijs@cn.fujitsu.com>
Reviewed-by: default avatarPaul Menage <menage@google.com>
Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Cc: Pavel Emelyanov <xemul@openvz.org>
Cc: Balbir Singh <balbir@in.ibm.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent b12b533f
...@@ -1808,6 +1808,7 @@ struct task_struct *cgroup_iter_next(struct cgroup *cgrp, ...@@ -1808,6 +1808,7 @@ struct task_struct *cgroup_iter_next(struct cgroup *cgrp,
{ {
struct task_struct *res; struct task_struct *res;
struct list_head *l = it->task; struct list_head *l = it->task;
struct cg_cgroup_link *link;
/* If the iterator cg is NULL, we have no tasks */ /* If the iterator cg is NULL, we have no tasks */
if (!it->cg_link) if (!it->cg_link)
...@@ -1815,7 +1816,8 @@ struct task_struct *cgroup_iter_next(struct cgroup *cgrp, ...@@ -1815,7 +1816,8 @@ struct task_struct *cgroup_iter_next(struct cgroup *cgrp,
res = list_entry(l, struct task_struct, cg_list); res = list_entry(l, struct task_struct, cg_list);
/* Advance iterator to find next entry */ /* Advance iterator to find next entry */
l = l->next; l = l->next;
if (l == &res->cgroups->tasks) { link = list_entry(it->cg_link, struct cg_cgroup_link, cgrp_link_list);
if (l == &link->cg->tasks) {
/* We reached the end of this task list - move on to /* We reached the end of this task list - move on to
* the next cg_cgroup_link */ * the next cg_cgroup_link */
cgroup_advance_iter(cgrp, it); cgroup_advance_iter(cgrp, it);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment