Unverified Commit fc143182 authored Jul 05, 2023 by openeuler-ci-bot Committed by Gitee Jul 05, 2023

!1280 cgroup: always put cset in cgroup_css_set_put_fork

Merge Pull Request from: @wufan618223 
 
    A successful call to cgroup_css_set_fork() will always have taken
    a ref on kargs->cset (regardless of CLONE_INTO_CGROUP), so always
    do a corresponding put in cgroup_css_set_put_fork().

    Without this, a cset and its contained css structures will be
    leaked for some fork failures.  The following script reproduces
    the leak for a fork failure due to exceeding pids.max in the
    pids controller.  A similar thing can happen if we jump to the
    bad_fork_cancel_cgroup label in copy_process().

    [ -z "$1" ] && echo "Usage $0 pids-root" && exit 1
    PID_ROOT=$1
    CGROUP=$PID_ROOT/foo

    [ -e $CGROUP ] && rmdir -f $CGROUP
    mkdir $CGROUP
    echo 5 > $CGROUP/pids.max
    echo $$ > $CGROUP/cgroup.procs

    fork_bomb()
    {
            set -e
            for i in $(seq 10); do
                    /bin/sleep 3600 &
            done
    }

    (fork_bomb) &
    wait
    echo $$ > $PID_ROOT/cgroup.procs
    kill $(cat $CGROUP/cgroup.procs)
    rmdir $CGROUP 
 
Link:https://gitee.com/openeuler/kernel/pulls/1280

 

Reviewed-by: Jialin Zhang <zhangjialin11@huawei.com>
Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>

parents 6b915ed3 446b1c7a

kernel/cgroup/cgroup.c

+8 −9

Original line number	Diff line number	Diff line
		@@ -6334,19 +6334,18 @@ static int cgroup_css_set_fork(struct kernel_clone_args *kargs)
		static void cgroup_css_set_put_fork(struct kernel_clone_args *kargs)
		__releases(&cgroup_threadgroup_rwsem) __releases(&cgroup_mutex)
		{
		cgroup_threadgroup_change_end(current);

		if (kargs->flags & CLONE_INTO_CGROUP) {
		struct cgroup *cgrp = kargs->cgrp;
		struct css_set *cset = kargs->cset;

		mutex_unlock(&cgroup_mutex);
		cgroup_threadgroup_change_end(current);

		if (cset) {
		put_css_set(cset);
		kargs->cset = NULL;
		}

		if (kargs->flags & CLONE_INTO_CGROUP) {
		mutex_unlock(&cgroup_mutex);
		if (cgrp) {
		cgroup_put(cgrp);
		kargs->cgrp = NULL;