Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 07cd1294 authored by Tejun Heo's avatar Tejun Heo
Browse files

cgroup: don't online subsystems before cgroup_name/path() are operational 



While refactoring cgroup creation, a5bca215 ("cgroup: factor out
cgroup_create() out of cgroup_mkdir()") incorrectly onlined subsystems
before the new cgroup is associated with it kernfs_node.  This is fine
for cgroup proper but cgroup_name/path() depend on the associated
kernfs_node and if a subsystem makes the new cgroup_subsys_state
visible, which they're allowed to after onlining, it can lead to NULL
dereference.

The current code performs cgroup creation and subsystem onlining in
cgroup_create() and cgroup_mkdir() makes the cgroup and subsystems
visible afterwards.  There's no reason to online the subsystems early
and we can simply drop cgroup_apply_control_enable() call from
cgroup_create() so that the subsystems are onlined and made visible at
the same time.

Signed-off-by: default avatarTejun Heo <tj@kernel.org>
Reported-by: default avatarKonstantin Khlebnikov <khlebnikov@yandex-team.ru>
Fixes: a5bca215 ("cgroup: factor out cgroup_create() out of cgroup_mkdir()") 
Cc: stable@vger.kernel.org # v4.6+
parent 7ce7d89f

kernel/cgroup.c

+5 −8
Original line number Diff line number Diff line
@@ -5221,6 +5221,11 @@ static struct cgroup_subsys_state *css_create(struct cgroup *cgrp, 
	return ERR_PTR(err);

}



/*

 * The returned cgroup is fully initialized including its control mask, but

 * it isn't associated with its kernfs_node and doesn't have the control

 * mask applied.

 */

static struct cgroup *cgroup_create(struct cgroup *parent)

{

	struct cgroup_root *root = parent->root;
@@ -5288,11 +5293,6 @@ static struct cgroup *cgroup_create(struct cgroup *parent) 


	cgroup_propagate_control(cgrp);



	/* @cgrp doesn't have dir yet so the following will only create csses */

	ret = cgroup_apply_control_enable(cgrp);

	if (ret)

		goto out_destroy;



	return cgrp;



out_cancel_ref:
@@ -5300,9 +5300,6 @@ static struct cgroup *cgroup_create(struct cgroup *parent) 
out_free_cgrp:

	kfree(cgrp);

	return ERR_PTR(ret);

out_destroy:

	cgroup_destroy_locked(cgrp);

	return ERR_PTR(ret);

}



static int cgroup_mkdir(struct kernfs_node *parent_kn, const char *name,