cgroup: set css->id to -1 during init
authorTejun Heo <tj@kernel.org>
Thu, 26 May 2016 19:42:13 +0000 (15:42 -0400)
committerTejun Heo <tj@kernel.org>
Thu, 16 Jun 2016 21:59:35 +0000 (17:59 -0400)
If percpu_ref initialization fails during css_create(), the free path
can end up trying to free css->id of zero.  As ID 0 is unused, it
doesn't cause a critical breakage but it does trigger a warning
message.  Fix it by setting css->id to -1 from init_and_link_css().

Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Wenwei Tao <ww.tao0320@gmail.com>
Fixes: 01e586598b22 ("cgroup: release css->id after css_free")
Cc: stable@vger.kernel.org # v4.0+
Signed-off-by: Tejun Heo <tj@kernel.org>
kernel/cgroup.c

index 789b84f973c92c62e7aeaca24ca31c65f2745bb7..688eb0cd18517d7af75d2048902d6cba59714d08 100644 (file)
@@ -5063,6 +5063,7 @@ static void init_and_link_css(struct cgroup_subsys_state *css,
        memset(css, 0, sizeof(*css));
        css->cgroup = cgrp;
        css->ss = ss;
+       css->id = -1;
        INIT_LIST_HEAD(&css->sibling);
        INIT_LIST_HEAD(&css->children);
        css->serial_nr = css_serial_nr_next++;