From: KAMEZAWA Hiroyuki Date: Thu, 1 Oct 2009 22:44:09 +0000 (-0700) Subject: cgroup: catch bad css refcnt at css_put X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=3dece8347df6a16239fab10dadb370854f1c969c;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git cgroup: catch bad css refcnt at css_put __css_put() doesn't check a bug as refcnt goes to minus. I think it should be caught. This patch adds a check for it. Signed-off-by: KAMEZAWA Hiroyuki Cc: Paul Menage Cc: Li Zefan Cc: Balbir Singh Cc: Daisuke Nishimura Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/kernel/cgroup.c b/kernel/cgroup.c index d2b88596efde..ca83b73fba19 100644 --- a/kernel/cgroup.c +++ b/kernel/cgroup.c @@ -3708,8 +3708,10 @@ static void check_for_release(struct cgroup *cgrp) void __css_put(struct cgroup_subsys_state *css) { struct cgroup *cgrp = css->cgroup; + int val; rcu_read_lock(); - if (atomic_dec_return(&css->refcnt) == 1) { + val = atomic_dec_return(&css->refcnt); + if (val == 1) { if (notify_on_release(cgrp)) { set_bit(CGRP_RELEASABLE, &cgrp->flags); check_for_release(cgrp); @@ -3717,6 +3719,7 @@ void __css_put(struct cgroup_subsys_state *css) cgroup_wakeup_rmdir_waiter(cgrp); } rcu_read_unlock(); + WARN_ON_ONCE(val < 1); } /*