cgroups: fix invalid cgrp->dentry before cgroup has been completely removed
authorLi Zefan <lizf@cn.fujitsu.com>
Thu, 6 Nov 2008 20:53:32 +0000 (12:53 -0800)
committerLinus Torvalds <torvalds@linux-foundation.org>
Thu, 6 Nov 2008 23:41:19 +0000 (15:41 -0800)
commit24eb089950ce44603b30a3145a2c8520e2b55bb1
tree3cccd3e15589c693c8c4e6484a938d2343ef1abc
parentb41ad14c30acf023d09ac064096a4cf41248ce46
cgroups: fix invalid cgrp->dentry before cgroup has been completely removed

This fixes an oops when reading /proc/sched_debug.

A cgroup won't be removed completely until finishing cgroup_diput(), so we
shouldn't invalidate cgrp->dentry in cgroup_rmdir().  Otherwise, when a
group is being removed while cgroup_path() gets called, we may trigger
NULL dereference BUG.

The bug can be reproduced:

 # cat test.sh
 #!/bin/sh
 mount -t cgroup -o cpu xxx /mnt
 for (( ; ; ))
 {
mkdir /mnt/sub
rmdir /mnt/sub
 }
 # ./test.sh &
 # cat /proc/sched_debug

BUG: unable to handle kernel NULL pointer dereference at 00000038
IP: [<c045a47f>] cgroup_path+0x39/0x90
...
Call Trace:
 [<c0420344>] ? print_cfs_rq+0x6e/0x75d
 [<c0421160>] ? sched_debug_show+0x72d/0xc1e
...

Signed-off-by: Li Zefan <lizf@cn.fujitsu.com>
Acked-by: Paul Menage <menage@google.com>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: <stable@kernel.org> [2.6.26.x, 2.6.27.x]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
kernel/cgroup.c