cgroup: leave cg_list valid upon cgroup_exit

A thread/process in cgroup_attach_task() could have called
list_del(&tsk->cg_list) after cgroup_exit() had already called
list_del() on the same list. Since it only checked for
!list_empty(&tsk->cg_list) before doing this, the list_del()
call would thus be made twice.

The solution is to leave tsk->cg_list in a valid state in
cgroup_exit() with list_del_init(&tsk->cg_list), which leaves
an empty list.

Change-Id: I4e7c1d0665fced629f5ca033c18dd98afe080e0c
Signed-off-by: Simon Wilson <simonwilson@google.com>

diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index 3f1552c7ee1180b19e4c3b922eaec31df361cf77..cc2a04ed3cc5d85b295ea5592fc7c96aff8583e1 100644 (file)
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -4177,7 +4177,7 @@ void cgroup_exit(struct task_struct *tsk, int run_callbacks)
        if (!list_empty(&tsk->cg_list)) {
                write_lock(&css_set_lock);
                if (!list_empty(&tsk->cg_list))
-                       list_del(&tsk->cg_list);
+                       list_del_init(&tsk->cg_list);
                write_unlock(&css_set_lock);
        }