From: Simon Wilson <simonwilson@google.com>
Date: Sat, 8 Jan 2011 02:46:34 +0000 (-0800)
Subject: cgroup: leave cg_list valid upon cgroup_exit
X-Git-Tag: firefly_0821_release~9833^2~5^2~42
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=78d2a8274115727ab3864584abee09d3021de9c6;p=firefly-linux-kernel-4.4.55.git

cgroup: leave cg_list valid upon cgroup_exit

A thread/process in cgroup_attach_task() could have called
list_del(&tsk->cg_list) after cgroup_exit() had already called
list_del() on the same list. Since it only checked for
!list_empty(&tsk->cg_list) before doing this, the list_del()
call would thus be made twice.

The solution is to leave tsk->cg_list in a valid state in
cgroup_exit() with list_del_init(&tsk->cg_list), which leaves
an empty list.

Change-Id: I4e7c1d0665fced629f5ca033c18dd98afe080e0c
Signed-off-by: Simon Wilson <simonwilson@google.com>
---

diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index 3f1552c7ee11..cc2a04ed3cc5 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -4177,7 +4177,7 @@ void cgroup_exit(struct task_struct *tsk, int run_callbacks)
 	if (!list_empty(&tsk->cg_list)) {
 		write_lock(&css_set_lock);
 		if (!list_empty(&tsk->cg_list))
-			list_del(&tsk->cg_list);
+			list_del_init(&tsk->cg_list);
 		write_unlock(&css_set_lock);
 	}