Merge branch 'for-4.15-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup

Pull cgroup fixes from Tejun Heo:
 "This contains fixes for the following two non-trivial issues:

   - The task iterator got broken while adding thread mode support for
     v4.14. It was less visible because it only triggers when both
     cgroup1 and cgroup2 hierarchies are in use. The recent versions of
     systemd uses cgroup2 for process management even when cgroup1 is
     used for resource control exposing this issue.

   - cpuset CPU hotplug path could deadlock when racing against exits.

  There also are two patches to replace unlimited strcpy() usages with
  strlcpy()"

* 'for-4.15-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup:
  cgroup: fix css_task_iter crash on CSS_TASK_ITER_PROC
  cgroup: Fix deadlock in cpu hotplug path
  cgroup: use strlcpy() instead of strscpy() to avoid spurious warning
  cgroup: avoid copying strings longer than the buffers
This commit is contained in:
Linus Torvalds 2018-01-08 11:13:08 -08:00
commit 29f7e49941
2 changed files with 14 additions and 12 deletions

View File

@ -123,7 +123,11 @@ int cgroup_transfer_tasks(struct cgroup *to, struct cgroup *from)
*/ */
do { do {
css_task_iter_start(&from->self, 0, &it); css_task_iter_start(&from->self, 0, &it);
task = css_task_iter_next(&it);
do {
task = css_task_iter_next(&it);
} while (task && (task->flags & PF_EXITING));
if (task) if (task)
get_task_struct(task); get_task_struct(task);
css_task_iter_end(&it); css_task_iter_end(&it);

View File

@ -1397,7 +1397,7 @@ static char *cgroup_file_name(struct cgroup *cgrp, const struct cftype *cft,
cgroup_on_dfl(cgrp) ? ss->name : ss->legacy_name, cgroup_on_dfl(cgrp) ? ss->name : ss->legacy_name,
cft->name); cft->name);
else else
strncpy(buf, cft->name, CGROUP_FILE_NAME_MAX); strlcpy(buf, cft->name, CGROUP_FILE_NAME_MAX);
return buf; return buf;
} }
@ -1864,9 +1864,9 @@ void init_cgroup_root(struct cgroup_root *root, struct cgroup_sb_opts *opts)
root->flags = opts->flags; root->flags = opts->flags;
if (opts->release_agent) if (opts->release_agent)
strcpy(root->release_agent_path, opts->release_agent); strlcpy(root->release_agent_path, opts->release_agent, PATH_MAX);
if (opts->name) if (opts->name)
strcpy(root->name, opts->name); strlcpy(root->name, opts->name, MAX_CGROUP_ROOT_NAMELEN);
if (opts->cpuset_clone_children) if (opts->cpuset_clone_children)
set_bit(CGRP_CPUSET_CLONE_CHILDREN, &root->cgrp.flags); set_bit(CGRP_CPUSET_CLONE_CHILDREN, &root->cgrp.flags);
} }
@ -4125,26 +4125,24 @@ static void css_task_iter_advance_css_set(struct css_task_iter *it)
static void css_task_iter_advance(struct css_task_iter *it) static void css_task_iter_advance(struct css_task_iter *it)
{ {
struct list_head *l = it->task_pos; struct list_head *next;
lockdep_assert_held(&css_set_lock); lockdep_assert_held(&css_set_lock);
WARN_ON_ONCE(!l);
repeat: repeat:
/* /*
* Advance iterator to find next entry. cset->tasks is consumed * Advance iterator to find next entry. cset->tasks is consumed
* first and then ->mg_tasks. After ->mg_tasks, we move onto the * first and then ->mg_tasks. After ->mg_tasks, we move onto the
* next cset. * next cset.
*/ */
l = l->next; next = it->task_pos->next;
if (l == it->tasks_head) if (next == it->tasks_head)
l = it->mg_tasks_head->next; next = it->mg_tasks_head->next;
if (l == it->mg_tasks_head) if (next == it->mg_tasks_head)
css_task_iter_advance_css_set(it); css_task_iter_advance_css_set(it);
else else
it->task_pos = l; it->task_pos = next;
/* if PROCS, skip over tasks which aren't group leaders */ /* if PROCS, skip over tasks which aren't group leaders */
if ((it->flags & CSS_TASK_ITER_PROCS) && it->task_pos && if ((it->flags & CSS_TASK_ITER_PROCS) && it->task_pos &&