attach_task() is done under cgroup_mutex() but ->pre_destroy() callback in rmdir() isn't called under cgroup_mutex(). It's better to avoid attaching a task to a cgroup which is under pre_destroy(). Considering memcg, the attached task may increase resource usage after memcg's pre_destroy() confirms that memcg is empty. This is not good. Signed-off-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@xxxxxxxxxxxxxx> --- kernel/cgroup.c | 5 ++++- 1 files changed, 4 insertions(+), 1 deletions(-) diff --git a/kernel/cgroup.c b/kernel/cgroup.c index ad8eae5..7a3076b 100644 --- a/kernel/cgroup.c +++ b/kernel/cgroup.c @@ -1953,6 +1953,9 @@ int cgroup_attach_task(struct cgroup *cgrp, struct task_struct *tsk) if (cgrp == oldcgrp) return 0; + if (test_bit(CGRP_WAIT_ON_RMDIR, &cgrp->flags)) + return -EBUSY; + tset.single.task = tsk; tset.single.cgrp = oldcgrp; @@ -4181,7 +4184,6 @@ again: mutex_unlock(&cgroup_mutex); return -EBUSY; } - mutex_unlock(&cgroup_mutex); /* * In general, subsystem has no css->refcnt after pre_destroy(). But @@ -4193,6 +4195,7 @@ again: * and css_tryget() and cgroup_wakeup_rmdir_waiter() implementation. */ set_bit(CGRP_WAIT_ON_RMDIR, &cgrp->flags); + mutex_unlock(&cgroup_mutex); /* * Call pre_destroy handlers of subsys. Notify subsystems -- 1.7.4.1 -- To unsubscribe from this list: send the line "unsubscribe cgroups" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html