This is a note to let you know that I've just added the patch titled
cgroup: fix cgroup_subsys_state leak for seq_files
to the 3.12-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
cgroup-fix-cgroup_subsys_state-leak-for-seq_files.patch
and it can be found in the queue-3.12 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From e605b36575e896edd8161534550c9ea021b03bc0 Mon Sep 17 00:00:00 2001
From: Tejun Heo <tj@xxxxxxxxxx>
Date: Wed, 27 Nov 2013 18:16:21 -0500
Subject: cgroup: fix cgroup_subsys_state leak for seq_files
From: Tejun Heo <tj@xxxxxxxxxx>
commit e605b36575e896edd8161534550c9ea021b03bc0 upstream.
If a cgroup file implements either read_map() or read_seq_string(),
such file is served using seq_file by overriding file->f_op to
cgroup_seqfile_operations, which also overrides the release method to
single_release() from cgroup_file_release().
Because cgroup_file_open() didn't use to acquire any resources, this
used to be fine, but since f7d58818ba42 ("cgroup: pin
cgroup_subsys_state when opening a cgroupfs file"), cgroup_file_open()
pins the css (cgroup_subsys_state) which is put by
cgroup_file_release(). The patch forgot to update the release path
for seq_files and each open/release cycle leaks a css reference.
Fix it by updating cgroup_file_release() to also handle seq_files and
using it for seq_file release path too.
Signed-off-by: Tejun Heo <tj@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
kernel/cgroup.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -231,6 +231,7 @@ static void cgroup_destroy_css_killed(st
static int cgroup_destroy_locked(struct cgroup *cgrp);
static int cgroup_addrm_files(struct cgroup *cgrp, struct cftype cfts[],
bool is_add);
+static int cgroup_file_release(struct inode *inode, struct file *file);
/**
* cgroup_css - obtain a cgroup's css for the specified subsystem
@@ -2471,7 +2472,7 @@ static const struct file_operations cgro
.read = seq_read,
.write = cgroup_file_write,
.llseek = seq_lseek,
- .release = single_release,
+ .release = cgroup_file_release,
};
static int cgroup_file_open(struct inode *inode, struct file *file)
@@ -2532,6 +2533,8 @@ static int cgroup_file_release(struct in
ret = cft->release(inode, file);
if (css->ss)
css_put(css);
+ if (file->f_op == &cgroup_seqfile_operations)
+ single_release(inode, file);
return ret;
}
Patches currently in stable-queue which might be from tj@xxxxxxxxxx are
queue-3.12/drivers-libata-set-max-sector-to-65535-for-slimtype-dvd-a-ds8a9sh-drive.patch
queue-3.12/cgroup-fix-cgroup_subsys_state-leak-for-seq_files.patch
queue-3.12/cpuset-fix-memory-allocator-deadlock.patch
queue-3.12/workqueue-fix-ordered-workqueues-in-numa-setups.patch
queue-3.12/cgroup-use-a-dedicated-workqueue-for-cgroup-destruction.patch
queue-3.12/ahci-add-marvell-9230-to-the-ahci-pci-device-list.patch
queue-3.12/ahci-disabled-fbs-prior-to-issuing-software-reset.patch
queue-3.12/ahci-add-device-ids-for-intel-wildcat-point-lp.patch
queue-3.12/blk-core-fix-memory-corruption-if-blkcg_init_queue-fails.patch
queue-3.12/libata-fix-display-of-sata-speed.patch
queue-3.12/ahci-add-support-for-ibm-akebono-platform-device.patch
queue-3.12/loop-fix-crash-if-blk_alloc_queue-fails.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html