cgroup: fix idr leak for the first cgroup root
authorJohannes Weiner <hannes@cmpxchg.org>
Tue, 26 Jul 2016 22:26:58 +0000 (15:26 -0700)
committerLinus Torvalds <torvalds@linux-foundation.org>
Tue, 26 Jul 2016 23:19:19 +0000 (16:19 -0700)
The valid cgroup hierarchy ID range includes 0, so we can't filter for
positive numbers when freeing it, or it'll leak the first ID.  No big
deal, just disruptive when reading the code.

The ID is freed during error handling and when the reference count hits
zero, so the double-free test is not necessary; remove it.

Link: http://lkml.kernel.org/r/20160617162359.GB19084@cmpxchg.org
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Cc: Vladimir Davydov <vdavydov@virtuozzo.com>
Cc: Tejun Heo <tj@kernel.org>
Cc: Nikolay Borisov <kernel@kyup.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
kernel/cgroup.c

index 75c0ff00aca60d298062755539e83cbfeaffaaf2..3108150e47b1a298d9660fd9ec4b3870d9b5ba1d 100644 (file)
@@ -1160,18 +1160,12 @@ static void cgroup_exit_root_id(struct cgroup_root *root)
 {
        lockdep_assert_held(&cgroup_mutex);
 
-       if (root->hierarchy_id) {
-               idr_remove(&cgroup_hierarchy_idr, root->hierarchy_id);
-               root->hierarchy_id = 0;
-       }
+       idr_remove(&cgroup_hierarchy_idr, root->hierarchy_id);
 }
 
 static void cgroup_free_root(struct cgroup_root *root)
 {
        if (root) {
-               /* hierarchy ID should already have been released */
-               WARN_ON_ONCE(root->hierarchy_id);
-
                idr_destroy(&root->cgroup_idr);
                kfree(root);
        }