--- /dev/null
+From 8bb5ef79bc0f4016ecf79e8dce6096a3c63603e4 Mon Sep 17 00:00:00 2001
+From: Tejun Heo <tj@kernel.org>
+Date: Thu, 21 Jan 2016 15:32:15 -0500
+Subject: cgroup: make sure a parent css isn't freed before its children
+
+From: Tejun Heo <tj@kernel.org>
+
+commit 8bb5ef79bc0f4016ecf79e8dce6096a3c63603e4 upstream.
+
+There are three subsystem callbacks in css shutdown path -
+css_offline(), css_released() and css_free(). Except for
+css_released(), cgroup core didn't guarantee the order of invocation.
+css_offline() or css_free() could be called on a parent css before its
+children. This behavior is unexpected and led to bugs in cpu and
+memory controller.
+
+The previous patch updated ordering for css_offline() which fixes the
+cpu controller issue. While there currently isn't a known bug caused
+by misordering of css_free() invocations, let's fix it too for
+consistency.
+
+css_free() ordering can be trivially fixed by moving putting of the
+parent css below css_free() invocation.
+
+Signed-off-by: Tejun Heo <tj@kernel.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/cgroup.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+--- a/kernel/cgroup.c
++++ b/kernel/cgroup.c
+@@ -4692,14 +4692,15 @@ static void css_free_work_fn(struct work
+
+ if (ss) {
+ /* css free path */
++ struct cgroup_subsys_state *parent = css->parent;
+ int id = css->id;
+
+- if (css->parent)
+- css_put(css->parent);
+-
+ ss->css_free(css);
+ cgroup_idr_remove(&ss->css_idr, id);
+ cgroup_put(cgrp);
++
++ if (parent)
++ css_put(parent);
+ } else {
+ /* cgroup free path */
+ atomic_dec(&cgrp->root->nr_cgrps);
projects / thirdparty / kernel / stable-queue.git / commitdiff
