From f284a5583a01cbb255180ec3e419d262bc0b7649 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 18 Apr 2017 12:39:22 +0200
Subject: [PATCH] 3.18-stable patches

added patches:
	cgroup-avoid-attaching-a-cgroup-root-to-two-different-superblocks.patch
---
 ...up-root-to-two-different-superblocks.patch | 92 +++++++++++++++++++
 queue-3.18/series                             |  1 +
 queue-4.10/series                             |  2 +
 queue-4.4/series                              |  2 +
 queue-4.9/series                              |  2 +
 5 files changed, 99 insertions(+)
 create mode 100644 queue-3.18/cgroup-avoid-attaching-a-cgroup-root-to-two-different-superblocks.patch
 create mode 100644 queue-3.18/series
 create mode 100644 queue-4.10/series
 create mode 100644 queue-4.4/series
 create mode 100644 queue-4.9/series

diff --git a/queue-3.18/cgroup-avoid-attaching-a-cgroup-root-to-two-different-superblocks.patch b/queue-3.18/cgroup-avoid-attaching-a-cgroup-root-to-two-different-superblocks.patch
new file mode 100644
index 00000000000..0e943afbce6
--- /dev/null
+++ b/queue-3.18/cgroup-avoid-attaching-a-cgroup-root-to-two-different-superblocks.patch
@@ -0,0 +1,92 @@
+From bfb0b80db5f9dca5ac0a5fd0edb765ee555e5a8e Mon Sep 17 00:00:00 2001
+From: Zefan Li <lizefan@huawei.com>
+Date: Fri, 7 Apr 2017 16:51:55 +0800
+Subject: cgroup: avoid attaching a cgroup root to two different superblocks
+
+From: Zefan Li <lizefan@huawei.com>
+
+commit bfb0b80db5f9dca5ac0a5fd0edb765ee555e5a8e upstream.
+
+Run this:
+
+    touch file0
+    for ((; ;))
+    {
+        mount -t cpuset xxx file0
+    }
+
+And this concurrently:
+
+    touch file1
+    for ((; ;))
+    {
+        mount -t cpuset xxx file1
+    }
+
+We'll trigger a warning like this:
+
+ ------------[ cut here ]------------
+ WARNING: CPU: 1 PID: 4675 at lib/percpu-refcount.c:317 percpu_ref_kill_and_confirm+0x92/0xb0
+ percpu_ref_kill_and_confirm called more than once on css_release!
+ CPU: 1 PID: 4675 Comm: mount Not tainted 4.11.0-rc5+ #5
+ Hardware name: Bochs Bochs, BIOS Bochs 01/01/2007
+ Call Trace:
+  dump_stack+0x63/0x84
+  __warn+0xd1/0xf0
+  warn_slowpath_fmt+0x5f/0x80
+  percpu_ref_kill_and_confirm+0x92/0xb0
+  cgroup_kill_sb+0x95/0xb0
+  deactivate_locked_super+0x43/0x70
+  deactivate_super+0x46/0x60
+ ...
+ ---[ end trace a79f61c2a2633700 ]---
+
+Here's a race:
+
+  Thread A				Thread B
+
+  cgroup1_mount()
+    # alloc a new cgroup root
+    cgroup_setup_root()
+					cgroup1_mount()
+					  # no sb yet, returns NULL
+					  kernfs_pin_sb()
+
+					  # but succeeds in getting the refcnt,
+					  # so re-use cgroup root
+					  percpu_ref_tryget_live()
+    # alloc sb with cgroup root
+    cgroup_do_mount()
+
+  cgroup_kill_sb()
+					  # alloc another sb with same root
+					  cgroup_do_mount()
+
+					cgroup_kill_sb()
+
+We end up using the same cgroup root for two different superblocks,
+so percpu_ref_kill() will be called twice on the same root when the
+two superblocks are destroyed.
+
+We should fix to make sure the superblock pinning is really successful.
+
+Reported-by: Dmitry Vyukov <dvyukov@google.com>
+Signed-off-by: Zefan Li <lizefan@huawei.com>
+Signed-off-by: Tejun Heo <tj@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/cgroup.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/kernel/cgroup.c
++++ b/kernel/cgroup.c
+@@ -1786,7 +1786,7 @@ static struct dentry *cgroup_mount(struc
+ 		 * path is super cold.  Let's just sleep a bit and retry.
+ 		 */
+ 		pinned_sb = kernfs_pin_sb(root->kf_root, NULL);
+-		if (IS_ERR(pinned_sb) ||
++		if (IS_ERR_OR_NULL(pinned_sb) ||
+ 		    !percpu_ref_tryget_live(&root->cgrp.self.refcnt)) {
+ 			mutex_unlock(&cgroup_mutex);
+ 			if (!IS_ERR_OR_NULL(pinned_sb))
diff --git a/queue-3.18/series b/queue-3.18/series
new file mode 100644
index 00000000000..8ac0803fcbb
--- /dev/null
+++ b/queue-3.18/series
@@ -0,0 +1 @@
+cgroup-avoid-attaching-a-cgroup-root-to-two-different-superblocks.patch
diff --git a/queue-4.10/series b/queue-4.10/series
new file mode 100644
index 00000000000..fb7089adbbd
--- /dev/null
+++ b/queue-4.10/series
@@ -0,0 +1,2 @@
+cgroup-avoid-attaching-a-cgroup-root-to-two-different-superblocks.patch
+cgroup-kthread-close-race-window-where-new-kthreads-can-be-migrated-to-non-root-cgroups.patch
diff --git a/queue-4.4/series b/queue-4.4/series
new file mode 100644
index 00000000000..fb7089adbbd
--- /dev/null
+++ b/queue-4.4/series
@@ -0,0 +1,2 @@
+cgroup-avoid-attaching-a-cgroup-root-to-two-different-superblocks.patch
+cgroup-kthread-close-race-window-where-new-kthreads-can-be-migrated-to-non-root-cgroups.patch
diff --git a/queue-4.9/series b/queue-4.9/series
new file mode 100644
index 00000000000..fb7089adbbd
--- /dev/null
+++ b/queue-4.9/series
@@ -0,0 +1,2 @@
+cgroup-avoid-attaching-a-cgroup-root-to-two-different-superblocks.patch
+cgroup-kthread-close-race-window-where-new-kthreads-can-be-migrated-to-non-root-cgroups.patch
-- 
2.47.3