summaryrefslogtreecommitdiffstats
path: root/kernel/cpuset.c
diff options
context:
space:
mode:
authorLi Zefan <lizefan@huawei.com>2013-04-26 11:58:02 -0700
committerTejun Heo <tj@kernel.org>2013-04-26 11:58:02 -0700
commitcc20e01cd607282d48f8ea538aba10fa850a4312 (patch)
tree598ff80edab2c3bb3547dcd109e35ed1291f4454 /kernel/cpuset.c
parent712317ad97f41e738e1a19aa0a6392a78a84094e (diff)
downloadlinux-cc20e01cd607282d48f8ea538aba10fa850a4312.tar.gz
linux-cc20e01cd607282d48f8ea538aba10fa850a4312.tar.bz2
linux-cc20e01cd607282d48f8ea538aba10fa850a4312.zip
cgroup: fix use-after-free when umounting cgroupfs
Try: # mount -t cgroup xxx /cgroup # mkdir /cgroup/sub && rmdir /cgroup/sub && umount /cgroup And you might see this: ida_remove called for id=1 which is not allocated. It's because cgroup_kill_sb() is called to destroy root->cgroup_ida and free cgrp->root before ida_simple_removed() is called. What's worse is we're accessing cgrp->root while it has been freed. Signed-off-by: Li Zefan <lizefan@huawei.com> Signed-off-by: Tejun Heo <tj@kernel.org>
Diffstat (limited to 'kernel/cpuset.c')
0 files changed, 0 insertions, 0 deletions