cgroup: catch bad css refcnt at css_put __css_put() doesn't check a bug as refcnt goes to minus. I think it should be caught. This patch adds a check for it. Signed-off-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Cc: Paul Menage <menage@google.com> Cc: Li Zefan <lizf@cn.fujitsu.com> Cc: Balbir Singh <balbir@in.ibm.com> Cc: Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

commit: 3dece8347df6a16239fab10dadb370854f1c969c [log] [tgz]
author: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Thu Oct 01 15:44:09 2009 -0700
committer: Linus Torvalds <torvalds@linux-foundation.org> Thu Oct 01 16:11:12 2009 -0700
tree: 23a93cdb0dfacd4b89b42c192a6247be84d105bf
parent: 26251eaf98e26dc2ce2dc26d63bc502700760704 [diff] [blame]
diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index d2b8859..ca83b73 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c

@@ -3708,8 +3708,10 @@
 void __css_put(struct cgroup_subsys_state *css)
 {
 	struct cgroup *cgrp = css->cgroup;
+	int val;
 	rcu_read_lock();
-	if (atomic_dec_return(&css->refcnt) == 1) {
+	val = atomic_dec_return(&css->refcnt);
+	if (val == 1) {
 		if (notify_on_release(cgrp)) {
 			set_bit(CGRP_RELEASABLE, &cgrp->flags);
 			check_for_release(cgrp);
@@ -3717,6 +3719,7 @@
 		cgroup_wakeup_rmdir_waiter(cgrp);
 	}
 	rcu_read_unlock();
+	WARN_ON_ONCE(val < 1);
 }
 
 /*
commit	3dece8347df6a16239fab10dadb370854f1c969c	[log] [tgz]
author	KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>	Thu Oct 01 15:44:09 2009 -0700
committer	Linus Torvalds <torvalds@linux-foundation.org>	Thu Oct 01 16:11:12 2009 -0700
tree	23a93cdb0dfacd4b89b42c192a6247be84d105bf
parent	26251eaf98e26dc2ce2dc26d63bc502700760704 [diff] [blame]