!1307 [sync] PR-1280: cgroup: always put cset in cgroup_css_set_put_fork

Merge Pull Request from: @openeuler-sync-bot 
 

Origin pull request: 
https://gitee.com/openeuler/kernel/pulls/1280 
 
    A successful call to cgroup_css_set_fork() will always have taken
    a ref on kargs->cset (regardless of CLONE_INTO_CGROUP), so always
    do a corresponding put in cgroup_css_set_put_fork().

    Without this, a cset and its contained css structures will be
    leaked for some fork failures.  The following script reproduces
    the leak for a fork failure due to exceeding pids.max in the
    pids controller.  A similar thing can happen if we jump to the
    bad_fork_cancel_cgroup label in copy_process().

    [ -z "$1" ] && echo "Usage $0 pids-root" && exit 1
    PID_ROOT=$1
    CGROUP=$PID_ROOT/foo

    [ -e $CGROUP ] && rmdir -f $CGROUP
    mkdir $CGROUP
    echo 5 > $CGROUP/pids.max
    echo $$ > $CGROUP/cgroup.procs

    fork_bomb()
    {
            set -e
            for i in $(seq 10); do
                    /bin/sleep 3600 &
            done
    }

    (fork_bomb) &
    wait
    echo $$ > $PID_ROOT/cgroup.procs
    kill $(cat $CGROUP/cgroup.procs)
    rmdir $CGROUP 
 
Link:https://gitee.com/openeuler/kernel/pulls/1307 

Reviewed-by: Jialin Zhang <zhangjialin11@huawei.com> 
Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com> 

kernel/cgroup/cgroup.c

@@ -6251,19 +6251,18 @@ static int cgroup_css_set_fork(struct kernel_clone_args *kargs)
 static void cgroup_css_set_put_fork(struct kernel_clone_args *kargs)
 	__releases(&cgroup_threadgroup_rwsem) __releases(&cgroup_mutex)
 {
+	struct cgroup *cgrp = kargs->cgrp;
+	struct css_set *cset = kargs->cset;
+
 	cgroup_threadgroup_change_end(current);
 
-	if (kargs->flags & CLONE_INTO_CGROUP) {
-		struct cgroup *cgrp = kargs->cgrp;
-		struct css_set *cset = kargs->cset;
+	if (cset) {
+		put_css_set(cset);
+		kargs->cset = NULL;
+	}
 
+	if (kargs->flags & CLONE_INTO_CGROUP) {
 		mutex_unlock(&cgroup_mutex);
-
-		if (cset) {
-			put_css_set(cset);
-			kargs->cset = NULL;
-		}
-
 		if (cgrp) {
 			cgroup_put(cgrp);
 			kargs->cgrp = NULL;