Re: [PATCH 2/2] cgroup: fix cgroup hierarchy umount race

From: Al Viro
Date: Sat Jul 14 2012 - 08:09:00 EST

Next message: devendra.aaru: "BUG: unable to handle kernel NULL pointer dereference at0000000000000010 on 3.5-rc6"
Previous message: Thorsten Kranzkowski: "Re: PROBLEM: Silent data corruption when using sendfile()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Jul 07, 2012 at 04:46:59PM -0700, 'Tejun Heo' wrote:
> Fix it by holding an extra superblock->s_active reference across
> dput() from css release, which is the dput() path added by 48ddbe1946
> and the only one which doesn't hold an extra s_active ref across the
> final cgroup dput().

> @@ -3883,8 +3883,12 @@ static void css_dput_fn(struct work_struct *work)
> {
> struct cgroup_subsys_state *css =
> container_of(work, struct cgroup_subsys_state, dput_work);
> + struct dentry *dentry = css->cgroup->dentry;
> + struct super_block *sb = dentry->d_sb;
>
> - dput(css->cgroup->dentry);
> + atomic_inc(&sb->s_active);
> + dput(dentry);
> + deactivate_super(sb);
> }

While we are at it, what guarantees that css->dput_work will complete before
css->cgroup or the object containing css get freed under us?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: devendra.aaru: "BUG: unable to handle kernel NULL pointer dereference at0000000000000010 on 3.5-rc6"
Previous message: Thorsten Kranzkowski: "Re: PROBLEM: Silent data corruption when using sendfile()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]