Re: [PATCH 3.10] cgroup: break infinite loop in __css_tryget()
From: Tejun Heo
Date: Tue Dec 02 2014 - 14:35:47 EST
On Tue, Dec 02, 2014 at 09:40:45PM +0300, Roman Gushchin wrote:
> Hi, Tejun!
>
> 02.12.2014, 19:56, "Tejun Heo" <tj@xxxxxxxxxx>:
> > Hello, Roman.
> >
> > On Fri, Nov 28, 2014 at 07:47:54PM +0300, Roman Gushchin wrote:
> >> If cgroup_destroy_locked() sets the css refcount to a negative value,
> >> we get an infinite loop in __css_tryget().
> >>
> >> In this case css_refcnt() returns modified (non-negative value), so
> >> both (t == v) and (t < 0) conditions are always false.
> >
> > I don't follow. The count is biased and modified by unbiasing iff the
> > value is negative. Here, @v is the unbiased value and @t is the
> > verbatim value. If @v is different from @t due to unbiasing, @t must
> > be negative satisfying the second condition and returning NULL, no?
>
> Yep. I missed that we compare t with 0 (not v).
Hmm... what's up with the rcu stall message then?
--
tejun
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/