Re: [PATCH 3.10] cgroup: break infinite loop in __css_tryget()
From: Roman Gushchin
Date: Tue Dec 02 2014 - 13:40:54 EST
Hi, Tejun!
02.12.2014, 19:56, "Tejun Heo" <tj@xxxxxxxxxx>:
> Hello, Roman.
>
> On Fri, Nov 28, 2014 at 07:47:54PM +0300, Roman Gushchin wrote:
>> If cgroup_destroy_locked() sets the css refcount to a negative value,
>> we get an infinite loop in __css_tryget().
>>
>> In this case css_refcnt() returns modified (non-negative value), so
>> both (t == v) and (t < 0) conditions are always false.
>
> I don't follow. The count is biased and modified by unbiasing iff the
> value is negative. Here, @v is the unbiased value and @t is the
> verbatim value. If @v is different from @t due to unbiasing, @t must
> be negative satisfying the second condition and returning NULL, no?
Yep. I missed that we compare t with 0 (not v).
Thanks!
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/