On Fri, Jun 27, 2014 at 02:32:33PM +0800, Li Zefan wrote:
> > cgroup_mount()
> > {
> > mutex_lock();
> > lookup_cgroup_root();
> > if (root isn't killed yet)
> > root->this_better_stay_alive++;
> > mutex_unlock();
> > kernfs_mount();
> > }
> >
> > cgroup_kill_sb()
> > {
> > mutex_lock();
> > if (check whether root can be killed)
> > percpu_ref_kill();
> > mutex_unlock();
> > if (the above condition was true)
> > kernfs_kill_sb();
> > }
> >
>
> This looks nasty, and I don't think it's correct. If we skip the call
> to kernfs_kill_sb(), kernfs_super_info won't be freed but super_block
> will, so we will end up either leaking memory or accessing invalid
> memory. There are other problems like returning with sb->s_umount still
> held.
Yeah, right, the conditional shouldn't be on kernfs_kill_sb(). It
should only be on percpu_ref_kill(). kernfs mount code will wait out
the dead sb and create a new one; however, this is still not feasible
because we don't have a place to dec ->this_better_stay_alive as
there's no umount callback. :(
Thanks.
--
tejun
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
