On Wed, Sep 24, 2014 at 07:52:14PM +0100, Al Viro wrote: > Could somebody explain WTF is the whole construction trying to do? Not > to mention anything else, what *does* this pinning a superblock protect > from? Suppose we have a superblock for the same root with non-NULL ns > and _that_ gets killed. We get hit by the same > percpu_ref_kill(&root->cgrp.self.refcnt); > so what's the point of pinned_sb? Might as well have just bumped the > refcount, superblock or no superblock. And no, delaying that kernfs_kill_sb() > does you no good whatsoever - again, pinned_sb might have nothing to do with > the superblock we are after.
Hrm... Scratch the comments re "different superblock" (we are passing NULL ns in that kernfs_mount() below), but... then WTF is that thing trying to do? OK, you've got your active reference to a superblock from kernfs_pin_sb(). You grab root->cgrp.self.refcnt. Suppose it also worked. Now what? You drop cgroup_mutex and proceed to kernfs_mount(). Which calls sget(), looking for exact same thing as your kernfs_pin_sb(). So it finds the same superblock and grab it for you (with ->s_umount held). At which point you drop root->cgrp.self.refcnt and drop the active reference you've got from kernfs_pin_sb(). Pardon me, but what's the point of that song and dance? Who else can make that attempt at grabbing root->cgrp.self.refcnt fail? BTW, what happens if kernfs_fill_super() fails? You get cgroup_kill_sb() triggered by deactivate_locked_super(), which calls kernfs_kill_sb(), which does kernfs_put(). Balancing the kernfs_get() we'd never got around to in kernfs_fill_super()... -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
