Re: [PATCH] cgroups: fix 2.6.32 regression causing BUG_ON() in cgroup_diput()
From: Ben Blum
Date: Thu Dec 24 2009 - 03:39:16 EST
On Wed, Dec 23, 2009 at 01:48:42PM -0500, Dave Anderson wrote:
>
> The LTP cgroup test suite generates a "kernel BUG at kernel/cgroup.c:790!"
> here in cgroup_diput():
>
> /*
> * if we're getting rid of the cgroup, refcount should
> ensure
> * that there are no pidlists left.
> */
> BUG_ON(!list_empty(&cgrp->pidlists));
>
> The cgroup pidlist rework in 2.6.32 generates the BUG_ON, which is caused
> when pidlist_array_load() calls cgroup_pidlist_find():
>
> (1) if a matching cgroup_pidlist is found, it down_write's the mutex of the
> pre-existing cgroup_pidlist, and increments its use_count.
> (2) if no matching cgroup_pidlist is found, then a new one is allocated, it
> down_write's its mutex, and the use_count is set to 0.
> (3) the matching, or new, cgroup_pidlist gets returned back to
> pidlist_array_load(),
> which increments its use_count -- regardless whether new or
> pre-existing --
> and up_write's the mutex.
>
> So if a matching list is ever encountered by cgroup_pidlist_find() during
> the life of a cgroup directory, it results in an inflated use_count value,
> preventing it from ever getting released by cgroup_release_pid_array().
> Then if the directory is subsequently removed, cgroup_diput() hits the
> BUG_ON() when it finds that the directory's cgroup is still populated
> with a pidlist.
>
> The patch simply removes the use_count increment when a matching
> pidlist is found by cgroup_pidlist_find(), because it gets bumped by
> the calling pidlist_array_load() function while still protected by the
> list's mutex.
>
> Signed-off-by: Dave Anderson <anderson@xxxxxxxxxx>
>
> ---
>
>
Ack! That was probably my fault. Good catch.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/