Re: [PATCH 3.10] cgroup: break infinite loop in __css_tryget()

From: Roman Gushchin
Date: Tue Dec 02 2014 - 13:40:54 EST

Next message: DÃniel Fraga: "Re: frequent lockups in 3.18rc4"
Previous message: Cornelia Huck: "Re: [PATCH RFC 1/2] virtio_balloon: convert to virtio 1.0 endian-ness"
In reply to: Tejun Heo: "Re: [PATCH 3.10] cgroup: break infinite loop in __css_tryget()"
Next in thread: Tejun Heo: "Re: [PATCH 3.10] cgroup: break infinite loop in __css_tryget()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi, Tejun!

02.12.2014, 19:56, "Tejun Heo" <tj@xxxxxxxxxx>:
> Hello, Roman.
>
> On Fri, Nov 28, 2014 at 07:47:54PM +0300, Roman Gushchin wrote:
>> If cgroup_destroy_locked() sets the css refcount to a negative value,
>> we get an infinite loop in __css_tryget().
>>
>> In this case css_refcnt() returns modified (non-negative value), so
>> both (t == v) and (t < 0) conditions are always false.
>
> I don't follow. The count is biased and modified by unbiasing iff the
> value is negative. Here, @v is the unbiased value and @t is the
> verbatim value. If @v is different from @t due to unbiasing, @t must
> be negative satisfying the second condition and returning NULL, no?

Yep. I missed that we compare t with 0 (not v).
Thanks!
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: DÃniel Fraga: "Re: frequent lockups in 3.18rc4"
Previous message: Cornelia Huck: "Re: [PATCH RFC 1/2] virtio_balloon: convert to virtio 1.0 endian-ness"
In reply to: Tejun Heo: "Re: [PATCH 3.10] cgroup: break infinite loop in __css_tryget()"
Next in thread: Tejun Heo: "Re: [PATCH 3.10] cgroup: break infinite loop in __css_tryget()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]