From: Dave Anderson <anderson@redhat.com>
To: menage@google.com
Cc: linux-kernel@vger.kernel.org, bblum@andrew.cmu.edu, lizf@cn.fujitsu.com
Subject: [PATCH] cgroups: fix 2.6.32 regression causing BUG_ON() in cgroup_diput()
Date: Wed, 23 Dec 2009 13:48:42 -0500 [thread overview]
Message-ID: <4B32660A.8070106@redhat.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 1591 bytes --]
The LTP cgroup test suite generates a "kernel BUG at kernel/cgroup.c:790!"
here in cgroup_diput():
/*
* if we're getting rid of the cgroup, refcount should ensure
* that there are no pidlists left.
*/
BUG_ON(!list_empty(&cgrp->pidlists));
The cgroup pidlist rework in 2.6.32 generates the BUG_ON, which is caused
when pidlist_array_load() calls cgroup_pidlist_find():
(1) if a matching cgroup_pidlist is found, it down_write's the mutex of the
pre-existing cgroup_pidlist, and increments its use_count.
(2) if no matching cgroup_pidlist is found, then a new one is allocated, it
down_write's its mutex, and the use_count is set to 0.
(3) the matching, or new, cgroup_pidlist gets returned back to pidlist_array_load(),
which increments its use_count -- regardless whether new or pre-existing --
and up_write's the mutex.
So if a matching list is ever encountered by cgroup_pidlist_find() during
the life of a cgroup directory, it results in an inflated use_count value,
preventing it from ever getting released by cgroup_release_pid_array().
Then if the directory is subsequently removed, cgroup_diput() hits the
BUG_ON() when it finds that the directory's cgroup is still populated
with a pidlist.
The patch simply removes the use_count increment when a matching
pidlist is found by cgroup_pidlist_find(), because it gets bumped by
the calling pidlist_array_load() function while still protected by the
list's mutex.
Signed-off-by: Dave Anderson <anderson@redhat.com>
---
[-- Attachment #2: cgroup.patch --]
[-- Type: text/x-patch, Size: 301 bytes --]
--- linux-2.6-git/kernel/cgroup.c.orig
+++ linux-2.6-git/kernel/cgroup.c
@@ -2468,7 +2468,6 @@ static struct cgroup_pidlist *cgroup_pid
/* make sure l doesn't vanish out from under us */
down_write(&l->mutex);
mutex_unlock(&cgrp->pidlist_mutex);
- l->use_count++;
return l;
}
}
next reply other threads:[~2009-12-23 18:48 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-12-23 18:48 Dave Anderson [this message]
2009-12-24 5:47 ` [PATCH] cgroups: fix 2.6.32 regression causing BUG_ON() in cgroup_diput() Li Zefan
2009-12-24 8:38 ` Ben Blum
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B32660A.8070106@redhat.com \
--to=anderson@redhat.com \
--cc=bblum@andrew.cmu.edu \
--cc=linux-kernel@vger.kernel.org \
--cc=lizf@cn.fujitsu.com \
--cc=menage@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.