Re: [PATCH] cgroup: fix top cgroup refcnt leak
From: Li Zefan <hidden>
Date: 2014-02-14 11:15:32
Also in:
lkml
于 2014年02月14日 17:36, Li Zefan 写道:
quoted hunk ↗ jump to hunk
If we mount the same cgroupfs in serveral mount points, and then umount all of them, kill_sb() will be called only once. Therefore it's wrong to increment top_cgroup's refcnt when we find an existing cgroup_root. Try: # mount -t cgroup -o cpuacct xxx /cgroup # mount -t cgroup -o cpuacct xxx /cgroup2 # cat /proc/cgroups | grep cpuacct cpuacct 2 1 1 # umount /cgroup # umount /cgroup2 # cat /proc/cgroups | grep cpuacct cpuacct 2 1 1 You'll see cgroupfs will never be freed. Also move this chunk of code upwards. Signed-off-by: Li Zefan <redacted> --- kernel/cgroup.c | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-)diff --git a/kernel/cgroup.c b/kernel/cgroup.c index 37d94a2..5bfe738 100644 --- a/kernel/cgroup.c +++ b/kernel/cgroup.c@@ -1498,6 +1498,22 @@ retry: bool name_match = false; /* + * A root's lifetime is governed by its top cgroup. Zero + * ref indicate that the root is being destroyed. Wait for + * destruction to complete so that the subsystems are free. + * We can use wait_queue for the wait but this path is + * super cold. Let's just sleep for a bit and retry. + */ + if (!atomic_read(&root->top_cgroup.refcnt)) {
oops, this fix is wrong. We call kernfs_mount() without cgroup locks and it drops cgroup refcnt if failed. I guess we need to bump the refcnt and then drop it after kernfs_mount().