Re: 2.6.26-rc4: RIP find_pid_ns+0x6b/0xa0

From: Oleg Nesterov
Date: Tue May 27 2008 - 13:35:51 EST


On 05/27, Oleg Nesterov wrote:
>
> But I agree, this race is pretty much theoretical.

Perhaps we have the unbalanced put_pid(), in that case "struct pid" will
be freed without waiting for a grace period.

Alexey, could you re-test with the patch below?

Oleg.

Add the temporary debugging code to catch the unbalanced put_pid()'s.
At least those which can free the "live" pid.

--- MM/kernel/pid.c~ 2008-02-20 18:29:40.000000000 +0300
+++ MM/kernel/pid.c 2008-02-20 18:35:15.000000000 +0300
@@ -208,6 +208,10 @@ void put_pid(struct pid *pid)
ns = pid->numbers[pid->level].ns;
if ((atomic_read(&pid->count) == 1) ||
atomic_dec_and_test(&pid->count)) {
+ int type = PIDTYPE_MAX;
+ while (--type >= 0)
+ if (WARN_ON(!hlist_empty(&pid->tasks[type])))
+ return;
kmem_cache_free(ns->pid_cachep, pid);
put_pid_ns(ns);
}


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/