Re: [PATCH] cgroup: list_for_each cleanup
From: Paul Menage
Date: Wed Jun 04 2008 - 05:11:53 EST
Hi Kosaki,
On Wed, Jun 4, 2008 at 1:36 AM, KOSAKI Motohiro
<kosaki.motohiro@xxxxxxxxxxxxxx> wrote:
> @@ -3072,16 +3070,19 @@ void __css_put(struct cgroup_subsys_stat
> */
> static void cgroup_release_agent(struct work_struct *work)
> {
> + struct cgroup *cgrp;
> + struct cgroup *saved_cgrp;
> +
> BUG_ON(work != &release_agent_work);
> mutex_lock(&cgroup_mutex);
> spin_lock(&release_list_lock);
> - while (!list_empty(&release_list)) {
> +
> + list_for_each_entry_safe(cgrp, saved_cgrp, &release_list,
> + release_list) {
> char *argv[3], *envp[3];
> int i;
> char *pathbuf;
> - struct cgroup *cgrp = list_entry(release_list.next,
> - struct cgroup,
> - release_list);
> +
> list_del_init(&cgrp->release_list);
> spin_unlock(&release_list_lock);
> pathbuf = kmalloc(PAGE_SIZE, GFP_KERNEL);
>
I don't think that list_for_each_entry_safe() is still safe when we've
dropped release_list_lock. saved_cgroup could end up pointing to a
cgroup that's freed while we're forking the usermode helper.
Paul
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/