Re: [PATCH] cgroups: fix probable race with put_css_set[_taskexit]and find_css_set

From: Greg KH
Date: Wed Sep 10 2008 - 02:30:47 EST

On Wed, Sep 10, 2008 at 02:25:57PM +0800, Li Zefan wrote:
> Greg KH wrote:
> > On Tue, Sep 09, 2008 at 10:31:24PM -0700, Paul Menage wrote:
> >> On Tue, Sep 9, 2008 at 10:01 PM, Greg KH <greg@xxxxxxxxx> wrote:
> >>> What are you trying to solve here with this change? I agree, it does
> >>> seem a bit "chaotic" :)
> >> There's a place in cgroups that uses kref_put() to release an object;
> >> the release function *then* takes a write-lock and removes the object
> >> from a lookup table; it could race with another thread that searches
> >> the lookup table (while holding a read-lock) and does kref_get() on
> >> the same object.
> >
> > Ick, yeah that's not good.
> >
> > What about the way everyone else solves this, grab the lock before you
> > call kref_put()?
> >
> do_exit()
> cgroup_exit()
> put_css_set_taskexit()
> kref_put()
> If we grab the lock before kref_put(), we add overhead to do_exit(), which
> is what we are trying to avoid here.

But you can't put such logic in the release() function as you are
finding out, that's not going to work either.

Maybe you need to just "open-code" an atomic counter here and not use
kref as it sounds like you are needing to do something very "special"


greg k-h
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at