Hello. On Tue, Oct 04, 2022 at 11:17:48AM -0400, Waiman Long <longman@xxxxxxxxxx> wrote: > To protect against destruction of blkg, a percpu reference is gotten > when putting into the lockless list and put back when removed. Just to conclude my previous remark about the loop, let me try explaining it more precisely: blkcg->lhead via blkg_iostat_set holds reference to blkcg_gq (taken in in blk_cgroup_bio_start) blkcg_gq holds reference to its blkcg_gq->blkcg (taken in blkg_create) The cycle has two edges, the latter is broken in __blkg_release but that's a release callback of the involved blkcg_gq->refcnt, so it won't be called. The first edges is broken in blkcg_rstat_flush and that's more promising. The current code does the final flushes -- in css_release_work_fn. The problem is that it's the release callback of blkcg->css, i.e. it's also referenced on the cycle, therefore this final flush won't happen before cycle is broken. Fortunately, any other caller of cgroup_rstat_flush comes to the rescue -- the blkcg_rstat_flush on the stuck blkcg would decompose lhead list and the reference cycle is broken. In summary, I think this adds the reference cycle but its survival time is limited to the soonest cgroup_rstat_flush call, which should not cause practical troubles. HTH, Michal
Attachment:
signature.asc
Description: Digital signature
