On Thu, Jan 21, 2016 at 10:24:16PM +0100, Peter Zijlstra wrote: > On Thu, Jan 21, 2016 at 03:31:11PM -0500, Tejun Heo wrote: > > There are three subsystem callbacks in css shutdown path - > > css_offline(), css_released() and css_free(). Except for > > css_released(), cgroup core didn't use to guarantee the order of > > invocation. css_offline() or css_free() could be called on a parent > > css before its children. This behavior is unexpected and led to > > use-after-free in cpu controller. > > > > This patch updates offline path so that a parent css is never offlined > > before its children. Each css keeps online_cnt which reaches zero iff > > itself and all its children are offline and offline_css() is invoked > > only after online_cnt reaches zero. > > > > This fixes the reported cpu controller malfunction. The next patch > > will update css_free() handling. > > No, I need to fix the cpu controller too, because the offending code > sits off of css_free() (the next patch), but also does a call_rcu() in > between, which also doesn't guarantee order. Ah, I see. Christian, can you please apply all three patches and see whether the problem gets fixed? Once verified, I'll update the patch description and repost. Thanks. -- tejun -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
