Hello, Joseph. On Fri, Feb 09, 2018 at 10:15:19AM +0800, Joseph Qi wrote: > IIUC, we have to identify it is in blkcg_css_offline now which will > blkg_put. Since percpu_ref_kill_and_confirm in kill_css will set flag > __PERCPU_REF_DEAD, so we can use this to avoid the race. IOW, if > __PERCPU_REF_DEAD is set now, we know blkcg css is in offline and > continue access blkg may risk double free. Thus we choose to skip these > ios. > I don't get how css_tryget works since it doesn't care the flag > __PERCPU_REF_DEAD. Also css_tryget can't prevent blkcg_css from > offlining since the race happens blkcg_css_offline is in progress. > Am I missing something here? Once marked dead, the ref is in atomic mode and css_tryget() would hit the atomic counter. Here, we don't care about the offlining and draining. A draining memcg can still have a lot of memory to be written back attached to it and we don't want punt all of them to the root cgroup. Thanks. -- tejun
