2012/5/24 23:41, Tejun Heo wrote: >>From 88787c483106c5830a46d18deaffdc1e70929af7 Mon Sep 17 00:00:00 2001 > From: Tejun Heo <tj@xxxxxxxxxx> > Date: Thu, 24 May 2012 08:24:39 -0700 > > 48ddbe1946 "cgroup: make css->refcnt clearing on cgroup removal > optional" allowed a css to linger after the associated cgroup is > removed. As a css holds a reference on the cgroup's dentry, it means > that cgroup dentries may linger for a while. > > cgroup_create() does grab an active reference on the superblock to > prevent it from going away while there are !root cgroups; however, the > reference is put from cgroup_diput() which is invoked on cgroup > removal, so cgroup dentries which are removed but persisting due to > lingering csses already have released their superblock active refs > allowing superblock to be killed while those dentries are around. > > Given the right condition, this makes cgroup_kill_sb() call > kill_litter_super() with dentries with non-zero d_count leading to > BUG() in shrink_dcache_for_umount_subtree(). > > Fix it by adding cgroup_dops->d_release() operation and moving > deactivate_super() to it. cgroup_diput() now marks dentry->d_fsdata > with itself if superblock should be deactivated and cgroup_d_release() > deactivates the superblock on dentry release. > > Signed-off-by: Tejun Heo <tj@xxxxxxxxxx> > Reported-by: Sasha Levin <levinsasha928@xxxxxxxxx> > Tested-by: Sasha Levin <levinsasha928@xxxxxxxxx> > LKML-Reference: <CA+1xoqe5hMuxzCRhMy7J0XchDk2ZnuxOHJKikROk1-ReAzcT6g@xxxxxxxxxxxxxx> Acked-by: Li Zefan <lizefan@xxxxxxxxxx> _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
