• Tejun Heo's avatar
    cgroup: superblock can't be released with active dentries · fa980ca8
    Tejun Heo authored
    48ddbe19 "cgroup: make css->refcnt clearing on cgroup removal
    optional" allowed a css to linger after the associated cgroup is
    removed.  As a css holds a reference on the cgroup's dentry, it means
    that cgroup dentries may linger for a while.
    
    cgroup_create() does grab an active reference on the superblock to
    prevent it from going away while there are !root cgroups; however, the
    reference is put from cgroup_diput() which is invoked on cgroup
    removal, so cgroup dentries which are removed but persisting due to
    lingering csses already have released their superblock active refs
    allowing superblock to be killed while those dentries are around.
    
    Given the right condition, this makes cgroup_kill_sb() call
    kill_litter_super() with dentries with non-zero d_count leading to
    BUG() in shrink_dcache_for_umount_subtree().
    
    Fix it by adding cgroup_dops->d_release() operation and moving
    deactivate_super() to it.  cgroup_diput() now marks dentry->d_fsdata
    with itself if superblock should be deactivated and cgroup_d_release()
    deactivates the superblock on dentry release.
    Signed-off-by: default avatarTejun Heo <tj@kernel.org>
    Reported-by: default avatarSasha Levin <levinsasha928@gmail.com>
    Tested-by: default avatarSasha Levin <levinsasha928@gmail.com>
    LKML-Reference: <CA+1xoqe5hMuxzCRhMy7J0XchDk2ZnuxOHJKikROk1-ReAzcT6g@mail.gmail.com>
    Acked-by: default avatarLi Zefan <lizefan@huawei.com>
    fa980ca8
cgroup.c 146 KB