Release the lock before dropping the reference to ve in ve_exit_ns which can lead to a call to ve_destroy which in turn can free the ve. In current code there are other places holding the reference so it is not happening but to be correct mutex must be released before the reference.
This probably came from a rebase since in the vz7 the mutex is released before dropping the reference as it should be. In general it is always a bug to drop a reference of an object with locks held inside it. https://jira.sw.ru/browse/PSBM-144580 Signed-off-by: Alexander Atanasov <alexander.atana...@virtuozzo.com> --- kernel/ve/ve.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) Did v2 after Pavel's comments, only commit message is changed diff --git a/kernel/ve/ve.c b/kernel/ve/ve.c index 407d7de6e071..80865161670e 100644 --- a/kernel/ve/ve.c +++ b/kernel/ve/ve.c @@ -857,9 +857,11 @@ void ve_exit_ns(struct pid_namespace *pid_ns) ve_hook_iterate_fini(VE_SS_CHAIN, ve); ve_list_del(ve); ve_drop_context(ve); + up_write(&ve->op_sem); + printk(KERN_INFO "CT: %s: stopped\n", ve_name(ve)); + put_ve(ve); /* from ve_start_container() */ - up_write(&ve->op_sem); } u64 ve_get_monotonic(struct ve_struct *ve) -- 2.31.1 _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel
