[rh7] mm/memcg: Release memcg id from css_free callback

Submitted by Andrey Ryabinin on May 14, 2019, 9:31 a.m.

Details

Message ID 20190514093159.10603-1-aryabinin@virtuozzo.com
State New
Series "mm/memcg: Release memcg id from css_free callback"
Headers show

Commit Message

Andrey Ryabinin May 14, 2019, 9:31 a.m.
After rebase to kernel-3.10.0-957.10.1.el7 memcg id freed
in memcg offline callback instead of free. This makes possible
to reuse id by another cgroup, thus mem_cgroup_uncharge_swap()
may call css_put() on the wrong cgroup.

Delay realese of memcg id up to css_free() point.

https://jira.sw.ru/browse/PSBM-94269
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
---
 mm/memcontrol.c | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

Patch hide | download patch | download mbox

diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index f2a81d72d3bf..e6e1b8e8c9c9 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -6213,8 +6213,6 @@  unsigned short mem_cgroup_id(struct mem_cgroup *memcg)
 static void mem_cgroup_id_put(struct mem_cgroup *memcg)
 {
 	idr_remove(&mem_cgroup_idr, memcg->id);
-	memcg->id = 0;
-	synchronize_rcu();
 }
 
 /**
@@ -6318,10 +6316,7 @@  static struct mem_cgroup *mem_cgroup_alloc(void)
 	for_each_node(node)
 		free_mem_cgroup_per_zone_info(memcg, node);
 
-	if (memcg->id > 0) {
-		idr_remove(&mem_cgroup_idr, memcg->id);
-		synchronize_rcu();
-	}
+	idr_remove(&mem_cgroup_idr, memcg->id);
 fail:
 	kfree(memcg);
 	return NULL;
@@ -6344,6 +6339,7 @@  static void __mem_cgroup_free(struct mem_cgroup *memcg)
 	int i;
 
 	mem_cgroup_remove_from_trees(memcg);
+	mem_cgroup_id_put(memcg);
 
 	for_each_node(node)
 		free_mem_cgroup_per_zone_info(memcg, node);
@@ -6574,7 +6570,6 @@  static void mem_cgroup_css_offline(struct cgroup *cont)
 	 */
 	release_oom_context(&memcg->oom_ctx);
 
-	mem_cgroup_id_put(memcg);
 }
 
 static void mem_cgroup_css_free(struct cgroup *cont)

Comments

Andrey Ryabinin May 14, 2019, 9:32 a.m.
Correcting Kostya's email.

On 5/14/19 12:31 PM, Andrey Ryabinin wrote:
> After rebase to kernel-3.10.0-957.10.1.el7 memcg id freed
> in memcg offline callback instead of free. This makes possible
> to reuse id by another cgroup, thus mem_cgroup_uncharge_swap()
> may call css_put() on the wrong cgroup.
> 
> Delay realese of memcg id up to css_free() point.
> 
> https://jira.sw.ru/browse/PSBM-94269
> Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
> ---
>  mm/memcontrol.c | 9 ++-------
>  1 file changed, 2 insertions(+), 7 deletions(-)
> 
> diff --git a/mm/memcontrol.c b/mm/memcontrol.c
> index f2a81d72d3bf..e6e1b8e8c9c9 100644
> --- a/mm/memcontrol.c
> +++ b/mm/memcontrol.c
> @@ -6213,8 +6213,6 @@ unsigned short mem_cgroup_id(struct mem_cgroup *memcg)
>  static void mem_cgroup_id_put(struct mem_cgroup *memcg)
>  {
>  	idr_remove(&mem_cgroup_idr, memcg->id);
> -	memcg->id = 0;
> -	synchronize_rcu();
>  }
>  
>  /**
> @@ -6318,10 +6316,7 @@ static struct mem_cgroup *mem_cgroup_alloc(void)
>  	for_each_node(node)
>  		free_mem_cgroup_per_zone_info(memcg, node);
>  
> -	if (memcg->id > 0) {
> -		idr_remove(&mem_cgroup_idr, memcg->id);
> -		synchronize_rcu();
> -	}
> +	idr_remove(&mem_cgroup_idr, memcg->id);
>  fail:
>  	kfree(memcg);
>  	return NULL;
> @@ -6344,6 +6339,7 @@ static void __mem_cgroup_free(struct mem_cgroup *memcg)
>  	int i;
>  
>  	mem_cgroup_remove_from_trees(memcg);
> +	mem_cgroup_id_put(memcg);
>  
>  	for_each_node(node)
>  		free_mem_cgroup_per_zone_info(memcg, node);
> @@ -6574,7 +6570,6 @@ static void mem_cgroup_css_offline(struct cgroup *cont)
>  	 */
>  	release_oom_context(&memcg->oom_ctx);
>  
> -	mem_cgroup_id_put(memcg);
>  }
>  
>  static void mem_cgroup_css_free(struct cgroup *cont)
>