[Devel,RHEL7,COMMIT] memcg/tcache: Fix kernel panic on disable cleancache if memcg hierarhy is not used

Submitted by Konstantin Khorenko on Aug. 11, 2017, 2:39 p.m.

Details

Message ID 201708111439.v7BEdwf0005253@finist_cl7.x64_64.work.ct
State New
Series "memcg/tcache: Fix kernel panic on disable cleancache if memcg hierarhy is not used"
Headers show

Commit Message

Konstantin Khorenko Aug. 11, 2017, 2:39 p.m.
The commit is pushed to "branch-rh7-3.10.0-514.26.1.vz7.35.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-514.26.1.vz7.35.3
------>
commit f592b06a543f78e3f0dd1b8e1d90b5f53b59be98
Author: Kirill Tkhai <ktkhai@virtuozzo.com>
Date:   Fri Aug 11 18:39:57 2017 +0400

    memcg/tcache: Fix kernel panic on disable cleancache if memcg hierarhy is not used
    
    $cat /sys/fs/cgroup/memory/test/memory.use_hierarchy
    0
    $echo 1 > /sys/fs/cgroup/memory/test/memory.disable_cleancache
    
    [  385.776619] BUG: unable to handle kernel NULL pointer dereference at 0000000000000256
    [  385.777331] IP: [<ffffffff81205d12>] mem_cgroup_disable_cleancache_write+0x52/0x90
    [  385.777331] PGD 1cf5c067 PUD 199a2067 PMD 0
    [  385.777331] Oops: 0000 [#1] SMP
    [  385.777331] CPU: 2 PID: 1756 Comm: bash ve: 0 Tainted: G            E  ------------   3.10.0-514.26.1.ovz.33.22 #48 33.22
    [  385.777331] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
    [  385.777331] task: ffff88001ccd1fe0 ti: ffff88001ce24000 task.ti: ffff88001ce24000
    [  385.777331] RIP: 0010:[<ffffffff81205d12>]  [<ffffffff81205d12>] mem_cgroup_disable_cleancache_write+0x52/0x90
    [  385.777331] RSP: 0018:ffff88001ce27e50  EFLAGS: 00010246
    [  385.777331] RAX: ffff880019be7800 RBX: ffff880019be7800 RCX: 0000000000000000
    [  385.777331] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff880019be7800
    [  385.777331] RBP: ffff88001ce27e60 R08: 0000000000000001 R09: 0000000000000001
    [  385.777331] R10: 000000000000000a R11: f000000000000000 R12: 0000000000000000
    [  385.777331] R13: 0000000000000002 R14: 00007f2ccc4de000 R15: 0000000000000001
    [  385.777331] FS:  00007f2ccc4dc700(0000) GS:ffff88001ed00000(0000) knlGS:0000000000000000
    [  385.777331] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    [  385.777331] CR2: 0000000000000256 CR3: 000000001f914000 CR4: 00000000000006e0
    [  385.777331] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
    [  385.777331] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
    [  385.777331] Stack:
    [  385.777331]  ffffffff81a3ec48 ffff88001ce15000 ffff88001ce27ef0 ffffffff8111a753
    [  385.777331]  ffff8800199fe800 ffff88001ce27e81 0000000000000031 ffff88001ce27ef0
    [  385.777331]  ffffffff8121aa88 ffff88001cf03690 0000000000000001 ffff88001d02de78
    [  385.777331] Call Trace:
    [  385.777331]  [<ffffffff8111a753>] cgroup_file_write+0x153/0x2f0
    [  385.777331]  [<ffffffff8121aa88>] ? __sb_start_write+0x58/0x110
    [  385.777331]  [<ffffffff81217fdd>] vfs_write+0xbd/0x1e0
    [  385.777331]  [<ffffffff81218aff>] SyS_write+0x7f/0xe0
    [  385.777331]  [<ffffffff81236e68>] ? __close_fd+0x78/0xa0
    [  385.777331]  [<ffffffff816932c9>] system_call_fastpath+0x16/0x1b
    
    https://jira.sw.ru/browse/PSBM-69931
    
    Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
---
 mm/memcontrol.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

Patch hide | download patch | download mbox

diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index 5ab5e82..2dd4833 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -4622,8 +4622,9 @@  static int mem_cgroup_disable_cleancache_write(struct cgroup *cgrp,
 	memcg->cleancache_disabled_toggle = !!val;
 	for_each_mem_cgroup_tree(iter, memcg) {
 		parent = parent_mem_cgroup(iter);
-		iter->cleancache_disabled = parent->cleancache_disabled ||
-					iter->cleancache_disabled_toggle;
+		iter->cleancache_disabled = iter->cleancache_disabled_toggle;
+		if (parent)
+			iter->cleancache_disabled |= parent->cleancache_disabled;
 	}
 	mutex_unlock(&memcg_create_mutex);
 	return 0;