Skip to content

Commit

Permalink
memcg: fix endless loop caused by mem_cgroup_iter
Browse files Browse the repository at this point in the history 
Hugh has reported an endless loop when the hardlimit reclaim sees the
same group all the time.  This might happen when the reclaim races with
the memcg removal.

shrink_zone
                                                [rmdir root]
  mem_cgroup_iter(root, NULL, reclaim)
    // prev = NULL
    rcu_read_lock()
    mem_cgroup_iter_load
      last_visited = iter->last_visited   // gets root || NULL
      css_tryget(last_visited)            // failed
      last_visited = NULL                 [1]
    memcg = root = __mem_cgroup_iter_next(root, NULL)
    mem_cgroup_iter_update
      iter->last_visited = root;
    reclaim->generation = iter->generation

 mem_cgroup_iter(root, root, reclaim)
   // prev = root
   rcu_read_lock
    mem_cgroup_iter_load
      last_visited = iter->last_visited   // gets root
      css_tryget(last_visited)            // failed
    [1]

The issue seemed to be introduced by commit 5f57816 ("memcg: relax
memcg iter caching") which has replaced unconditional css_get/css_put by
css_tryget/css_put for the cached iterator.

This patch fixes the issue by skipping css_tryget on the root of the
tree walk in mem_cgroup_iter_load and symmetrically doesn't release it
in mem_cgroup_iter_update.

Signed-off-by: Michal Hocko <mhocko@suse.cz>
Reported-by: Hugh Dickins <hughd@google.com>
Tested-by: Hugh Dickins <hughd@google.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Greg Thelen <gthelen@google.com>
Cc: <stable@vger.kernel.org>	[3.10+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
  • Loading branch information
Michal Hocko authored and Linus Torvalds committed Jan 24, 2014
1 parent d49ad93 commit ecc736f
Showing 1 changed file with 14 additions and 3 deletions.
17 changes: 14 additions & 3 deletions mm/memcontrol.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1158,7 +1158,15 @@ mem_cgroup_iter_load(struct mem_cgroup_reclaim_iter *iter,
if (iter->last_dead_count == *sequence) {
smp_rmb();
position = iter->last_visited;
if (position && !css_tryget(&position->css))

/*
* We cannot take a reference to root because we might race
* with root removal and returning NULL would end up in
* an endless loop on the iterator user level when root
* would be returned all the time.
*/
if (position && position != root &&
!css_tryget(&position->css))
position = NULL;
}
return position;
Expand All @@ -1167,9 +1175,11 @@ mem_cgroup_iter_load(struct mem_cgroup_reclaim_iter *iter,
static void mem_cgroup_iter_update(struct mem_cgroup_reclaim_iter *iter,
struct mem_cgroup *last_visited,
struct mem_cgroup *new_position,
struct mem_cgroup *root,
int sequence)
{
if (last_visited)
/* root reference counting symmetric to mem_cgroup_iter_load */
if (last_visited && last_visited != root)
css_put(&last_visited->css);
/*
* We store the sequence count from the time @last_visited was
Expand Down Expand Up @@ -1244,7 +1254,8 @@ struct mem_cgroup *mem_cgroup_iter(struct mem_cgroup *root,
memcg = __mem_cgroup_iter_next(root, last_visited);

if (reclaim) {
mem_cgroup_iter_update(iter, last_visited, memcg, seq);
mem_cgroup_iter_update(iter, last_visited, memcg, root,
seq);

if (!memcg)
iter->generation++;
Expand Down

0 comments on commit ecc736f

Please sign in to comment.