OpenE2K/linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
95e94d14b4
linux/mm
History
Greg Thelen 6920a1bd03 memcg: remove incorrect underflow check 
When a memcg is deleted mem_cgroup_reparent_charges() moves charged
memory to the parent memcg.  As of v3.11-9444-g3ea67d0 "memcg: add per
cgroup writeback pages accounting" there's bad pointer read.  The goal
was to check for counter underflow.  The counter is a per cpu counter
and there are two problems with the code:

 (1) per cpu access function isn't used, instead a naked pointer is used
     which easily causes oops.
 (2) the check doesn't sum all cpus

Test:
  $ cd /sys/fs/cgroup/memory
  $ mkdir x
  $ echo 3 > /proc/sys/vm/drop_caches
  $ (echo $BASHPID >> x/tasks && exec cat) &
  [1] 7154
  $ grep ^mapped x/memory.stat
  mapped_file 53248
  $ echo 7154 > tasks
  $ rmdir x
  <OOPS>

The fix is to remove the check.  It's currently dangerous and isn't
worth fixing it to use something expensive, such as
percpu_counter_sum(), for each reparented page.  __this_cpu_read() isn't
enough to fix this because there's no guarantees of the current cpus
count.  The only guarantees is that the sum of all per-cpu counter is >=
nr_pages.

Fixes: 3ea67d06e4 ("memcg: add per cgroup writeback pages accounting")
Reported-and-tested-by: Flavio Leitner <fbl@redhat.com>
Signed-off-by: Greg Thelen <gthelen@google.com>
Reviewed-by: Sha Zhengju <handai.szj@taobao.com>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Signed-off-by: Hugh Dickins <hughd@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-11-01 12:22:28 -07:00
..
backing-dev.c
balloon_compaction.c
bootmem.c
bounce.c
cleancache.c
compaction.c
debug-pagealloc.c
dmapool.c
fadvise.c
failslab.c
filemap_xip.c
filemap.c mm: memcg: handle non-error OOM situations more gracefully 2013-10-16 21:35:53 -07:00
fremap.c
frontswap.c
highmem.c
huge_memory.c mm: Close races between THP migration and PMD numa clearing 2013-10-29 11:38:05 +01:00
hugetlb_cgroup.c
hugetlb.c
hwpoison-inject.c
init-mm.c
internal.h
interval_tree.c
Kconfig
Kconfig.debug
kmemcheck.c
kmemleak-test.c
kmemleak.c
ksm.c
list_lru.c mm: list_lru: fix almost infinite loop causing effective livelock 2013-10-30 12:57:46 -07:00
maccess.c
madvise.c
Makefile
memblock.c
memcontrol.c memcg: remove incorrect underflow check 2013-11-01 12:22:28 -07:00
memory_hotplug.c
memory-failure.c
memory.c mm: numa: Sanitize task_numa_fault() callsites 2013-10-29 11:37:52 +01:00
mempolicy.c
mempool.c
migrate.c mm: Close races between THP migration and PMD numa clearing 2013-10-29 11:38:05 +01:00
mincore.c
mlock.c
mm_init.c
mmap.c
mmu_context.c
mmu_notifier.c
mmzone.c
mprotect.c mm: Account for a THP NUMA hinting update as one PTE update 2013-10-29 11:38:17 +01:00
mremap.c mm: revert mremap pud_free anti-fix 2013-10-16 21:35:53 -07:00
msync.c
nobootmem.c
nommu.c
oom_kill.c mm: memcg: handle non-error OOM situations more gracefully 2013-10-16 21:35:53 -07:00
page_alloc.c
page_cgroup.c
page_io.c
page_isolation.c
page-writeback.c writeback: fix negative bdi max pause 2013-10-16 21:35:53 -07:00
pagewalk.c mm/pagewalk.c: fix walk_page_range() access of wrong PTEs 2013-10-30 14:27:03 -07:00
percpu-km.c
percpu-vm.c
percpu.c
pgtable-generic.c
process_vm_access.c
quicklist.c
readahead.c
rmap.c
shmem.c
slab_common.c
slab.c
slab.h
slob.c
slub.c
sparse-vmemmap.c
sparse.c
swap_state.c
swap.c
swapfile.c swap: fix set_blocksize race during swapon/swapoff 2013-10-16 21:35:53 -07:00
truncate.c
util.c
vmalloc.c
vmpressure.c
vmscan.c
vmstat.c
zbud.c
zswap.c