Commit 8a26aaeb authored by Hugh Dickins's avatar Hugh Dickins Committed by Khalid Elmously

mm/memcg: fix refcount error while moving and swapping

BugLink: https://bugs.launchpad.net/bugs/1889928

commit 8d22a935 upstream.

It was hard to keep a test running, moving tasks between memcgs with
move_charge_at_immigrate, while swapping: mem_cgroup_id_get_many()'s
refcount is discovered to be 0 (supposedly impossible), so it is then
forced to REFCOUNT_SATURATED, and after thousands of warnings in quick
succession, the test is at last put out of misery by being OOM killed.

This is because of the way moved_swap accounting was saved up until the
task move gets completed in __mem_cgroup_clear_mc(), deferred from when
mem_cgroup_move_swap_account() actually exchanged old and new ids.
Concurrent activity can free up swap quicker than the task is scanned,
bringing id refcount down 0 (which should only be possible when
offlining).

Just skip that optimization: do that part of the accounting immediately.

Fixes: 615d66c3 ("mm: memcontrol: fix memcg id ref counter on swap charge move")
Signed-off-by: default avatarHugh Dickins <hughd@google.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Reviewed-by: default avatarAlex Shi <alex.shi@linux.alibaba.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Alex Shi <alex.shi@linux.alibaba.com>
Cc: Shakeel Butt <shakeelb@google.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/alpine.LSU.2.11.2007071431050.4726@eggly.anvilsSigned-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
Signed-off-by: default avatarKhalid Elmously <khalid.elmously@canonical.com>
parent c360486c
...@@ -4889,7 +4889,6 @@ static void __mem_cgroup_clear_mc(void) ...@@ -4889,7 +4889,6 @@ static void __mem_cgroup_clear_mc(void)
if (!mem_cgroup_is_root(mc.to)) if (!mem_cgroup_is_root(mc.to))
page_counter_uncharge(&mc.to->memory, mc.moved_swap); page_counter_uncharge(&mc.to->memory, mc.moved_swap);
mem_cgroup_id_get_many(mc.to, mc.moved_swap);
css_put_many(&mc.to->css, mc.moved_swap); css_put_many(&mc.to->css, mc.moved_swap);
mc.moved_swap = 0; mc.moved_swap = 0;
...@@ -5067,7 +5066,8 @@ static int mem_cgroup_move_charge_pte_range(pmd_t *pmd, ...@@ -5067,7 +5066,8 @@ static int mem_cgroup_move_charge_pte_range(pmd_t *pmd,
ent = target.ent; ent = target.ent;
if (!mem_cgroup_move_swap_account(ent, mc.from, mc.to)) { if (!mem_cgroup_move_swap_account(ent, mc.from, mc.to)) {
mc.precharge--; mc.precharge--;
/* we fixup refcnts and charges later. */ mem_cgroup_id_get_many(mc.to, 1);
/* we fixup other refcnts and charges later. */
mc.moved_swap++; mc.moved_swap++;
} }
break; break;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment