* [BUGFIX][PATCH mmotm] memcg: fix for hierarchical reclaim
@ 2008-11-22 2:44 Daisuke Nishimura
2008-11-22 14:03 ` Balbir Singh
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Daisuke Nishimura @ 2008-11-22 2:44 UTC (permalink / raw)
To: Andrew Morton
Cc: linux-mm, Balbir Singh, KAMEZAWA Hiroyuki, YAMAMOTO Takashi,
Paul Menage, Li Zefan, David Rientjes, Pavel Emelianov,
Dhaval Giani, nishimura, d-nishimura
mem_cgroup_from_res_counter should handle both mem->res and mem->memsw.
This bug leads to NULL pointer dereference BUG at mem_cgroup_calc_reclaim.
Signed-off-by: Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp>
---
This is fix for memory-cgroup-hierarchical-reclaim-v4.patch.
mm/memcontrol.c | 23 +++++++++--------------
1 files changed, 9 insertions(+), 14 deletions(-)
diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index d177ed7..ac445cf 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -468,11 +468,8 @@ unsigned long mem_cgroup_isolate_pages(unsigned long nr_to_scan,
return nr_taken;
}
-static struct mem_cgroup *
-mem_cgroup_from_res_counter(struct res_counter *counter)
-{
- return container_of(counter, struct mem_cgroup, res);
-}
+#define mem_cgroup_from_res_counter(counter, member) \
+ container_of(counter, struct mem_cgroup, member)
/*
* This routine finds the DFS walk successor. This routine should be
@@ -665,18 +662,16 @@ static int __mem_cgroup_try_charge(struct mm_struct *mm,
/* mem+swap counter fails */
res_counter_uncharge(&mem->res, PAGE_SIZE);
noswap = true;
- }
+ mem_over_limit = mem_cgroup_from_res_counter(fail_res,
+ memsw);
+ } else
+ /* mem counter fails */
+ mem_over_limit = mem_cgroup_from_res_counter(fail_res,
+ res);
+
if (!(gfp_mask & __GFP_WAIT))
goto nomem;
- /*
- * Is one of our ancestors over their limit?
- */
- if (fail_res)
- mem_over_limit = mem_cgroup_from_res_counter(fail_res);
- else
- mem_over_limit = mem;
-
ret = mem_cgroup_hierarchical_reclaim(mem_over_limit, gfp_mask,
noswap);
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [BUGFIX][PATCH mmotm] memcg: fix for hierarchical reclaim
2008-11-22 2:44 [BUGFIX][PATCH mmotm] memcg: fix for hierarchical reclaim Daisuke Nishimura
@ 2008-11-22 14:03 ` Balbir Singh
2008-11-23 1:31 ` Daisuke Nishimura
2008-11-23 7:15 ` Balbir Singh
2008-11-23 9:44 ` [BUGFIX(resend)][PATCH " Daisuke Nishimura, Daisuke Nishimura
2 siblings, 1 reply; 5+ messages in thread
From: Balbir Singh @ 2008-11-22 14:03 UTC (permalink / raw)
To: nishimura
Cc: Andrew Morton, linux-mm, KAMEZAWA Hiroyuki, YAMAMOTO Takashi,
Paul Menage, Li Zefan, David Rientjes, Pavel Emelianov,
Dhaval Giani, d-nishimura
Daisuke Nishimura wrote:
> mem_cgroup_from_res_counter should handle both mem->res and mem->memsw.
> This bug leads to NULL pointer dereference BUG at mem_cgroup_calc_reclaim.
>
> Signed-off-by: Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp>
Thanks for catching this, could you please point me to the steps to reproduce
the problem
> ---
> This is fix for memory-cgroup-hierarchical-reclaim-v4.patch.
>
> mm/memcontrol.c | 23 +++++++++--------------
> 1 files changed, 9 insertions(+), 14 deletions(-)
>
> diff --git a/mm/memcontrol.c b/mm/memcontrol.c
> index d177ed7..ac445cf 100644
> --- a/mm/memcontrol.c
> +++ b/mm/memcontrol.c
> @@ -468,11 +468,8 @@ unsigned long mem_cgroup_isolate_pages(unsigned long nr_to_scan,
> return nr_taken;
> }
>
> -static struct mem_cgroup *
> -mem_cgroup_from_res_counter(struct res_counter *counter)
> -{
> - return container_of(counter, struct mem_cgroup, res);
> -}
> +#define mem_cgroup_from_res_counter(counter, member) \
> + container_of(counter, struct mem_cgroup, member)
>
> /*
> * This routine finds the DFS walk successor. This routine should be
> @@ -665,18 +662,16 @@ static int __mem_cgroup_try_charge(struct mm_struct *mm,
> /* mem+swap counter fails */
> res_counter_uncharge(&mem->res, PAGE_SIZE);
> noswap = true;
> - }
> + mem_over_limit = mem_cgroup_from_res_counter(fail_res,
> + memsw);
> + } else
> + /* mem counter fails */
> + mem_over_limit = mem_cgroup_from_res_counter(fail_res,
> + res);
> +
> if (!(gfp_mask & __GFP_WAIT))
> goto nomem;
>
> - /*
> - * Is one of our ancestors over their limit?
> - */
> - if (fail_res)
> - mem_over_limit = mem_cgroup_from_res_counter(fail_res);
> - else
> - mem_over_limit = mem;
> -
> ret = mem_cgroup_hierarchical_reclaim(mem_over_limit, gfp_mask,
> noswap);
>
Seems reasonable, but I want to test it.
--
Balbir
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [BUGFIX][PATCH mmotm] memcg: fix for hierarchical reclaim
2008-11-22 14:03 ` Balbir Singh
@ 2008-11-23 1:31 ` Daisuke Nishimura
0 siblings, 0 replies; 5+ messages in thread
From: Daisuke Nishimura @ 2008-11-23 1:31 UTC (permalink / raw)
To: balbir
Cc: Andrew Morton, linux-mm, KAMEZAWA Hiroyuki, YAMAMOTO Takashi,
Paul Menage, Li Zefan, David Rientjes, Pavel Emelianov,
Dhaval Giani, d-nishimura, nishimura
On Sat, 22 Nov 2008 19:33:39 +0530
Balbir Singh <balbir@linux.vnet.ibm.com> wrote:
> Daisuke Nishimura wrote:
> > mem_cgroup_from_res_counter should handle both mem->res and mem->memsw.
> > This bug leads to NULL pointer dereference BUG at mem_cgroup_calc_reclaim.
> >
> > Signed-off-by: Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp>
>
> Thanks for catching this, could you please point me to the steps to reproduce
> the problem
>
You can see this BUG when you are exceeding memory.memsw.limit_in_bytes
and trying to free pages.
When exceeding memory.memsw.limit_in_bytes, fail_res points to
mem_cgroup.memsw, not to mem_cgroup.res.
So, mem_cgroup_hierarchical_reclaim() would be called with
invalid mem_cgroup.
Thanks,
Daisuke Nishimura.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [BUGFIX][PATCH mmotm] memcg: fix for hierarchical reclaim
2008-11-22 2:44 [BUGFIX][PATCH mmotm] memcg: fix for hierarchical reclaim Daisuke Nishimura
2008-11-22 14:03 ` Balbir Singh
@ 2008-11-23 7:15 ` Balbir Singh
2008-11-23 9:44 ` [BUGFIX(resend)][PATCH " Daisuke Nishimura, Daisuke Nishimura
2 siblings, 0 replies; 5+ messages in thread
From: Balbir Singh @ 2008-11-23 7:15 UTC (permalink / raw)
To: nishimura
Cc: Andrew Morton, linux-mm, KAMEZAWA Hiroyuki, YAMAMOTO Takashi,
Paul Menage, Li Zefan, David Rientjes, Pavel Emelianov,
Dhaval Giani, d-nishimura
Daisuke Nishimura wrote:
> mem_cgroup_from_res_counter should handle both mem->res and mem->memsw.
> This bug leads to NULL pointer dereference BUG at mem_cgroup_calc_reclaim.
>
> Signed-off-by: Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp>
> ---
> This is fix for memory-cgroup-hierarchical-reclaim-v4.patch.
Tested-by: Balbir Singh <balbir@linux.vnet.ibm.com>
Acked-by: Balbir Singh <balbir@linux.vnet.ibm.com>
--
Balbir
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 5+ messages in thread
* [BUGFIX(resend)][PATCH mmotm] memcg: fix for hierarchical reclaim
2008-11-22 2:44 [BUGFIX][PATCH mmotm] memcg: fix for hierarchical reclaim Daisuke Nishimura
2008-11-22 14:03 ` Balbir Singh
2008-11-23 7:15 ` Balbir Singh
@ 2008-11-23 9:44 ` Daisuke Nishimura, Daisuke Nishimura
2 siblings, 0 replies; 5+ messages in thread
From: Daisuke Nishimura, Daisuke Nishimura @ 2008-11-23 9:44 UTC (permalink / raw)
To: Andrew Morton
Cc: linux-mm, Balbir Singh, KAMEZAWA Hiroyuki, YAMAMOTO Takashi,
Paul Menage, Li Zefan, David Rientjes, Pavel Emelianov,
Dhaval Giani, d-nishimura, nishimura
mem_cgroup_from_res_counter should handle both mem->res and mem->memsw.
When exceeding memory.memsw.limit_in_bytes, fail_res points to
mem_cgroup.memsw, not to mem_cgroup.res.
So, mem_cgroup_hierarchical_reclaim() would be called with
invalid mem_cgroup.
This bug leads to NULL pointer dereference BUG at mem_cgroup_calc_reclaim.
Signed-off-by: Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp>
Tested-by: Balbir Singh <balbir@linux.vnet.ibm.com>
Acked-by: Balbir Singh <balbir@linux.vnet.ibm.com>
---
This is fix for memory-cgroup-hierarchical-reclaim-v4.patch.
mm/memcontrol.c | 23 +++++++++--------------
1 files changed, 9 insertions(+), 14 deletions(-)
diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index d177ed7..ac445cf 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -468,11 +468,8 @@ unsigned long mem_cgroup_isolate_pages(unsigned long nr_to_scan,
return nr_taken;
}
-static struct mem_cgroup *
-mem_cgroup_from_res_counter(struct res_counter *counter)
-{
- return container_of(counter, struct mem_cgroup, res);
-}
+#define mem_cgroup_from_res_counter(counter, member) \
+ container_of(counter, struct mem_cgroup, member)
/*
* This routine finds the DFS walk successor. This routine should be
@@ -665,18 +662,16 @@ static int __mem_cgroup_try_charge(struct mm_struct *mm,
/* mem+swap counter fails */
res_counter_uncharge(&mem->res, PAGE_SIZE);
noswap = true;
- }
+ mem_over_limit = mem_cgroup_from_res_counter(fail_res,
+ memsw);
+ } else
+ /* mem counter fails */
+ mem_over_limit = mem_cgroup_from_res_counter(fail_res,
+ res);
+
if (!(gfp_mask & __GFP_WAIT))
goto nomem;
- /*
- * Is one of our ancestors over their limit?
- */
- if (fail_res)
- mem_over_limit = mem_cgroup_from_res_counter(fail_res);
- else
- mem_over_limit = mem;
-
ret = mem_cgroup_hierarchical_reclaim(mem_over_limit, gfp_mask,
noswap);
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2008-11-23 9:44 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2008-11-22 2:44 [BUGFIX][PATCH mmotm] memcg: fix for hierarchical reclaim Daisuke Nishimura
2008-11-22 14:03 ` Balbir Singh
2008-11-23 1:31 ` Daisuke Nishimura
2008-11-23 7:15 ` Balbir Singh
2008-11-23 9:44 ` [BUGFIX(resend)][PATCH " Daisuke Nishimura, Daisuke Nishimura
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox