On 5/14/19 8:06 PM, Shakeel Butt wrote:
@@ -2651,20 +2652,35 @@ struct kmem_cache *memcg_kmem_get_cache(struct kmem_cache *cachep)
        struct mem_cgroup *memcg;
        struct kmem_cache *memcg_cachep;
        int kmemcg_id;
+       struct memcg_cache_array *arr;

        VM_BUG_ON(!is_root_cache(cachep));

        if (memcg_kmem_bypass())
                return cachep;

-       memcg = get_mem_cgroup_from_current();
+       rcu_read_lock();
+
+       if (unlikely(current->active_memcg))
+               memcg = current->active_memcg;
+       else
+               memcg = mem_cgroup_from_task(current);
+
+       if (!memcg || memcg == root_mem_cgroup)
+               goto out_unlock;
+
        kmemcg_id = READ_ONCE(memcg->kmemcg_id);
        if (kmemcg_id < 0)
-               goto out;
+               goto out_unlock;

-       memcg_cachep = cache_from_memcg_idx(cachep, kmemcg_id);
-       if (likely(memcg_cachep))
-               return memcg_cachep;
+       arr = rcu_dereference(cachep->memcg_params.memcg_caches);
+
+       /*
+        * Make sure we will access the up-to-date value. The code updating
+        * memcg_caches issues a write barrier to match this (see
+        * memcg_create_kmem_cache()).
+        */
+       memcg_cachep = READ_ONCE(arr->entries[kmemcg_id]);

        /*
         * If we are in a safe context (can wait, and not in interrupt
@@ -2677,10 +2693,20 @@ struct kmem_cache *memcg_kmem_get_cache(struct kmem_cache *cachep)
         * memcg_create_kmem_cache, this means no further allocation
         * could happen with the slab_mutex held. So it's better to
         * defer everything.
+        *
+        * If the memcg is dying or memcg_cache is about to be released,
+        * don't bother creating new kmem_caches. Because memcg_cachep
+        * is ZEROed as the fist step of kmem offlining, we don't need
+        * percpu_ref_tryget() here. css_tryget_online() check in

*percpu_ref_tryget_live()


+        * memcg_schedule_kmem_cache_create() will prevent us from
+        * creation of a new kmem_cache.
         */
-       memcg_schedule_kmem_cache_create(memcg, cachep);
-out:
-       css_put(&memcg->css);
+       if (unlikely(!memcg_cachep))
+               memcg_schedule_kmem_cache_create(memcg, cachep);
+       else if (percpu_ref_tryget(&memcg_cachep->memcg_params.refcnt))
+               cachep = memcg_cachep;
+out_unlock:
+       rcu_read_lock();

There is one more bug that causes the kernel to panic on bootup when I turned on debugging options.

[   49.871437] =============================
[   49.875452] WARNING: suspicious RCU usage
[   49.879476] 5.2.0-rc1.bz1699202_memcg_test+ #2 Not tainted
[   49.884967] -----------------------------
[   49.888991] include/linux/rcupdate.h:268 Illegal context switch in RCU read-side critical section!
[   49.897950]
[   49.897950] other info that might help us debug this:
[   49.897950]
[   49.905958]
[   49.905958] rcu_scheduler_active = 2, debug_locks = 1
[   49.912492] 3 locks held by systemd/1:
[   49.916252]  #0: 00000000633673c5 (&type->i_mutex_dir_key#5){.+.+}, at: lookup_slow+0x42/0x70
[   49.924788]  #1: 0000000029fa8c75 (rcu_read_lock){....}, at: memcg_kmem_get_cache+0x12b/0x910
[   49.933316]  #2: 0000000029fa8c75 (rcu_read_lock){....}, at: memcg_kmem_get_cache+0x3da/0x910

It should be "rcu_read_unlock();" at the end.

-Longman