From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D4EADC433DB for ; Fri, 19 Mar 2021 18:27:29 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 6E2946196F for ; Fri, 19 Mar 2021 18:27:29 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 6E2946196F Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id F29AF6B0073; Fri, 19 Mar 2021 14:27:28 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id EB2296B0078; Fri, 19 Mar 2021 14:27:28 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D2E4D8D0001; Fri, 19 Mar 2021 14:27:28 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0176.hostedemail.com [216.40.44.176]) by kanga.kvack.org (Postfix) with ESMTP id B24206B0073 for ; Fri, 19 Mar 2021 14:27:28 -0400 (EDT) Received: from smtpin10.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id 379C81823366D for ; Fri, 19 Mar 2021 18:27:28 +0000 (UTC) X-FDA: 77937456576.10.9D34686 Received: from mail-lj1-f174.google.com (mail-lj1-f174.google.com [209.85.208.174]) by imf17.hostedemail.com (Postfix) with ESMTP id A728F4000F6E for ; Fri, 19 Mar 2021 18:27:13 +0000 (UTC) Received: by mail-lj1-f174.google.com with SMTP id u20so13097288lja.13 for ; Fri, 19 Mar 2021 11:27:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=xEgTM8goNhFr4u/gIHLrFfwU7ZSevF9DK4Zkeu0KaRA=; b=gkobKDRtucesZHj59ZLQ0guW7RSwOPKQIDcFHyWebfXpvepkdLlbwRPmA0ZDgM29wJ k3r9P2ckqoszoC+MbL2nzQzl4R8Y4UlzbzKUa28Fx1UuEqwyhHMKSp/41Kvje46CfhV8 6KUFSSMB2vbR8oCZlZ6TraMJnnvGwbO+rwB2pkuJ12k9m4cNlrouwLwF7V4KIwM/YKLf FZU8IOXfTacily4A+JaKbYogjJ+c+Dj6QT4GzYgT8sS5l9Ng/6FmSO76bPDdZxKy+DrX GlHOeXfAjksva8jHhhBq1nbjUJXUJ2vjM6CtJxF0f76zI8DF01rtdVbgJSFLc/g69yzR Am6g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xEgTM8goNhFr4u/gIHLrFfwU7ZSevF9DK4Zkeu0KaRA=; b=IzTZ4bifBaxKWAnt6RLPAz3x7446tfURcZaZvux9daX4U3XC4NTabTUgngC/hJmjDu aTd1riDiyFLwtL1MHEz9AIW/5Xpg7JHRQStQQQdxzJRuMnYMDGQ52dwCh5XXR7wJxppw 0+nySzNL/fmNtrtix0AFGnEaCwIxPrUBzuaBTUz+cKpaA0jDlfpJfpzNvY+qm4xWa+T3 kwl2v4hgkQjZGF34Dc7GTdfv1sIILkzqCmZm967r0w42GZzat2nxzb4l9KIJN/ZAGHeb kHdOGeuEhSSI23EP1bKPjJQitzOmnIecMRgqxS3+vmsnuulpfyT8Wo1ESKhwzWkmhHBr 5Dow== X-Gm-Message-State: AOAM533+NnhQKxd5CsTJeZkB+LsA3ITbDrfjIto9j5lEL+cM/6R0W4Zk Ma5B6m0IQhd0xNAfnU3KKd3AZcNNl/l1vjViyB9uSA== X-Google-Smtp-Source: ABdhPJxRkFwrYYAzNJyJG6nE5njJ2Fc/r/LoFTWp57jg1QYGk8XHsuJM8QaWfnKNE42iVFf0e71Z/3FrHsEJojVnKKs= X-Received: by 2002:a2e:7d03:: with SMTP id y3mr1723814ljc.0.1616178426606; Fri, 19 Mar 2021 11:27:06 -0700 (PDT) MIME-Version: 1.0 References: <20210319163821.20704-1-songmuchun@bytedance.com> <20210319163821.20704-2-songmuchun@bytedance.com> In-Reply-To: <20210319163821.20704-2-songmuchun@bytedance.com> From: Shakeel Butt Date: Fri, 19 Mar 2021 11:26:54 -0700 Message-ID: Subject: Re: [PATCH v5 1/7] mm: memcontrol: slab: fix obtain a reference to a freeing memcg To: Muchun Song Cc: Roman Gushchin , Johannes Weiner , Michal Hocko , Andrew Morton , Vladimir Davydov , LKML , Linux MM , Xiongchun duan Content-Type: text/plain; charset="UTF-8" X-Stat-Signature: e45z1sqmppmxuxc947rcze5n51sf9ufj X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: A728F4000F6E Received-SPF: none (google.com>: No applicable sender policy available) receiver=imf17; identity=mailfrom; envelope-from=""; helo=mail-lj1-f174.google.com; client-ip=209.85.208.174 X-HE-DKIM-Result: pass/pass X-HE-Tag: 1616178433-324304 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Fri, Mar 19, 2021 at 9:38 AM Muchun Song wrote: > > The rcu_read_lock/unlock only can guarantee that the memcg will not be > freed, but it cannot guarantee the success of css_get (which is in the > refill_stock when cached memcg changed) to memcg. > > rcu_read_lock() > memcg = obj_cgroup_memcg(old) > __memcg_kmem_uncharge(memcg) > refill_stock(memcg) > if (stock->cached != memcg) > // css_get can change the ref counter from 0 back to 1. > css_get(&memcg->css) > rcu_read_unlock() > > This fix is very like the commit: > > eefbfa7fd678 ("mm: memcg/slab: fix use after free in obj_cgroup_charge") > > Fix this by holding a reference to the memcg which is passed to the > __memcg_kmem_uncharge() before calling __memcg_kmem_uncharge(). > > Fixes: 3de7d4f25a74 ("mm: memcg/slab: optimize objcg stock draining") > Signed-off-by: Muchun Song Good catch. Reviewed-by: Shakeel Butt