From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=Bqph=A2=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-7.0 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SIGNED_OFF_BY,
	SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 63DF7C433E2
	for <linux-mm@archiver.kernel.org>; Wed, 15 Jul 2020 15:56:21 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id 299DB206D5
	for <linux-mm@archiver.kernel.org>; Wed, 15 Jul 2020 15:56:21 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (2048-bit key) header.d=bytedance-com.20150623.gappssmtp.com header.i=@bytedance-com.20150623.gappssmtp.com header.b="EWwLkljz"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 299DB206D5
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=bytedance.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 9FC5F6B0008; Wed, 15 Jul 2020 11:56:20 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 9ACBA6B000D; Wed, 15 Jul 2020 11:56:20 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 89B7A6B000E; Wed, 15 Jul 2020 11:56:20 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0141.hostedemail.com [216.40.44.141])
	by kanga.kvack.org (Postfix) with ESMTP id 70B136B0008
	for <linux-mm@kvack.org>; Wed, 15 Jul 2020 11:56:20 -0400 (EDT)
Received: from smtpin05.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay04.hostedemail.com (Postfix) with ESMTP id E682A1EE6
	for <linux-mm@kvack.org>; Wed, 15 Jul 2020 15:56:19 +0000 (UTC)
X-FDA: 77040762078.05.wren74_0916baa26efa
Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251])
	by smtpin05.hostedemail.com (Postfix) with ESMTP id BBBB61801A811
	for <linux-mm@kvack.org>; Wed, 15 Jul 2020 15:56:19 +0000 (UTC)
X-HE-Tag: wren74_0916baa26efa
X-Filterd-Recvd-Size: 5509
Received: from mail-pg1-f195.google.com (mail-pg1-f195.google.com [209.85.215.195])
	by imf36.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Wed, 15 Jul 2020 15:56:19 +0000 (UTC)
Received: by mail-pg1-f195.google.com with SMTP id d4so3279363pgk.4
        for <linux-mm@kvack.org>; Wed, 15 Jul 2020 08:56:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=bytedance-com.20150623.gappssmtp.com; s=20150623;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=VoLrAtt1VyxuFNU8R+bL89rZwqBhfdjM3HwRVlNo+Sg=;
        b=EWwLkljz1VAM7yL27jdXj31g9KL4DV/W+V32rYb7qrevaLYYLinozQdpR6f0DJVC7W
         NBt/g0/RJs44i1CYCqPFyL4YSJhgXu+LDp7VhUJRQMKi/rcmcWNomspHlxE+RDZgIscf
         7dGi8dIzEYzm25OK1Seqoi4zjh+niQ70jVGh3HEQdPoIbJWkBeif8fD9UPLdEFAN1pqZ
         qiahVa0hqI2ZDeh8ROJkgaq5Osn0QYnrKHAvG0tVQUBq4lW4IKRxrh+sC2WqNc/qY8Vw
         v5yb5yhDdTtjytfM/q3IwdtK1DEsGmBhvW1gqQN1pxBdtmSC5HPlr7bfE9typ0scTTmO
         Bc3A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=VoLrAtt1VyxuFNU8R+bL89rZwqBhfdjM3HwRVlNo+Sg=;
        b=VNU2EbhqkZJB20YuZcbOktQzv4ACPrGQnPpahVMv13JuE/CahlfCusAlpdNJvrRAuu
         qYsCAZHZyglXvexf355hfe7BIKksjSRndsOKJ5028oZV/OQRGydytw1C2egz5ZAribdP
         3tiKXg7njUtKw33xH+3mZaBL1nn71dbzfuSKd4ZmZxvQ4ZTseC482ppmZpnefJoLw8Pg
         gh1Zm862mKScoJElrmu8oJ1qFVJxbR1QkK2pP3p4OIcDXiSvM+h1KP0pmzCy52dbeMib
         vnk0fkRyWJx1CPh23YTdJ8DM/sSLHxSM9pFbTNBdJMg+cd7oQMcT3vSOPmMSJpjP7ijr
         XsZg==
X-Gm-Message-State: AOAM532f5s8n0ujTHjlzaN1hufqTImDT2up8uhB1dTFhcO8Zi4WBKI0z
	4ZerFUB/B9sG5y7gMMOn0OIxyy/CYhpwalJ0slPK/g==
X-Google-Smtp-Source: ABdhPJzATAq/QWB7Ymlgx30NYeVFKy3oLTmS3TSJDTGy8g96MJaUiFfFEyKVmbp43RB1/CiM+nsS0iqHGdg9fDO1Z9M=
X-Received: by 2002:a63:cf49:: with SMTP id b9mr308979pgj.31.1594828577905;
 Wed, 15 Jul 2020 08:56:17 -0700 (PDT)
MIME-Version: 1.0
References: <20200707062754.8383-1-songmuchun@bytedance.com>
 <3d06418e-e75c-e7b8-91cd-ba56283045be@suse.cz> <CAMZfGtXK9yQOJy7BPnTBzhG4tithRs=9R4O3rDg1Rjz0zUFKnQ@mail.gmail.com>
 <4c1bba23-56c5-f69c-28cb-48dd3db30880@suse.cz>
In-Reply-To: <4c1bba23-56c5-f69c-28cb-48dd3db30880@suse.cz>
From: Muchun Song <songmuchun@bytedance.com>
Date: Wed, 15 Jul 2020 23:55:42 +0800
Message-ID: <CAMZfGtVEiUmQYX61MT_oCymac+idXy16U8bAQoV21HcFrVXCxg@mail.gmail.com>
Subject: Re: [External] Re: [PATCH v5.4.y, v4.19.y] mm: memcg/slab: fix memory
 leak at non-root kmem_cache destroy
To: Vlastimil Babka <vbabka@suse.cz>
Cc: Christoph Lameter <cl@linux.com>, Pekka Enberg <penberg@kernel.org>, 
	David Rientjes <rientjes@google.com>, Joonsoo Kim <iamjoonsoo.kim@lge.com>, 
	Andrew Morton <akpm@linux-foundation.org>, 
	Linux Memory Management List <linux-mm@kvack.org>, LKML <linux-kernel@vger.kernel.org>, 
	Shakeel Butt <shakeelb@google.com>, Roman Gushchin <guro@fb.com>
Content-Type: text/plain; charset="UTF-8"
X-Rspamd-Queue-Id: BBBB61801A811
X-Spamd-Result: default: False [0.00 / 100.00]
X-Rspamd-Server: rspam01
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000001, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Wed, Jul 15, 2020 at 11:43 PM Vlastimil Babka <vbabka@suse.cz> wrote:
>
> On 7/15/20 5:13 PM, Muchun Song wrote:
> > On Wed, Jul 15, 2020 at 7:32 PM Vlastimil Babka <vbabka@suse.cz> wrote:
> >>
> >> On 7/7/20 8:27 AM, Muchun Song wrote:
> >> > If the kmem_cache refcount is greater than one, we should not
> >> > mark the root kmem_cache as dying. If we mark the root kmem_cache
> >> > dying incorrectly, the non-root kmem_cache can never be destroyed.
> >> > It resulted in memory leak when memcg was destroyed. We can use the
> >> > following steps to reproduce.
> >> >
> >> >   1) Use kmem_cache_create() to create a new kmem_cache named A.
> >> >   2) Coincidentally, the kmem_cache A is an alias for kmem_cache B,
> >> >      so the refcount of B is just increased.
> >> >   3) Use kmem_cache_destroy() to destroy the kmem_cache A, just
> >> >      decrease the B's refcount but mark the B as dying.
> >> >   4) Create a new memory cgroup and alloc memory from the kmem_cache
> >> >      A. It leads to create a non-root kmem_cache for allocating.
> >> >   5) When destroy the memory cgroup created in the step 4), the
> >> >      non-root kmem_cache can never be destroyed.
> >> >
> >> > If we repeat steps 4) and 5), this will cause a lot of memory leak.
> >> > So only when refcount reach zero, we mark the root kmem_cache as dying.
> >> >
> >> > Fixes: 92ee383f6daa ("mm: fix race between kmem_cache destroy, create and deactivate")
> >> > Signed-off-by: Muchun Song <songmuchun@bytedance.com>
> >>
> >> CC Roman, who worked in this area recently.
> >>
> >> Also why is this marked "[PATCH v5.4.y, v4.19.y]"? Has it been fixed otherwise
> >> in 5.5+ ?
> >
> > Because the memcg slab/slub is reworked by Roman since v5.8.
>
> That rework is in mmotm, so scheduled for 5.9, AFAIK. If you mean "The new
> cgroup slab memory controller" series.

Yeah, I mean "The new cgroup slab memory controller".

>
> > Therefore, this problem exists in v5.7 and below.
>
> Even 5.7 has a stable series, so no need to list only the LTS's.
> To sum up, the patch (once reviewed) should be queued for mainline as usual,
> perhaps sent before 5.8 is final, if deemed safe enough, and with added
>
> Cc: <stable@vger.kernel.org>
>
> and the Fixes: tag you provided, the applicable stable versions will pick it.

Got it. Thanks.

>
> Vlastimil



-- 
Yours,
Muchun