Re: [patch 06/15] mm/memcg: fix refcount error while moving and swapping

Fri, 24 Jul 2020 06:41:30 -0700 


在 2020/7/24 下午12:15, Andrew Morton 写道:
> From: Hugh Dickins <[email protected]>
> Subject: mm/memcg: fix refcount error while moving and swapping
> 
> It was hard to keep a test running, moving tasks between memcgs with
> move_charge_at_immigrate, while swapping: mem_cgroup_id_get_many()'s
> refcount is discovered to be 0 (supposedly impossible), so it is then
> forced to REFCOUNT_SATURATED, and after thousands of warnings in quick
> succession, the test is at last put out of misery by being OOM killed.
> 
> This is because of the way moved_swap accounting was saved up until the
> task move gets completed in __mem_cgroup_clear_mc(), deferred from when
> mem_cgroup_move_swap_account() actually exchanged old and new ids. 
> Concurrent activity can free up swap quicker than the task is scanned,
> bringing id refcount down 0 (which should only be possible when
> offlining).
> 
> Just skip that optimization: do that part of the accounting immediately.
> 
> Link: http://lkml.kernel.org/r/[email protected]
> Fixes: 615d66c37c75 ("mm: memcontrol: fix memcg id ref counter on swap charge 
> move")
> Signed-off-by: Hugh Dickins <[email protected]>
> Cc: Johannes Weiner <[email protected]>
> Cc: Alex Shi <[email protected]>
> Cc: Shakeel Butt <[email protected]>
> Cc: Michal Hocko <[email protected]>
> Cc: <[email protected]>
> Signed-off-by: Andrew Morton <[email protected]>
> ---

Reviewed-by: Alex Shi <[email protected]>

> 
>  mm/memcontrol.c |    4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> --- a/mm/memcontrol.c~mm-memcg-fix-refcount-error-while-moving-and-swapping
> +++ a/mm/memcontrol.c
> @@ -5669,7 +5669,6 @@ static void __mem_cgroup_clear_mc(void)
>               if (!mem_cgroup_is_root(mc.to))
>                       page_counter_uncharge(&mc.to->memory, mc.moved_swap);
>  
> -             mem_cgroup_id_get_many(mc.to, mc.moved_swap);
>               css_put_many(&mc.to->css, mc.moved_swap);
>  
>               mc.moved_swap = 0;
> @@ -5860,7 +5859,8 @@ put:                    /* get_mctgt_type() gets the 
> page
>                       ent = target.ent;
>                       if (!mem_cgroup_move_swap_account(ent, mc.from, mc.to)) 
> {
>                               mc.precharge--;
> -                             /* we fixup refcnts and charges later. */
> +                             mem_cgroup_id_get_many(mc.to, 1);
> +                             /* we fixup other refcnts and charges later. */
>                               mc.moved_swap++;
>                       }
>                       break;
> _
> 














    











					Reply via email to