Re: [BUGFIX][PATCH] memcg: fix race in file_mapped accouting flagmanagement
From: Balbir Singh
Date: Mon Sep 13 2010 - 04:47:49 EST
* KAMEZAWA Hiroyuki <kamezawa.hiroyu@xxxxxxxxxxxxxx> [2010-09-13 16:08:22]:
>
> I think this small race is not very critical but it's bug.
> We have this race since 2.6.34.
> =
> From: KAMEZAWA Hiroyuki <kamezawa.hiroyu@xxxxxxxxxxxxxx>
>
> Now. memory cgroup accounts file-mapped by counter and flag.
> counter is working in the same way with zone_stat but FileMapped flag only
> exists in memcg (for helping move_account).
>
> This flag can be updated wrongly in a case. Assume CPU0 and CPU1
> and a thread mapping a page on CPU0, another thread unmapping it on CPU1.
>
> CPU0 CPU1
> rmv rmap (mapcount 1->0)
> add rmap (mapcount 0->1)
> lock_page_cgroup()
> memcg counter+1 (some delay)
> set MAPPED FLAG.
> unlock_page_cgroup()
> lock_page_cgroup()
> memcg counter-1
> clear MAPPED flag
>
> In above sequence, counter is properly updated but FLAG is not.
> This means that representing a state by a flag which is maintained by
> counter needs some specail care.
In the situation above who has the PTE lock? Are we not synchronized
via the PTE lock such that add rmap and rm rmap, will not happen
simultaneously?
>
> To handle this, at claering a flag, this patch check mapcount directly and
^^^^ (clearing)
> clear the flag only when mapcount == 0. (if mapcount >0, someone will make
> it to zero later and flag will be cleared.)
>
> Reverse case, dec-after-inc cannot be a problem because page_table_lock()
> works well for it. (IOW, to make above sequence, 2 processes should touch
> the same page at once with map/unmap.)
>
> Signed-off-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@xxxxxxxxxxxxxx>
--
Three Cheers,
Balbir
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/