Re: [BUGFIX][PATCH] fix wrong VM_BUG_ON() in try_charge()'smm->owner check

[Johannes Weiner]

On Thu, Nov 04, 2010 at 10:31:58AM -0700, Hugh Dickins wrote:
> On Wed, 3 Nov 2010, Hiroyuki Kamezawa wrote:
> > I'm sorry for attached file, I have to use unusual mailer this time.
> > This is a fix for wrong VM_BUG_ON() for mm/memcontol.c
> 
> Thanks, Kame, that's good: I've inlined it below with Balbir's Review,
> my Ack, and a Cc: stable@xxxxxxxxxxx
> 
> Hugh
> 
> 
> [PATCH] memcg: fix wrong VM_BUG_ON() in try_charge()'s mm->owner check
> 
> At __mem_cgroup_try_charge(), VM_BUG_ON(!mm->owner) is checked.
> But as commented in mem_cgroup_from_task(), mm->owner can be NULL in some racy
> case. This check of VM_BUG_ON() is bad.
> 
> A possible story to hit this is at swapoff()->try_to_unuse(). It passes
> mm_struct to mem_cgroup_try_charge_swapin() while mm->owner is NULL. If we
> can't get proper mem_cgroup from swap_cgroup information, mm->owner is used
> as charge target and we see NULL.
> 
> Cc: Daisuke Nishimura <nishimura@xxxxxxxxxxxxxxxxx>
> Cc: KOSAKI Motohiro <kosaki.motohiro@xxxxxxxxxxxxxx>
> Reported-by: Hugh Dickins <hughd@xxxxxxxxxx>
> Signed-off-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@xxxxxxxxxxxxxx>
> Reviewed-by: Balbir Singh <balbir@xxxxxxxxxxxxxxxxxx>
> Acked-by: Hugh Dickins <hughd@xxxxxxxxxx>
> Cc: stable@xxxxxxxxxx

Reviewed-by: Johannes Weiner <hannes@xxxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/