[PATCH] memcg: fix css reference leak from mem_cgroup_iter

From: Michal Hocko
Date: Wed Jan 15 2014 - 05:52:09 EST

Next message: Mark Brown: "Re: [PATCH v4 02/15] clk: Allow drivers to pass in a regmap"
Previous message: Laszlo Papp: "Re: [PATCH 3/3] gpio: MAX6650/6651 support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

19f39402864e (memcg: simplify mem_cgroup_iter) has introduced a css
refrence leak (thus memory leak) because mem_cgroup_iter makes sure it
doesn't put a css reference on the root of the tree walk. The mentioned
commit however dropped the root check when the css reference is taken
while it keept the css_put optimization fora the root in place.

This means that css_put is not called and so css along with mem_cgroup
and other cgroup internal object tied by css lifetime are never freed.

Fix the issue by reintroducing root check in __mem_cgroup_iter_next.

This patch also fixes issue reported by Hugh Dickins when
mem_cgroup_iter might end up in an endless loop because a group which is
under hard limit reclaim is removed in parallel with iteration.
__mem_cgroup_iter_next would always return NULL because css_tryget on
the root (reclaimed memcg) would fail and there are no other memcg in
the hierarchy. prev == NULL in mem_cgroup_iter would prevent break out
from the root and so the while (!memcg) loop would never terminate.
as css_tryget is no longer called for the root of the tree walk this
doesn't happen anymore.

Cc: stable@xxxxxxxxxxxxxxx # 3.10+
Reported-and-debugged-by: Hugh Dickins <hughd@xxxxxxxxxx>
Signed-off-by: Michal Hocko <mhocko@xxxxxxx>
---
mm/memcontrol.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index f016d26adfd3..dd3974c9f08d 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -1078,7 +1078,8 @@ skip_node:
* protected by css_get and the tree walk is rcu safe.
*/
if (next_css) {
- if ((next_css->flags & CSS_ONLINE) && css_tryget(next_css))
+ if ((next_css->flags & CSS_ONLINE) &&
+ (next_css == root || css_tryget(next_css)))
return mem_cgroup_from_css(next_css);
else {
prev_css = next_css;
--
1.8.5.2

--
Michal Hocko
SUSE Labs
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Mark Brown: "Re: [PATCH v4 02/15] clk: Allow drivers to pass in a regmap"
Previous message: Laszlo Papp: "Re: [PATCH 3/3] gpio: MAX6650/6651 support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]