Re: [PATCH][mmotm]memcg: handle null dereference of mm->owner

From: Balbir Singh
Date: Fri Sep 05 2008 - 05:45:30 EST


KAMEZAWA Hiroyuki wrote:
> On Fri, 5 Sep 2008 16:50:17 +0900
> Daisuke Nishimura <nishimura@xxxxxxxxxxxxxxxxx> wrote:
>
>> Hi.
>>
>> mm_update_next_owner() may clear mm->owner to NULL
>> if it races with swapoff, page migration, etc.
>> (This behavior was introduced by mm-owner-fix-race-between-swap-and-exit.patch.)
>>
>> But memcg doesn't take account of this situation, and causes:
>>
>> BUG: unable to handle kernel NULL pointer dereference at 0000000000000630
>>
>> This fixes it.
>>
> Thank you for catching this.
>

Thanks, Daisuke

> BTW, I have a question to Balbir and Paul. (I'm sorry I missed the discussion.)
> Recently I wonder why we need MM_OWNER.
>
> - What's bad with thread's cgroup ?
> - Why we can't disallow per-thread cgroup under memcg ?)
>


For the following reasons, I had initially designed it to be that way because

1. There is no concept of a thread maintaining or managing its memory
independently of others
2. If we ever support full migration, it is easier to do so with the thread
group leader owning the memory, rather than figuring out what to do everytime a
task changed a cgroup.
3. A task with appropriate permissions can spread itself across cgroups and hog
memory


--
Balbir
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/