Re: slab: clean up kmem_cache_create_memcg() error handling

From: Vladimir Davydov
Date: Fri Jan 24 2014 - 16:15:10 EST


On 01/24/2014 10:20 PM, Dave Jones wrote:
> On Fri, Jan 24, 2014 at 03:33:41AM +0000, Linux Kernel wrote:
> > Gitweb: http://git.kernel.org/linus/;a=commit;h=3965fc3652244651006ebb31c8c45318ce84818f
> > Commit: 3965fc3652244651006ebb31c8c45318ce84818f
> > Parent: 309381feaee564281c3d9e90fbca8963bb7428ad
> > Author: Vladimir Davydov <vdavydov@xxxxxxxxxxxxx>
> > AuthorDate: Thu Jan 23 15:52:55 2014 -0800
> > Committer: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
> > CommitDate: Thu Jan 23 16:36:50 2014 -0800
> >
> > slab: clean up kmem_cache_create_memcg() error handling
> >
> > Currently kmem_cache_create_memcg() backoffs on failure inside
> > conditionals, without using gotos. This results in the rollback code
> > duplication, which makes the function look cumbersome even though on
> > error we should only free the allocated cache. Since in the next patch
> > I am going to add yet another rollback function call on error path
> > there, let's employ labels instead of conditionals for undoing any
> > changes on failure to keep things clean.
>
> ...
>
> > +out_unlock:
> > mutex_unlock(&slab_mutex);
> > put_online_cpus();
> >
> > if (err) {
> > -
> > if (flags & SLAB_PANIC)
> > panic("kmem_cache_create: Failed to create slab '%s'. Error %d\n",
> > name, err);
> > @@ -236,11 +230,14 @@ out_locked:
> > name, err);
> > dump_stack();
> > }
> > -
> > return NULL;
> > }
> > -
> > return s;
> > +
> > +out_free_cache:
> > + kfree(s->name);
> > + kmem_cache_free(kmem_cache, s);
> > + goto out_unlock;
> > }
>
> This is now returning a freed pointer as 's' if an error occurs.

If we go to out_free_cache, we set err, and since under out_unlock we have:

> if (err) {
...
> return NULL
>}

we will return NULL, which is right.

However this behavior was broken by another my 'fix' :-(

commit f717eb3abb5ea38f60e671dbfdbf512c2c93d22e
slab: do not panic if we fail to create memcg cache
> - if (err) {
> + /*
> + * There is no point in flooding logs with warnings or especially
> + * crashing the system if we fail to create a cache for a memcg. In
> + * this case we will be accounting the memcg allocation to the root
> + * cgroup until we succeed to create its own cache, but it isn't that
> + * critical.
> + */
> + if (err && !memcg) {
> if (flags & SLAB_PANIC)
> panic("kmem_cache_create: Failed to create slab '%s'.
> Error %d\n",
> name, err);

In case memcg != NULL we can return crap on error. So you are right in
the end. Thank you for catching this!

> Perhaps the patch below ?
>
> diff --git a/mm/slab_common.c b/mm/slab_common.c
> index 8e40321da091..2c62294cee23 100644
> --- a/mm/slab_common.c
> +++ b/mm/slab_common.c
> @@ -257,6 +257,7 @@ out_free_cache:
> memcg_free_cache_params(s);
> kfree(s->name);
> kmem_cache_free(kmem_cache, s);
> + s = NULL;
> goto out_unlock;
> }

This one looks correct to me. I'll send it on behalf of you.

Thanks!
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/