Re: [patch 06/15] mm/memcg: fix refcount error while moving and swapping
From: Alex Shi
Date:  Fri Jul 24 2020 - 09:41:14 EST
在 2020/7/24 下午12:15, Andrew Morton 写道:
> From: Hugh Dickins <hughd@xxxxxxxxxx>
> Subject: mm/memcg: fix refcount error while moving and swapping
> 
> It was hard to keep a test running, moving tasks between memcgs with
> move_charge_at_immigrate, while swapping: mem_cgroup_id_get_many()'s
> refcount is discovered to be 0 (supposedly impossible), so it is then
> forced to REFCOUNT_SATURATED, and after thousands of warnings in quick
> succession, the test is at last put out of misery by being OOM killed.
> 
> This is because of the way moved_swap accounting was saved up until the
> task move gets completed in __mem_cgroup_clear_mc(), deferred from when
> mem_cgroup_move_swap_account() actually exchanged old and new ids. 
> Concurrent activity can free up swap quicker than the task is scanned,
> bringing id refcount down 0 (which should only be possible when
> offlining).
> 
> Just skip that optimization: do that part of the accounting immediately.
> 
> Link: http://lkml.kernel.org/r/alpine.LSU.2.11.2007071431050.4726@xxxxxxxxxxxx
> Fixes: 615d66c37c75 ("mm: memcontrol: fix memcg id ref counter on swap charge move")
> Signed-off-by: Hugh Dickins <hughd@xxxxxxxxxx>
> Cc: Johannes Weiner <hannes@xxxxxxxxxxx>
> Cc: Alex Shi <alex.shi@xxxxxxxxxxxxxxxxx>
> Cc: Shakeel Butt <shakeelb@xxxxxxxxxx>
> Cc: Michal Hocko <mhocko@xxxxxxxx>
> Cc: <stable@xxxxxxxxxxxxxxx>
> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
> ---
Reviewed-by: Alex Shi <alex.shi@xxxxxxxxxxxxxxxxx>
> 
>  mm/memcontrol.c |    4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> --- a/mm/memcontrol.c~mm-memcg-fix-refcount-error-while-moving-and-swapping
> +++ a/mm/memcontrol.c
> @@ -5669,7 +5669,6 @@ static void __mem_cgroup_clear_mc(void)
>  		if (!mem_cgroup_is_root(mc.to))
>  			page_counter_uncharge(&mc.to->memory, mc.moved_swap);
>  
> -		mem_cgroup_id_get_many(mc.to, mc.moved_swap);
>  		css_put_many(&mc.to->css, mc.moved_swap);
>  
>  		mc.moved_swap = 0;
> @@ -5860,7 +5859,8 @@ put:			/* get_mctgt_type() gets the page
>  			ent = target.ent;
>  			if (!mem_cgroup_move_swap_account(ent, mc.from, mc.to)) {
>  				mc.precharge--;
> -				/* we fixup refcnts and charges later. */
> +				mem_cgroup_id_get_many(mc.to, 1);
> +				/* we fixup other refcnts and charges later. */
>  				mc.moved_swap++;
>  			}
>  			break;
> _
>