Re: [RESEND PATCH v2] mm/memcontrol: Avoid stuck FLUSHING_CACHED_CHARGE on isolated CPU
From: Shakeel Butt
Date: Tue Jun 30 2026 - 11:10:25 EST
On Tue, Jun 30, 2026 at 03:00:04PM +0800, Hui Zhu wrote:
> From: Hui Zhu <zhuhui@xxxxxxxxxx>
>
> drain_all_stock() sets FLUSHING_CACHED_CHARGE before calling
> schedule_drain_work() to queue per-CPU drain work. When the target
> CPU is isolated (cpu_is_isolated() == true), the work is silently
> not queued, but FLUSHING_CACHED_CHARGE stays set. Every subsequent
> drain_all_stock() then sees the bit and skips this stock entirely,
> so the entry is effectively pinned until something else on that CPU
> runs drain_local_*_stock() and clears the bit -- which on a long-
> isolated CPU may never happen.
>
> The original idea was to actually perform the drain from the calling
> CPU on behalf of the isolated one, by adding a lock around the
> per-CPU stock so that a remote drainer could safely touch it. In
> practice this turned out to be intrusive: the stock data structures
> and their fast paths (consume_stock(), refill_stock(), the obj_stock
> helpers) are deliberately designed around current-CPU-only access,
> and retrofitting cross-CPU serialisation onto them adds non-trivial
> locking and PREEMPT_RT concerns for very little gain.
>
> Looking at the actual amount of charge that can accumulate in a
> single per-CPU stock, it is bounded and small, so leaving an
> isolated CPU's stock undrained for a while is not a real problem.
> The only real bug is that the stuck FLUSHING_CACHED_CHARGE bit
> prevents future drain_all_stock() callers from re-attempting once
> the CPU is no longer isolated.
>
> Fix this minimally by clearing FLUSHING_CACHED_CHARGE when the work
> could not be queued because the target CPU is isolated. The cached
> charge itself is left in place; it will be released the next time
> the CPU runs drain_local_*_stock() (e.g. after leaving isolation,
> or if the isolated CPU itself calls drain_all_stock() -- in that
> case cpu == curcpu causes drain_local_memcg_stock() to be invoked
> directly), and the next drain_all_stock() call is free to retry
> instead of skipping the stock forever.
>
> Fixes: 6a792697a53a ("memcg: do not drain charge pcp caches on remote isolated cpus")
> Signed-off-by: Hui Zhu <zhuhui@xxxxxxxxxx>
> ---
> Changelog:
> v2:
> According to the comments of Waiman Long, updated fixes.
>
> mm/memcontrol.c | 28 ++++++++++++++++++++++------
> 1 file changed, 22 insertions(+), 6 deletions(-)
>
> diff --git a/mm/memcontrol.c b/mm/memcontrol.c
> index 6dc4888a90f3..2e66b4a2c25d 100644
> --- a/mm/memcontrol.c
> +++ b/mm/memcontrol.c
> @@ -2256,7 +2256,8 @@ static bool is_memcg_drain_needed(struct memcg_stock_pcp *stock,
> return flush;
> }
>
> -static void schedule_drain_work(int cpu, struct work_struct *work)
> +static void
> +schedule_drain_work(int cpu, struct work_struct *work, unsigned long *flags)
> {
> /*
> * Protect housekeeping cpumask read and work enqueue together
> @@ -2264,9 +2265,22 @@ static void schedule_drain_work(int cpu, struct work_struct *work)
> * partition update only need to wait for an RCU GP and flush the
> * pending work on newly isolated CPUs.
> */
> - guard(rcu)();
> - if (!cpu_is_isolated(cpu))
> - queue_work_on(cpu, memcg_wq, work);
> + scoped_guard(rcu) {
> + if (!cpu_is_isolated(cpu)) {
> + queue_work_on(cpu, memcg_wq, work);
> + return;
> + }
> + }
> +
> + /*
> + * The target CPU is isolated: the drain work was not queued.
> + * Clear FLUSHING_CACHED_CHARGE so that future drain_all_stock()
> + * callers can re-attempt instead of skipping this stock forever.
> + * The cached charge is left in place; it will be released the
> + * next time the CPU itself runs drain_local_*_stock() (e.g.
> + * after leaving isolation), or by a follow-up mechanism.
> + */
> + clear_bit(FLUSHING_CACHED_CHARGE, flags);
Let's do something like the following.
guard(rcu)();
if (cpu_is_isolated(cpu)) {
clear_bit(FLUSHING_CACHED_CHARGE, flags);
return;
}
queue_work_on(cpu, memcg_wq, work);
> }
>
> /*
> @@ -2299,7 +2313,8 @@ void drain_all_stock(struct mem_cgroup *root_memcg)
> if (cpu == curcpu)
> drain_local_memcg_stock(&memcg_st->work);
> else
> - schedule_drain_work(cpu, &memcg_st->work);
> + schedule_drain_work(cpu, &memcg_st->work,
> + &memcg_st->flags);
> }
>
> if (!test_bit(FLUSHING_CACHED_CHARGE, &obj_st->flags) &&
> @@ -2309,7 +2324,8 @@ void drain_all_stock(struct mem_cgroup *root_memcg)
> if (cpu == curcpu)
> drain_local_obj_stock(&obj_st->work);
> else
> - schedule_drain_work(cpu, &obj_st->work);
> + schedule_drain_work(cpu, &obj_st->work,
> + &obj_st->flags);
> }
> }
> migrate_enable();
> --
> 2.43.0
>