| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aUMkYlK1KhtD5ky6@cmpxchg.org>
Date: Wed, 17 Dec 2025 16:45:06 -0500
From: Johannes Weiner <hannes@...xchg.org>
To: Qi Zheng <qi.zheng@...ux.dev>
Cc: hughd@...gle.com, mhocko@...e.com, roman.gushchin@...ux.dev,
shakeel.butt@...ux.dev, muchun.song@...ux.dev, david@...nel.org,
lorenzo.stoakes@...cle.com, ziy@...dia.com, harry.yoo@...cle.com,
imran.f.khan@...cle.com, kamalesh.babulal@...cle.com,
axelrasmussen@...gle.com, yuanchu@...gle.com, weixugc@...gle.com,
chenridong@...weicloud.com, mkoutny@...e.com,
akpm@...ux-foundation.org, hamzamahfooz@...ux.microsoft.com,
apais@...ux.microsoft.com, lance.yang@...ux.dev, linux-mm@...ck.org,
linux-kernel@...r.kernel.org, cgroups@...r.kernel.org,
Muchun Song <songmuchun@...edance.com>,
Qi Zheng <zhengqi.arch@...edance.com>
Subject: Re: [PATCH v2 08/28] mm: memcontrol: prevent memory cgroup release
in get_mem_cgroup_from_folio()
On Wed, Dec 17, 2025 at 03:27:32PM +0800, Qi Zheng wrote:
> From: Muchun Song <songmuchun@...edance.com>
>
> In the near future, a folio will no longer pin its corresponding
> memory cgroup. To ensure safety, it will only be appropriate to
> hold the rcu read lock or acquire a reference to the memory cgroup
> returned by folio_memcg(), thereby preventing it from being released.
>
> In the current patch, the rcu read lock is employed to safeguard
> against the release of the memory cgroup in get_mem_cgroup_from_folio().
>
> This serves as a preparatory measure for the reparenting of the
> LRU pages.
>
> Signed-off-by: Muchun Song <songmuchun@...edance.com>
> Signed-off-by: Qi Zheng <zhengqi.arch@...edance.com>
> Reviewed-by: Harry Yoo <harry.yoo@...cle.com>
> ---
> mm/memcontrol.c | 11 ++++++++---
> 1 file changed, 8 insertions(+), 3 deletions(-)
>
> diff --git a/mm/memcontrol.c b/mm/memcontrol.c
> index 21b5aad34cae7..431b3154c70c5 100644
> --- a/mm/memcontrol.c
> +++ b/mm/memcontrol.c
> @@ -973,14 +973,19 @@ struct mem_cgroup *get_mem_cgroup_from_current(void)
> */
> struct mem_cgroup *get_mem_cgroup_from_folio(struct folio *folio)
> {
> - struct mem_cgroup *memcg = folio_memcg(folio);
> + struct mem_cgroup *memcg;
>
> if (mem_cgroup_disabled())
> return NULL;
>
> + if (!folio_memcg_charged(folio))
> + return root_mem_cgroup;
> +
> rcu_read_lock();
> - if (!memcg || WARN_ON_ONCE(!css_tryget(&memcg->css)))
> - memcg = root_mem_cgroup;
> +retry:
> + memcg = folio_memcg(folio);
> + if (unlikely(!css_tryget(&memcg->css)))
> + goto retry;
So starting in patch 27, the tryget can fail if the memcg is offlined,
and the folio's objcg is reparented concurrently. We'll retry until we
find a memcg that isn't dead yet. There's always root_mem_cgroup.
It makes sense, but a loop like this begs the question of how it is
bounded. I pieced it together looking ahead. Since this is a small
diff, it would be nicer to fold it into 27. I didn't see anything in
between depending on it, but correct me if I'm wrong.
Minor style preference:
/* Comment explaining the above */
do {
memcg = folio_memcg(folio);
} while (!css_tryget(&memcg->css));
Powered by blists - more mailing lists