| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ot5kji77yk6sqsjhe3fm4hufryovs7in4bivwu6xplqc4btar3@ngl5r7clogkr>
Date: Thu, 18 Dec 2025 18:09:50 -0800
From: Shakeel Butt <shakeel.butt@...ux.dev>
To: Johannes Weiner <hannes@...xchg.org>
Cc: Qi Zheng <qi.zheng@...ux.dev>, hughd@...gle.com, mhocko@...e.com,
roman.gushchin@...ux.dev, muchun.song@...ux.dev, david@...nel.org,
lorenzo.stoakes@...cle.com, ziy@...dia.com, harry.yoo@...cle.com, imran.f.khan@...cle.com,
kamalesh.babulal@...cle.com, axelrasmussen@...gle.com, yuanchu@...gle.com, weixugc@...gle.com,
chenridong@...weicloud.com, mkoutny@...e.com, akpm@...ux-foundation.org,
hamzamahfooz@...ux.microsoft.com, apais@...ux.microsoft.com, lance.yang@...ux.dev,
linux-mm@...ck.org, linux-kernel@...r.kernel.org, cgroups@...r.kernel.org,
Muchun Song <songmuchun@...edance.com>, Qi Zheng <zhengqi.arch@...edance.com>
Subject: Re: [PATCH v2 08/28] mm: memcontrol: prevent memory cgroup release
in get_mem_cgroup_from_folio()
On Wed, Dec 17, 2025 at 04:45:06PM -0500, Johannes Weiner wrote:
> On Wed, Dec 17, 2025 at 03:27:32PM +0800, Qi Zheng wrote:
> > From: Muchun Song <songmuchun@...edance.com>
> >
> > In the near future, a folio will no longer pin its corresponding
> > memory cgroup. To ensure safety, it will only be appropriate to
> > hold the rcu read lock or acquire a reference to the memory cgroup
> > returned by folio_memcg(), thereby preventing it from being released.
> >
> > In the current patch, the rcu read lock is employed to safeguard
> > against the release of the memory cgroup in get_mem_cgroup_from_folio().
> >
> > This serves as a preparatory measure for the reparenting of the
> > LRU pages.
> >
> > Signed-off-by: Muchun Song <songmuchun@...edance.com>
> > Signed-off-by: Qi Zheng <zhengqi.arch@...edance.com>
> > Reviewed-by: Harry Yoo <harry.yoo@...cle.com>
> > ---
> > mm/memcontrol.c | 11 ++++++++---
> > 1 file changed, 8 insertions(+), 3 deletions(-)
> >
> > diff --git a/mm/memcontrol.c b/mm/memcontrol.c
> > index 21b5aad34cae7..431b3154c70c5 100644
> > --- a/mm/memcontrol.c
> > +++ b/mm/memcontrol.c
> > @@ -973,14 +973,19 @@ struct mem_cgroup *get_mem_cgroup_from_current(void)
> > */
> > struct mem_cgroup *get_mem_cgroup_from_folio(struct folio *folio)
> > {
> > - struct mem_cgroup *memcg = folio_memcg(folio);
> > + struct mem_cgroup *memcg;
> >
> > if (mem_cgroup_disabled())
> > return NULL;
> >
> > + if (!folio_memcg_charged(folio))
> > + return root_mem_cgroup;
> > +
> > rcu_read_lock();
> > - if (!memcg || WARN_ON_ONCE(!css_tryget(&memcg->css)))
> > - memcg = root_mem_cgroup;
> > +retry:
> > + memcg = folio_memcg(folio);
> > + if (unlikely(!css_tryget(&memcg->css)))
> > + goto retry;
>
> So starting in patch 27, the tryget can fail if the memcg is offlined,
offlined or on its way to free? It is css_tryget() without online.
> and the folio's objcg is reparented concurrently. We'll retry until we
> find a memcg that isn't dead yet. There's always root_mem_cgroup.
>
> It makes sense, but a loop like this begs the question of how it is
> bounded. I pieced it together looking ahead. Since this is a small
> diff, it would be nicer to fold it into 27. I didn't see anything in
> between depending on it, but correct me if I'm wrong.
I agree to fold it in the patch where it is needed. Currently at this
point in series I don't see how css_tryget() can fail here.
>
> Minor style preference:
>
> /* Comment explaining the above */
> do {
> memcg = folio_memcg(folio);
> } while (!css_tryget(&memcg->css));
Powered by blists - more mailing lists