aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHugh Dickins <hugh@veritas.com>2008-03-04 17:29:12 -0500
committerLinus Torvalds <torvalds@woody.linux-foundation.org>2008-03-04 19:35:15 -0500
commit6d48ff8bcfd403ec8d3ef7a56538ea9e6f773b9c (patch)
tree9331ed70405f4933ac923a7595268ee7e773018e
parentb9c565d5a29a795f970b4a1340393d8fc6722fb9 (diff)
memcg: css_put after remove_list
mem_cgroup_uncharge_page does css_put on the mem_cgroup before uncharging from it, and before removing page_cgroup from one of its lru lists: isn't there a danger that struct mem_cgroup memory could be freed and reused before completing that, so corrupting something? Never seen it, and for all I know there may be other constraints which make it impossible; but let's be defensive and reverse the ordering there. mem_cgroup_force_empty_list is safe because there's an extra css_get around all its works; but even so, change its ordering the same way round, to help get in the habit of doing it like this. Signed-off-by: Hugh Dickins <hugh@veritas.com> Cc: David Rientjes <rientjes@google.com> Cc: Balbir Singh <balbir@linux.vnet.ibm.com> Acked-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Cc: Hirokazu Takahashi <taka@valinux.co.jp> Cc: YAMAMOTO Takashi <yamamoto@valinux.co.jp> Cc: Paul Menage <menage@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--mm/memcontrol.c12
1 files changed, 6 insertions, 6 deletions
diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index 13e9e7d8e49e..66d0e84cefa6 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -665,15 +665,15 @@ void mem_cgroup_uncharge_page(struct page *page)
665 page_assign_page_cgroup(page, NULL); 665 page_assign_page_cgroup(page, NULL);
666 unlock_page_cgroup(page); 666 unlock_page_cgroup(page);
667 667
668 mem = pc->mem_cgroup;
669 css_put(&mem->css);
670 res_counter_uncharge(&mem->res, PAGE_SIZE);
671
672 mz = page_cgroup_zoneinfo(pc); 668 mz = page_cgroup_zoneinfo(pc);
673 spin_lock_irqsave(&mz->lru_lock, flags); 669 spin_lock_irqsave(&mz->lru_lock, flags);
674 __mem_cgroup_remove_list(pc); 670 __mem_cgroup_remove_list(pc);
675 spin_unlock_irqrestore(&mz->lru_lock, flags); 671 spin_unlock_irqrestore(&mz->lru_lock, flags);
676 672
673 mem = pc->mem_cgroup;
674 res_counter_uncharge(&mem->res, PAGE_SIZE);
675 css_put(&mem->css);
676
677 kfree(pc); 677 kfree(pc);
678 return; 678 return;
679 } 679 }
@@ -774,9 +774,9 @@ retry:
774 if (page_get_page_cgroup(page) == pc) { 774 if (page_get_page_cgroup(page) == pc) {
775 page_assign_page_cgroup(page, NULL); 775 page_assign_page_cgroup(page, NULL);
776 unlock_page_cgroup(page); 776 unlock_page_cgroup(page);
777 css_put(&mem->css);
778 res_counter_uncharge(&mem->res, PAGE_SIZE);
779 __mem_cgroup_remove_list(pc); 777 __mem_cgroup_remove_list(pc);
778 res_counter_uncharge(&mem->res, PAGE_SIZE);
779 css_put(&mem->css);
780 kfree(pc); 780 kfree(pc);
781 } else { 781 } else {
782 /* racing uncharge: let page go then retry */ 782 /* racing uncharge: let page go then retry */