diff options
| author | Anton Vorontsov <anton.vorontsov@linaro.org> | 2012-02-23 20:14:46 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-02-24 11:55:51 -0500 |
| commit | 371528caec553785c37f73fa3926ea0de84f986f (patch) | |
| tree | cc718011d32ae17ec61d1a68b71f912caf26b5bb /mm/memcontrol.c | |
| parent | 37fbf4bfb826372c3ca6c09d8a015d1fe9f5e186 (diff) | |
mm: memcg: Correct unregistring of events attached to the same eventfd
There is an issue when memcg unregisters events that were attached to
the same eventfd:
- On the first call mem_cgroup_usage_unregister_event() removes all
events attached to a given eventfd, and if there were no events left,
thresholds->primary would become NULL;
- Since there were several events registered, cgroups core will call
mem_cgroup_usage_unregister_event() again, but now kernel will oops,
as the function doesn't expect that threshold->primary may be NULL.
That's a good question whether mem_cgroup_usage_unregister_event()
should actually remove all events in one go, but nowadays it can't
do any better as cftype->unregister_event callback doesn't pass
any private event-associated cookie. So, let's fix the issue by
simply checking for threshold->primary.
FWIW, w/o the patch the following oops may be observed:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000004
IP: [<ffffffff810be32c>] mem_cgroup_usage_unregister_event+0x9c/0x1f0
Pid: 574, comm: kworker/0:2 Not tainted 3.3.0-rc4+ #9 Bochs Bochs
RIP: 0010:[<ffffffff810be32c>] [<ffffffff810be32c>] mem_cgroup_usage_unregister_event+0x9c/0x1f0
RSP: 0018:ffff88001d0b9d60 EFLAGS: 00010246
Process kworker/0:2 (pid: 574, threadinfo ffff88001d0b8000, task ffff88001de91cc0)
Call Trace:
[<ffffffff8107092b>] cgroup_event_remove+0x2b/0x60
[<ffffffff8103db94>] process_one_work+0x174/0x450
[<ffffffff8103e413>] worker_thread+0x123/0x2d0
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Anton Vorontsov <anton.vorontsov@linaro.org>
Acked-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Cc: Kirill A. Shutemov <kirill@shutemov.name>
Cc: Michal Hocko <mhocko@suse.cz>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'mm/memcontrol.c')
| -rw-r--r-- | mm/memcontrol.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/mm/memcontrol.c b/mm/memcontrol.c index 6728a7ae6f2d..228d6461c12a 100644 --- a/mm/memcontrol.c +++ b/mm/memcontrol.c | |||
| @@ -4414,6 +4414,9 @@ static void mem_cgroup_usage_unregister_event(struct cgroup *cgrp, | |||
| 4414 | */ | 4414 | */ |
| 4415 | BUG_ON(!thresholds); | 4415 | BUG_ON(!thresholds); |
| 4416 | 4416 | ||
| 4417 | if (!thresholds->primary) | ||
| 4418 | goto unlock; | ||
| 4419 | |||
| 4417 | usage = mem_cgroup_usage(memcg, type == _MEMSWAP); | 4420 | usage = mem_cgroup_usage(memcg, type == _MEMSWAP); |
| 4418 | 4421 | ||
| 4419 | /* Check if a threshold crossed before removing */ | 4422 | /* Check if a threshold crossed before removing */ |
| @@ -4462,7 +4465,7 @@ swap_buffers: | |||
| 4462 | 4465 | ||
| 4463 | /* To be sure that nobody uses thresholds */ | 4466 | /* To be sure that nobody uses thresholds */ |
| 4464 | synchronize_rcu(); | 4467 | synchronize_rcu(); |
| 4465 | 4468 | unlock: | |
| 4466 | mutex_unlock(&memcg->thresholds_lock); | 4469 | mutex_unlock(&memcg->thresholds_lock); |
| 4467 | } | 4470 | } |
| 4468 | 4471 | ||