vmpressure: make sure there are no events queued after memcg is offlined

vmpressure is called synchronously from reclaim where the target_memcg is guaranteed to be alive but the eventfd is signaled from the work queue context. This means that memcg (along with vmpressure structure which is embedded into it) might go away while the work item is pending which would result in use-after-release bug. We have two possible ways how to fix this. Either vmpressure pins memcg before it schedules vmpr->work and unpin it in vmpressure_work_fn or explicitely flush the work item from the css_offline context (as suggested by Tejun). This patch implements the later one and it introduces vmpressure_cleanup which flushes the vmpressure work queue item item. It hooks into mem_cgroup_css_offline after the memcg itself is cleaned up. [akpm@linux-foundation.org: coding-style fixes] Signed-off-by: Michal Hocko <mhocko@suse.cz> Reported-by: Tejun Heo <tj@kernel.org> Cc: Anton Vorontsov <anton.vorontsov@linaro.org> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> Cc: Li Zefan <lizefan@huawei.com> Acked-by: Tejun Heo <tj@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Michal Hocko <mhocko@suse.cz> 2013-07-31 16:53:51 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2013-07-31 17:41:04 -0400
commit: 33cb876e947b9ddda8dca3fb99234b743a597ef9 (patch)
tree: 334a94157e6fd53ef9bb88771b181c6cbfa4826a /mm/vmpressure.c
parent: 8e0ed445b3478468372449859c45c6b3032acf2f (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/mm/vmpressure.c b/mm/vmpressure.c
index 192f9731931d..0c1e37d829fa 100644
--- a/mm/vmpressure.c
+++ b/mm/vmpressure.c
@@ -372,3 +372,19 @@ void vmpressure_init(struct vmpressure *vmpr)
        INIT_LIST_HEAD(&vmpr->events);
        INIT_WORK(&vmpr->work, vmpressure_work_fn);
 }
+/**
+ * vmpressure_cleanup() - shuts down vmpressure control structure
+ * @vmpr:       Structure to be cleaned up
+ *
+ * This function should be called before the structure in which it is
+ * embedded is cleaned up.
+ */
+void vmpressure_cleanup(struct vmpressure *vmpr)
+{
+        /*
+         * Make sure there is no pending work before eventfd infrastructure
+         * goes away.
+         */
+        flush_work(&vmpr->work);
+}
author	Michal Hocko <mhocko@suse.cz>	2013-07-31 16:53:51 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2013-07-31 17:41:04 -0400
commit	33cb876e947b9ddda8dca3fb99234b743a597ef9 (patch)
tree	334a94157e6fd53ef9bb88771b181c6cbfa4826a /mm/vmpressure.c
parent	8e0ed445b3478468372449859c45c6b3032acf2f (diff)

diff --git a/mm/vmpressure.c b/mm/vmpressure.c index 192f9731931d..0c1e37d829fa 100644 --- a/mm/vmpressure.c +++ b/mm/vmpressure.c
@@ -372,3 +372,19 @@ void vmpressure_init(struct vmpressure *vmpr)
372	INIT_LIST_HEAD(&vmpr->events);	372	INIT_LIST_HEAD(&vmpr->events);
373	INIT_WORK(&vmpr->work, vmpressure_work_fn);	373	INIT_WORK(&vmpr->work, vmpressure_work_fn);
374	}	374	}
		375
		376	/**
		377	* vmpressure_cleanup() - shuts down vmpressure control structure
		378	* @vmpr: Structure to be cleaned up
		379	*
		380	* This function should be called before the structure in which it is
		381	* embedded is cleaned up.
		382	*/
		383	void vmpressure_cleanup(struct vmpressure *vmpr)
		384	{
		385	/*
		386	* Make sure there is no pending work before eventfd infrastructure
		387	* goes away.
		388	*/
		389	flush_work(&vmpr->work);
		390	}