memcg: css_put after remove_list
mem_cgroup_uncharge_page does css_put on the mem_cgroup before uncharging from it, and before removing page_cgroup from one of its lru lists: isn't there a danger that struct mem_cgroup memory could be freed and reused before completing that, so corrupting something? Never seen it, and for all I know there may be other constraints which make it impossible; but let's be defensive and reverse the ordering there. mem_cgroup_force_empty_list is safe because there's an extra css_get around all its works; but even so, change its ordering the same way round, to help get in the habit of doing it like this. Signed-off-by: Hugh Dickins <hugh@veritas.com> Cc: David Rientjes <rientjes@google.com> Cc: Balbir Singh <balbir@linux.vnet.ibm.com> Acked-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Cc: Hirokazu Takahashi <taka@valinux.co.jp> Cc: YAMAMOTO Takashi <yamamoto@valinux.co.jp> Cc: Paul Menage <menage@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
b9c565d5a2
commit
6d48ff8bcf
|
@ -665,15 +665,15 @@ void mem_cgroup_uncharge_page(struct page *page)
|
|||
page_assign_page_cgroup(page, NULL);
|
||||
unlock_page_cgroup(page);
|
||||
|
||||
mem = pc->mem_cgroup;
|
||||
css_put(&mem->css);
|
||||
res_counter_uncharge(&mem->res, PAGE_SIZE);
|
||||
|
||||
mz = page_cgroup_zoneinfo(pc);
|
||||
spin_lock_irqsave(&mz->lru_lock, flags);
|
||||
__mem_cgroup_remove_list(pc);
|
||||
spin_unlock_irqrestore(&mz->lru_lock, flags);
|
||||
|
||||
mem = pc->mem_cgroup;
|
||||
res_counter_uncharge(&mem->res, PAGE_SIZE);
|
||||
css_put(&mem->css);
|
||||
|
||||
kfree(pc);
|
||||
return;
|
||||
}
|
||||
|
@ -774,9 +774,9 @@ retry:
|
|||
if (page_get_page_cgroup(page) == pc) {
|
||||
page_assign_page_cgroup(page, NULL);
|
||||
unlock_page_cgroup(page);
|
||||
css_put(&mem->css);
|
||||
res_counter_uncharge(&mem->res, PAGE_SIZE);
|
||||
__mem_cgroup_remove_list(pc);
|
||||
res_counter_uncharge(&mem->res, PAGE_SIZE);
|
||||
css_put(&mem->css);
|
||||
kfree(pc);
|
||||
} else {
|
||||
/* racing uncharge: let page go then retry */
|
||||
|
|
Loading…
Reference in New Issue