• Li Zefan's avatar
    cgroup: don't recycle cgroup id until all csses' have been destroyed · c1a71504
    Li Zefan authored
    Hugh reported this bug:
    
    > CONFIG_MEMCG_SWAP is broken in 3.13-rc.  Try something like this:
    >
    > mkdir -p /tmp/tmpfs /tmp/memcg
    > mount -t tmpfs -o size=1G tmpfs /tmp/tmpfs
    > mount -t cgroup -o memory memcg /tmp/memcg
    > mkdir /tmp/memcg/old
    > echo 512M >/tmp/memcg/old/memory.limit_in_bytes
    > echo $$ >/tmp/memcg/old/tasks
    > cp /dev/zero /tmp/tmpfs/zero 2>/dev/null
    > echo $$ >/tmp/memcg/tasks
    > rmdir /tmp/memcg/old
    > sleep 1	# let rmdir work complete
    > mkdir /tmp/memcg/new
    > umount /tmp/tmpfs
    > dmesg | grep WARNING
    > rmdir /tmp/memcg/new
    > umount /tmp/memcg
    >
    > Shows lots of WARNING: CPU: 1 PID: 1006 at kernel/res_counter.c:91
    >                            res_counter_uncharge_locked+0x1f/0x2f()
    >
    > Breakage comes from 34c00c31 ("memcg: convert to use cgroup id").
    >
    > The lifetime of a cgroup id is different from the lifetime of the
    > css id it replaced: memsw's css_get()s do nothing to hold on to the
    > old cgroup id, it soon gets recycled to a new cgroup, which then
    > mysteriously inherits the old's swap, without any charge for it.
    
    Instead of removing cgroup id right after all the csses have been
    offlined, we should do that after csses have been destroyed.
    
    To make sure an invalid css pointer won't be returned after the css
    is destroyed, make sure css_from_id() returns NULL in this case.
    
    tj: Updated comment to note planned changes for cgrp->id.
    Reported-by: default avatarHugh Dickins <hughd@google.com>
    Signed-off-by: default avatarLi Zefan <lizefan@huawei.com>
    Reviewed-by: default avatarMichal Hocko <mhocko@suse.cz>
    Signed-off-by: default avatarTejun Heo <tj@kernel.org>
    c1a71504
cgroup.c 153 KB