Commit f3f511e1 authored by Glauber Costa's avatar Glauber Costa Committed by David S. Miller

net: fix sock_clone reference mismatch with tcp memcontrol

Sockets can also be created through sock_clone. Because it copies
all data in the sock structure, it also copies the memcg-related pointer,
and all should be fine. However, since we now use reference counts in
socket creation, we are left with some sockets that have no reference
counts. It matters when we destroy them, since it leads to a mismatch.
Signed-off-by: default avatarGlauber Costa <glommer@parallels.com>
CC: David S. Miller <davem@davemloft.net>
CC: Greg Thelen <gthelen@google.com>
CC: Hiroyouki Kamezawa <kamezawa.hiroyu@jp.fujitsu.com>
CC: Laurent Chavey <chavey@google.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 356b9542
...@@ -1103,6 +1103,12 @@ sk_sockets_allocated_read_positive(struct sock *sk) ...@@ -1103,6 +1103,12 @@ sk_sockets_allocated_read_positive(struct sock *sk)
return percpu_counter_sum_positive(prot->sockets_allocated); return percpu_counter_sum_positive(prot->sockets_allocated);
} }
static inline void sk_update_clone(const struct sock *sk, struct sock *newsk)
{
if (mem_cgroup_sockets_enabled && sk->sk_cgrp)
sock_update_memcg(newsk);
}
static inline int static inline int
proto_sockets_allocated_sum_positive(struct proto *prot) proto_sockets_allocated_sum_positive(struct proto *prot)
{ {
......
...@@ -381,16 +381,25 @@ static void mem_cgroup_put(struct mem_cgroup *memcg); ...@@ -381,16 +381,25 @@ static void mem_cgroup_put(struct mem_cgroup *memcg);
static bool mem_cgroup_is_root(struct mem_cgroup *memcg); static bool mem_cgroup_is_root(struct mem_cgroup *memcg);
void sock_update_memcg(struct sock *sk) void sock_update_memcg(struct sock *sk)
{ {
/* A socket spends its whole life in the same cgroup */
if (sk->sk_cgrp) {
WARN_ON(1);
return;
}
if (static_branch(&memcg_socket_limit_enabled)) { if (static_branch(&memcg_socket_limit_enabled)) {
struct mem_cgroup *memcg; struct mem_cgroup *memcg;
BUG_ON(!sk->sk_prot->proto_cgroup); BUG_ON(!sk->sk_prot->proto_cgroup);
/* Socket cloning can throw us here with sk_cgrp already
* filled. It won't however, necessarily happen from
* process context. So the test for root memcg given
* the current task's memcg won't help us in this case.
*
* Respecting the original socket's memcg is a better
* decision in this case.
*/
if (sk->sk_cgrp) {
BUG_ON(mem_cgroup_is_root(sk->sk_cgrp->memcg));
mem_cgroup_get(sk->sk_cgrp->memcg);
return;
}
rcu_read_lock(); rcu_read_lock();
memcg = mem_cgroup_from_task(current); memcg = mem_cgroup_from_task(current);
if (!mem_cgroup_is_root(memcg)) { if (!mem_cgroup_is_root(memcg)) {
......
...@@ -1362,6 +1362,8 @@ struct sock *sk_clone_lock(const struct sock *sk, const gfp_t priority) ...@@ -1362,6 +1362,8 @@ struct sock *sk_clone_lock(const struct sock *sk, const gfp_t priority)
sk_set_socket(newsk, NULL); sk_set_socket(newsk, NULL);
newsk->sk_wq = NULL; newsk->sk_wq = NULL;
sk_update_clone(sk, newsk);
if (newsk->sk_prot->sockets_allocated) if (newsk->sk_prot->sockets_allocated)
sk_sockets_allocated_inc(newsk); sk_sockets_allocated_inc(newsk);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment