Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp816010imm; Sat, 26 May 2018 11:59:06 -0700 (PDT) X-Google-Smtp-Source: AB8JxZqg/IyigGSps0/S+kUJgRFTFb2yTzzOv1s2kbg6ihmOv6NN0Zp/MmREgRF22Oe/bfbOG+Np X-Received: by 2002:a62:4387:: with SMTP id l7-v6mr7344005pfi.55.1527361146544; Sat, 26 May 2018 11:59:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527361146; cv=none; d=google.com; s=arc-20160816; b=v3sac8xDd16C6UXTZ1o6He/kQmaFfC3CP8nJJFZRqwQQfLKl12dU+XgZlajEqq/pGv Y/GIrfnjg9Gq0Wn6KVgScZPOTGkGYH5dRVw2zqAYKqBZn6QWY5VrX59sygxKwQ3tyr6w /Kk+Ca+ZhYQaKaNjDt/5yTmdJ88Sb+grFcA5NXjrLORuw2Wq06sbtb9CIdPgx8cGJw5I SkpX8GDXITKK/wPcJhlztbke77yKeT9vhMsoFesdhKDfr9SZFDpuQZPyCD5AIScvjseH li4htNfT0m78jR0xMrVtPFnRBMXXoa0L9sKh7nwWozMTfMGU9pYg1QVX7tYdCn860bAZ qoWA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature:arc-authentication-results; bh=Kr1avp4EGKXKHnGL+qddOdi+NRTiEgybcc6cZoXiBsQ=; b=EZsA2PjA+SEokyM+y4HYvYg2836ovgwns0iEhwE5hBGQi0iUTgV/lRNN2SQUhKogEu PRID0u6Ajhwf48WBIFF00EGad2+Z53eKQ5PsylkpI4z59smJj5gMtS7tPfBlGqQLoK61 KHPegOIlKoQJM8I6b534aPwhpV4ZSWnDNdHy/qKl/FIR5IE4wnttEpRwHAT/xqBfrNkW q2vF2xWWH2vm2UsQWjULbkEXEZzutPqKTOBvzDLzMnpPKdNC1Z5aTZpl8iGZT3ovmBJt 8PvYmD9RRDXGoee4c+SDvyatou1uevxSRDB5donFaJAjmMuYF0swWNVaHzImF/IKmfrv zWRQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=XpTYHc+q; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 3-v6si22854563plq.56.2018.05.26.11.58.50; Sat, 26 May 2018 11:59:06 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=XpTYHc+q; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1032327AbeEZS6n (ORCPT + 99 others); Sat, 26 May 2018 14:58:43 -0400 Received: from mail-wr0-f193.google.com ([209.85.128.193]:45209 "EHLO mail-wr0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1032279AbeEZS6l (ORCPT ); Sat, 26 May 2018 14:58:41 -0400 Received: by mail-wr0-f193.google.com with SMTP id w3-v6so14201244wrl.12; Sat, 26 May 2018 11:58:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=Kr1avp4EGKXKHnGL+qddOdi+NRTiEgybcc6cZoXiBsQ=; b=XpTYHc+qHwQjWqjMnNJLES/ECGZY7O8wwqpKiZn7+zxEsQnsWDMK4SOVWFmLmbyA2z 4P1n1vEMTdvWEoGIotJ0KTGAv9a144JQdXA5T862HfrobNKw7PYnoXVhB1xQauKHiP3d atn3Gt3xjkK5lXyA/4NcY/4945ZSB6xEpx4/aunSAtvur+rSnqlM4e9TIMO2uVw0v8vo XlO+xFBKNn+MQwZoj4UBd0MaVkOskhSPBUnEgjuFsqVEhoVOXSaQ7wK5RWr8sL086ZOj TKuSGNI+k6tXNrAJFRCKJJXeWUvbNS5hQjbwnan4AWTPnL2BeFSIRXkxJCY9IHK7E3YY haPQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=Kr1avp4EGKXKHnGL+qddOdi+NRTiEgybcc6cZoXiBsQ=; b=ZOhj9FWybOPc50N2p09xatbHjhAOjhd36EAbpbZ4HllMMwOecjZdhPHsr9kmfpbLFL FJu4LJtTnFHfdyr79rOOoMMWquJV6MJLLaU2LfpOvzwAPnUUr4jn8St0MKEV35rHQJ6m VrgOyQhu8PF6pKgieWc4uBuCYnPk5goXxA8fW4Q8HZmvatqFvxUTogz6JfQ2QyMBRoAk xrEE5wz/6oK9VEkMKrxO/cQUzP1QauLOcr5xVECrz0KEQiOvxqcWx7VYhHehbvFe7zcL oz7EmUPqgQZXQQ31BR14Kj9B3GX8UeFFyIeyfBtaeJk/O6d5klqQPqvFMGtxmVlN16Lu yyJw== X-Gm-Message-State: ALKqPwdM3xFB0+oeF47gQgxy1SAOWGuVfEjIlMesAhj4bSA1nGOG25DG QHLTZjAq6MmSd1ht295CwaA= X-Received: by 2002:a19:2092:: with SMTP id g140-v6mr3997830lfg.38.1527361120071; Sat, 26 May 2018 11:58:40 -0700 (PDT) Received: from esperanza (81.5.110.211.dhcp.mipt-telecom.ru. [81.5.110.211]) by smtp.gmail.com with ESMTPSA id r6-v6sm5035932ljj.86.2018.05.26.11.58.38 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 26 May 2018 11:58:39 -0700 (PDT) Date: Sat, 26 May 2018 21:58:37 +0300 From: Vladimir Davydov To: Shakeel Butt Cc: Michal Hocko , Andrew Morton , Greg Thelen , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Johannes Weiner , Tejun Heo , Linux MM , cgroups@vger.kernel.org, LKML Subject: Re: [PATCH v2] mm: fix race between kmem_cache destroy, create and deactivate Message-ID: <20180526185837.k5ztrillokpi65qj@esperanza> References: <20180522201336.196994-1-shakeelb@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180522201336.196994-1-shakeelb@google.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, May 22, 2018 at 01:13:36PM -0700, Shakeel Butt wrote: > The memcg kmem cache creation and deactivation (SLUB only) is > asynchronous. If a root kmem cache is destroyed whose memcg cache is in > the process of creation or deactivation, the kernel may crash. > > Example of one such crash: > general protection fault: 0000 [#1] SMP PTI > CPU: 1 PID: 1721 Comm: kworker/14:1 Not tainted 4.17.0-smp > ... > Workqueue: memcg_kmem_cache kmemcg_deactivate_workfn > RIP: 0010:has_cpu_slab > ... > Call Trace: > ? on_each_cpu_cond > __kmem_cache_shrink > kmemcg_cache_deact_after_rcu > kmemcg_deactivate_workfn > process_one_work > worker_thread > kthread > ret_from_fork+0x35/0x40 > > This issue is due to the lack of real reference counting for the root > kmem_caches. Currently kmem_cache does have a field named refcount which > has been used for multiple purposes i.e. shared count, reference count > and noshare flag. Due to its conflated nature, it can not be used for > reference counting by other subsystems. > > This patch decoupled the reference counting from shared count and > noshare flag. The new field 'shared_count' represents the shared count > and noshare flag while 'refcount' is converted into a real reference > counter. > > The reference counting is only implemented for root kmem_caches for > simplicity. The reference of a root kmem_cache is elevated on sharing or > while its memcg kmem_cache creation or deactivation request is in the > fly and thus it is made sure that the root kmem_cache is not destroyed > in the middle. As the reference of kmem_cache is elevated on sharing, > the 'shared_count' does not need any locking protection as at worst it > can be out-dated for a small window which is tolerable. I wonder if we could fix this problem without introducing reference counting for kmem caches (which seems a bit of an overkill to me TBO), e.g. by flushing memcg_kmem_cache_wq before root cache destruction?