Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp1868247imm; Sat, 9 Jun 2018 03:21:32 -0700 (PDT) X-Google-Smtp-Source: ADUXVKK8fMvWnRf6A6cRxEQ+St4wa5IHOnRJzwrgC+tKCsZOeJ8f+YJ0fvNI99YjDI1UZvUsVwoS X-Received: by 2002:a63:7983:: with SMTP id u125-v6mr8201810pgc.267.1528539691956; Sat, 09 Jun 2018 03:21:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1528539691; cv=none; d=google.com; s=arc-20160816; b=Ub0gdrQKB8/QgV55mxFiPZJavlvaPqV03fiLq8aoFDBAJ0mafEUd5FfK90/jlrgnNo +Y5IGDtjwAIAzEUpGjkMd4bmz2eY0Bz7rAeKtCDuYJ/gbwB4HVd2wYZkachuXy34QG8y z2ttaP+cdVNXTb8GXv3PAZSAUBnRrCNeiZ9xdH8EHak+N8t1GuXUdtuiMm+W1mFsqLNe ZXWzclTuDlgXCK8XYA3Uw8MhebNwWm8QAgl6uSpRl5fKgxpDJ3A2A4+OALtNGWmdmAIe abrF4sQNXDFbTS0QE45miVegFvGR9dz9gZr3ZI1h1MPm5jNqa9RaDYE7THZ9KUS59pZZ 1p2g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature:arc-authentication-results; bh=+/b/SDyZlKUK9NczL3oeJkSsoYXoRsv/cYJN0usziws=; b=vpxWSiUXOpf7YrFAyZC3NI9WDkaHShHr5lI7/A2pNridwbnu+Waq6iRXw2sn3hq9j6 feLRMTZ2JlTmLTmT+XxjgqOX/9DuQ8bTcxaPW6EXxKE5XbUoXlDwCg/5a5eZCjgbL3gV Q97hNHidMf6BFxfSkv7W4vTYNvkujP7UQQloQxsCyrJV5NT0EwsYD1+33xgrI8SnrcVv Thku4taiL06Zt/asrUqFYBqkJUU3S3jNZoHQeaqzw69nZWQSlarP/QNvtya/LVoFUogn qWdgG8rItdHvUxecFogIhkt8E4nrw5pswhPCxu/aJMT+JghYEqhP0uTZnqh/XD+aI9Sf /55Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=Ztn7yHM7; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e11-v6si17262813pln.161.2018.06.09.03.21.06; Sat, 09 Jun 2018 03:21:31 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=Ztn7yHM7; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753122AbeFIKUe (ORCPT + 99 others); Sat, 9 Jun 2018 06:20:34 -0400 Received: from mail-lf0-f66.google.com ([209.85.215.66]:36715 "EHLO mail-lf0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751676AbeFIKUb (ORCPT ); Sat, 9 Jun 2018 06:20:31 -0400 Received: by mail-lf0-f66.google.com with SMTP id u4-v6so23692502lff.3; Sat, 09 Jun 2018 03:20:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=+/b/SDyZlKUK9NczL3oeJkSsoYXoRsv/cYJN0usziws=; b=Ztn7yHM797MQ0aa7fINHJH/f9aPJmXsbzC7WSmuhar2G26Xal3/KYmPBDi5HjEsXWx 7+IYH9AV0P55r6wXjyRjyPxwuRybkoYx9uPaHw4+HYrtqhescpk6YFVQXwFjOTQ5/ryq tsYhzHXFSHDmjSuBaNJTYIC+chAYuIcgKBztvVe3KUEnRUZ5R2WrG62rCruY3isu/qy/ MROQRgTVvS15ZGwzmTtyRoQtZ1KQ7RoC5Czc/G49ot/JeUtqv0dk5HS88OpzyonvK1RC pT0kF7ROiZTjK7/yzYPy/U5IWdck5qCAcCtraGKaguQJQgyU1H2bgCMLGEOSi1ru1tJm UpAA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=+/b/SDyZlKUK9NczL3oeJkSsoYXoRsv/cYJN0usziws=; b=IIJXLLE3FnbhBUnMzrv5pAEv6VDXRqXz9r/qfuJXtVxo/mVIkyVDcpRY5byWdnaShT Xzxvc47u07ZwzxDvOnlqTupBWHJeUHK1vNLKiEKInJJmvj3qQXvhrWD2wda8z9KG2f9W k5z4GhfK68XGSZnzBvU0B8DS8dfEy0vtTRefx+DPhPJcurhW06mu1PkWgek7Svj2O0jw RtmsyF8OB4disyW+jBQYNy/ETsiJwBilpsA7DaucBZPO38H1D+DP5kWNF8Q8FBXTY1zu 7Y9DCAfbNRhyFDOy8y+bQpX0BZQcsuBFWa5YCOGCRHf3bjgSijkFYAZXE5+5f+3EDUZZ l+iw== X-Gm-Message-State: APt69E3QJ9R+1dvVmulRBmQJtS8GnScJFPjpvDyzBSCrT0B6ka4WYHeu rSbd6bTljSfpyx2ISBTRPbE= X-Received: by 2002:a19:2813:: with SMTP id o19-v6mr3637442lfo.108.1528539630316; Sat, 09 Jun 2018 03:20:30 -0700 (PDT) Received: from esperanza ([185.6.245.156]) by smtp.gmail.com with ESMTPSA id 90-v6sm964257ljs.23.2018.06.09.03.20.28 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 09 Jun 2018 03:20:29 -0700 (PDT) Date: Sat, 9 Jun 2018 13:20:27 +0300 From: Vladimir Davydov To: Shakeel Butt Cc: Michal Hocko , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Greg Thelen , Johannes Weiner , Tejun Heo , Linux MM , Cgroups , LKML Subject: Re: [PATCH v3] mm: fix race between kmem_cache destroy, create and deactivate Message-ID: <20180609102027.5vkqucnzvh6nfdxu@esperanza> References: <20180530001204.183758-1-shakeelb@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180530001204.183758-1-shakeelb@google.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, May 29, 2018 at 05:12:04PM -0700, Shakeel Butt wrote: > The memcg kmem cache creation and deactivation (SLUB only) is > asynchronous. If a root kmem cache is destroyed whose memcg cache is in > the process of creation or deactivation, the kernel may crash. > > Example of one such crash: > general protection fault: 0000 [#1] SMP PTI > CPU: 1 PID: 1721 Comm: kworker/14:1 Not tainted 4.17.0-smp > ... > Workqueue: memcg_kmem_cache kmemcg_deactivate_workfn > RIP: 0010:has_cpu_slab > ... > Call Trace: > ? on_each_cpu_cond > __kmem_cache_shrink > kmemcg_cache_deact_after_rcu > kmemcg_deactivate_workfn > process_one_work > worker_thread > kthread > ret_from_fork+0x35/0x40 > > To fix this race, on root kmem cache destruction, mark the cache as > dying and flush the workqueue used for memcg kmem cache creation and > deactivation. > @@ -845,6 +862,8 @@ void kmem_cache_destroy(struct kmem_cache *s) > if (unlikely(!s)) > return; > > + flush_memcg_workqueue(s); > + This should definitely help against async memcg_kmem_cache_create(), but I'm afraid it doesn't eliminate the race with async destruction, unfortunately, because the latter uses call_rcu_sched(): memcg_deactivate_kmem_caches __kmem_cache_deactivate slab_deactivate_memcg_cache_rcu_sched call_rcu_sched kmem_cache_destroy shutdown_memcg_caches shutdown_cache memcg_deactivate_rcufn Can we somehow flush those pending rcu requests?