Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp1868247imm;
        Sat, 9 Jun 2018 03:21:32 -0700 (PDT)
X-Google-Smtp-Source: ADUXVKK8fMvWnRf6A6cRxEQ+St4wa5IHOnRJzwrgC+tKCsZOeJ8f+YJ0fvNI99YjDI1UZvUsVwoS
X-Received: by 2002:a63:7983:: with SMTP id u125-v6mr8201810pgc.267.1528539691956;
        Sat, 09 Jun 2018 03:21:31 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1528539691; cv=none;
        d=google.com; s=arc-20160816;
        b=Ub0gdrQKB8/QgV55mxFiPZJavlvaPqV03fiLq8aoFDBAJ0mafEUd5FfK90/jlrgnNo
         +Y5IGDtjwAIAzEUpGjkMd4bmz2eY0Bz7rAeKtCDuYJ/gbwB4HVd2wYZkachuXy34QG8y
         z2ttaP+cdVNXTb8GXv3PAZSAUBnRrCNeiZ9xdH8EHak+N8t1GuXUdtuiMm+W1mFsqLNe
         ZXWzclTuDlgXCK8XYA3Uw8MhebNwWm8QAgl6uSpRl5fKgxpDJ3A2A4+OALtNGWmdmAIe
         abrF4sQNXDFbTS0QE45miVegFvGR9dz9gZr3ZI1h1MPm5jNqa9RaDYE7THZ9KUS59pZZ
         1p2g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:in-reply-to:content-disposition
         :mime-version:references:message-id:subject:cc:to:from:date
         :dkim-signature:arc-authentication-results;
        bh=+/b/SDyZlKUK9NczL3oeJkSsoYXoRsv/cYJN0usziws=;
        b=vpxWSiUXOpf7YrFAyZC3NI9WDkaHShHr5lI7/A2pNridwbnu+Waq6iRXw2sn3hq9j6
         feLRMTZ2JlTmLTmT+XxjgqOX/9DuQ8bTcxaPW6EXxKE5XbUoXlDwCg/5a5eZCjgbL3gV
         Q97hNHidMf6BFxfSkv7W4vTYNvkujP7UQQloQxsCyrJV5NT0EwsYD1+33xgrI8SnrcVv
         Thku4taiL06Zt/asrUqFYBqkJUU3S3jNZoHQeaqzw69nZWQSlarP/QNvtya/LVoFUogn
         qWdgG8rItdHvUxecFogIhkt8E4nrw5pswhPCxu/aJMT+JghYEqhP0uTZnqh/XD+aI9Sf
         /55Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=Ztn7yHM7;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id e11-v6si17262813pln.161.2018.06.09.03.21.06;
        Sat, 09 Jun 2018 03:21:31 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=Ztn7yHM7;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753122AbeFIKUe (ORCPT <rfc822;austinkernel.kim@gmail.com>
        + 99 others); Sat, 9 Jun 2018 06:20:34 -0400
Received: from mail-lf0-f66.google.com ([209.85.215.66]:36715 "EHLO
        mail-lf0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751676AbeFIKUb (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 9 Jun 2018 06:20:31 -0400
Received: by mail-lf0-f66.google.com with SMTP id u4-v6so23692502lff.3;
        Sat, 09 Jun 2018 03:20:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:in-reply-to;
        bh=+/b/SDyZlKUK9NczL3oeJkSsoYXoRsv/cYJN0usziws=;
        b=Ztn7yHM797MQ0aa7fINHJH/f9aPJmXsbzC7WSmuhar2G26Xal3/KYmPBDi5HjEsXWx
         7+IYH9AV0P55r6wXjyRjyPxwuRybkoYx9uPaHw4+HYrtqhescpk6YFVQXwFjOTQ5/ryq
         tsYhzHXFSHDmjSuBaNJTYIC+chAYuIcgKBztvVe3KUEnRUZ5R2WrG62rCruY3isu/qy/
         MROQRgTVvS15ZGwzmTtyRoQtZ1KQ7RoC5Czc/G49ot/JeUtqv0dk5HS88OpzyonvK1RC
         pT0kF7ROiZTjK7/yzYPy/U5IWdck5qCAcCtraGKaguQJQgyU1H2bgCMLGEOSi1ru1tJm
         UpAA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to;
        bh=+/b/SDyZlKUK9NczL3oeJkSsoYXoRsv/cYJN0usziws=;
        b=IIJXLLE3FnbhBUnMzrv5pAEv6VDXRqXz9r/qfuJXtVxo/mVIkyVDcpRY5byWdnaShT
         Xzxvc47u07ZwzxDvOnlqTupBWHJeUHK1vNLKiEKInJJmvj3qQXvhrWD2wda8z9KG2f9W
         k5z4GhfK68XGSZnzBvU0B8DS8dfEy0vtTRefx+DPhPJcurhW06mu1PkWgek7Svj2O0jw
         RtmsyF8OB4disyW+jBQYNy/ETsiJwBilpsA7DaucBZPO38H1D+DP5kWNF8Q8FBXTY1zu
         7Y9DCAfbNRhyFDOy8y+bQpX0BZQcsuBFWa5YCOGCRHf3bjgSijkFYAZXE5+5f+3EDUZZ
         l+iw==
X-Gm-Message-State: APt69E3QJ9R+1dvVmulRBmQJtS8GnScJFPjpvDyzBSCrT0B6ka4WYHeu
        rSbd6bTljSfpyx2ISBTRPbE=
X-Received: by 2002:a19:2813:: with SMTP id o19-v6mr3637442lfo.108.1528539630316;
        Sat, 09 Jun 2018 03:20:30 -0700 (PDT)
Received: from esperanza ([185.6.245.156])
        by smtp.gmail.com with ESMTPSA id 90-v6sm964257ljs.23.2018.06.09.03.20.28
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Sat, 09 Jun 2018 03:20:29 -0700 (PDT)
Date:   Sat, 9 Jun 2018 13:20:27 +0300
From:   Vladimir Davydov <vdavydov.dev@gmail.com>
To:     Shakeel Butt <shakeelb@google.com>
Cc:     Michal Hocko <mhocko@kernel.org>, Christoph Lameter <cl@linux.com>,
        Pekka Enberg <penberg@kernel.org>,
        David Rientjes <rientjes@google.com>,
        Joonsoo Kim <iamjoonsoo.kim@lge.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Greg Thelen <gthelen@google.com>,
        Johannes Weiner <hannes@cmpxchg.org>,
        Tejun Heo <tj@kernel.org>, Linux MM <linux-mm@kvack.org>,
        Cgroups <cgroups@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v3] mm: fix race between kmem_cache destroy, create and
 deactivate
Message-ID: <20180609102027.5vkqucnzvh6nfdxu@esperanza>
References: <20180530001204.183758-1-shakeelb@google.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20180530001204.183758-1-shakeelb@google.com>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, May 29, 2018 at 05:12:04PM -0700, Shakeel Butt wrote:
> The memcg kmem cache creation and deactivation (SLUB only) is
> asynchronous. If a root kmem cache is destroyed whose memcg cache is in
> the process of creation or deactivation, the kernel may crash.
> 
> Example of one such crash:
> 	general protection fault: 0000 [#1] SMP PTI
> 	CPU: 1 PID: 1721 Comm: kworker/14:1 Not tainted 4.17.0-smp
> 	...
> 	Workqueue: memcg_kmem_cache kmemcg_deactivate_workfn
> 	RIP: 0010:has_cpu_slab
> 	...
> 	Call Trace:
> 	? on_each_cpu_cond
> 	__kmem_cache_shrink
> 	kmemcg_cache_deact_after_rcu
> 	kmemcg_deactivate_workfn
> 	process_one_work
> 	worker_thread
> 	kthread
> 	ret_from_fork+0x35/0x40
> 
> To fix this race, on root kmem cache destruction, mark the cache as
> dying and flush the workqueue used for memcg kmem cache creation and
> deactivation.

> @@ -845,6 +862,8 @@ void kmem_cache_destroy(struct kmem_cache *s)
>  	if (unlikely(!s))
>  		return;
>  
> +	flush_memcg_workqueue(s);
> +

This should definitely help against async memcg_kmem_cache_create(),
but I'm afraid it doesn't eliminate the race with async destruction,
unfortunately, because the latter uses call_rcu_sched():

  memcg_deactivate_kmem_caches
   __kmem_cache_deactivate
    slab_deactivate_memcg_cache_rcu_sched
     call_rcu_sched
                                            kmem_cache_destroy
                                             shutdown_memcg_caches
                                              shutdown_cache
      memcg_deactivate_rcufn
       <dereference destroyed cache>

Can we somehow flush those pending rcu requests?