Received: by 2002:a05:6a10:6744:0:0:0:0 with SMTP id w4csp3679530pxu; Mon, 19 Oct 2020 19:35:58 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw/iEsDxRw15IUlQ2uiJbX6l9UMSFmQ2ZuE8d7dkFMB+/58nq1vAn7XGVwz4/p1MY94FE2O X-Received: by 2002:a17:906:93ef:: with SMTP id yl15mr812623ejb.529.1603161358624; Mon, 19 Oct 2020 19:35:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1603161358; cv=none; d=google.com; s=arc-20160816; b=gxkZmnYICKT2EwLjPvV7l7rA7h2atw1WrD619m8h/mlCaKZ//yh4fMDcUp0byr6k5g N7XzXUEwns/WsOMcNGrj5rTKAMET6a6k1WNta2S6ktzNmpphkgnR4Jx5z4/gLwW3rOIb P4TL+bg0b6eYFchHNnDmY1CYv1p0glk2/qSZI4Gn/nrwk+6MEqdo47sPnuBNzT0eMF7H JLYpsM/ZGHvW/7CAklvERSR/x9vqFSbZmBAHnA9eKDtTT5c2ocH2meQ6HkcUqGpeV0RN 4Lv/FQi1p1Z1hmHc7ZOREW1e+TdWxZUPGugmKBR66PywcRnpNmgga7+z4yBn9eH6/Qe5 Ge6A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=LEDVn+7ztnB9MFuURGPeJs5Y1j+r09pr3fMQDwzo7Dw=; b=pV4fq6GGEhKge5h+v06WD1F42HFAfpH7EtYYiLURMOGyOzjazfLs0yKJbSk4XlQ57h q88nbdjxwX6vft3nL99TJzCmO8ZZF0/jqDLheiPKU622QJeaBwh3AihSXyIRvQ0ivFKW OLAiNB6XofXh5rURHjEWcUBNxBK11sInfnOf6znm/656y/QJZPncMiw+MBlu43PKbpIS CwIcMNXTx96bvOd6Cn/CCUjAAHaihrfgByhVBSNfXrd/M/MzUUDrRI1nDoYKumuKOFMj RDWCcQq55OL5e1+atzIvm2zTZGNZmJc8ZuLD3MBN9CE89iBRgVLIi49rhqGDHHK0vAUx V5Aw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=aDA9MUM0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d7si346020ejz.330.2020.10.19.19.35.36; Mon, 19 Oct 2020 19:35:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=aDA9MUM0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730638AbgJSQ6R (ORCPT + 99 others); Mon, 19 Oct 2020 12:58:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36990 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730186AbgJSQ6R (ORCPT ); Mon, 19 Oct 2020 12:58:17 -0400 Received: from mail-lj1-x243.google.com (mail-lj1-x243.google.com [IPv6:2a00:1450:4864:20::243]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EAF8BC0613CE for ; Mon, 19 Oct 2020 09:58:16 -0700 (PDT) Received: by mail-lj1-x243.google.com with SMTP id x16so859915ljh.2 for ; Mon, 19 Oct 2020 09:58:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=LEDVn+7ztnB9MFuURGPeJs5Y1j+r09pr3fMQDwzo7Dw=; b=aDA9MUM0Ggj8TMH6A1huKsBqH2Y+X/voex1+2Vog+GF1TCnjy2M4cXnSUhrZos0ujb XcwH8a0vIWkZns7wW2qnpU5f4XVHzy0//SzDYK0a12+UFwmVYtXB1tg7OlP/VCz9I4wW X5xxXQ1i7VtlFDGIjXnCoJ7EFxB1pcsLHPQTS+heiH19PceSUc9YcBwh6PghGRNRSPUL bCQ+w0H0xYSTx9piu15mnCMTQofWqWw5TBkNbZNnrMB11GZEH9FfWF0uSghzBTxrSSqt InQ/yRjcJ+Ekom1fWtUTGDH5cJtgdf5Jjf78xxKnOoGl7vA3In/aH44WiyPXLlTKMcqt 91JQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=LEDVn+7ztnB9MFuURGPeJs5Y1j+r09pr3fMQDwzo7Dw=; b=CV8iaA0qVuCtFSH3HbVfkoMZ0qRI3oTb8zSBDfXr8ZYlMKTF9E8ODj6sQj52N6OWmF 3zevuDxaJP94VI8EsBgHb3716lG7VLBaCM1I7UkBLQYkEHecT7ZJ7KRGW8b3hr3Kxl22 LfbDhSS+PRVJd5kdKRds4HiY8xHcBRKqEz1BdUVVg5lOP/s+O4RI2jK+A+XyUJvZY2Va KRUS2BOoMLT/FbmDt3KpX1TWK1gESOMvUq7aed+DX3rsUfxM5sCeSG7Bs3ysrsAX38nn wxBiNnLQWYoh2hu/IfLiEsMiLiP2hHWQCoWBvrKV6Fj2E2QG35vHOKdhiaTFLbmR0Fe1 X2pg== X-Gm-Message-State: AOAM5310Yw959cGyjbt1Lp9VSztX8slk4UpdcmEm7pZkcMPEiBTM+SQI xr66QZtUJtGqcL4eRYEIkL0XY42R+46YaMI+bHYSbg== X-Received: by 2002:a2e:879a:: with SMTP id n26mr396484lji.347.1603126695044; Mon, 19 Oct 2020 09:58:15 -0700 (PDT) MIME-Version: 1.0 References: <87lfg2ob83.fsf@suse.de> <20201019095812.25710-1-rpalethorpe@suse.com> In-Reply-To: <20201019095812.25710-1-rpalethorpe@suse.com> From: Shakeel Butt Date: Mon, 19 Oct 2020 09:58:03 -0700 Message-ID: Subject: Re: [PATCH v3] mm: memcg/slab: Stop reparented obj_cgroups from charging root To: Richard Palethorpe Cc: Linux MM , LKML , LTP List , Roman Gushchin , Johannes Weiner , Andrew Morton , Christoph Lameter , Michal Hocko , Tejun Heo , Vlastimil Babka Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Oct 19, 2020 at 2:59 AM Richard Palethorpe wrote: > > SLAB objects which outlive their descendant memcg are moved to their > parent memcg where they may be uncharged. However if they are moved to > the root memcg and use_hierarchy=0, uncharging will result in negative > page counter values. This is because when use_hierarchy=0, the root > memcg's page counters are disconnected from its children. > > To prevent this, we check whether we are about to uncharge the root > memcg and whether use_hierarchy=0. If this is the case then we skip > uncharging. > > Note that on the default hierarchy (CGroupV2 now) root always has > use_hierarchy=1. So this only effects CGroupV1. Also it is possible to > have a deeper hierarchy where descendants also have use_hierarchy=0; > this is not considered valid by the kernel, but it is still allowed > and in such cases reparenting may still result in negative page > counter values. > > The warning can be, unreliably, reproduced with the LTP test > madvise06 if the entire patch series > https://lore.kernel.org/linux-mm/20200623174037.3951353-1-guro@fb.com/ > is present. Although the listed commit in 'fixes' appears to introduce > the bug, I can not reproduce it with just that commit and bisecting > runs into other bugs. > > [ 12.029417] WARNING: CPU: 2 PID: 21 at mm/page_counter.c:57 page_counter_uncharge (mm/page_counter.c:57 mm/page_counter.c:50 mm/page_counter.c:156) > [ 12.029539] Modules linked in: > [ 12.029611] CPU: 2 PID: 21 Comm: ksoftirqd/2 Not tainted 5.9.0-rc7-22-default #76 > [ 12.029729] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-48-gd9c812d-rebuilt.opensuse.org 04/01/2014 > [ 12.029908] RIP: 0010:page_counter_uncharge (mm/page_counter.c:57 mm/page_counter.c:50 mm/page_counter.c:156) > [ 12.029991] Code: 0f c1 45 00 4c 29 e0 48 89 ef 48 89 c3 48 89 c6 e8 2a fe ff ff 48 85 db 78 10 48 8b 6d 28 48 85 ed 75 d8 5b 5d 41 5c 41 5d c3 <0f> 0b eb ec 90 e8 db 47 36 27 48 8b 17 48 39 d6 72 41 41 54 49 89 > [ 12.030258] RSP: 0018:ffffa5d8000efd08 EFLAGS: 00010086 > [ 12.030344] RAX: ffffffffffffffff RBX: ffffffffffffffff RCX: 0000000000000009 > [ 12.030455] RDX: 000000000000000b RSI: ffffffffffffffff RDI: ffff8ef8c7d2b248 > [ 12.030561] RBP: ffff8ef8c7d2b248 R08: ffff8ef8c78b19c8 R09: 0000000000000001 > [ 12.030672] R10: 0000000000000000 R11: ffff8ef8c780e0d0 R12: 0000000000000001 > [ 12.030784] R13: ffffffffffffffff R14: ffff8ef9478b19c8 R15: 0000000000000000 > [ 12.030895] FS: 0000000000000000(0000) GS:ffff8ef8fbc80000(0000) knlGS:0000000000000000 > [ 12.031017] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 12.031104] CR2: 00007f72c0af93ec CR3: 000000005c40a000 CR4: 00000000000006e0 > [ 12.031209] Call Trace: > [ 12.031267] __memcg_kmem_uncharge (mm/memcontrol.c:3022) > [ 12.031470] drain_obj_stock (./include/linux/rcupdate.h:689 mm/memcontrol.c:3114) > [ 12.031594] refill_obj_stock (mm/memcontrol.c:3166) > [ 12.031733] ? rcu_do_batch (kernel/rcu/tree.c:2438) > [ 12.032075] memcg_slab_free_hook (./include/linux/mm.h:1294 ./include/linux/mm.h:1441 mm/slab.h:368 mm/slab.h:348) > [ 12.032339] kmem_cache_free (mm/slub.c:3107 mm/slub.c:3143 mm/slub.c:3158) > [ 12.032464] rcu_do_batch (kernel/rcu/tree.c:2438) > [ 12.032567] rcu_core (kernel/rcu/tree_plugin.h:2122 kernel/rcu/tree_plugin.h:2157 kernel/rcu/tree.c:2661) > [ 12.032664] __do_softirq (./arch/x86/include/asm/jump_label.h:25 ./include/linux/jump_label.h:200 ./include/trace/events/irq.h:142 kernel/softirq.c:299) > [ 12.032766] run_ksoftirqd (./arch/x86/include/asm/irqflags.h:54 ./arch/x86/include/asm/irqflags.h:94 kernel/softirq.c:653 kernel/softirq.c:644) > [ 12.032852] smpboot_thread_fn (kernel/smpboot.c:165) > [ 12.032940] ? smpboot_register_percpu_thread (kernel/smpboot.c:108) > [ 12.033059] kthread (kernel/kthread.c:292) > [ 12.033148] ? __kthread_bind_mask (kernel/kthread.c:245) > [ 12.033269] ret_from_fork (arch/x86/entry/entry_64.S:300) > [ 12.033357] ---[ end trace 961dbfc01c109d1f ]--- > > [ 9.841552] ------------[ cut here ]------------ > [ 9.841788] WARNING: CPU: 0 PID: 12 at mm/page_counter.c:57 page_counter_uncharge (mm/page_counter.c:57 mm/page_counter.c:50 mm/page_counter.c:156) > [ 9.841982] Modules linked in: > [ 9.842072] CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 5.9.0-rc7-22-default #77 > [ 9.842266] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-48-gd9c812d-rebuilt.opensuse.org 04/01/2014 > [ 9.842571] Workqueue: events drain_local_stock > [ 9.842750] RIP: 0010:page_counter_uncharge (mm/page_counter.c:57 mm/page_counter.c:50 mm/page_counter.c:156) > [ 9.842894] Code: 0f c1 45 00 4c 29 e0 48 89 ef 48 89 c3 48 89 c6 e8 2a fe ff ff 48 85 db 78 10 48 8b 6d 28 48 85 ed 75 d8 5b 5d 41 5c 41 5d c3 <0f> 0b eb ec 90 e8 4b f9 88 2a 48 8b 17 48 39 d6 72 41 41 54 49 89 > [ 9.843438] RSP: 0018:ffffb1c18006be28 EFLAGS: 00010086 > [ 9.843585] RAX: ffffffffffffffff RBX: ffffffffffffffff RCX: ffff94803bc2cae0 > [ 9.843806] RDX: 0000000000000001 RSI: ffffffffffffffff RDI: ffff948007d2b248 > [ 9.844026] RBP: ffff948007d2b248 R08: ffff948007c58eb0 R09: ffff948007da05ac > [ 9.844248] R10: 0000000000000018 R11: 0000000000000018 R12: 0000000000000001 > [ 9.844477] R13: ffffffffffffffff R14: 0000000000000000 R15: ffff94803bc2cac0 > [ 9.844696] FS: 0000000000000000(0000) GS:ffff94803bc00000(0000) knlGS:0000000000000000 > [ 9.844915] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 9.845096] CR2: 00007f0579ee0384 CR3: 000000002cc0a000 CR4: 00000000000006f0 > [ 9.845319] Call Trace: > [ 9.845429] __memcg_kmem_uncharge (mm/memcontrol.c:3022) > [ 9.845582] drain_obj_stock (./include/linux/rcupdate.h:689 mm/memcontrol.c:3114) > [ 9.845684] drain_local_stock (mm/memcontrol.c:2255) > [ 9.845789] process_one_work (./arch/x86/include/asm/jump_label.h:25 ./include/linux/jump_label.h:200 ./include/trace/events/workqueue.h:108 kernel/workqueue.c:2274) > [ 9.845898] worker_thread (./include/linux/list.h:282 kernel/workqueue.c:2416) > [ 9.846034] ? process_one_work (kernel/workqueue.c:2358) > [ 9.846162] kthread (kernel/kthread.c:292) > [ 9.846271] ? __kthread_bind_mask (kernel/kthread.c:245) > [ 9.846420] ret_from_fork (arch/x86/entry/entry_64.S:300) > [ 9.846531] ---[ end trace 8b5647c1eba9d18a ]--- > > Reported-by: ltp@lists.linux.it > Signed-off-by: Richard Palethorpe > Acked-by: Roman Gushchin > Cc: Johannes Weiner > Cc: Andrew Morton > Cc: Shakeel Butt > Cc: Christoph Lameter > Cc: Michal Hocko > Cc: Tejun Heo > Cc: Vlastimil Babka > Fixes: bf4f059954dc ("mm: memcg/slab: obj_cgroup API") > --- > > V3: Handle common case where use_hierarchy=1 and update description. > > mm/memcontrol.c | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) > > diff --git a/mm/memcontrol.c b/mm/memcontrol.c > index 6877c765b8d0..34b8c4a66853 100644 > --- a/mm/memcontrol.c > +++ b/mm/memcontrol.c > @@ -291,7 +291,7 @@ static void obj_cgroup_release(struct percpu_ref *ref) > > spin_lock_irqsave(&css_set_lock, flags); > memcg = obj_cgroup_memcg(objcg); > - if (nr_pages) > + if (nr_pages && (!mem_cgroup_is_root(memcg) || memcg->use_hierarchy)) If we have non-root memcg with use_hierarchy as 0 and this objcg was reparented then this __memcg_kmem_uncharge() can potentially underflow the page counter and give the same warning. We never set root_mem_cgroup->objcg, so, no need to check for root here. I think checking just memcg->use_hierarchy should be sufficient. > __memcg_kmem_uncharge(memcg, nr_pages); > list_del(&objcg->list); > mem_cgroup_put(memcg); > @@ -3100,6 +3100,7 @@ static bool consume_obj_stock(struct obj_cgroup *objcg, unsigned int nr_bytes) > static void drain_obj_stock(struct memcg_stock_pcp *stock) > { > struct obj_cgroup *old = stock->cached_objcg; > + struct mem_cgroup *memcg; > > if (!old) > return; > @@ -3110,7 +3111,9 @@ static void drain_obj_stock(struct memcg_stock_pcp *stock) > > if (nr_pages) { > rcu_read_lock(); > - __memcg_kmem_uncharge(obj_cgroup_memcg(old), nr_pages); > + memcg = obj_cgroup_memcg(old); > + if (!mem_cgroup_is_root(memcg) || memcg->use_hierarchy) > + __memcg_kmem_uncharge(memcg, nr_pages); > rcu_read_unlock(); > } > > -- > 2.28.0 >