mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-17 02:36:21 +00:00
memcg: fix destination cgroup leak on task charges migration
We are supposed to take one css reference per each memory page and per each swap entry accounted to a memory cgroup. However, during task charges migration we take a reference to the destination cgroup twice per each swap entry: first in mem_cgroup_do_precharge()->try_charge() and then in mem_cgroup_move_swap_account(), permanently leaking the destination cgroup. The hunk taking the second reference seems to be a leftover from the pre-00501b531c472 ("mm: memcontrol: rewrite charge API") era. Remove it to fix the leak. Fixes: e8ea14cc6ead (mm: memcontrol: take a css reference for each charged page) Signed-off-by: Vladimir Davydov <vdavydov@parallels.com> Cc: Johannes Weiner <hannes@cmpxchg.org> Acked-by: Michal Hocko <mhocko@suse.cz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
24d404dc10
commit
4bdfc1c4a9
@ -3043,18 +3043,6 @@ static int mem_cgroup_move_swap_account(swp_entry_t entry,
|
||||
if (swap_cgroup_cmpxchg(entry, old_id, new_id) == old_id) {
|
||||
mem_cgroup_swap_statistics(from, false);
|
||||
mem_cgroup_swap_statistics(to, true);
|
||||
/*
|
||||
* This function is only called from task migration context now.
|
||||
* It postpones page_counter and refcount handling till the end
|
||||
* of task migration(mem_cgroup_clear_mc()) for performance
|
||||
* improvement. But we cannot postpone css_get(to) because if
|
||||
* the process that has been moved to @to does swap-in, the
|
||||
* refcount of @to might be decreased to 0.
|
||||
*
|
||||
* We are in attach() phase, so the cgroup is guaranteed to be
|
||||
* alive, so we can just call css_get().
|
||||
*/
|
||||
css_get(&to->css);
|
||||
return 0;
|
||||
}
|
||||
return -EINVAL;
|
||||
|
Loading…
x
Reference in New Issue
Block a user