From: Andrew Morton <akpm@linux-foundation.org>
To: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Cc: "linux-mm@kvack.org" <linux-mm@kvack.org>,
"balbir@linux.vnet.ibm.com" <balbir@linux.vnet.ibm.com>,
"nishimura@mxp.nes.nec.co.jp" <nishimura@mxp.nes.nec.co.jp>,
gthelen@google.com,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
stable@kernel.org
Subject: Re: [BUGFIX][PATCH] memcg: fix race in file_mapped accouting flag management
Date: Mon, 13 Sep 2010 14:08:03 -0700 [thread overview]
Message-ID: <20100913140803.b83d3fe1.akpm@linux-foundation.org> (raw)
In-Reply-To: <20100913160822.0c2cd732.kamezawa.hiroyu@jp.fujitsu.com>
On Mon, 13 Sep 2010 16:08:22 +0900
KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> wrote:
>
> I think this small race is not very critical but it's bug.
> We have this race since 2.6.34.
> =
> From: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
>
> Now. memory cgroup accounts file-mapped by counter and flag.
> counter is working in the same way with zone_stat but FileMapped flag only
> exists in memcg (for helping move_account).
>
> This flag can be updated wrongly in a case. Assume CPU0 and CPU1
> and a thread mapping a page on CPU0, another thread unmapping it on CPU1.
>
> CPU0 CPU1
> rmv rmap (mapcount 1->0)
> add rmap (mapcount 0->1)
> lock_page_cgroup()
> memcg counter+1 (some delay)
> set MAPPED FLAG.
> unlock_page_cgroup()
> lock_page_cgroup()
> memcg counter-1
> clear MAPPED flag
>
> In above sequence, counter is properly updated but FLAG is not.
> This means that representing a state by a flag which is maintained by
> counter needs some specail care.
>
> To handle this, at claering a flag, this patch check mapcount directly and
> clear the flag only when mapcount == 0. (if mapcount >0, someone will make
> it to zero later and flag will be cleared.)
>
> Reverse case, dec-after-inc cannot be a problem because page_table_lock()
> works well for it. (IOW, to make above sequence, 2 processes should touch
> the same page at once with map/unmap.)
>
> Signed-off-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
> ---
> mm/memcontrol.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> Index: lockless-update/mm/memcontrol.c
> ===================================================================
> --- lockless-update.orig/mm/memcontrol.c
> +++ lockless-update/mm/memcontrol.c
> @@ -1485,7 +1485,8 @@ void mem_cgroup_update_file_mapped(struc
> SetPageCgroupFileMapped(pc);
> } else {
> __this_cpu_dec(mem->stat->count[MEM_CGROUP_STAT_FILE_MAPPED]);
> - ClearPageCgroupFileMapped(pc);
> + if (page_mapped(page)) /* for race between dec->inc counter */
> + ClearPageCgroupFileMapped(pc);
> }
This should be !page_mapped(), shouldn't it?
And your second patch _does_ have !page_mapped() here, which is why the
second patch didn't apply.
I tried to fix things up. Please check.
WARNING: multiple messages have this Message-ID (diff)
From: Andrew Morton <akpm@linux-foundation.org>
To: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Cc: "linux-mm@kvack.org" <linux-mm@kvack.org>,
"balbir@linux.vnet.ibm.com" <balbir@linux.vnet.ibm.com>,
"nishimura@mxp.nes.nec.co.jp" <nishimura@mxp.nes.nec.co.jp>,
gthelen@google.com,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
stable@kernel.org
Subject: Re: [BUGFIX][PATCH] memcg: fix race in file_mapped accouting flag management
Date: Mon, 13 Sep 2010 14:08:03 -0700 [thread overview]
Message-ID: <20100913140803.b83d3fe1.akpm@linux-foundation.org> (raw)
In-Reply-To: <20100913160822.0c2cd732.kamezawa.hiroyu@jp.fujitsu.com>
On Mon, 13 Sep 2010 16:08:22 +0900
KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> wrote:
>
> I think this small race is not very critical but it's bug.
> We have this race since 2.6.34.
> =
> From: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
>
> Now. memory cgroup accounts file-mapped by counter and flag.
> counter is working in the same way with zone_stat but FileMapped flag only
> exists in memcg (for helping move_account).
>
> This flag can be updated wrongly in a case. Assume CPU0 and CPU1
> and a thread mapping a page on CPU0, another thread unmapping it on CPU1.
>
> CPU0 CPU1
> rmv rmap (mapcount 1->0)
> add rmap (mapcount 0->1)
> lock_page_cgroup()
> memcg counter+1 (some delay)
> set MAPPED FLAG.
> unlock_page_cgroup()
> lock_page_cgroup()
> memcg counter-1
> clear MAPPED flag
>
> In above sequence, counter is properly updated but FLAG is not.
> This means that representing a state by a flag which is maintained by
> counter needs some specail care.
>
> To handle this, at claering a flag, this patch check mapcount directly and
> clear the flag only when mapcount == 0. (if mapcount >0, someone will make
> it to zero later and flag will be cleared.)
>
> Reverse case, dec-after-inc cannot be a problem because page_table_lock()
> works well for it. (IOW, to make above sequence, 2 processes should touch
> the same page at once with map/unmap.)
>
> Signed-off-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
> ---
> mm/memcontrol.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> Index: lockless-update/mm/memcontrol.c
> ===================================================================
> --- lockless-update.orig/mm/memcontrol.c
> +++ lockless-update/mm/memcontrol.c
> @@ -1485,7 +1485,8 @@ void mem_cgroup_update_file_mapped(struc
> SetPageCgroupFileMapped(pc);
> } else {
> __this_cpu_dec(mem->stat->count[MEM_CGROUP_STAT_FILE_MAPPED]);
> - ClearPageCgroupFileMapped(pc);
> + if (page_mapped(page)) /* for race between dec->inc counter */
> + ClearPageCgroupFileMapped(pc);
> }
This should be !page_mapped(), shouldn't it?
And your second patch _does_ have !page_mapped() here, which is why the
second patch didn't apply.
I tried to fix things up. Please check.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2010-09-13 21:08 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-09-13 7:08 [BUGFIX][PATCH] memcg: fix race in file_mapped accouting flag management KAMEZAWA Hiroyuki
2010-09-13 7:08 ` KAMEZAWA Hiroyuki
2010-09-13 7:13 ` [PATCH] " KAMEZAWA Hiroyuki
2010-09-13 7:13 ` KAMEZAWA Hiroyuki
2010-09-13 8:01 ` [PATCH] memcg: avoid lock in updating file_mapped (Was " KAMEZAWA Hiroyuki
2010-09-13 8:01 ` KAMEZAWA Hiroyuki
2010-09-13 17:26 ` Balbir Singh
2010-09-13 17:26 ` Balbir Singh
2010-09-14 4:55 ` KAMEZAWA Hiroyuki
2010-09-14 4:55 ` KAMEZAWA Hiroyuki
2010-09-13 8:47 ` [BUGFIX][PATCH] memcg: " Balbir Singh
2010-09-13 8:47 ` Balbir Singh
2010-09-13 15:28 ` Hiroyuki Kamezawa
2010-09-13 15:28 ` Hiroyuki Kamezawa
2010-09-13 17:17 ` Balbir Singh
2010-09-13 17:17 ` Balbir Singh
2010-09-13 21:08 ` Andrew Morton [this message]
2010-09-13 21:08 ` Andrew Morton
2010-09-14 4:35 ` KAMEZAWA Hiroyuki
2010-09-14 4:35 ` KAMEZAWA Hiroyuki
2010-09-14 4:38 ` KAMEZAWA Hiroyuki
2010-09-14 4:38 ` KAMEZAWA Hiroyuki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100913140803.b83d3fe1.akpm@linux-foundation.org \
--to=akpm@linux-foundation.org \
--cc=balbir@linux.vnet.ibm.com \
--cc=gthelen@google.com \
--cc=kamezawa.hiroyu@jp.fujitsu.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=nishimura@mxp.nes.nec.co.jp \
--cc=stable@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.