linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH RESEND] memcg: Free spare array to avoid memory leak
@ 2012-04-19  8:54 Sha Zhengju
  2012-05-01 21:03 ` Andrew Morton
  0 siblings, 1 reply; 3+ messages in thread
From: Sha Zhengju @ 2012-04-19  8:54 UTC (permalink / raw)
  To: akpm, linux-kernel; +Cc: linux-mm, cgroups, Sha Zhengju

From: Sha Zhengju <handai.szj@taobao.com>

When the last event is unregistered, there is no need to keep the spare
array anymore. So free it to avoid memory leak.

Signed-off-by: Sha Zhengju <handai.szj@taobao.com>
Acked-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Reviewed-by: Kirill A. Shutemov <kirill@shutemov.name>

---
Hi, Andrew

This patch has been reviewed days ago. Do you have any comments about it?

Thanks,
Sha
 
 mm/memcontrol.c |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index 22d94f5..3c09a84 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -4412,6 +4412,12 @@ static void mem_cgroup_usage_unregister_event(struct cgroup *cgrp,
 swap_buffers:
 	/* Swap primary and spare array */
 	thresholds->spare = thresholds->primary;
+	/* If all events are unregistered, free the spare array */
+	if (!new) {
+		kfree(thresholds->spare);
+		thresholds->spare = NULL;
+	}
+
 	rcu_assign_pointer(thresholds->primary, new);
 
 	/* To be sure that nobody uses thresholds */
-- 
1.7.4.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH RESEND] memcg: Free spare array to avoid memory leak
  2012-04-19  8:54 [PATCH RESEND] memcg: Free spare array to avoid memory leak Sha Zhengju
@ 2012-05-01 21:03 ` Andrew Morton
  2012-05-03  3:09   ` Sha Zhengju
  0 siblings, 1 reply; 3+ messages in thread
From: Andrew Morton @ 2012-05-01 21:03 UTC (permalink / raw)
  To: Sha Zhengju; +Cc: linux-kernel, linux-mm, cgroups, Sha Zhengju

On Thu, 19 Apr 2012 16:54:50 +0800
Sha Zhengju <handai.szj@gmail.com> wrote:

> From: Sha Zhengju <handai.szj@taobao.com>
> 
> When the last event is unregistered, there is no need to keep the spare
> array anymore. So free it to avoid memory leak.

How serious is this leak?  Is there any way in which it can be used to
consume unbounded amounts of memory?

> --- a/mm/memcontrol.c
> +++ b/mm/memcontrol.c
> @@ -4412,6 +4412,12 @@ static void mem_cgroup_usage_unregister_event(struct cgroup *cgrp,
>  swap_buffers:
>  	/* Swap primary and spare array */
>  	thresholds->spare = thresholds->primary;
> +	/* If all events are unregistered, free the spare array */
> +	if (!new) {
> +		kfree(thresholds->spare);
> +		thresholds->spare = NULL;
> +	}
> +
>  	rcu_assign_pointer(thresholds->primary, new);
>  

The resulting code is really quite convoluted.  Try to read through it
and follow the handling of ->primary and ->spare.  Head spins.

What is the protocol here?  If ->primary is NULL then ->spare must also
be NULL?


I'll apply the patch, although I don't (yet) have sufficient info to
know which kernels it should be applied to.  Perhaps someone could
revisit this code and see if it can be made more straightforward.


^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH RESEND] memcg: Free spare array to avoid memory leak
  2012-05-01 21:03 ` Andrew Morton
@ 2012-05-03  3:09   ` Sha Zhengju
  0 siblings, 0 replies; 3+ messages in thread
From: Sha Zhengju @ 2012-05-03  3:09 UTC (permalink / raw)
  To: Andrew Morton; +Cc: Sha Zhengju, linux-kernel, linux-mm, cgroups

On 05/02/2012 05:03 AM, Andrew Morton wrote:
> On Thu, 19 Apr 2012 16:54:50 +0800
> Sha Zhengju<handai.szj@gmail.com>  wrote:
>
>> From: Sha Zhengju<handai.szj@taobao.com>
>>
>> When the last event is unregistered, there is no need to keep the spare
>> array anymore. So free it to avoid memory leak.
> How serious is this leak?  Is there any way in which it can be used to
> consume unbounded amounts of memory?

While registering events, the ->primary will apply for a larger array to 
store
the new threshold info and the ->spare holds the old primary space.
But once unregistering event, the ->primary and ->spare pointer will be 
swapped
after updating thresholds info. So if we have an eventfd with many(>1) 
thresholds
attached to it, mem_cgroup_usage_unregister_event() will finally leave 
->spare
holding a large array and have no chance to be freed.

I hope it is clear.

>> --- a/mm/memcontrol.c
>> +++ b/mm/memcontrol.c
>> @@ -4412,6 +4412,12 @@ static void mem_cgroup_usage_unregister_event(struct cgroup *cgrp,
>>   swap_buffers:
>>   	/* Swap primary and spare array */
>>   	thresholds->spare = thresholds->primary;
>> +	/* If all events are unregistered, free the spare array */
>> +	if (!new) {
>> +		kfree(thresholds->spare);
>> +		thresholds->spare = NULL;
>> +	}
>> +
>>   	rcu_assign_pointer(thresholds->primary, new);
>>
> The resulting code is really quite convoluted.  Try to read through it
> and follow the handling of ->primary and ->spare.  Head spins.
>
> What is the protocol here?  If ->primary is NULL then ->spare must also
> be NULL?
>

To be simple:  if new(->primary) is NULL, it means we are unregistering
the last threshold and there is no need to keep ->spare any more.
So give the ->spare array a chance to be freed.

Thanks,
Sha

> I'll apply the patch, although I don't (yet) have sufficient info to
> know which kernels it should be applied to.  Perhaps someone could
> revisit this code and see if it can be made more straightforward.
>
> .
>


^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2012-05-03  3:15 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-04-19  8:54 [PATCH RESEND] memcg: Free spare array to avoid memory leak Sha Zhengju
2012-05-01 21:03 ` Andrew Morton
2012-05-03  3:09   ` Sha Zhengju

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).