* [PATCH RESEND] memcg: Free spare array to avoid memory leak
@ 2012-04-19 8:54 Sha Zhengju
2012-05-01 21:03 ` Andrew Morton
0 siblings, 1 reply; 3+ messages in thread
From: Sha Zhengju @ 2012-04-19 8:54 UTC (permalink / raw)
To: akpm, linux-kernel; +Cc: linux-mm, cgroups, Sha Zhengju
From: Sha Zhengju <handai.szj@taobao.com>
When the last event is unregistered, there is no need to keep the spare
array anymore. So free it to avoid memory leak.
Signed-off-by: Sha Zhengju <handai.szj@taobao.com>
Acked-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Reviewed-by: Kirill A. Shutemov <kirill@shutemov.name>
---
Hi, Andrew
This patch has been reviewed days ago. Do you have any comments about it?
Thanks,
Sha
mm/memcontrol.c | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index 22d94f5..3c09a84 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -4412,6 +4412,12 @@ static void mem_cgroup_usage_unregister_event(struct cgroup *cgrp,
swap_buffers:
/* Swap primary and spare array */
thresholds->spare = thresholds->primary;
+ /* If all events are unregistered, free the spare array */
+ if (!new) {
+ kfree(thresholds->spare);
+ thresholds->spare = NULL;
+ }
+
rcu_assign_pointer(thresholds->primary, new);
/* To be sure that nobody uses thresholds */
--
1.7.4.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH RESEND] memcg: Free spare array to avoid memory leak
2012-04-19 8:54 [PATCH RESEND] memcg: Free spare array to avoid memory leak Sha Zhengju
@ 2012-05-01 21:03 ` Andrew Morton
2012-05-03 3:09 ` Sha Zhengju
0 siblings, 1 reply; 3+ messages in thread
From: Andrew Morton @ 2012-05-01 21:03 UTC (permalink / raw)
To: Sha Zhengju; +Cc: linux-kernel, linux-mm, cgroups, Sha Zhengju
On Thu, 19 Apr 2012 16:54:50 +0800
Sha Zhengju <handai.szj@gmail.com> wrote:
> From: Sha Zhengju <handai.szj@taobao.com>
>
> When the last event is unregistered, there is no need to keep the spare
> array anymore. So free it to avoid memory leak.
How serious is this leak? Is there any way in which it can be used to
consume unbounded amounts of memory?
> --- a/mm/memcontrol.c
> +++ b/mm/memcontrol.c
> @@ -4412,6 +4412,12 @@ static void mem_cgroup_usage_unregister_event(struct cgroup *cgrp,
> swap_buffers:
> /* Swap primary and spare array */
> thresholds->spare = thresholds->primary;
> + /* If all events are unregistered, free the spare array */
> + if (!new) {
> + kfree(thresholds->spare);
> + thresholds->spare = NULL;
> + }
> +
> rcu_assign_pointer(thresholds->primary, new);
>
The resulting code is really quite convoluted. Try to read through it
and follow the handling of ->primary and ->spare. Head spins.
What is the protocol here? If ->primary is NULL then ->spare must also
be NULL?
I'll apply the patch, although I don't (yet) have sufficient info to
know which kernels it should be applied to. Perhaps someone could
revisit this code and see if it can be made more straightforward.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH RESEND] memcg: Free spare array to avoid memory leak
2012-05-01 21:03 ` Andrew Morton
@ 2012-05-03 3:09 ` Sha Zhengju
0 siblings, 0 replies; 3+ messages in thread
From: Sha Zhengju @ 2012-05-03 3:09 UTC (permalink / raw)
To: Andrew Morton; +Cc: Sha Zhengju, linux-kernel, linux-mm, cgroups
On 05/02/2012 05:03 AM, Andrew Morton wrote:
> On Thu, 19 Apr 2012 16:54:50 +0800
> Sha Zhengju<handai.szj@gmail.com> wrote:
>
>> From: Sha Zhengju<handai.szj@taobao.com>
>>
>> When the last event is unregistered, there is no need to keep the spare
>> array anymore. So free it to avoid memory leak.
> How serious is this leak? Is there any way in which it can be used to
> consume unbounded amounts of memory?
While registering events, the ->primary will apply for a larger array to
store
the new threshold info and the ->spare holds the old primary space.
But once unregistering event, the ->primary and ->spare pointer will be
swapped
after updating thresholds info. So if we have an eventfd with many(>1)
thresholds
attached to it, mem_cgroup_usage_unregister_event() will finally leave
->spare
holding a large array and have no chance to be freed.
I hope it is clear.
>> --- a/mm/memcontrol.c
>> +++ b/mm/memcontrol.c
>> @@ -4412,6 +4412,12 @@ static void mem_cgroup_usage_unregister_event(struct cgroup *cgrp,
>> swap_buffers:
>> /* Swap primary and spare array */
>> thresholds->spare = thresholds->primary;
>> + /* If all events are unregistered, free the spare array */
>> + if (!new) {
>> + kfree(thresholds->spare);
>> + thresholds->spare = NULL;
>> + }
>> +
>> rcu_assign_pointer(thresholds->primary, new);
>>
> The resulting code is really quite convoluted. Try to read through it
> and follow the handling of ->primary and ->spare. Head spins.
>
> What is the protocol here? If ->primary is NULL then ->spare must also
> be NULL?
>
To be simple: if new(->primary) is NULL, it means we are unregistering
the last threshold and there is no need to keep ->spare any more.
So give the ->spare array a chance to be freed.
Thanks,
Sha
> I'll apply the patch, although I don't (yet) have sufficient info to
> know which kernels it should be applied to. Perhaps someone could
> revisit this code and see if it can be made more straightforward.
>
> .
>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2012-05-03 3:15 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-04-19 8:54 [PATCH RESEND] memcg: Free spare array to avoid memory leak Sha Zhengju
2012-05-01 21:03 ` Andrew Morton
2012-05-03 3:09 ` Sha Zhengju
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).