On Mon, Oct 11, 2021 at 06:21:28PM +0200, Michal Koutny wrote:
> Hello.
>
> On Thu, Oct 07, 2021 at 08:16:03PM +0800, quanyang.wang@xxxxxxxxxxxxx wrote:
> > This is because that root_cgrp->bpf.refcnt.data is allocated by the
> > function percpu_ref_init in cgroup_bpf_inherit which is called by
> > cgroup_setup_root when mounting, but not freed along with root_cgrp
> > when umounting.
>
> Good catch!
+1
>
> > Adding cgroup_bpf_offline which calls percpu_ref_kill to
> > cgroup_kill_sb can free root_cgrp->bpf.refcnt.data in umount path.
>
> That is sensible.
>
> > Fixes: 2b0d3d3e4fcfb ("percpu_ref: reduce memory footprint of percpu_ref in fast path")
>
> Why this Fixes:? Is the leak absent before the percpu_ref refactoring?
I agree, the "fixes" tag looks dubious to me.
> I guess the embedded data are free'd together with cgroup. Makes me
> wonder why struct cgroup_bpf has a separate percpu_ref counter from
> struct cgroup...
This is because a cgroup can stay a long time (sometimes effectively forever)
in a dying state, so we want to release bpf structures earlier.
Thanks!
