Hi,
It seems like this patch has not been added to the linux-next
tree. Can anyone help with this? Thanks.
On Fri, Apr 2, 2021 at 5:13 PM Muchun Song <songmuchun@xxxxxxxxxxxxx> wrote:
>
> The caller of wb_get_create() should pin the memcg, because
> wb_get_create() relies on this guarantee. The rcu read lock
> only can guarantee that the memcg css returned by css_from_id()
> cannot be released, but the reference of the memcg can be zero.
>
> rcu_read_lock()
> memcg_css = css_from_id()
> wb_get_create(memcg_css)
> cgwb_create(memcg_css)
> // css_get can change the ref counter from 0 back to 1
> css_get(memcg_css)
> rcu_read_unlock()
>
> Fix it by holding a reference to the css before calling
> wb_get_create(). This is not a problem I encountered in the
> real world. Just the result of a code review.
>
> Fixes: 682aa8e1a6a1 ("writeback: implement unlocked_inode_to_wb transaction and use it for stat updates")
> Signed-off-by: Muchun Song <songmuchun@xxxxxxxxxxxxx>
> Acked-by: Michal Hocko <mhocko@xxxxxxxx>
> ---
> Changelog in v3:
> 1. Do not change GFP_ATOMIC.
> 2. Update commit log.
>
> Thanks for Michal's review and suggestions.
>
> Changelog in v2:
> 1. Replace GFP_ATOMIC with GFP_NOIO suggested by Matthew.
>
>
> fs/fs-writeback.c | 9 +++++++--
> 1 file changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/fs/fs-writeback.c b/fs/fs-writeback.c
> index 3ac002561327..dedde99da40d 100644
> --- a/fs/fs-writeback.c
> +++ b/fs/fs-writeback.c
> @@ -506,9 +506,14 @@ static void inode_switch_wbs(struct inode *inode, int new_wb_id)
> /* find and pin the new wb */
> rcu_read_lock();
> memcg_css = css_from_id(new_wb_id, &memory_cgrp_subsys);
> - if (memcg_css)
> - isw->new_wb = wb_get_create(bdi, memcg_css, GFP_ATOMIC);
> + if (memcg_css && !css_tryget(memcg_css))
> + memcg_css = NULL;
> rcu_read_unlock();
> + if (!memcg_css)
> + goto out_free;
> +
> + isw->new_wb = wb_get_create(bdi, memcg_css, GFP_ATOMIC);
> + css_put(memcg_css);
> if (!isw->new_wb)
> goto out_free;
>
> --
> 2.11.0
>
