On Mon 03-08-20 11:03:49, Johannes Weiner wrote: > On Mon, Aug 03, 2020 at 11:00:33AM +0200, Michal Hocko wrote: > > On Tue 23-06-20 10:40:23, Roman Gushchin wrote: > > > @@ -5456,7 +5460,10 @@ static int mem_cgroup_move_account(struct page *page, > > > */ > > > smp_mb(); > > > > > > - page->mem_cgroup = to; /* caller should have done css_get */ > > > + css_get(&to->css); > > > + css_put(&from->css); > > > + > > > + page->mem_cgroup = to; > > > > > > __unlock_page_memcg(from); > > > > What prevents from memcg to be released here? > > ->attach_task() and kill_css() are exclusive through the cgroup_mutex, > so the base ref cannot disappear from under us during this operation. OK, is this worth a comment? Reference counting before other operation on the object always makes me worried and those details are hidden elsewhere. Btw. with the follow up fix from Hugh Acked-by: Michal Hocko <mhocko@xxxxxxxx> -- Michal Hocko SUSE Labs
