On Tue, Feb 01, 2022 at 02:33:04PM -0800, Roman Gushchin wrote:
...
> In this example a slab allocation from __send_signal() caused a
> refilling and draining of a percpu objcg stock, resulted in a
> releasing of another non-related objcg. Objcg release path requires
> taking the css_set_lock, which is used to synchronize objcg lists.
>
> This can create a circular dependency with the sighandler lock,
> which is taken with the locked css_set_lock by the freezer code
> (to freeze a task).
>
> In general it seems that using css_set_lock to synchronize objcg lists
> makes any slab allocations and deallocation with the locked
> css_set_lock and any intervened locks risky.
>
> To fix the problem and make the code more robust let's stop using
> css_set_lock to synchronize objcg lists and use a new dedicated
> spinlock instead.
>
> Fixes: bf4f059954dc ("mm: memcg/slab: obj_cgroup API")
> Signed-off-by: Roman Gushchin <guro@xxxxxx>
> Reported-by: Alexander Egorenkov <egorenar@xxxxxxxxxxxxx>
> Tested-by: Alexander Egorenkov <egorenar@xxxxxxxxxxxxx>
> Reviewed-by: Waiman Long <longman@xxxxxxxxxx>
> Cc: Tejun Heo <tj@xxxxxxxxxx>
> Cc: Johannes Weiner <hannes@xxxxxxxxxxx>
> Cc: Shakeel Butt <shakeelb@xxxxxxxxxx>
> Cc: Jeremy Linton <jeremy.linton@xxxxxxx>
> Cc: cgroups@xxxxxxxxxxxxxxx
Acked-by: Tejun Heo <tj@xxxxxxxxxx>
I suppose this will go through -mm? If you want me to route it through the
cgroup tree, please let me know.
Thanks.
--
tejun
