On Fri, Aug 12, 2022 at 08:35:19AM +0800, Yafang Shao wrote: > On Fri, Aug 12, 2022 at 12:16 AM Roman Gushchin > <roman.gushchin@xxxxxxxxx> wrote: > > > > On Wed, Aug 10, 2022 at 03:18:38PM +0000, Yafang Shao wrote: > > > Introduce new helper get_obj_cgroup_from_cgroup() to get obj_cgroup from > > > a specific cgroup. > > > > > > Signed-off-by: Yafang Shao <laoar.shao@xxxxxxxxx> > > > --- > > > include/linux/memcontrol.h | 1 + > > > mm/memcontrol.c | 41 +++++++++++++++++++++++++++++++++++++++++ > > > 2 files changed, 42 insertions(+) > > > > > > diff --git a/include/linux/memcontrol.h b/include/linux/memcontrol.h > > > index 2f0a611..901a921 100644 > > > --- a/include/linux/memcontrol.h > > > +++ b/include/linux/memcontrol.h > > > @@ -1713,6 +1713,7 @@ static inline void set_shrinker_bit(struct mem_cgroup *memcg, > > > int __memcg_kmem_charge_page(struct page *page, gfp_t gfp, int order); > > > void __memcg_kmem_uncharge_page(struct page *page, int order); > > > > > > +struct obj_cgroup *get_obj_cgroup_from_cgroup(struct cgroup *cgrp); > > > struct obj_cgroup *get_obj_cgroup_from_current(void); > > > struct obj_cgroup *get_obj_cgroup_from_page(struct page *page); > > > > > > diff --git a/mm/memcontrol.c b/mm/memcontrol.c > > > index 618c366..762cffa 100644 > > > --- a/mm/memcontrol.c > > > +++ b/mm/memcontrol.c > > > @@ -2908,6 +2908,47 @@ static struct obj_cgroup *__get_obj_cgroup_from_memcg(struct mem_cgroup *memcg) > > > return objcg; > > > } > > > > > > +static struct obj_cgroup *get_obj_cgroup_from_memcg(struct mem_cgroup *memcg) > > > +{ > > > + struct obj_cgroup *objcg; > > > + > > > + if (memcg_kmem_bypass()) > > > + return NULL; > > > + > > > + rcu_read_lock(); > > > + objcg = __get_obj_cgroup_from_memcg(memcg); > > > + rcu_read_unlock(); > > > + return objcg; > > > > This code doesn't make sense to me. What does rcu read lock protect here? > > To protect rcu_dereference(memcg->objcg);. > Doesn't it need the read rcu lock ? No, it's not how rcu works. Please, take a look at the docs here: https://docs.kernel.org/RCU/whatisRCU.html#whatisrcu . In particular, it describes this specific case very well. In 2 words, you don't protect the rcu_dereference() call, you protect the pointer you get, cause it's valid only inside the rcu read section. After rcu_read_unlock() it might point at a random data, because the protected object can be already freed. Thanks!