Re: [PATCH v3] mm: kmem: add lockdep assertion to obj_cgroup_memcg

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 31.07.2024 09:02, Muchun Song wrote:
>> On Jul 31, 2024, at 02:52, Marek Szyprowski <m.szyprowski@xxxxxxxxxxx> wrote:
>>
>> On 25.07.2024 11:43, Muchun Song wrote:
>>> The obj_cgroup_memcg() is supposed to safe to prevent the returned
>>> memory cgroup from being freed only when the caller is holding the
>>> rcu read lock or objcg_lock or cgroup_mutex. It is very easy to
>>> ignore thoes conditions when users call some upper APIs which call
>>> obj_cgroup_memcg() internally like mem_cgroup_from_slab_obj() (See
>>> the link below). So it is better to add lockdep assertion to
>>> obj_cgroup_memcg() to find those issues ASAP.
>>>
>>> Because there is no user of obj_cgroup_memcg() holding objcg_lock
>>> to make the returned memory cgroup safe, do not add objcg_lock
>>> assertion (We should export objcg_lock if we really want to do).
>>> Additionally, this is some internal implementation detail of memcg
>>> and should not be accessible outside memcg code.
>>>
>>> Some users like __mem_cgroup_uncharge() do not care the lifetime
>>> of the returned memory cgroup, which just want to know if the
>>> folio is charged to a memory cgroup, therefore, they do not need
>>> to hold the needed locks. In which case, introduce a new helper
>>> folio_memcg_charged() to do this. Compare it to folio_memcg(), it
>>> could eliminate a memory access of objcg->memcg for kmem, actually,
>>> a really small gain.
>>>
>>> Link: https://lore.kernel.org/all/20240718083607.42068-1-songmuchun@xxxxxxxxxxxxx/
>>> Signed-off-by: Muchun Song <songmuchun@xxxxxxxxxxxxx>
>> This patch landed in today's linux-next as commit 230b2f1f31b9 ("mm:
>> kmem: add lockdep assertion to obj_cgroup_memcg"). I my tests I found
>> that it triggers the following warning on Debian bookworm/sid system
>> image running under QEMU RISCV64:
> Thanks for your report.
>
> I'd like to say excellent since it indeed indicates this patch works
> well. Your report is actually a bug that I fixed it in [1] but not
> related to this patch.
>
> [1] https://lore.kernel.org/all/20240718083607.42068-1-songmuchun@xxxxxxxxxxxxx/

Confirmed. Applying [1] on top of next-20240730 fixes this issue without 
reverting $subject.

Tested-by: Marek Szyprowski <m.szyprowski@xxxxxxxxxxx>

>> ------------[ cut here ]------------
>> WARNING: CPU: 0 PID: 1 at include/linux/memcontrol.h:373
>> mem_cgroup_from_slab_obj+0x13e/0x1ea
>> Modules linked in:
>> CPU: 0 UID: 0 PID: 1 Comm: systemd Not tainted 6.10.0+ #15154
>> Hardware name: riscv-virtio,qemu (DT)
>> epc : mem_cgroup_from_slab_obj+0x13e/0x1ea
>>   ra : mem_cgroup_from_slab_obj+0x13c/0x1ea
>> ...
>> [<ffffffff80257256>] mem_cgroup_from_slab_obj+0x13e/0x1ea
>> [<ffffffff801f0b3e>] list_lru_del_obj+0xa6/0xc2
>> [<ffffffff8027c6c6>] d_lru_del+0x8c/0xa4
>> [<ffffffff8027da60>] __dentry_kill+0x15e/0x17a
>> [<ffffffff8027ec3c>] dput.part.0+0x242/0x3e6
>> [<ffffffff8027edee>] dput+0xe/0x18
>> [<ffffffff8027324c>] lookup_fast+0x80/0xce
>> [<ffffffff80273e28>] walk_component+0x20/0x13c
>> [<ffffffff802747e2>] path_lookupat+0x64/0x16c
>> [<ffffffff80274bf4>] filename_lookup+0x76/0x122
>> [<ffffffff80274d80>] user_path_at+0x30/0x4a
>> [<ffffffff802d12bc>] __riscv_sys_name_to_handle_at+0x52/0x1d8
>> [<ffffffff80b60324>] do_trap_ecall_u+0x14e/0x1da
>> [<ffffffff80b6c546>] handle_exception+0xca/0xd6
>> irq event stamp: 198187
>> hardirqs last  enabled at (198187): [<ffffffff8028ca9e>]
>> lookup_mnt+0x186/0x308
>> hardirqs last disabled at (198186): [<ffffffff8028ca74>]
>> lookup_mnt+0x15c/0x308
>> softirqs last  enabled at (198172): [<ffffffff800e34f6>]
>> cgroup_apply_control_enable+0x1f6/0x2fc
>> softirqs last disabled at (198170): [<ffffffff800e34d8>]
>> cgroup_apply_control_enable+0x1d8/0x2fc
>> ---[ end trace 0000000000000000 ]---
>>
>> Similar warning appears on ARM64 Debian bookworm system. Reverting it on
>> top of linux-next hides the issue, but I assume this is not the best way
>> to fix it.
>>
>> I'm testing kernel built from riscv/defconfig with PROVE_LOCKING,
>> DEBUG_ATOMIC_SLEEP, DEBUG_DRIVER and DEBUG_DEVRES options enabled.
>>
>>> ---
>>> v3:
>>>   - Use lockdep_assert_once(Vlastimil).
>>>
>>> v2:
>>>   - Remove mention of objcg_lock in obj_cgroup_memcg()(Shakeel Butt).
>>>
>>>   include/linux/memcontrol.h | 20 +++++++++++++++++---
>>>   mm/memcontrol.c            |  6 +++---
>>>   2 files changed, 20 insertions(+), 6 deletions(-)
>>>
>>> diff --git a/include/linux/memcontrol.h b/include/linux/memcontrol.h
>>> index fc94879db4dff..95f823deafeca 100644
>>> --- a/include/linux/memcontrol.h
>>> +++ b/include/linux/memcontrol.h
>>> @@ -360,11 +360,11 @@ static inline bool folio_memcg_kmem(struct folio *folio);
>>>    * After the initialization objcg->memcg is always pointing at
>>>    * a valid memcg, but can be atomically swapped to the parent memcg.
>>>    *
>>> - * The caller must ensure that the returned memcg won't be released:
>>> - * e.g. acquire the rcu_read_lock or css_set_lock.
>>> + * The caller must ensure that the returned memcg won't be released.
>>>    */
>>>   static inline struct mem_cgroup *obj_cgroup_memcg(struct obj_cgroup *objcg)
>>>   {
>>> + lockdep_assert_once(rcu_read_lock_held() || lockdep_is_held(&cgroup_mutex));
>>>    return READ_ONCE(objcg->memcg);
>>>   }
>>>
>>> @@ -438,6 +438,19 @@ static inline struct mem_cgroup *folio_memcg(struct folio *folio)
>>>    return __folio_memcg(folio);
>>>   }
>>>
>>> +/*
>>> + * folio_memcg_charged - If a folio is charged to a memory cgroup.
>>> + * @folio: Pointer to the folio.
>>> + *
>>> + * Returns true if folio is charged to a memory cgroup, otherwise returns false.
>>> + */
>>> +static inline bool folio_memcg_charged(struct folio *folio)
>>> +{
>>> + if (folio_memcg_kmem(folio))
>>> + return __folio_objcg(folio) != NULL;
>>> + return __folio_memcg(folio) != NULL;
>>> +}
>>> +
>>>   /**
>>>    * folio_memcg_rcu - Locklessly get the memory cgroup associated with a folio.
>>>    * @folio: Pointer to the folio.
>>> @@ -454,7 +467,6 @@ static inline struct mem_cgroup *folio_memcg_rcu(struct folio *folio)
>>>    unsigned long memcg_data = READ_ONCE(folio->memcg_data);
>>>
>>>    VM_BUG_ON_FOLIO(folio_test_slab(folio), folio);
>>> - WARN_ON_ONCE(!rcu_read_lock_held());
>>>
>>>    if (memcg_data & MEMCG_DATA_KMEM) {
>>>    struct obj_cgroup *objcg;
>>> @@ -463,6 +475,8 @@ static inline struct mem_cgroup *folio_memcg_rcu(struct folio *folio)
>>>    return obj_cgroup_memcg(objcg);
>>>    }
>>>
>>> + WARN_ON_ONCE(!rcu_read_lock_held());
>>> +
>>>    return (struct mem_cgroup *)(memcg_data & ~OBJEXTS_FLAGS_MASK);
>>>   }
>>>
>>> diff --git a/mm/memcontrol.c b/mm/memcontrol.c
>>> index 622d4544edd24..3da0284573857 100644
>>> --- a/mm/memcontrol.c
>>> +++ b/mm/memcontrol.c
>>> @@ -2366,7 +2366,7 @@ void mem_cgroup_cancel_charge(struct mem_cgroup *memcg, unsigned int nr_pages)
>>>
>>>   static void commit_charge(struct folio *folio, struct mem_cgroup *memcg)
>>>   {
>>> - VM_BUG_ON_FOLIO(folio_memcg(folio), folio);
>>> + VM_BUG_ON_FOLIO(folio_memcg_charged(folio), folio);
>>>    /*
>>>     * Any of the following ensures page's memcg stability:
>>>     *
>>> @@ -4617,7 +4617,7 @@ void __mem_cgroup_uncharge(struct folio *folio)
>>>    struct uncharge_gather ug;
>>>
>>>    /* Don't touch folio->lru of any random page, pre-check: */
>>> - if (!folio_memcg(folio))
>>> + if (!folio_memcg_charged(folio))
>>>    return;
>>>
>>>    uncharge_gather_clear(&ug);
>>> @@ -4662,7 +4662,7 @@ void mem_cgroup_replace_folio(struct folio *old, struct folio *new)
>>>    return;
>>>
>>>    /* Page cache replacement: new folio already charged? */
>>> - if (folio_memcg(new))
>>> + if (folio_memcg_charged(new))
>>>    return;
>>>
>>>    memcg = folio_memcg(old);
>> Best regards
>> -- 
>> Marek Szyprowski, PhD
>> Samsung R&D Institute Poland
>
>
Best regards
-- 
Marek Szyprowski, PhD
Samsung R&D Institute Poland





[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux