On Tue, Dec 11, 2012 at 7:54 AM, Michal Hocko <mhocko@xxxxxxx> wrote:
> On Sun 09-12-12 11:39:50, Ying Han wrote:
>> On Mon, Nov 26, 2012 at 10:47 AM, Michal Hocko <mhocko@xxxxxxx> wrote:
> [...]
>> > if (reclaim) {
>> > - iter->position = id;
>> > + struct mem_cgroup *curr = memcg;
>> > +
>> > + if (last_visited)
>> > + css_put(&last_visited->css);
> ^^^^^^^^^^^
> here
>> > +
>> > + if (css && !memcg)
>> > + curr = mem_cgroup_from_css(css);
>> > +
>> > + /* make sure that the cached memcg is not removed */
>> > + if (curr)
>> > + css_get(&curr->css);
>> > + iter->last_visited = curr;
>>
>> Here we take extra refcnt for last_visited, and assume it is under
>> target reclaim which then calls mem_cgroup_iter_break() and we leaked
>> a refcnt of the target memcg css.
>
> I think you are not right here. The extra reference is kept for
> iter->last_visited and it will be dropped the next time somebody sees
> the same zone-priority iter. See above.
>
> Or have I missed your question?
Hmm, question remains.
My understanding of the mem_cgroup_iter() is that each call path
should close the loop itself, in the sense that no *leaked* css refcnt
after that loop finished. It is the case for all the caller today
where the loop terminates at memcg == NULL, where all the refcnt have
been dropped by then.
One exception is mem_cgroup_iter_break(), where the loop terminates
with *leaked* refcnt and that is what the iter_break() needs to clean
up. We can not rely on the next caller of the loop since it might
never happen.
It makes sense to drop the refcnt of last_visited, the same reason as
drop refcnt of prev. I don't see why it makes different.
--Ying
>
> [...]
> --
> Michal Hocko
> SUSE Labs
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>