On Fri 22-03-13 09:22:06, Li Zefan wrote: > On 2013/3/21 18:22, Michal Hocko wrote: > > On Thu 21-03-13 10:08:49, Michal Hocko wrote: > >> On Thu 21-03-13 09:22:21, Li Zefan wrote: > >>> As cgroup supports rename, it's unsafe to dereference dentry->d_name > >>> without proper vfs locks. Fix this by using cgroup_name(). > >>> > >>> Signed-off-by: Li Zefan <lizefan@xxxxxxxxxx> > >>> --- > >>> > >>> This patch depends on "cgroup: fix cgroup_path() vs rename() race", > >>> which has been queued for 3.10. > >>> > >>> --- > >>> mm/memcontrol.c | 15 +++++++-------- > >>> 1 file changed, 7 insertions(+), 8 deletions(-) > >>> > >>> diff --git a/mm/memcontrol.c b/mm/memcontrol.c > >>> index 53b8201..72be5c9 100644 > >>> --- a/mm/memcontrol.c > >>> +++ b/mm/memcontrol.c > >>> @@ -3217,17 +3217,16 @@ void mem_cgroup_destroy_cache(struct kmem_cache *cachep) > >>> static char *memcg_cache_name(struct mem_cgroup *memcg, struct kmem_cache *s) > >>> { > >>> char *name; > >>> - struct dentry *dentry; > >>> + > >>> + name = (char *)__get_free_page(GFP_TEMPORARY); > >> > >> Ouch. Can we use a static temporary buffer instead? > > > >> This is called from workqueue context so we do not have to be afraid > >> of the deep call chain. > > > > Bahh, I was thinking about two things at the same time and that is how > > it ends... I meant a temporary buffer on the stack. But a separate > > allocation sounds even easier. > > > > Actually I don't care much about which way to take. Use on-stack buffer (if stack > usage is not a concern) or local static buffer (caller already held memcg_cache_mutex) > is simplest. > > But why it's bad to allocate a page for temp use? GFP_TEMPORARY groups short lived allocations but the mem cache is not an ideal candidate of this type of allocations.. > >> It is also not a hot path AFAICS. > >> > >> Even GFP_ATOMIC for kasprintf would be an improvement IMO. > > > > What about the following (not even compile tested because I do not have > > cgroup_name in my tree yet): > > No, it won't compile. ;) Somehow expected so as this was just a quick hack to show what I meant. The full patch is bellow (compile time tested on top of for-3.10 branch this time :P) --- >From 7e1f6f0e266a230ced238a9bf2398b4069a6a764 Mon Sep 17 00:00:00 2001 From: Michal Hocko <mhocko@xxxxxxx> Date: Fri, 22 Mar 2013 09:04:58 +0100 Subject: [PATCH] memcg: fix memcg_cache_name() to use cgroup_name() As cgroup supports rename, it's unsafe to dereference dentry->d_name without proper vfs locks. Fix this by using cgroup_name(). Signed-off-by: Li Zefan <lizefan@xxxxxxxxxx> Signed-off-by: Michal Hocko <mhocko@xxxxxxx> --- mm/memcontrol.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/mm/memcontrol.c b/mm/memcontrol.c index 53b8201..5741bf5 100644 --- a/mm/memcontrol.c +++ b/mm/memcontrol.c @@ -3220,13 +3220,18 @@ static char *memcg_cache_name(struct mem_cgroup *memcg, struct kmem_cache *s) struct dentry *dentry; rcu_read_lock(); - dentry = rcu_dereference(memcg->css.cgroup->dentry); + name = kasprintf(GFP_ATOMIC, "%s(%d:%s)", s->name, + memcg_cache_id(memcg), dcgroup_name(memcg->css.cgroup)); rcu_read_unlock(); - BUG_ON(dentry == NULL); + if (!name) { + name = kmalloc(PAGE_SIZE, GFP_KERNEL); + rcu_read_lock(); + name = snprintf(name, PAGE_SIZE, "%s(%d:%s)", s->name, + memcg_cache_id(memcg), dcgroup_name(memcg->css.cgroup)); + rcu_read_unlock(); - name = kasprintf(GFP_KERNEL, "%s(%d:%s)", s->name, - memcg_cache_id(memcg), dentry->d_name.name); + } return name; } -- 1.7.10.4 -- Michal Hocko SUSE Labs -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx"> email@xxxxxxxxx </a>