On Fri, Jul 19, 2013 at 06:51:11PM +0200, Michal Hocko wrote: > vmpressure is called synchronously from the reclaim where the > target_memcg is guaranteed to be alive but the eventfd is signaled from > the work queue context. This means that memcg (along with vmpressure > structure which is embedded into it) might go away while the work item > is pending which would result in use-after-release bug. > > We have two possible ways how to fix this. Either vmpressure pins memcg > before it schedules vmpr->work and unpin it in vmpressure_work_fn or > explicitely flush the work item from the css_offline context (as > suggested by Tejun). > > This patch implements the later one and it introduces vmpressure_cleanup > which flushes the vmpressure work queue item item. It hooks into > mem_cgroup_css_offline after the memcg itself is cleaned up. > > Reported-by: Tejun Heo <tj@xxxxxxxxxx> > Signed-off-by: Michal Hocko <mhocko@xxxxxxx> Acked-by: Tejun Heo <tj@xxxxxxxxxx> Thanks! -- tejun -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>