iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/mm
History
Michal Hocko 20ab67a563 mm: workingset: fix NULL ptr in count_shadow_nodes 
Commit 0a6b76dd23fa ("mm: workingset: make shadow node shrinker memcg
aware") has made the workingset shadow nodes shrinker memcg aware.  The
implementation is not correct though because memcg_kmem_enabled() might
become true while we are doing a global reclaim when the sc->memcg might
be NULL which is exactly what Marek has seen:

  BUG: unable to handle kernel NULL pointer dereference at 0000000000000400
  IP: [<ffffffff8122d520>] mem_cgroup_node_nr_lru_pages+0x20/0x40
  PGD 0
  Oops: 0000 [#1] SMP
  CPU: 0 PID: 60 Comm: kswapd0 Tainted: G           O   4.8.10-12.pvops.qubes.x86_64 #1
  task: ffff880011863b00 task.stack: ffff880011868000
  RIP: mem_cgroup_node_nr_lru_pages+0x20/0x40
  RSP: e02b:ffff88001186bc70  EFLAGS: 00010293
  RAX: 0000000000000000 RBX: ffff88001186bd20 RCX: 0000000000000002
  RDX: 000000000000000c RSI: 0000000000000000 RDI: 0000000000000000
  RBP: ffff88001186bc70 R08: 28f5c28f5c28f5c3 R09: 0000000000000000
  R10: 0000000000006c34 R11: 0000000000000333 R12: 00000000000001f6
  R13: ffffffff81c6f6a0 R14: 0000000000000000 R15: 0000000000000000
  FS:  0000000000000000(0000) GS:ffff880013c00000(0000) knlGS:ffff880013d00000
  CS:  e033 DS: 0000 ES: 0000 CR0: 0000000080050033
  CR2: 0000000000000400 CR3: 00000000122f2000 CR4: 0000000000042660
  Call Trace:
    count_shadow_nodes+0x9a/0xa0
    shrink_slab.part.42+0x119/0x3e0
    shrink_node+0x22c/0x320
    kswapd+0x32c/0x700
    kthread+0xd8/0xf0
    ret_from_fork+0x1f/0x40
  Code: 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 3b 35 dd eb b1 00 55 48 89 e5 73 2c 89 d2 31 c9 31 c0 4c 63 ce 48 0f a3 ca 73 13 <4a> 8b b4 cf 00 04 00 00 41 89 c8 4a 03 84 c6 80 00 00 00 83 c1
  RIP  mem_cgroup_node_nr_lru_pages+0x20/0x40
   RSP <ffff88001186bc70>
  CR2: 0000000000000400
  ---[ end trace 100494b9edbdfc4d ]---

This patch fixes the issue by checking sc->memcg rather than
memcg_kmem_enabled() which is sufficient because shrink_slab makes sure
that only memcg aware shrinkers will get non-NULL memcgs and only if
memcg_kmem_enabled is true.

Fixes: 0a6b76dd23fa ("mm: workingset: make shadow node shrinker memcg aware")
Link: http://lkml.kernel.org/r/20161201132156.21450-1-mhocko@kernel.org
Signed-off-by: Michal Hocko <mhocko@suse.com>
Reported-by: Marek Marczykowski-Górecki <marmarek@mimuw.edu.pl>
Tested-by: Marek Marczykowski-Górecki <marmarek@mimuw.edu.pl>
Acked-by: Vladimir Davydov <vdavydov.dev@gmail.com>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Acked-by: Balbir Singh <bsingharora@gmail.com>
Cc: <stable@vger.kernel.org>	[4.6+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2016-12-02 18:48:03 -08:00
..
kasan
kasan: support use-after-scope detection
2016-11-30 16:32:52 -08:00
backing-dev.c
block: fix bdi vs gendisk lifetime mismatch
2016-08-04 14:19:16 -06:00
balloon_compaction.c
mm: balloon: use general non-lru movable page feature
2016-07-26 16:19:19 -07:00
bootmem.c
mm: kmemleak: avoid using __va() on addresses that don't have a lowmem mapping
2016-10-11 15:06:33 -07:00
cleancache.c
cleancache: constify cleancache_ops structure
2016-01-27 09:09:57 -05:00
cma_debug.c
mm/cma_debug: correct size input to bitmap function
2015-07-17 16:39:54 -07:00
cma.c
mm/cma.c: check the max limit for cma allocation
2016-11-11 08:12:37 -08:00
cma.h
mm: cma: mark cma_bitmap_maxno() inline in header
2015-08-14 15:56:32 -07:00
compaction.c
mm, compaction: restrict fragindex to costly orders
2016-10-07 18:46:29 -07:00
debug_page_ref.c
mm/page_ref: add tracepoint to track down page reference manipulation
2016-03-17 15:09:34 -07:00
debug.c
mm: clarify why we avoid page_mapcount() for slab pages in dump_page()
2016-10-07 18:46:29 -07:00
dmapool.c
mm: convert printk(KERN_<LEVEL> to pr_<level>
2016-03-17 15:09:34 -07:00
early_ioremap.c
mm/early_ioremap: use offset_in_page macro
2015-11-05 19:34:48 -08:00
fadvise.c
mm/fadvise.c: do not discard partial pages with POSIX_FADV_DONTNEED
2016-06-09 14:23:11 -07:00
failslab.c
mm: fault-inject take over bootstrap kmem_cache check
2016-03-15 16:55:16 -07:00
filemap.c
mm/filemap: don't allow partially uptodate page for pipes
2016-11-11 08:12:37 -08:00
frame_vector.c
mm: replace get_vaddr_frames() write/force parameters with gup_flags
2016-10-19 08:11:24 -07:00
frontswap.c
mm, frontswap: convert frontswap_enabled to static key
2016-07-26 16:19:19 -07:00
gup.c
mm: unexport __get_user_pages()
2016-10-24 19:13:20 -07:00
highmem.c
mm/highmem: make nr_free_highpages() handles all highmem zones by itself
2016-05-19 19:12:14 -07:00
huge_memory.c
mremap: move_ptes: check pte dirty after its removal
2016-11-29 08:20:24 -08:00
hugetlb_cgroup.c
mm, hugetlb_cgroup: round limit_in_bytes down to hugepage size
2016-05-20 17:58:30 -07:00
hugetlb.c
mm/hugetlb: fix huge page reservation leak in private mapping error paths
2016-11-11 08:12:37 -08:00
hwpoison-inject.c
hwpoison: use page_cgroup_ino for filtering by memcg
2015-09-10 13:29:01 -07:00
init-mm.c
internal.h
mm, compaction: make full priority ignore pageblock suitability
2016-10-07 18:46:29 -07:00
interval_tree.c
Kconfig
Allow KASAN and HOTPLUG_MEMORY to co-exist when doing build testing
2016-10-27 16:23:01 -07:00
Kconfig.debug
PM / Hibernate: allow hibernation with PAGE_POISONING_ZERO
2016-09-13 02:35:27 +02:00
khugepaged.c
mm, thp: propagation of conditional compilation in khugepaged.c
2016-11-30 16:32:52 -08:00
kmemcheck.c
mm: convert printk(KERN_<LEVEL> to pr_<level>
2016-03-17 15:09:34 -07:00
kmemleak-test.c
mm: convert printk(KERN_<LEVEL> to pr_<level>
2016-03-17 15:09:34 -07:00
kmemleak.c
mm: kmemleak: scan .data.ro_after_init
2016-11-11 08:12:37 -08:00
ksm.c
mm,ksm: add __GFP_HIGH to the allocation in alloc_stable_node()
2016-10-07 18:46:29 -07:00
list_lru.c
mm/list_lru.c: avoid error-path NULL pointer deref
2016-10-27 18:43:42 -07:00
maccess.c
x86: remove more uaccess_32.h complexity
2016-05-22 17:21:27 -07:00
madvise.c
mm: make mmap_sem for write waits killable for mm syscalls
2016-05-23 17:04:14 -07:00
Makefile
Disable the __builtin_return_address() warning globally after all
2016-10-12 10:23:41 -07:00
memblock.c
mm: kmemleak: avoid using __va() on addresses that don't have a lowmem mapping
2016-10-11 15:06:33 -07:00
memcontrol.c
mm: memcontrol: do not recurse in direct reclaim
2016-10-27 18:43:43 -07:00
memory_hotplug.c
mm: remove unused variable in memory hotplug
2016-10-27 15:49:12 -07:00
memory-failure.c
mm: hwpoison: fix thp split handling in memory_failure()
2016-11-11 08:12:37 -08:00
memory.c
mm: replace access_process_vm() write parameter with gup_flags
2016-10-19 08:31:25 -07:00
mempolicy.c
mm: replace get_user_pages() write/force parameters with gup_flags
2016-10-19 08:11:43 -07:00
mempool.c
Revert "mm, mempool: only set __GFP_NOMEMALLOC if there are free elements"
2016-07-28 16:07:41 -07:00
memtest.c
memtest: remove unused header files
2015-09-08 15:35:28 -07:00
migrate.c
mm: vm_page_prot: update with WRITE_ONCE/READ_ONCE
2016-10-07 18:46:29 -07:00
mincore.c
mm, swap: use offset of swap entry as key of swap cache
2016-10-07 18:46:28 -07:00
mlock.c
thp: fix corner case of munlock() of PTE-mapped THPs
2016-11-30 16:32:52 -08:00
mm_init.c
mm: convert printk(KERN_<LEVEL> to pr_<level>
2016-03-17 15:09:34 -07:00
mmap.c
mm: vma_merge: correct false positive from __vma_unlink->validate_mm_rb
2016-10-07 18:46:29 -07:00
mmu_context.c
mm/mmu_context, sched/core: Fix mmu_context.h assumption
2016-04-28 11:44:19 +02:00
mmu_notifier.c
fix Christoph's email addresses
2016-03-17 15:09:34 -07:00
mmzone.c
mm, page_alloc: inline the fast path of the zonelist iterator
2016-05-19 19:12:14 -07:00
mprotect.c
mm/numa: Remove duplicated include from mprotect.c
2016-10-19 17:28:48 +02:00
mremap.c
mremap: move_ptes: check pte dirty after its removal
2016-11-29 08:20:24 -08:00
msync.c
mm/msync: use offset_in_page macro
2015-11-05 19:34:48 -08:00
nobootmem.c
mm: kmemleak: avoid using __va() on addresses that don't have a lowmem mapping
2016-10-11 15:06:33 -07:00
nommu.c
mm: unexport __get_user_pages()
2016-10-24 19:13:20 -07:00
oom_kill.c
oom: print nodemask in the oom report
2016-10-07 18:46:29 -07:00
page_alloc.c
mm: remove extra newline from allocation stall warning
2016-11-11 08:12:37 -08:00
page_counter.c
mm: page_counter: let page_counter_try_charge() return bool
2015-11-05 19:34:48 -08:00
page_ext.c
mm/page_ext: support extra space allocation by page_ext user
2016-10-07 18:46:27 -07:00
page_idle.c
mm, vmscan: move lru_lock to the node
2016-07-28 16:07:41 -07:00
page_io.c
mm/page_io.c: replace some BUG_ON()s with VM_BUG_ON_PAGE()
2016-10-07 18:46:29 -07:00
page_isolation.c
mm/page_isolation: fix typo: "paes" -> "pages"
2016-10-07 18:46:29 -07:00
page_owner.c
mm/page_owner: don't define fields on struct page_ext by hard-coding
2016-10-07 18:46:27 -07:00
page_poison.c
mm: check the return value of lookup_page_ext for all call sites
2016-06-03 15:06:22 -07:00
page-writeback.c
mm: don't use radix tree writeback tags for pages in swap cache
2016-10-07 18:46:28 -07:00
pagewalk.c
thp: rename split_huge_page_pmd() to split_huge_pmd()
2016-01-15 17:56:32 -08:00
percpu-km.c
mm: percpu: use pr_fmt to prefix output
2016-03-17 15:09:34 -07:00
percpu-vm.c
percpu.c
mm/percpu.c: fix potential memory leakage for pcpu_embed_first_chunk()
2016-10-05 11:52:55 -04:00
pgtable-generic.c
mm/thp/migration: switch from flush_tlb_range to flush_pmd_tlb_range
2016-03-17 15:09:34 -07:00
process_vm_access.c
mm: remove write/force parameters from __get_user_pages_unlocked()
2016-10-18 14:13:37 -07:00
quicklist.c
fix Christoph's email addresses
2016-03-17 15:09:34 -07:00
readahead.c
mm: silently skip readahead for DAX inodes
2016-08-26 17:39:35 -07:00
rmap.c
rmap: fix compound check logic in page_remove_file_rmap
2016-08-10 16:40:56 -07:00
shmem.c
shmem: fix pageflags after swapping DMA32 object
2016-11-11 08:12:37 -08:00
slab_common.c
memcg: prevent memcg caches to be both OFF_SLAB & OBJFREELIST_SLAB
2016-11-11 08:12:37 -08:00
slab.c
mm/slab: improve performance of gathering slabinfo stats
2016-10-27 18:43:43 -07:00
slab.h
mm/slab: improve performance of gathering slabinfo stats
2016-10-27 18:43:43 -07:00
slob.c
mm: slab: free kmem_cache_node after destroy sysfs file
2016-02-18 16:23:24 -08:00
slub.c
slub: Convert to hotplug state machine
2016-09-06 18:30:20 +02:00
sparse-vmemmap.c
treewide: replace obsolete _refok by __ref
2016-08-02 17:31:41 -04:00
sparse.c
treewide: replace obsolete _refok by __ref
2016-08-02 17:31:41 -04:00
swap_cgroup.c
mm: convert printk(KERN_<LEVEL> to pr_<level>
2016-03-17 15:09:34 -07:00
swap_state.c
mm, swap: use offset of swap entry as key of swap cache
2016-10-07 18:46:28 -07:00
swap.c
thp: reduce usage of huge zero page's atomic counter
2016-10-07 18:46:28 -07:00
swapfile.c
swapfile: fix memory corruption via malformed swapfile
2016-11-11 08:12:37 -08:00
truncate.c
mm: fix false-positive WARN_ON() in truncate/invalidate for hugetlb
2016-11-30 16:32:52 -08:00
usercopy.c
mm: usercopy: Check for module addresses
2016-09-20 16:07:39 -07:00
userfaultfd.c
mm, fs: get rid of PAGE_CACHE_* and page_cache_{get,release} macros
2016-04-04 10:41:08 -07:00
util.c
Merge branch 'mm-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2016-10-22 09:39:10 -07:00
vmacache.c
mm: unrig VMA cache hit ratio
2016-10-07 18:46:27 -07:00
vmalloc.c
mm: consolidate warn_alloc_failed users
2016-10-07 18:46:29 -07:00
vmpressure.c
mm/vmpressure.c: fix subtree pressure detection
2016-02-03 08:28:43 -08:00
vmscan.c
mm: memcontrol: do not recurse in direct reclaim
2016-10-27 18:43:43 -07:00
vmstat.c
seq/proc: modify seq_put_decimal_[u]ll to take a const char *, not char
2016-10-07 18:46:30 -07:00
workingset.c
mm: workingset: fix NULL ptr in count_shadow_nodes
2016-12-02 18:48:03 -08:00
z3fold.c
mm/z3fold.c: avoid modifying HEADLESS page and minor cleanup
2016-06-03 16:02:55 -07:00
zbud.c
mm/zbud.c: use list_last_entry() instead of list_tail_entry()
2016-01-15 11:40:52 -08:00
zpool.c
mm: zsmalloc: constify struct zs_pool name
2015-11-06 17:50:42 -08:00
zsmalloc.c
zsmalloc: Delete an unnecessary check before the function call "iput"
2016-07-28 16:07:41 -07:00
zswap.c
mm/zswap: use workqueue to destroy pool
2016-05-20 17:58:30 -07:00