From: Usama Arif <usama.arif@linux.dev>
To: Haifeng Xu <haifeng.xu@shopee.com>
Cc: Usama Arif <usama.arif@linux.dev>,
akpm@linux-foundation.org, david@fromorbit.com,
roman.gushchin@linux.dev, zhengqi.arch@bytedance.com,
muchun.song@linux.dev, linux-mm@kvack.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH V2 3/4] mm: shrinker: optimize the allocation of shrinker_info when setting cgroup_memory_nokmem
Date: Tue, 10 Mar 2026 04:05:35 -0700 [thread overview]
Message-ID: <20260310110536.3474739-1-usama.arif@linux.dev> (raw)
In-Reply-To: <20260310031250.289851-4-haifeng.xu@shopee.com>
On Tue, 10 Mar 2026 11:12:49 +0800 Haifeng Xu <haifeng.xu@shopee.com> wrote:
> When kmem is disabled, memcg slab shrink only call non-slab shrinkers,
> so just allocates shrinker info for non-slab shrinkers to non-root memcgs.
>
> Therefore, if memcg_kmem_online is true, all things keep same as before.
> Otherwise, root memcg allocates id from shrinker_idr to identify each
> shrinker and non-root memcgs use nonslab_id to identify non-slab shrinkers.
> The size of shrinkers_info in non-root memcgs can be very low because the
> number of shrinkers marked as SHRINKER_NONSLAB | SHRINKER_MEMCG_AWARE is
> few. Also, the time spending in expand_shrinker_info() can reduce a lot.
>
> When setting shrinker bit or updating nr_deferred, use nonslab_id for
> non-root memcgs if the shrinker is marked as SHRINKER_NONSLAB.
>
> Signed-off-by: Haifeng Xu <haifeng.xu@shopee.com>
> ---
> include/linux/memcontrol.h | 8 ++-
> include/linux/shrinker.h | 3 +
> mm/shrinker.c | 116 +++++++++++++++++++++++++++++++++----
> 3 files changed, 114 insertions(+), 13 deletions(-)
>
> diff --git a/include/linux/memcontrol.h b/include/linux/memcontrol.h
> index ce7b5101bc02..3edd6211aed2 100644
> --- a/include/linux/memcontrol.h
> +++ b/include/linux/memcontrol.h
> @@ -1804,7 +1804,13 @@ void reparent_shrinker_deferred(struct mem_cgroup *memcg);
>
> static inline int shrinker_id(struct mem_cgroup *memcg, struct shrinker *shrinker)
> {
> - return shrinker->id;
> + int id = shrinker->id;
> +
> + if (!memcg_kmem_online() && (shrinker->flags & SHRINKER_NONSLAB) &&
> + memcg != root_mem_cgroup)
> + id = shrinker->nonslab_id;
> +
> + return id;
> }
> #else
> #define mem_cgroup_sockets_enabled 0
> diff --git a/include/linux/shrinker.h b/include/linux/shrinker.h
> index 1a00be90d93a..df53008ed8b5 100644
> --- a/include/linux/shrinker.h
> +++ b/include/linux/shrinker.h
> @@ -107,6 +107,9 @@ struct shrinker {
> #ifdef CONFIG_MEMCG
> /* ID in shrinker_idr */
> int id;
> +
> + /* ID in shrinker_nonslab_idr */
> + int nonslab_id;
> #endif
> #ifdef CONFIG_SHRINKER_DEBUG
> int debugfs_id;
> diff --git a/mm/shrinker.c b/mm/shrinker.c
> index 61dbb6afae52..68ea2d49495c 100644
> --- a/mm/shrinker.c
> +++ b/mm/shrinker.c
> @@ -12,6 +12,7 @@ DEFINE_MUTEX(shrinker_mutex);
>
> #ifdef CONFIG_MEMCG
> static int shrinker_nr_max;
> +static int shrinker_nonslab_nr_max;
>
> static inline int shrinker_unit_size(int nr_items)
> {
> @@ -78,15 +79,25 @@ int alloc_shrinker_info(struct mem_cgroup *memcg)
> {
> int nid, ret = 0;
> int array_size = 0;
> + int alloc_nr_max;
> +
> + if (memcg_kmem_online()) {
> + alloc_nr_max = shrinker_nr_max;
> + } else {
> + if (memcg == root_mem_cgroup)
> + alloc_nr_max = shrinker_nr_max;
> + else
> + alloc_nr_max = shrinker_nonslab_nr_max;
> + }
>
> mutex_lock(&shrinker_mutex);
Hello!
The patch reads shrinker_nonslab_nr_max and shrinker_nr_max before
acquiring shrinker_mutex. The original code read shrinker_nr_max
UNDER the lock. Both variables are modified under shrinker_mutex by
concurrent shrinker registrations. A stale read could cause
alloc_shrinker_info() to allocate an undersized shrinker_info,
leading to out-of-bounds access in set_shrinker_bit() or the
nr_deferred functions.
next prev parent reply other threads:[~2026-03-10 11:05 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-10 3:12 [PATCH V2 0/4] record non-slab shrinkers for non-root memcgs when kmem is disabled Haifeng Xu
2026-03-10 3:12 ` [PATCH V2 1/4] mm: shrinker: add one more parameter in shrinker_id() Haifeng Xu
2026-03-10 3:12 ` [PATCH V2 2/4] mm: shrinker: move shrinker_id() code block below memcg_kmem_online() Haifeng Xu
2026-03-10 3:12 ` [PATCH V2 3/4] mm: shrinker: optimize the allocation of shrinker_info when setting cgroup_memory_nokmem Haifeng Xu
2026-03-10 11:05 ` Usama Arif [this message]
2026-03-11 2:21 ` Haifeng Xu
2026-03-11 22:14 ` Dave Chinner
2026-03-12 4:08 ` Haifeng Xu
2026-03-12 5:52 ` Dave Chinner
2026-03-13 3:04 ` Haifeng Xu
2026-03-10 3:12 ` [PATCH V2 4/4] mm: shrinker: remove unnecessary check in shrink_slab_memcg() Haifeng Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260310110536.3474739-1-usama.arif@linux.dev \
--to=usama.arif@linux.dev \
--cc=akpm@linux-foundation.org \
--cc=david@fromorbit.com \
--cc=haifeng.xu@shopee.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=muchun.song@linux.dev \
--cc=roman.gushchin@linux.dev \
--cc=zhengqi.arch@bytedance.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.