From: Li Zefan <lizefan@huawei.com>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Tejun Heo <tj@kernel.org>, Glauber Costa <glommer@openvz.org>,
KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>,
Johannes Weiner <hannes@cmpxchg.org>,
LKML <linux-kernel@vger.kernel.org>,
Cgroups <cgroups@vger.kernel.org>,
linux-mm@kvack.org, Michal Hocko <mhocko@suse.cz>
Subject: [PATCH v4 1/9] Revert "memcg: avoid dangling reference count in creation failure."
Date: Fri, 14 Jun 2013 09:53:42 +0800 [thread overview]
Message-ID: <51BA77A6.70404@huawei.com> (raw)
In-Reply-To: <51BA7794.2000305@huawei.com>
From: Michal Hocko <mhocko@suse.cz>
This reverts commit e4715f01be697a3730c78f8ffffb595591d6a88c
mem_cgroup_put is hierarchy aware so mem_cgroup_put(memcg) already drops
an additional reference from all parents so the additional
mem_cgrroup_put(parent) potentially causes use-after-free.
Cc: <stable@vger.kernel.org> # 3.9+
Signed-off-by: Michal Hocko <mhocko@suse.cz>
Signed-off-by: Li Zefan <lizefan@huawei.com>
Acked-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
---
mm/memcontrol.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index 2e851f4..0bacc0d 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -6332,8 +6332,6 @@ mem_cgroup_css_online(struct cgroup *cont)
* call __mem_cgroup_free, so return directly
*/
mem_cgroup_put(memcg);
- if (parent->use_hierarchy)
- mem_cgroup_put(parent);
}
return error;
}
--
1.8.0.2
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Li Zefan <lizefan@huawei.com>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Tejun Heo <tj@kernel.org>, Glauber Costa <glommer@openvz.org>,
KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>,
Johannes Weiner <hannes@cmpxchg.org>,
LKML <linux-kernel@vger.kernel.org>,
Cgroups <cgroups@vger.kernel.org>, <linux-mm@kvack.org>,
Michal Hocko <mhocko@suse.cz>
Subject: [PATCH v4 1/9] Revert "memcg: avoid dangling reference count in creation failure."
Date: Fri, 14 Jun 2013 09:53:42 +0800 [thread overview]
Message-ID: <51BA77A6.70404@huawei.com> (raw)
In-Reply-To: <51BA7794.2000305@huawei.com>
From: Michal Hocko <mhocko@suse.cz>
This reverts commit e4715f01be697a3730c78f8ffffb595591d6a88c
mem_cgroup_put is hierarchy aware so mem_cgroup_put(memcg) already drops
an additional reference from all parents so the additional
mem_cgrroup_put(parent) potentially causes use-after-free.
Cc: <stable@vger.kernel.org> # 3.9+
Signed-off-by: Michal Hocko <mhocko@suse.cz>
Signed-off-by: Li Zefan <lizefan@huawei.com>
Acked-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
---
mm/memcontrol.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index 2e851f4..0bacc0d 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -6332,8 +6332,6 @@ mem_cgroup_css_online(struct cgroup *cont)
* call __mem_cgroup_free, so return directly
*/
mem_cgroup_put(memcg);
- if (parent->use_hierarchy)
- mem_cgroup_put(parent);
}
return error;
}
--
1.8.0.2
next prev parent reply other threads:[~2013-06-14 1:53 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-14 1:53 [PATCH v4 0/9] memcg: make memcg's life cycle the same as cgroup Li Zefan
2013-06-14 1:53 ` Li Zefan
2013-06-14 1:53 ` Li Zefan [this message]
2013-06-14 1:53 ` [PATCH v4 1/9] Revert "memcg: avoid dangling reference count in creation failure." Li Zefan
2013-06-14 1:53 ` [PATCH v4 2/9] memcg, kmem: fix reference count handling on the error path Li Zefan
2013-06-14 1:53 ` Li Zefan
2013-06-14 1:54 ` [PATCH v4 3/9] memcg: use css_get() in sock_update_memcg() Li Zefan
2013-06-14 1:54 ` Li Zefan
2013-06-14 1:54 ` [PATCH v4 4/9] memcg: don't use mem_cgroup_get() when creating a kmemcg cache Li Zefan
2013-06-14 1:54 ` Li Zefan
2013-06-14 1:54 ` Li Zefan
2013-06-14 1:54 ` [PATCH v4 5/9] memcg: use css_get/put when charging/uncharging kmem Li Zefan
2013-06-14 1:54 ` Li Zefan
2013-06-28 22:59 ` Andrew Morton
2013-06-28 22:59 ` Andrew Morton
2013-06-14 1:55 ` [PATCH v4 6/9] memcg: use css_get/put for swap memcg Li Zefan
2013-06-14 1:55 ` Li Zefan
2013-06-14 1:55 ` [PATCH v4 7/9] memcg: don't need to get a reference to the parent Li Zefan
2013-06-14 1:55 ` Li Zefan
2013-06-14 1:55 ` [PATCH v4 8/9] memcg: kill memcg refcnt Li Zefan
2013-06-14 1:55 ` Li Zefan
2013-06-14 1:56 ` [PATCH v4 9/9] memcg: don't need to free memcg via RCU or workqueue Li Zefan
2013-06-14 1:56 ` Li Zefan
2013-06-19 1:29 ` [PATCH v4 0/9] memcg: make memcg's life cycle the same as cgroup Li Zefan
2013-06-19 1:29 ` Li Zefan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51BA77A6.70404@huawei.com \
--to=lizefan@huawei.com \
--cc=akpm@linux-foundation.org \
--cc=cgroups@vger.kernel.org \
--cc=glommer@openvz.org \
--cc=hannes@cmpxchg.org \
--cc=kamezawa.hiroyu@jp.fujitsu.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mhocko@suse.cz \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.