From: Usama Arif <usama.arif@linux.dev>
To: Haifeng Xu <haifeng.xu@shopee.com>
Cc: Usama Arif <usama.arif@linux.dev>,
akpm@linux-foundation.org, david@fromorbit.com,
roman.gushchin@linux.dev, zhengqi.arch@bytedance.com,
muchun.song@linux.dev, linux-mm@kvack.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH V2 3/4] mm: shrinker: optimize the allocation of shrinker_info when setting cgroup_memory_nokmem
Date: Tue, 10 Mar 2026 04:05:35 -0700 [thread overview]
Message-ID: <20260310110536.3474739-1-usama.arif@linux.dev> (raw)
In-Reply-To: <20260310031250.289851-4-haifeng.xu@shopee.com>
On Tue, 10 Mar 2026 11:12:49 +0800 Haifeng Xu <haifeng.xu@shopee.com> wrote:
> When kmem is disabled, memcg slab shrink only call non-slab shrinkers,
> so just allocates shrinker info for non-slab shrinkers to non-root memcgs.
>
> Therefore, if memcg_kmem_online is true, all things keep same as before.
> Otherwise, root memcg allocates id from shrinker_idr to identify each
> shrinker and non-root memcgs use nonslab_id to identify non-slab shrinkers.
> The size of shrinkers_info in non-root memcgs can be very low because the
> number of shrinkers marked as SHRINKER_NONSLAB | SHRINKER_MEMCG_AWARE is
> few. Also, the time spending in expand_shrinker_info() can reduce a lot.
>
> When setting shrinker bit or updating nr_deferred, use nonslab_id for
> non-root memcgs if the shrinker is marked as SHRINKER_NONSLAB.
>
> Signed-off-by: Haifeng Xu <haifeng.xu@shopee.com>
> ---
> include/linux/memcontrol.h | 8 ++-
> include/linux/shrinker.h | 3 +
> mm/shrinker.c | 116 +++++++++++++++++++++++++++++++++----
> 3 files changed, 114 insertions(+), 13 deletions(-)
>
> diff --git a/include/linux/memcontrol.h b/include/linux/memcontrol.h
> index ce7b5101bc02..3edd6211aed2 100644
> --- a/include/linux/memcontrol.h
> +++ b/include/linux/memcontrol.h
> @@ -1804,7 +1804,13 @@ void reparent_shrinker_deferred(struct mem_cgroup *memcg);
>
> static inline int shrinker_id(struct mem_cgroup *memcg, struct shrinker *shrinker)
> {
> - return shrinker->id;
> + int id = shrinker->id;
> +
> + if (!memcg_kmem_online() && (shrinker->flags & SHRINKER_NONSLAB) &&
> + memcg != root_mem_cgroup)
> + id = shrinker->nonslab_id;
> +
> + return id;
> }
> #else
> #define mem_cgroup_sockets_enabled 0
> diff --git a/include/linux/shrinker.h b/include/linux/shrinker.h
> index 1a00be90d93a..df53008ed8b5 100644
> --- a/include/linux/shrinker.h
> +++ b/include/linux/shrinker.h
> @@ -107,6 +107,9 @@ struct shrinker {
> #ifdef CONFIG_MEMCG
> /* ID in shrinker_idr */
> int id;
> +
> + /* ID in shrinker_nonslab_idr */
> + int nonslab_id;
> #endif
> #ifdef CONFIG_SHRINKER_DEBUG
> int debugfs_id;
> diff --git a/mm/shrinker.c b/mm/shrinker.c
> index 61dbb6afae52..68ea2d49495c 100644
> --- a/mm/shrinker.c
> +++ b/mm/shrinker.c
> @@ -12,6 +12,7 @@ DEFINE_MUTEX(shrinker_mutex);
>
> #ifdef CONFIG_MEMCG
> static int shrinker_nr_max;
> +static int shrinker_nonslab_nr_max;
>
> static inline int shrinker_unit_size(int nr_items)
> {
> @@ -78,15 +79,25 @@ int alloc_shrinker_info(struct mem_cgroup *memcg)
> {
> int nid, ret = 0;
> int array_size = 0;
> + int alloc_nr_max;
> +
> + if (memcg_kmem_online()) {
> + alloc_nr_max = shrinker_nr_max;
> + } else {
> + if (memcg == root_mem_cgroup)
> + alloc_nr_max = shrinker_nr_max;
> + else
> + alloc_nr_max = shrinker_nonslab_nr_max;
> + }
>
> mutex_lock(&shrinker_mutex);
Hello!
The patch reads shrinker_nonslab_nr_max and shrinker_nr_max before
acquiring shrinker_mutex. The original code read shrinker_nr_max
UNDER the lock. Both variables are modified under shrinker_mutex by
concurrent shrinker registrations. A stale read could cause
alloc_shrinker_info() to allocate an undersized shrinker_info,
leading to out-of-bounds access in set_shrinker_bit() or the
nr_deferred functions.
next prev parent reply other threads:[~2026-03-10 11:05 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-10 3:12 [PATCH V2 0/4] record non-slab shrinkers for non-root memcgs when kmem is disabled Haifeng Xu
2026-03-10 3:12 ` [PATCH V2 1/4] mm: shrinker: add one more parameter in shrinker_id() Haifeng Xu
2026-03-10 3:12 ` [PATCH V2 2/4] mm: shrinker: move shrinker_id() code block below memcg_kmem_online() Haifeng Xu
2026-03-10 3:12 ` [PATCH V2 3/4] mm: shrinker: optimize the allocation of shrinker_info when setting cgroup_memory_nokmem Haifeng Xu
2026-03-10 11:05 ` Usama Arif [this message]
2026-03-11 2:21 ` Haifeng Xu
2026-03-11 22:14 ` Dave Chinner
[not found] ` <bc08d009-fa43-44d0-880f-a37cc200a3b9@shopee.com>
2026-03-12 5:52 ` Dave Chinner
2026-03-13 3:04 ` Haifeng Xu
2026-03-10 3:12 ` [PATCH V2 4/4] mm: shrinker: remove unnecessary check in shrink_slab_memcg() Haifeng Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260310110536.3474739-1-usama.arif@linux.dev \
--to=usama.arif@linux.dev \
--cc=akpm@linux-foundation.org \
--cc=david@fromorbit.com \
--cc=haifeng.xu@shopee.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=muchun.song@linux.dev \
--cc=roman.gushchin@linux.dev \
--cc=zhengqi.arch@bytedance.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox