[Devel] Re: [RFC][PATCH] memcg: fix a race when setting memcg.swappiness

Li Zefan lizf at cn.fujitsu.com
Tue Jan 13 23:22:06 PST 2009


KAMEZAWA Hiroyuki wrote:
> On Wed, 14 Jan 2009 14:47:18 +0800
> Li Zefan <lizf at cn.fujitsu.com> wrote:
> 
>> KAMEZAWA Hiroyuki wrote:
>>> On Wed, 14 Jan 2009 11:24:18 +0800
>>> Li Zefan <lizf at cn.fujitsu.com> wrote:
>>>
>>>> (suppose: memcg->use_hierarchy == 0 and memcg->swappiness == 60)
>>>>
>>>> echo 10 > /memcg/0/swappiness   |
>>>>   mem_cgroup_swappiness_write() |
>>>>     ...                         | echo 1 > /memcg/0/use_hierarchy
>>>>                                 | mkdir /mnt/0/1
>>>>                                 |   sub_memcg->swappiness = 60;
>>>>     memcg->swappiness = 10;     |
>>>>
>>>> In the above scenario, we end up having 2 different swappiness
>>>> values in a single hierarchy.
>>>>
>>>> Note we can't use hierarchy_lock here, because it doesn't protect
>>>> the create() method.
>>>>
>>>> Though IMO use cgroup_lock() in simple write functions is OK,
>>>> Paul would like to avoid it. And he sugguested use a counter to
>>>> count the number of children instead of check cgrp->children list:
>>>>
>>>> =================
>>>> create() does:
>>>>
>>>> lock memcg_parent
>>>> memcg->swappiness = memcg->parent->swappiness;
>>>> memcg_parent->child_count++;
>>>> unlock memcg_parent
>>>>
>>>> and write() does:
>>>>
>>>> lock memcg
>>>> if (!memcg->child_count) {
>>>>   memcg->swappiness = swappiness;
>>>> } else {
>>>>   report error;
>>>> }
>>>> unlock memcg
>>>>
>>>> destroy() does:
>>>> lock memcg_parent
>>>> memcg_parent->child_count--;
>>>> unlock memcg_parent
>>>>
>>>> =================
>>>>
>>>> And there is a suble differnce with checking cgrp->children,
>>>> that a cgroup is removed from parent's list in cgroup_rmdir(),
>>>> while memcg->child_count is decremented in cgroup_diput().
>>>>
>>>>
>>>> Signed-off-by: Li Zefan <lizf at cn.fujitsu.com>
>>> Seems reasonable, but, hmm...
>>>
>> Do you mean you agree to avoid using cgroup_lock()?
>>
>>> Why hierarchy_mutex can't be used for create() ?
>>>
>> We can make hierarchy_mutex work for this race by:
>>
>> @@ -2403,16 +2403,18 @@ static long cgroup_create(struct cgroup *parent, struct
>>         if (notify_on_release(parent))
>>                 set_bit(CGRP_NOTIFY_ON_RELEASE, &cgrp->flags);
>>
>> +       cgroup_lock_hierarchy(root);
>> +
>>         for_each_subsys(root, ss) {
>>                 struct cgroup_subsys_state *css = ss->create(ss, cgrp);
>>                 if (IS_ERR(css)) {
>> +                       cgroup_unlock_hierarchy(root);
>>                         err = PTR_ERR(css);
>>                         goto err_destroy;
>>                 }
>>                 init_cgroup_css(css, ss, cgrp);
>>         }
>>
>> -       cgroup_lock_hierarchy(root);
>>         list_add(&cgrp->sibling, &cgrp->parent->children);
>>         cgroup_unlock_hierarchy(root);
>>         root->number_of_cgroups++;
>>
>> But this may not be what we want, because hierarchy_mutex is meant to be
>> lightweight, so it's not held while subsys callbacks are invoked, except
>> bind().
>>
> 
> Ah, I see your point. But "we can't trust hieararchy_lock for create()"
> is a probelm.  How about following ?

Yes, it can be a problem I think, so should be used carefully..

> ==
> for_each-subsys(root,ss) {
> 	if (ss->create) {
> 		mutex_lock(&ss->hierarchy_mutex);
> 		css = ss->create(ss, cgroup);
> 		mutex_unlock(&ss->hierarchy_mutex);
> 		if (IS_ERR(...)) {
> 		}
> 	}

This won't work. :(

The lock should include both create() and list_add(&cgrp->sibling, &cgrp->parent->children);


_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers




More information about the Devel mailing list