[Devel] [PATCH rh7] mm/memcg: Release memcg id from css_free callback

[Andrey Ryabinin]

After rebase to kernel-3.10.0-957.10.1.el7 memcg id freed
in memcg offline callback instead of free. This makes possible
to reuse id by another cgroup, thus mem_cgroup_uncharge_swap()
may call css_put() on the wrong cgroup.

Delay realese of memcg id up to css_free() point.

https://jira.sw.ru/browse/PSBM-94269
Signed-off-by: Andrey Ryabinin <aryabinin at virtuozzo.com>
---
 mm/memcontrol.c | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index f2a81d72d3bf..e6e1b8e8c9c9 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -6213,8 +6213,6 @@ unsigned short mem_cgroup_id(struct mem_cgroup *memcg)
 static void mem_cgroup_id_put(struct mem_cgroup *memcg)
 {
 	idr_remove(&mem_cgroup_idr, memcg->id);
-	memcg->id = 0;
-	synchronize_rcu();
 }
 
 /**
@@ -6318,10 +6316,7 @@ static struct mem_cgroup *mem_cgroup_alloc(void)
 	for_each_node(node)
 		free_mem_cgroup_per_zone_info(memcg, node);
 
-	if (memcg->id > 0) {
-		idr_remove(&mem_cgroup_idr, memcg->id);
-		synchronize_rcu();
-	}
+	idr_remove(&mem_cgroup_idr, memcg->id);
 fail:
 	kfree(memcg);
 	return NULL;
@@ -6344,6 +6339,7 @@ static void __mem_cgroup_free(struct mem_cgroup *memcg)
 	int i;
 
 	mem_cgroup_remove_from_trees(memcg);
+	mem_cgroup_id_put(memcg);
 
 	for_each_node(node)
 		free_mem_cgroup_per_zone_info(memcg, node);
@@ -6574,7 +6570,6 @@ static void mem_cgroup_css_offline(struct cgroup *cont)
 	 */
 	release_oom_context(&memcg->oom_ctx);
 
-	mem_cgroup_id_put(memcg);
 }
 
 static void mem_cgroup_css_free(struct cgroup *cont)
-- 
2.21.0