[Devel] [PATCH RHEL COMMIT] mm/memcontol: fix our MEMCG_DATA_PGCACHE flag

Konstantin Khorenko khorenko at virtuozzo.com
Wed Jul 23 16:20:37 MSK 2025 

The commit is pushed to "branch-rh10-6.12.0-55.13.1.vz10.2.x-ovz" and will appear at git at bitbucket.org:openvz/vzkernel.git
after rh10-6.12.0-55.13.1.el10
------>
commit 28ae5cf1b7ebeb5b4772742501da434912dbb3d5
Author: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
Date:   Wed Jul 23 19:22:07 2025 +0800

    mm/memcontol: fix our MEMCG_DATA_PGCACHE flag
    
    We have a crash at refill_obj_stock on accessing obj_exts->objcg from
    wrong obj_exts, as slab_obj_exts() breaks the original obj_exts pointer.
    
    That happens because we add MEMCG_DATA_PGCACHE to page_memcg_data_flags,
    and we already have 3 bits there before, and 4 bits now don't fit into
    pointer alignment (pointers are aligned to 8, thus we can use 3 last
    bits for flags).
    
    To fix that let's reuse OBJEXTS_ALLOC_FAIL as MEMCG_DATA_PGCACHE for
    folios, it should be safe as for folios we don't use obj_exts, and cache
    folios do not belong to slab, so we should not see the bit in slab
    context, and also should not get the bit from slab context.
    
    Note: we would need to put our flag into corresponding obj_exts if/when
    they would be used for regular non-slab folios.
    
    https://virtuozzo.atlassian.net/browse/VSTOR-108538
    Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
    Reviewed-by: Konstantin Khorenko <khorenko at virtuozzo.com>
    
    Feature: mm: Memory cgroup page cache limit
---
 include/linux/memcontrol.h | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/include/linux/memcontrol.h b/include/linux/memcontrol.h
index 89ce21cdc6227..c97bd1a4b3c95 100644
--- a/include/linux/memcontrol.h
+++ b/include/linux/memcontrol.h
@@ -360,10 +360,16 @@ enum page_memcg_data_flags {
 	MEMCG_DATA_OBJEXTS = (1UL << 0),
 	/* page has been accounted as a non-slab kernel page */
 	MEMCG_DATA_KMEM = (1UL << 1),
-	/* page has been accounted as a cache page */
-	MEMCG_DATA_PGCACHE = (1UL << 2),
 	/* the next bit after the last actual flag */
-	__NR_MEMCG_DATA_FLAGS  = (1UL << 3),
+	__NR_MEMCG_DATA_FLAGS  = (1UL << 2),
+	/*
+	 * page has been accounted as a cache page
+	 *
+	 * This flag coincides with OBJEXTS_ALLOC_FAIL below, but at least now we don't
+	 * use neither OBJEXTS_ALLOC_FAIL nor MEMCG_DATA_OBJEXTS for folios, they are
+	 * only used for slab. So this should be safe.
+	 */
+	MEMCG_DATA_PGCACHE = (1UL << 2),
 };
 
 #define __FIRST_OBJEXT_FLAG	__NR_MEMCG_DATA_FLAGS
@@ -727,6 +733,8 @@ int mem_cgroup_charge_cache(struct folio *folio, struct mm_struct *mm,
  */
 static inline bool folio_memcg_cache(struct folio *folio)
 {
+	/* Let's detect when memcg_data will be using obj_exts */
+	VM_BUG_ON_FOLIO(folio->memcg_data & MEMCG_DATA_OBJEXTS, folio);
 	return folio->memcg_data & MEMCG_DATA_PGCACHE;
 }

More information about the Devel mailing list