Linux Archive

Linux Archive (
-   Ubuntu Kernel Team (
-   -   ACK: mm: memcg: Correct unregistring of events attached to the same eventfd (

Colin Ian King 03-12-2012 12:09 PM

ACK: mm: memcg: Correct unregistring of events attached to the same eventfd
On 12/03/12 11:22, Andy Whitcroft wrote:

From: Anton Vorontsov<>

There is an issue when memcg unregisters events that were attached to
the same eventfd:

- On the first call mem_cgroup_usage_unregister_event() removes all
events attached to a given eventfd, and if there were no events left,
thresholds->primary would become NULL;

- Since there were several events registered, cgroups core will call
mem_cgroup_usage_unregister_event() again, but now kernel will oops,
as the function doesn't expect that threshold->primary may be NULL.

That's a good question whether mem_cgroup_usage_unregister_event()
should actually remove all events in one go, but nowadays it can't
do any better as cftype->unregister_event callback doesn't pass
any private event-associated cookie. So, let's fix the issue by
simply checking for threshold->primary.

FWIW, w/o the patch the following oops may be observed:

BUG: unable to handle kernel NULL pointer dereference at 0000000000000004
IP: [<ffffffff810be32c>] mem_cgroup_usage_unregister_event+0x9c/0x1f0
Pid: 574, comm: kworker/0:2 Not tainted 3.3.0-rc4+ #9 Bochs Bochs
RIP: 0010:[<ffffffff810be32c>] [<ffffffff810be32c>] mem_cgroup_usage_unregister_event+0x9c/0x1f0
RSP: 0018:ffff88001d0b9d60 EFLAGS: 00010246
Process kworker/0:2 (pid: 574, threadinfo ffff88001d0b8000, task ffff88001de91cc0)
Call Trace:
[<ffffffff8107092b>] cgroup_event_remove+0x2b/0x60
[<ffffffff8103db94>] process_one_work+0x174/0x450
[<ffffffff8103e413>] worker_thread+0x123/0x2d0

Cc: stable<>
Signed-off-by: Anton Vorontsov<>
Acked-by: KAMEZAWA Hiroyuki<>
Cc: Kirill A. Shutemov<>
Cc: Michal Hocko<>
Signed-off-by: Linus Torvalds<>

(cherry picked from commit 371528caec553785c37f73fa3926ea0de84f986f)
Signed-off-by: Andy Whitcroft<>
mm/memcontrol.c | 5 ++++-
1 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index 20a8193..ebca7c0 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -3647,6 +3647,9 @@ static void mem_cgroup_usage_unregister_event(struct cgroup *cgrp,

+ if (!thresholds->primary)
+ goto unlock;
usage = mem_cgroup_usage(memcg, type == _MEMSWAP);

/* Check if a threshold crossed before removing */
@@ -3695,7 +3698,7 @@ swap_buffers:

/* To be sure that nobody uses thresholds */

Upstream patch, looks sane to me, ACK.

Acked-by: Colin Ian King <>

kernel-team mailing list

All times are GMT. The time now is 04:16 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.