• Vladimir Davydov's avatar
    memcg, slab: unregister cache from memcg before starting to destroy it · 051dd460
    Vladimir Davydov authored
    Currently, memcg_unregister_cache(), which deletes the cache being
    destroyed from the memcg_slab_caches list, is called after
    __kmem_cache_shutdown() (see kmem_cache_destroy()), which starts to
    destroy the cache.
    
    As a result, one can access a partially destroyed cache while traversing
    a memcg_slab_caches list, which can have deadly consequences (for
    instance, cache_show() called for each cache on a memcg_slab_caches list
    from mem_cgroup_slabinfo_read() will dereference pointers to already
    freed data).
    
    To fix this, let's move memcg_unregister_cache() before the cache
    destruction process beginning, issuing memcg_register_cache() on failure.
    Signed-off-by: default avatarVladimir Davydov <vdavydov@parallels.com>
    Cc: Michal Hocko <mhocko@suse.cz>
    Cc: Johannes Weiner <hannes@cmpxchg.org>
    Cc: David Rientjes <rientjes@google.com>
    Cc: Pekka Enberg <penberg@kernel.org>
    Cc: Glauber Costa <glommer@gmail.com>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    051dd460
memcontrol.c 191 KB