projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
memcg: remove unnecessary !mm check from try_get_mem_cgroup_from_mm()
[deliverable/linux.git] / mm / memcontrol.c
1 /* memcontrol.c - Memory Controller
2 *
3 * Copyright IBM Corporation, 2007
4 * Author Balbir Singh <balbir@linux.vnet.ibm.com>
5 *
6 * Copyright 2007 OpenVZ SWsoft Inc
7 * Author: Pavel Emelianov <xemul@openvz.org>
8 *
9 * Memory thresholds
10 * Copyright (C) 2009 Nokia Corporation
11 * Author: Kirill A. Shutemov
12 *
13 * Kernel Memory Controller
14 * Copyright (C) 2012 Parallels Inc. and Google Inc.
15 * Authors: Glauber Costa and Suleiman Souhlal
16 *
17 * This program is free software; you can redistribute it and/or modify
18 * it under the terms of the GNU General Public License as published by
19 * the Free Software Foundation; either version 2 of the License, or
20 * (at your option) any later version.
21 *
22 * This program is distributed in the hope that it will be useful,
23 * but WITHOUT ANY WARRANTY; without even the implied warranty of
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25 * GNU General Public License for more details.
26 */
27
28 #include <linux/res_counter.h>
29 #include <linux/memcontrol.h>
30 #include <linux/cgroup.h>
31 #include <linux/mm.h>
32 #include <linux/hugetlb.h>
33 #include <linux/pagemap.h>
34 #include <linux/smp.h>
35 #include <linux/page-flags.h>
36 #include <linux/backing-dev.h>
37 #include <linux/bit_spinlock.h>
38 #include <linux/rcupdate.h>
39 #include <linux/limits.h>
40 #include <linux/export.h>
41 #include <linux/mutex.h>
42 #include <linux/rbtree.h>
43 #include <linux/slab.h>
44 #include <linux/swap.h>
45 #include <linux/swapops.h>
46 #include <linux/spinlock.h>
47 #include <linux/eventfd.h>
48 #include <linux/poll.h>
49 #include <linux/sort.h>
50 #include <linux/fs.h>
51 #include <linux/seq_file.h>
52 #include <linux/vmpressure.h>
53 #include <linux/mm_inline.h>
54 #include <linux/page_cgroup.h>
55 #include <linux/cpu.h>
56 #include <linux/oom.h>
57 #include <linux/lockdep.h>
58 #include <linux/file.h>
59 #include "internal.h"
60 #include <net/sock.h>
61 #include <net/ip.h>
62 #include <net/tcp_memcontrol.h>
63 #include "slab.h"
64
65 #include <asm/uaccess.h>
66
67 #include <trace/events/vmscan.h>
68
69 struct cgroup_subsys memory_cgrp_subsys __read_mostly;
70 EXPORT_SYMBOL(memory_cgrp_subsys);
71
72 #define MEM_CGROUP_RECLAIM_RETRIES 5
73 static struct mem_cgroup *root_mem_cgroup __read_mostly;
74
75 #ifdef CONFIG_MEMCG_SWAP
76 /* Turned on only when memory cgroup is enabled && really_do_swap_account = 1 */
77 int do_swap_account __read_mostly;
78
79 /* for remember boot option*/
80 #ifdef CONFIG_MEMCG_SWAP_ENABLED
81 static int really_do_swap_account __initdata = 1;
82 #else
83 static int really_do_swap_account __initdata = 0;
84 #endif
85
86 #else
87 #define do_swap_account 0
88 #endif
89
90
91 static const char * const mem_cgroup_stat_names[] = {
92 "cache",
93 "rss",
94 "rss_huge",
95 "mapped_file",
96 "writeback",
97 "swap",
98 };
99
100 enum mem_cgroup_events_index {
101 MEM_CGROUP_EVENTS_PGPGIN, /* # of pages paged in */
102 MEM_CGROUP_EVENTS_PGPGOUT, /* # of pages paged out */
103 MEM_CGROUP_EVENTS_PGFAULT, /* # of page-faults */
104 MEM_CGROUP_EVENTS_PGMAJFAULT, /* # of major page-faults */
105 MEM_CGROUP_EVENTS_NSTATS,
106 };
107
108 static const char * const mem_cgroup_events_names[] = {
109 "pgpgin",
110 "pgpgout",
111 "pgfault",
112 "pgmajfault",
113 };
114
115 static const char * const mem_cgroup_lru_names[] = {
116 "inactive_anon",
117 "active_anon",
118 "inactive_file",
119 "active_file",
120 "unevictable",
121 };
122
123 /*
124 * Per memcg event counter is incremented at every pagein/pageout. With THP,
125 * it will be incremated by the number of pages. This counter is used for
126 * for trigger some periodic events. This is straightforward and better
127 * than using jiffies etc. to handle periodic memcg event.
128 */
129 enum mem_cgroup_events_target {
130 MEM_CGROUP_TARGET_THRESH,
131 MEM_CGROUP_TARGET_SOFTLIMIT,
132 MEM_CGROUP_TARGET_NUMAINFO,
133 MEM_CGROUP_NTARGETS,
134 };
135 #define THRESHOLDS_EVENTS_TARGET 128
136 #define SOFTLIMIT_EVENTS_TARGET 1024
137 #define NUMAINFO_EVENTS_TARGET 1024
138
139 struct mem_cgroup_stat_cpu {
140 long count[MEM_CGROUP_STAT_NSTATS];
141 unsigned long events[MEM_CGROUP_EVENTS_NSTATS];
142 unsigned long nr_page_events;
143 unsigned long targets[MEM_CGROUP_NTARGETS];
144 };
145
146 struct mem_cgroup_reclaim_iter {
147 /*
148 * last scanned hierarchy member. Valid only if last_dead_count
149 * matches memcg->dead_count of the hierarchy root group.
150 */
151 struct mem_cgroup *last_visited;
152 int last_dead_count;
153
154 /* scan generation, increased every round-trip */
155 unsigned int generation;
156 };
157
158 /*
159 * per-zone information in memory controller.
160 */
161 struct mem_cgroup_per_zone {
162 struct lruvec lruvec;
163 unsigned long lru_size[NR_LRU_LISTS];
164
165 struct mem_cgroup_reclaim_iter reclaim_iter[DEF_PRIORITY + 1];
166
167 struct rb_node tree_node; /* RB tree node */
168 unsigned long long usage_in_excess;/* Set to the value by which */
169 /* the soft limit is exceeded*/
170 bool on_tree;
171 struct mem_cgroup *memcg; /* Back pointer, we cannot */
172 /* use container_of */
173 };
174
175 struct mem_cgroup_per_node {
176 struct mem_cgroup_per_zone zoneinfo[MAX_NR_ZONES];
177 };
178
179 /*
180 * Cgroups above their limits are maintained in a RB-Tree, independent of
181 * their hierarchy representation
182 */
183
184 struct mem_cgroup_tree_per_zone {
185 struct rb_root rb_root;
186 spinlock_t lock;
187 };
188
189 struct mem_cgroup_tree_per_node {
190 struct mem_cgroup_tree_per_zone rb_tree_per_zone[MAX_NR_ZONES];
191 };
192
193 struct mem_cgroup_tree {
194 struct mem_cgroup_tree_per_node *rb_tree_per_node[MAX_NUMNODES];
195 };
196
197 static struct mem_cgroup_tree soft_limit_tree __read_mostly;
198
199 struct mem_cgroup_threshold {
200 struct eventfd_ctx *eventfd;
201 u64 threshold;
202 };
203
204 /* For threshold */
205 struct mem_cgroup_threshold_ary {
206 /* An array index points to threshold just below or equal to usage. */
207 int current_threshold;
208 /* Size of entries[] */
209 unsigned int size;
210 /* Array of thresholds */
211 struct mem_cgroup_threshold entries[0];
212 };
213
214 struct mem_cgroup_thresholds {
215 /* Primary thresholds array */
216 struct mem_cgroup_threshold_ary *primary;
217 /*
218 * Spare threshold array.
219 * This is needed to make mem_cgroup_unregister_event() "never fail".
220 * It must be able to store at least primary->size - 1 entries.
221 */
222 struct mem_cgroup_threshold_ary *spare;
223 };
224
225 /* for OOM */
226 struct mem_cgroup_eventfd_list {
227 struct list_head list;
228 struct eventfd_ctx *eventfd;
229 };
230
231 /*
232 * cgroup_event represents events which userspace want to receive.
233 */
234 struct mem_cgroup_event {
235 /*
236 * memcg which the event belongs to.
237 */
238 struct mem_cgroup *memcg;
239 /*
240 * eventfd to signal userspace about the event.
241 */
242 struct eventfd_ctx *eventfd;
243 /*
244 * Each of these stored in a list by the cgroup.
245 */
246 struct list_head list;
247 /*
248 * register_event() callback will be used to add new userspace
249 * waiter for changes related to this event. Use eventfd_signal()
250 * on eventfd to send notification to userspace.
251 */
252 int (*register_event)(struct mem_cgroup *memcg,
253 struct eventfd_ctx *eventfd, const char *args);
254 /*
255 * unregister_event() callback will be called when userspace closes
256 * the eventfd or on cgroup removing. This callback must be set,
257 * if you want provide notification functionality.
258 */
259 void (*unregister_event)(struct mem_cgroup *memcg,
260 struct eventfd_ctx *eventfd);
261 /*
262 * All fields below needed to unregister event when
263 * userspace closes eventfd.
264 */
265 poll_table pt;
266 wait_queue_head_t *wqh;
267 wait_queue_t wait;
268 struct work_struct remove;
269 };
270
271 static void mem_cgroup_threshold(struct mem_cgroup *memcg);
272 static void mem_cgroup_oom_notify(struct mem_cgroup *memcg);
273
274 /*
275 * The memory controller data structure. The memory controller controls both
276 * page cache and RSS per cgroup. We would eventually like to provide
277 * statistics based on the statistics developed by Rik Van Riel for clock-pro,
278 * to help the administrator determine what knobs to tune.
279 *
280 * TODO: Add a water mark for the memory controller. Reclaim will begin when
281 * we hit the water mark. May be even add a low water mark, such that
282 * no reclaim occurs from a cgroup at it's low water mark, this is
283 * a feature that will be implemented much later in the future.
284 */
285 struct mem_cgroup {
286 struct cgroup_subsys_state css;
287 /*
288 * the counter to account for memory usage
289 */
290 struct res_counter res;
291
292 /* vmpressure notifications */
293 struct vmpressure vmpressure;
294
295 /*
296 * the counter to account for mem+swap usage.
297 */
298 struct res_counter memsw;
299
300 /*
301 * the counter to account for kernel memory usage.
302 */
303 struct res_counter kmem;
304 /*
305 * Should the accounting and control be hierarchical, per subtree?
306 */
307 bool use_hierarchy;
308 unsigned long kmem_account_flags; /* See KMEM_ACCOUNTED_*, below */
309
310 bool oom_lock;
311 atomic_t under_oom;
312 atomic_t oom_wakeups;
313
314 int swappiness;
315 /* OOM-Killer disable */
316 int oom_kill_disable;
317
318 /* set when res.limit == memsw.limit */
319 bool memsw_is_minimum;
320
321 /* protect arrays of thresholds */
322 struct mutex thresholds_lock;
323
324 /* thresholds for memory usage. RCU-protected */
325 struct mem_cgroup_thresholds thresholds;
326
327 /* thresholds for mem+swap usage. RCU-protected */
328 struct mem_cgroup_thresholds memsw_thresholds;
329
330 /* For oom notifier event fd */
331 struct list_head oom_notify;
332
333 /*
334 * Should we move charges of a task when a task is moved into this
335 * mem_cgroup ? And what type of charges should we move ?
336 */
337 unsigned long move_charge_at_immigrate;
338 /*
339 * set > 0 if pages under this cgroup are moving to other cgroup.
340 */
341 atomic_t moving_account;
342 /* taken only while moving_account > 0 */
343 spinlock_t move_lock;
344 /*
345 * percpu counter.
346 */
347 struct mem_cgroup_stat_cpu __percpu *stat;
348 /*
349 * used when a cpu is offlined or other synchronizations
350 * See mem_cgroup_read_stat().
351 */
352 struct mem_cgroup_stat_cpu nocpu_base;
353 spinlock_t pcp_counter_lock;
354
355 atomic_t dead_count;
356 #if defined(CONFIG_MEMCG_KMEM) && defined(CONFIG_INET)
357 struct cg_proto tcp_mem;
358 #endif
359 #if defined(CONFIG_MEMCG_KMEM)
360 /* analogous to slab_common's slab_caches list. per-memcg */
361 struct list_head memcg_slab_caches;
362 /* Not a spinlock, we can take a lot of time walking the list */
363 struct mutex slab_caches_mutex;
364 /* Index in the kmem_cache->memcg_params->memcg_caches array */
365 int kmemcg_id;
366 #endif
367
368 int last_scanned_node;
369 #if MAX_NUMNODES > 1
370 nodemask_t scan_nodes;
371 atomic_t numainfo_events;
372 atomic_t numainfo_updating;
373 #endif
374
375 /* List of events which userspace want to receive */
376 struct list_head event_list;
377 spinlock_t event_list_lock;
378
379 struct mem_cgroup_per_node *nodeinfo[0];
380 /* WARNING: nodeinfo must be the last member here */
381 };
382
383 /* internal only representation about the status of kmem accounting. */
384 enum {
385 KMEM_ACCOUNTED_ACTIVE, /* accounted by this cgroup itself */
386 KMEM_ACCOUNTED_DEAD, /* dead memcg with pending kmem charges */
387 };
388
389 #ifdef CONFIG_MEMCG_KMEM
390 static inline void memcg_kmem_set_active(struct mem_cgroup *memcg)
391 {
392 set_bit(KMEM_ACCOUNTED_ACTIVE, &memcg->kmem_account_flags);
393 }
394
395 static bool memcg_kmem_is_active(struct mem_cgroup *memcg)
396 {
397 return test_bit(KMEM_ACCOUNTED_ACTIVE, &memcg->kmem_account_flags);
398 }
399
400 static void memcg_kmem_mark_dead(struct mem_cgroup *memcg)
401 {
402 /*
403 * Our caller must use css_get() first, because memcg_uncharge_kmem()
404 * will call css_put() if it sees the memcg is dead.
405 */
406 smp_wmb();
407 if (test_bit(KMEM_ACCOUNTED_ACTIVE, &memcg->kmem_account_flags))
408 set_bit(KMEM_ACCOUNTED_DEAD, &memcg->kmem_account_flags);
409 }
410
411 static bool memcg_kmem_test_and_clear_dead(struct mem_cgroup *memcg)
412 {
413 return test_and_clear_bit(KMEM_ACCOUNTED_DEAD,
414 &memcg->kmem_account_flags);
415 }
416 #endif
417
418 /* Stuffs for move charges at task migration. */
419 /*
420 * Types of charges to be moved. "move_charge_at_immitgrate" and
421 * "immigrate_flags" are treated as a left-shifted bitmap of these types.
422 */
423 enum move_type {
424 MOVE_CHARGE_TYPE_ANON, /* private anonymous page and swap of it */
425 MOVE_CHARGE_TYPE_FILE, /* file page(including tmpfs) and swap of it */
426 NR_MOVE_TYPE,
427 };
428
429 /* "mc" and its members are protected by cgroup_mutex */
430 static struct move_charge_struct {
431 spinlock_t lock; /* for from, to */
432 struct mem_cgroup *from;
433 struct mem_cgroup *to;
434 unsigned long immigrate_flags;
435 unsigned long precharge;
436 unsigned long moved_charge;
437 unsigned long moved_swap;
438 struct task_struct *moving_task; /* a task moving charges */
439 wait_queue_head_t waitq; /* a waitq for other context */
440 } mc = {
441 .lock = __SPIN_LOCK_UNLOCKED(mc.lock),
442 .waitq = __WAIT_QUEUE_HEAD_INITIALIZER(mc.waitq),
443 };
444
445 static bool move_anon(void)
446 {
447 return test_bit(MOVE_CHARGE_TYPE_ANON, &mc.immigrate_flags);
448 }
449
450 static bool move_file(void)
451 {
452 return test_bit(MOVE_CHARGE_TYPE_FILE, &mc.immigrate_flags);
453 }
454
455 /*
456 * Maximum loops in mem_cgroup_hierarchical_reclaim(), used for soft
457 * limit reclaim to prevent infinite loops, if they ever occur.
458 */
459 #define MEM_CGROUP_MAX_RECLAIM_LOOPS 100
460 #define MEM_CGROUP_MAX_SOFT_LIMIT_RECLAIM_LOOPS 2
461
462 enum charge_type {
463 MEM_CGROUP_CHARGE_TYPE_CACHE = 0,
464 MEM_CGROUP_CHARGE_TYPE_ANON,
465 MEM_CGROUP_CHARGE_TYPE_SWAPOUT, /* for accounting swapcache */
466 MEM_CGROUP_CHARGE_TYPE_DROP, /* a page was unused swap cache */
467 NR_CHARGE_TYPE,
468 };
469
470 /* for encoding cft->private value on file */
471 enum res_type {
472 _MEM,
473 _MEMSWAP,
474 _OOM_TYPE,
475 _KMEM,
476 };
477
478 #define MEMFILE_PRIVATE(x, val) ((x) << 16 | (val))
479 #define MEMFILE_TYPE(val) ((val) >> 16 & 0xffff)
480 #define MEMFILE_ATTR(val) ((val) & 0xffff)
481 /* Used for OOM nofiier */
482 #define OOM_CONTROL (0)
483
484 /*
485 * Reclaim flags for mem_cgroup_hierarchical_reclaim
486 */
487 #define MEM_CGROUP_RECLAIM_NOSWAP_BIT 0x0
488 #define MEM_CGROUP_RECLAIM_NOSWAP (1 << MEM_CGROUP_RECLAIM_NOSWAP_BIT)
489 #define MEM_CGROUP_RECLAIM_SHRINK_BIT 0x1
490 #define MEM_CGROUP_RECLAIM_SHRINK (1 << MEM_CGROUP_RECLAIM_SHRINK_BIT)
491
492 /*
493 * The memcg_create_mutex will be held whenever a new cgroup is created.
494 * As a consequence, any change that needs to protect against new child cgroups
495 * appearing has to hold it as well.
496 */
497 static DEFINE_MUTEX(memcg_create_mutex);
498
499 struct mem_cgroup *mem_cgroup_from_css(struct cgroup_subsys_state *s)
500 {
501 return s ? container_of(s, struct mem_cgroup, css) : NULL;
502 }
503
504 /* Some nice accessors for the vmpressure. */
505 struct vmpressure *memcg_to_vmpressure(struct mem_cgroup *memcg)
506 {
507 if (!memcg)
508 memcg = root_mem_cgroup;
509 return &memcg->vmpressure;
510 }
511
512 struct cgroup_subsys_state *vmpressure_to_css(struct vmpressure *vmpr)
513 {
514 return &container_of(vmpr, struct mem_cgroup, vmpressure)->css;
515 }
516
517 static inline bool mem_cgroup_is_root(struct mem_cgroup *memcg)
518 {
519 return (memcg == root_mem_cgroup);
520 }
521
522 /*
523 * We restrict the id in the range of [1, 65535], so it can fit into
524 * an unsigned short.
525 */
526 #define MEM_CGROUP_ID_MAX USHRT_MAX
527
528 static inline unsigned short mem_cgroup_id(struct mem_cgroup *memcg)
529 {
530 /*
531 * The ID of the root cgroup is 0, but memcg treat 0 as an
532 * invalid ID, so we return (cgroup_id + 1).
533 */
534 return memcg->css.cgroup->id + 1;
535 }
536
537 static inline struct mem_cgroup *mem_cgroup_from_id(unsigned short id)
538 {
539 struct cgroup_subsys_state *css;
540
541 css = css_from_id(id - 1, &memory_cgrp_subsys);
542 return mem_cgroup_from_css(css);
543 }
544
545 /* Writing them here to avoid exposing memcg's inner layout */
546 #if defined(CONFIG_INET) && defined(CONFIG_MEMCG_KMEM)
547
548 void sock_update_memcg(struct sock *sk)
549 {
550 if (mem_cgroup_sockets_enabled) {
551 struct mem_cgroup *memcg;
552 struct cg_proto *cg_proto;
553
554 BUG_ON(!sk->sk_prot->proto_cgroup);
555
556 /* Socket cloning can throw us here with sk_cgrp already
557 * filled. It won't however, necessarily happen from
558 * process context. So the test for root memcg given
559 * the current task's memcg won't help us in this case.
560 *
561 * Respecting the original socket's memcg is a better
562 * decision in this case.
563 */
564 if (sk->sk_cgrp) {
565 BUG_ON(mem_cgroup_is_root(sk->sk_cgrp->memcg));
566 css_get(&sk->sk_cgrp->memcg->css);
567 return;
568 }
569
570 rcu_read_lock();
571 memcg = mem_cgroup_from_task(current);
572 cg_proto = sk->sk_prot->proto_cgroup(memcg);
573 if (!mem_cgroup_is_root(memcg) &&
574 memcg_proto_active(cg_proto) && css_tryget(&memcg->css)) {
575 sk->sk_cgrp = cg_proto;
576 }
577 rcu_read_unlock();
578 }
579 }
580 EXPORT_SYMBOL(sock_update_memcg);
581
582 void sock_release_memcg(struct sock *sk)
583 {
584 if (mem_cgroup_sockets_enabled && sk->sk_cgrp) {
585 struct mem_cgroup *memcg;
586 WARN_ON(!sk->sk_cgrp->memcg);
587 memcg = sk->sk_cgrp->memcg;
588 css_put(&sk->sk_cgrp->memcg->css);
589 }
590 }
591
592 struct cg_proto *tcp_proto_cgroup(struct mem_cgroup *memcg)
593 {
594 if (!memcg || mem_cgroup_is_root(memcg))
595 return NULL;
596
597 return &memcg->tcp_mem;
598 }
599 EXPORT_SYMBOL(tcp_proto_cgroup);
600
601 static void disarm_sock_keys(struct mem_cgroup *memcg)
602 {
603 if (!memcg_proto_activated(&memcg->tcp_mem))
604 return;
605 static_key_slow_dec(&memcg_socket_limit_enabled);
606 }
607 #else
608 static void disarm_sock_keys(struct mem_cgroup *memcg)
609 {
610 }
611 #endif
612
613 #ifdef CONFIG_MEMCG_KMEM
614 /*
615 * This will be the memcg's index in each cache's ->memcg_params->memcg_caches.
616 * The main reason for not using cgroup id for this:
617 * this works better in sparse environments, where we have a lot of memcgs,
618 * but only a few kmem-limited. Or also, if we have, for instance, 200
619 * memcgs, and none but the 200th is kmem-limited, we'd have to have a
620 * 200 entry array for that.
621 *
622 * The current size of the caches array is stored in
623 * memcg_limited_groups_array_size. It will double each time we have to
624 * increase it.
625 */
626 static DEFINE_IDA(kmem_limited_groups);
627 int memcg_limited_groups_array_size;
628
629 /*
630 * MIN_SIZE is different than 1, because we would like to avoid going through
631 * the alloc/free process all the time. In a small machine, 4 kmem-limited
632 * cgroups is a reasonable guess. In the future, it could be a parameter or
633 * tunable, but that is strictly not necessary.
634 *
635 * MAX_SIZE should be as large as the number of cgrp_ids. Ideally, we could get
636 * this constant directly from cgroup, but it is understandable that this is
637 * better kept as an internal representation in cgroup.c. In any case, the
638 * cgrp_id space is not getting any smaller, and we don't have to necessarily
639 * increase ours as well if it increases.
640 */
641 #define MEMCG_CACHES_MIN_SIZE 4
642 #define MEMCG_CACHES_MAX_SIZE MEM_CGROUP_ID_MAX
643
644 /*
645 * A lot of the calls to the cache allocation functions are expected to be
646 * inlined by the compiler. Since the calls to memcg_kmem_get_cache are
647 * conditional to this static branch, we'll have to allow modules that does
648 * kmem_cache_alloc and the such to see this symbol as well
649 */
650 struct static_key memcg_kmem_enabled_key;
651 EXPORT_SYMBOL(memcg_kmem_enabled_key);
652
653 static void disarm_kmem_keys(struct mem_cgroup *memcg)
654 {
655 if (memcg_kmem_is_active(memcg)) {
656 static_key_slow_dec(&memcg_kmem_enabled_key);
657 ida_simple_remove(&kmem_limited_groups, memcg->kmemcg_id);
658 }
659 /*
660 * This check can't live in kmem destruction function,
661 * since the charges will outlive the cgroup
662 */
663 WARN_ON(res_counter_read_u64(&memcg->kmem, RES_USAGE) != 0);
664 }
665 #else
666 static void disarm_kmem_keys(struct mem_cgroup *memcg)
667 {
668 }
669 #endif /* CONFIG_MEMCG_KMEM */
670
671 static void disarm_static_keys(struct mem_cgroup *memcg)
672 {
673 disarm_sock_keys(memcg);
674 disarm_kmem_keys(memcg);
675 }
676
677 static void drain_all_stock_async(struct mem_cgroup *memcg);
678
679 static struct mem_cgroup_per_zone *
680 mem_cgroup_zoneinfo(struct mem_cgroup *memcg, int nid, int zid)
681 {
682 VM_BUG_ON((unsigned)nid >= nr_node_ids);
683 return &memcg->nodeinfo[nid]->zoneinfo[zid];
684 }
685
686 struct cgroup_subsys_state *mem_cgroup_css(struct mem_cgroup *memcg)
687 {
688 return &memcg->css;
689 }
690
691 static struct mem_cgroup_per_zone *
692 page_cgroup_zoneinfo(struct mem_cgroup *memcg, struct page *page)
693 {
694 int nid = page_to_nid(page);
695 int zid = page_zonenum(page);
696
697 return mem_cgroup_zoneinfo(memcg, nid, zid);
698 }
699
700 static struct mem_cgroup_tree_per_zone *
701 soft_limit_tree_node_zone(int nid, int zid)
702 {
703 return &soft_limit_tree.rb_tree_per_node[nid]->rb_tree_per_zone[zid];
704 }
705
706 static struct mem_cgroup_tree_per_zone *
707 soft_limit_tree_from_page(struct page *page)
708 {
709 int nid = page_to_nid(page);
710 int zid = page_zonenum(page);
711
712 return &soft_limit_tree.rb_tree_per_node[nid]->rb_tree_per_zone[zid];
713 }
714
715 static void
716 __mem_cgroup_insert_exceeded(struct mem_cgroup *memcg,
717 struct mem_cgroup_per_zone *mz,
718 struct mem_cgroup_tree_per_zone *mctz,
719 unsigned long long new_usage_in_excess)
720 {
721 struct rb_node **p = &mctz->rb_root.rb_node;
722 struct rb_node *parent = NULL;
723 struct mem_cgroup_per_zone *mz_node;
724
725 if (mz->on_tree)
726 return;
727
728 mz->usage_in_excess = new_usage_in_excess;
729 if (!mz->usage_in_excess)
730 return;
731 while (*p) {
732 parent = *p;
733 mz_node = rb_entry(parent, struct mem_cgroup_per_zone,
734 tree_node);
735 if (mz->usage_in_excess < mz_node->usage_in_excess)
736 p = &(*p)->rb_left;
737 /*
738 * We can't avoid mem cgroups that are over their soft
739 * limit by the same amount
740 */
741 else if (mz->usage_in_excess >= mz_node->usage_in_excess)
742 p = &(*p)->rb_right;
743 }
744 rb_link_node(&mz->tree_node, parent, p);
745 rb_insert_color(&mz->tree_node, &mctz->rb_root);
746 mz->on_tree = true;
747 }
748
749 static void
750 __mem_cgroup_remove_exceeded(struct mem_cgroup *memcg,
751 struct mem_cgroup_per_zone *mz,
752 struct mem_cgroup_tree_per_zone *mctz)
753 {
754 if (!mz->on_tree)
755 return;
756 rb_erase(&mz->tree_node, &mctz->rb_root);
757 mz->on_tree = false;
758 }
759
760 static void
761 mem_cgroup_remove_exceeded(struct mem_cgroup *memcg,
762 struct mem_cgroup_per_zone *mz,
763 struct mem_cgroup_tree_per_zone *mctz)
764 {
765 spin_lock(&mctz->lock);
766 __mem_cgroup_remove_exceeded(memcg, mz, mctz);
767 spin_unlock(&mctz->lock);
768 }
769
770
771 static void mem_cgroup_update_tree(struct mem_cgroup *memcg, struct page *page)
772 {
773 unsigned long long excess;
774 struct mem_cgroup_per_zone *mz;
775 struct mem_cgroup_tree_per_zone *mctz;
776 int nid = page_to_nid(page);
777 int zid = page_zonenum(page);
778 mctz = soft_limit_tree_from_page(page);
779
780 /*
781 * Necessary to update all ancestors when hierarchy is used.
782 * because their event counter is not touched.
783 */
784 for (; memcg; memcg = parent_mem_cgroup(memcg)) {
785 mz = mem_cgroup_zoneinfo(memcg, nid, zid);
786 excess = res_counter_soft_limit_excess(&memcg->res);
787 /*
788 * We have to update the tree if mz is on RB-tree or
789 * mem is over its softlimit.
790 */
791 if (excess || mz->on_tree) {
792 spin_lock(&mctz->lock);
793 /* if on-tree, remove it */
794 if (mz->on_tree)
795 __mem_cgroup_remove_exceeded(memcg, mz, mctz);
796 /*
797 * Insert again. mz->usage_in_excess will be updated.
798 * If excess is 0, no tree ops.
799 */
800 __mem_cgroup_insert_exceeded(memcg, mz, mctz, excess);
801 spin_unlock(&mctz->lock);
802 }
803 }
804 }
805
806 static void mem_cgroup_remove_from_trees(struct mem_cgroup *memcg)
807 {
808 int node, zone;
809 struct mem_cgroup_per_zone *mz;
810 struct mem_cgroup_tree_per_zone *mctz;
811
812 for_each_node(node) {
813 for (zone = 0; zone < MAX_NR_ZONES; zone++) {
814 mz = mem_cgroup_zoneinfo(memcg, node, zone);
815 mctz = soft_limit_tree_node_zone(node, zone);
816 mem_cgroup_remove_exceeded(memcg, mz, mctz);
817 }
818 }
819 }
820
821 static struct mem_cgroup_per_zone *
822 __mem_cgroup_largest_soft_limit_node(struct mem_cgroup_tree_per_zone *mctz)
823 {
824 struct rb_node *rightmost = NULL;
825 struct mem_cgroup_per_zone *mz;
826
827 retry:
828 mz = NULL;
829 rightmost = rb_last(&mctz->rb_root);
830 if (!rightmost)
831 goto done; /* Nothing to reclaim from */
832
833 mz = rb_entry(rightmost, struct mem_cgroup_per_zone, tree_node);
834 /*
835 * Remove the node now but someone else can add it back,
836 * we will to add it back at the end of reclaim to its correct
837 * position in the tree.
838 */
839 __mem_cgroup_remove_exceeded(mz->memcg, mz, mctz);
840 if (!res_counter_soft_limit_excess(&mz->memcg->res) ||
841 !css_tryget(&mz->memcg->css))
842 goto retry;
843 done:
844 return mz;
845 }
846
847 static struct mem_cgroup_per_zone *
848 mem_cgroup_largest_soft_limit_node(struct mem_cgroup_tree_per_zone *mctz)
849 {
850 struct mem_cgroup_per_zone *mz;
851
852 spin_lock(&mctz->lock);
853 mz = __mem_cgroup_largest_soft_limit_node(mctz);
854 spin_unlock(&mctz->lock);
855 return mz;
856 }
857
858 /*
859 * Implementation Note: reading percpu statistics for memcg.
860 *
861 * Both of vmstat[] and percpu_counter has threshold and do periodic
862 * synchronization to implement "quick" read. There are trade-off between
863 * reading cost and precision of value. Then, we may have a chance to implement
864 * a periodic synchronizion of counter in memcg's counter.
865 *
866 * But this _read() function is used for user interface now. The user accounts
867 * memory usage by memory cgroup and he _always_ requires exact value because
868 * he accounts memory. Even if we provide quick-and-fuzzy read, we always
869 * have to visit all online cpus and make sum. So, for now, unnecessary
870 * synchronization is not implemented. (just implemented for cpu hotplug)
871 *
872 * If there are kernel internal actions which can make use of some not-exact
873 * value, and reading all cpu value can be performance bottleneck in some
874 * common workload, threashold and synchonization as vmstat[] should be
875 * implemented.
876 */
877 static long mem_cgroup_read_stat(struct mem_cgroup *memcg,
878 enum mem_cgroup_stat_index idx)
879 {
880 long val = 0;
881 int cpu;
882
883 get_online_cpus();
884 for_each_online_cpu(cpu)
885 val += per_cpu(memcg->stat->count[idx], cpu);
886 #ifdef CONFIG_HOTPLUG_CPU
887 spin_lock(&memcg->pcp_counter_lock);
888 val += memcg->nocpu_base.count[idx];
889 spin_unlock(&memcg->pcp_counter_lock);
890 #endif
891 put_online_cpus();
892 return val;
893 }
894
895 static void mem_cgroup_swap_statistics(struct mem_cgroup *memcg,
896 bool charge)
897 {
898 int val = (charge) ? 1 : -1;
899 this_cpu_add(memcg->stat->count[MEM_CGROUP_STAT_SWAP], val);
900 }
901
902 static unsigned long mem_cgroup_read_events(struct mem_cgroup *memcg,
903 enum mem_cgroup_events_index idx)
904 {
905 unsigned long val = 0;
906 int cpu;
907
908 get_online_cpus();
909 for_each_online_cpu(cpu)
910 val += per_cpu(memcg->stat->events[idx], cpu);
911 #ifdef CONFIG_HOTPLUG_CPU
912 spin_lock(&memcg->pcp_counter_lock);
913 val += memcg->nocpu_base.events[idx];
914 spin_unlock(&memcg->pcp_counter_lock);
915 #endif
916 put_online_cpus();
917 return val;
918 }
919
920 static void mem_cgroup_charge_statistics(struct mem_cgroup *memcg,
921 struct page *page,
922 bool anon, int nr_pages)
923 {
924 /*
925 * Here, RSS means 'mapped anon' and anon's SwapCache. Shmem/tmpfs is
926 * counted as CACHE even if it's on ANON LRU.
927 */
928 if (anon)
929 __this_cpu_add(memcg->stat->count[MEM_CGROUP_STAT_RSS],
930 nr_pages);
931 else
932 __this_cpu_add(memcg->stat->count[MEM_CGROUP_STAT_CACHE],
933 nr_pages);
934
935 if (PageTransHuge(page))
936 __this_cpu_add(memcg->stat->count[MEM_CGROUP_STAT_RSS_HUGE],
937 nr_pages);
938
939 /* pagein of a big page is an event. So, ignore page size */
940 if (nr_pages > 0)
941 __this_cpu_inc(memcg->stat->events[MEM_CGROUP_EVENTS_PGPGIN]);
942 else {
943 __this_cpu_inc(memcg->stat->events[MEM_CGROUP_EVENTS_PGPGOUT]);
944 nr_pages = -nr_pages; /* for event */
945 }
946
947 __this_cpu_add(memcg->stat->nr_page_events, nr_pages);
948 }
949
950 unsigned long
951 mem_cgroup_get_lru_size(struct lruvec *lruvec, enum lru_list lru)
952 {
953 struct mem_cgroup_per_zone *mz;
954
955 mz = container_of(lruvec, struct mem_cgroup_per_zone, lruvec);
956 return mz->lru_size[lru];
957 }
958
959 static unsigned long
960 mem_cgroup_zone_nr_lru_pages(struct mem_cgroup *memcg, int nid, int zid,
961 unsigned int lru_mask)
962 {
963 struct mem_cgroup_per_zone *mz;
964 enum lru_list lru;
965 unsigned long ret = 0;
966
967 mz = mem_cgroup_zoneinfo(memcg, nid, zid);
968
969 for_each_lru(lru) {
970 if (BIT(lru) & lru_mask)
971 ret += mz->lru_size[lru];
972 }
973 return ret;
974 }
975
976 static unsigned long
977 mem_cgroup_node_nr_lru_pages(struct mem_cgroup *memcg,
978 int nid, unsigned int lru_mask)
979 {
980 u64 total = 0;
981 int zid;
982
983 for (zid = 0; zid < MAX_NR_ZONES; zid++)
984 total += mem_cgroup_zone_nr_lru_pages(memcg,
985 nid, zid, lru_mask);
986
987 return total;
988 }
989
990 static unsigned long mem_cgroup_nr_lru_pages(struct mem_cgroup *memcg,
991 unsigned int lru_mask)
992 {
993 int nid;
994 u64 total = 0;
995
996 for_each_node_state(nid, N_MEMORY)
997 total += mem_cgroup_node_nr_lru_pages(memcg, nid, lru_mask);
998 return total;
999 }
1000
1001 static bool mem_cgroup_event_ratelimit(struct mem_cgroup *memcg,
1002 enum mem_cgroup_events_target target)
1003 {
1004 unsigned long val, next;
1005
1006 val = __this_cpu_read(memcg->stat->nr_page_events);
1007 next = __this_cpu_read(memcg->stat->targets[target]);
1008 /* from time_after() in jiffies.h */
1009 if ((long)next - (long)val < 0) {
1010 switch (target) {
1011 case MEM_CGROUP_TARGET_THRESH:
1012 next = val + THRESHOLDS_EVENTS_TARGET;
1013 break;
1014 case MEM_CGROUP_TARGET_SOFTLIMIT:
1015 next = val + SOFTLIMIT_EVENTS_TARGET;
1016 break;
1017 case MEM_CGROUP_TARGET_NUMAINFO:
1018 next = val + NUMAINFO_EVENTS_TARGET;
1019 break;
1020 default:
1021 break;
1022 }
1023 __this_cpu_write(memcg->stat->targets[target], next);
1024 return true;
1025 }
1026 return false;
1027 }
1028
1029 /*
1030 * Check events in order.
1031 *
1032 */
1033 static void memcg_check_events(struct mem_cgroup *memcg, struct page *page)
1034 {
1035 preempt_disable();
1036 /* threshold event is triggered in finer grain than soft limit */
1037 if (unlikely(mem_cgroup_event_ratelimit(memcg,
1038 MEM_CGROUP_TARGET_THRESH))) {
1039 bool do_softlimit;
1040 bool do_numainfo __maybe_unused;
1041
1042 do_softlimit = mem_cgroup_event_ratelimit(memcg,
1043 MEM_CGROUP_TARGET_SOFTLIMIT);
1044 #if MAX_NUMNODES > 1
1045 do_numainfo = mem_cgroup_event_ratelimit(memcg,
1046 MEM_CGROUP_TARGET_NUMAINFO);
1047 #endif
1048 preempt_enable();
1049
1050 mem_cgroup_threshold(memcg);
1051 if (unlikely(do_softlimit))
1052 mem_cgroup_update_tree(memcg, page);
1053 #if MAX_NUMNODES > 1
1054 if (unlikely(do_numainfo))
1055 atomic_inc(&memcg->numainfo_events);
1056 #endif
1057 } else
1058 preempt_enable();
1059 }
1060
1061 struct mem_cgroup *mem_cgroup_from_task(struct task_struct *p)
1062 {
1063 /*
1064 * mm_update_next_owner() may clear mm->owner to NULL
1065 * if it races with swapoff, page migration, etc.
1066 * So this can be called with p == NULL.
1067 */
1068 if (unlikely(!p))
1069 return NULL;
1070
1071 return mem_cgroup_from_css(task_css(p, memory_cgrp_id));
1072 }
1073
1074 struct mem_cgroup *try_get_mem_cgroup_from_mm(struct mm_struct *mm)
1075 {
1076 struct mem_cgroup *memcg = NULL;
1077
1078 rcu_read_lock();
1079 do {
1080 memcg = mem_cgroup_from_task(rcu_dereference(mm->owner));
1081 if (unlikely(!memcg))
1082 break;
1083 } while (!css_tryget(&memcg->css));
1084 rcu_read_unlock();
1085 return memcg;
1086 }
1087
1088 /*
1089 * Returns a next (in a pre-order walk) alive memcg (with elevated css
1090 * ref. count) or NULL if the whole root's subtree has been visited.
1091 *
1092 * helper function to be used by mem_cgroup_iter
1093 */
1094 static struct mem_cgroup *__mem_cgroup_iter_next(struct mem_cgroup *root,
1095 struct mem_cgroup *last_visited)
1096 {
1097 struct cgroup_subsys_state *prev_css, *next_css;
1098
1099 prev_css = last_visited ? &last_visited->css : NULL;
1100 skip_node:
1101 next_css = css_next_descendant_pre(prev_css, &root->css);
1102
1103 /*
1104 * Even if we found a group we have to make sure it is
1105 * alive. css && !memcg means that the groups should be
1106 * skipped and we should continue the tree walk.
1107 * last_visited css is safe to use because it is
1108 * protected by css_get and the tree walk is rcu safe.
1109 *
1110 * We do not take a reference on the root of the tree walk
1111 * because we might race with the root removal when it would
1112 * be the only node in the iterated hierarchy and mem_cgroup_iter
1113 * would end up in an endless loop because it expects that at
1114 * least one valid node will be returned. Root cannot disappear
1115 * because caller of the iterator should hold it already so
1116 * skipping css reference should be safe.
1117 */
1118 if (next_css) {
1119 if ((next_css == &root->css) ||
1120 ((next_css->flags & CSS_ONLINE) && css_tryget(next_css)))
1121 return mem_cgroup_from_css(next_css);
1122
1123 prev_css = next_css;
1124 goto skip_node;
1125 }
1126
1127 return NULL;
1128 }
1129
1130 static void mem_cgroup_iter_invalidate(struct mem_cgroup *root)
1131 {
1132 /*
1133 * When a group in the hierarchy below root is destroyed, the
1134 * hierarchy iterator can no longer be trusted since it might
1135 * have pointed to the destroyed group. Invalidate it.
1136 */
1137 atomic_inc(&root->dead_count);
1138 }
1139
1140 static struct mem_cgroup *
1141 mem_cgroup_iter_load(struct mem_cgroup_reclaim_iter *iter,
1142 struct mem_cgroup *root,
1143 int *sequence)
1144 {
1145 struct mem_cgroup *position = NULL;
1146 /*
1147 * A cgroup destruction happens in two stages: offlining and
1148 * release. They are separated by a RCU grace period.
1149 *
1150 * If the iterator is valid, we may still race with an
1151 * offlining. The RCU lock ensures the object won't be
1152 * released, tryget will fail if we lost the race.
1153 */
1154 *sequence = atomic_read(&root->dead_count);
1155 if (iter->last_dead_count == *sequence) {
1156 smp_rmb();
1157 position = iter->last_visited;
1158
1159 /*
1160 * We cannot take a reference to root because we might race
1161 * with root removal and returning NULL would end up in
1162 * an endless loop on the iterator user level when root
1163 * would be returned all the time.
1164 */
1165 if (position && position != root &&
1166 !css_tryget(&position->css))
1167 position = NULL;
1168 }
1169 return position;
1170 }
1171
1172 static void mem_cgroup_iter_update(struct mem_cgroup_reclaim_iter *iter,
1173 struct mem_cgroup *last_visited,
1174 struct mem_cgroup *new_position,
1175 struct mem_cgroup *root,
1176 int sequence)
1177 {
1178 /* root reference counting symmetric to mem_cgroup_iter_load */
1179 if (last_visited && last_visited != root)
1180 css_put(&last_visited->css);
1181 /*
1182 * We store the sequence count from the time @last_visited was
1183 * loaded successfully instead of rereading it here so that we
1184 * don't lose destruction events in between. We could have
1185 * raced with the destruction of @new_position after all.
1186 */
1187 iter->last_visited = new_position;
1188 smp_wmb();
1189 iter->last_dead_count = sequence;
1190 }
1191
1192 /**
1193 * mem_cgroup_iter - iterate over memory cgroup hierarchy
1194 * @root: hierarchy root
1195 * @prev: previously returned memcg, NULL on first invocation
1196 * @reclaim: cookie for shared reclaim walks, NULL for full walks
1197 *
1198 * Returns references to children of the hierarchy below @root, or
1199 * @root itself, or %NULL after a full round-trip.
1200 *
1201 * Caller must pass the return value in @prev on subsequent
1202 * invocations for reference counting, or use mem_cgroup_iter_break()
1203 * to cancel a hierarchy walk before the round-trip is complete.
1204 *
1205 * Reclaimers can specify a zone and a priority level in @reclaim to
1206 * divide up the memcgs in the hierarchy among all concurrent
1207 * reclaimers operating on the same zone and priority.
1208 */
1209 struct mem_cgroup *mem_cgroup_iter(struct mem_cgroup *root,
1210 struct mem_cgroup *prev,
1211 struct mem_cgroup_reclaim_cookie *reclaim)
1212 {
1213 struct mem_cgroup *memcg = NULL;
1214 struct mem_cgroup *last_visited = NULL;
1215
1216 if (mem_cgroup_disabled())
1217 return NULL;
1218
1219 if (!root)
1220 root = root_mem_cgroup;
1221
1222 if (prev && !reclaim)
1223 last_visited = prev;
1224
1225 if (!root->use_hierarchy && root != root_mem_cgroup) {
1226 if (prev)
1227 goto out_css_put;
1228 return root;
1229 }
1230
1231 rcu_read_lock();
1232 while (!memcg) {
1233 struct mem_cgroup_reclaim_iter *uninitialized_var(iter);
1234 int uninitialized_var(seq);
1235
1236 if (reclaim) {
1237 int nid = zone_to_nid(reclaim->zone);
1238 int zid = zone_idx(reclaim->zone);
1239 struct mem_cgroup_per_zone *mz;
1240
1241 mz = mem_cgroup_zoneinfo(root, nid, zid);
1242 iter = &mz->reclaim_iter[reclaim->priority];
1243 if (prev && reclaim->generation != iter->generation) {
1244 iter->last_visited = NULL;
1245 goto out_unlock;
1246 }
1247
1248 last_visited = mem_cgroup_iter_load(iter, root, &seq);
1249 }
1250
1251 memcg = __mem_cgroup_iter_next(root, last_visited);
1252
1253 if (reclaim) {
1254 mem_cgroup_iter_update(iter, last_visited, memcg, root,
1255 seq);
1256
1257 if (!memcg)
1258 iter->generation++;
1259 else if (!prev && memcg)
1260 reclaim->generation = iter->generation;
1261 }
1262
1263 if (prev && !memcg)
1264 goto out_unlock;
1265 }
1266 out_unlock:
1267 rcu_read_unlock();
1268 out_css_put:
1269 if (prev && prev != root)
1270 css_put(&prev->css);
1271
1272 return memcg;
1273 }
1274
1275 /**
1276 * mem_cgroup_iter_break - abort a hierarchy walk prematurely
1277 * @root: hierarchy root
1278 * @prev: last visited hierarchy member as returned by mem_cgroup_iter()
1279 */
1280 void mem_cgroup_iter_break(struct mem_cgroup *root,
1281 struct mem_cgroup *prev)
1282 {
1283 if (!root)
1284 root = root_mem_cgroup;
1285 if (prev && prev != root)
1286 css_put(&prev->css);
1287 }
1288
1289 /*
1290 * Iteration constructs for visiting all cgroups (under a tree). If
1291 * loops are exited prematurely (break), mem_cgroup_iter_break() must
1292 * be used for reference counting.
1293 */
1294 #define for_each_mem_cgroup_tree(iter, root) \
1295 for (iter = mem_cgroup_iter(root, NULL, NULL); \
1296 iter != NULL; \
1297 iter = mem_cgroup_iter(root, iter, NULL))
1298
1299 #define for_each_mem_cgroup(iter) \
1300 for (iter = mem_cgroup_iter(NULL, NULL, NULL); \
1301 iter != NULL; \
1302 iter = mem_cgroup_iter(NULL, iter, NULL))
1303
1304 void __mem_cgroup_count_vm_event(struct mm_struct *mm, enum vm_event_item idx)
1305 {
1306 struct mem_cgroup *memcg;
1307
1308 rcu_read_lock();
1309 memcg = mem_cgroup_from_task(rcu_dereference(mm->owner));
1310 if (unlikely(!memcg))
1311 goto out;
1312
1313 switch (idx) {
1314 case PGFAULT:
1315 this_cpu_inc(memcg->stat->events[MEM_CGROUP_EVENTS_PGFAULT]);
1316 break;
1317 case PGMAJFAULT:
1318 this_cpu_inc(memcg->stat->events[MEM_CGROUP_EVENTS_PGMAJFAULT]);
1319 break;
1320 default:
1321 BUG();
1322 }
1323 out:
1324 rcu_read_unlock();
1325 }
1326 EXPORT_SYMBOL(__mem_cgroup_count_vm_event);
1327
1328 /**
1329 * mem_cgroup_zone_lruvec - get the lru list vector for a zone and memcg
1330 * @zone: zone of the wanted lruvec
1331 * @memcg: memcg of the wanted lruvec
1332 *
1333 * Returns the lru list vector holding pages for the given @zone and
1334 * @mem. This can be the global zone lruvec, if the memory controller
1335 * is disabled.
1336 */
1337 struct lruvec *mem_cgroup_zone_lruvec(struct zone *zone,
1338 struct mem_cgroup *memcg)
1339 {
1340 struct mem_cgroup_per_zone *mz;
1341 struct lruvec *lruvec;
1342
1343 if (mem_cgroup_disabled()) {
1344 lruvec = &zone->lruvec;
1345 goto out;
1346 }
1347
1348 mz = mem_cgroup_zoneinfo(memcg, zone_to_nid(zone), zone_idx(zone));
1349 lruvec = &mz->lruvec;
1350 out:
1351 /*
1352 * Since a node can be onlined after the mem_cgroup was created,
1353 * we have to be prepared to initialize lruvec->zone here;
1354 * and if offlined then reonlined, we need to reinitialize it.
1355 */
1356 if (unlikely(lruvec->zone != zone))
1357 lruvec->zone = zone;
1358 return lruvec;
1359 }
1360
1361 /*
1362 * Following LRU functions are allowed to be used without PCG_LOCK.
1363 * Operations are called by routine of global LRU independently from memcg.
1364 * What we have to take care of here is validness of pc->mem_cgroup.
1365 *
1366 * Changes to pc->mem_cgroup happens when
1367 * 1. charge
1368 * 2. moving account
1369 * In typical case, "charge" is done before add-to-lru. Exception is SwapCache.
1370 * It is added to LRU before charge.
1371 * If PCG_USED bit is not set, page_cgroup is not added to this private LRU.
1372 * When moving account, the page is not on LRU. It's isolated.
1373 */
1374
1375 /**
1376 * mem_cgroup_page_lruvec - return lruvec for adding an lru page
1377 * @page: the page
1378 * @zone: zone of the page
1379 */
1380 struct lruvec *mem_cgroup_page_lruvec(struct page *page, struct zone *zone)
1381 {
1382 struct mem_cgroup_per_zone *mz;
1383 struct mem_cgroup *memcg;
1384 struct page_cgroup *pc;
1385 struct lruvec *lruvec;
1386
1387 if (mem_cgroup_disabled()) {
1388 lruvec = &zone->lruvec;
1389 goto out;
1390 }
1391
1392 pc = lookup_page_cgroup(page);
1393 memcg = pc->mem_cgroup;
1394
1395 /*
1396 * Surreptitiously switch any uncharged offlist page to root:
1397 * an uncharged page off lru does nothing to secure
1398 * its former mem_cgroup from sudden removal.
1399 *
1400 * Our caller holds lru_lock, and PageCgroupUsed is updated
1401 * under page_cgroup lock: between them, they make all uses
1402 * of pc->mem_cgroup safe.
1403 */
1404 if (!PageLRU(page) && !PageCgroupUsed(pc) && memcg != root_mem_cgroup)
1405 pc->mem_cgroup = memcg = root_mem_cgroup;
1406
1407 mz = page_cgroup_zoneinfo(memcg, page);
1408 lruvec = &mz->lruvec;
1409 out:
1410 /*
1411 * Since a node can be onlined after the mem_cgroup was created,
1412 * we have to be prepared to initialize lruvec->zone here;
1413 * and if offlined then reonlined, we need to reinitialize it.
1414 */
1415 if (unlikely(lruvec->zone != zone))
1416 lruvec->zone = zone;
1417 return lruvec;
1418 }
1419
1420 /**
1421 * mem_cgroup_update_lru_size - account for adding or removing an lru page
1422 * @lruvec: mem_cgroup per zone lru vector
1423 * @lru: index of lru list the page is sitting on
1424 * @nr_pages: positive when adding or negative when removing
1425 *
1426 * This function must be called when a page is added to or removed from an
1427 * lru list.
1428 */
1429 void mem_cgroup_update_lru_size(struct lruvec *lruvec, enum lru_list lru,
1430 int nr_pages)
1431 {
1432 struct mem_cgroup_per_zone *mz;
1433 unsigned long *lru_size;
1434
1435 if (mem_cgroup_disabled())
1436 return;
1437
1438 mz = container_of(lruvec, struct mem_cgroup_per_zone, lruvec);
1439 lru_size = mz->lru_size + lru;
1440 *lru_size += nr_pages;
1441 VM_BUG_ON((long)(*lru_size) < 0);
1442 }
1443
1444 /*
1445 * Checks whether given mem is same or in the root_mem_cgroup's
1446 * hierarchy subtree
1447 */
1448 bool __mem_cgroup_same_or_subtree(const struct mem_cgroup *root_memcg,
1449 struct mem_cgroup *memcg)
1450 {
1451 if (root_memcg == memcg)
1452 return true;
1453 if (!root_memcg->use_hierarchy || !memcg)
1454 return false;
1455 return cgroup_is_descendant(memcg->css.cgroup, root_memcg->css.cgroup);
1456 }
1457
1458 static bool mem_cgroup_same_or_subtree(const struct mem_cgroup *root_memcg,
1459 struct mem_cgroup *memcg)
1460 {
1461 bool ret;
1462
1463 rcu_read_lock();
1464 ret = __mem_cgroup_same_or_subtree(root_memcg, memcg);
1465 rcu_read_unlock();
1466 return ret;
1467 }
1468
1469 bool task_in_mem_cgroup(struct task_struct *task,
1470 const struct mem_cgroup *memcg)
1471 {
1472 struct mem_cgroup *curr = NULL;
1473 struct task_struct *p;
1474 bool ret;
1475
1476 p = find_lock_task_mm(task);
1477 if (p) {
1478 curr = try_get_mem_cgroup_from_mm(p->mm);
1479 task_unlock(p);
1480 } else {
1481 /*
1482 * All threads may have already detached their mm's, but the oom
1483 * killer still needs to detect if they have already been oom
1484 * killed to prevent needlessly killing additional tasks.
1485 */
1486 rcu_read_lock();
1487 curr = mem_cgroup_from_task(task);
1488 if (curr)
1489 css_get(&curr->css);
1490 rcu_read_unlock();
1491 }
1492 if (!curr)
1493 return false;
1494 /*
1495 * We should check use_hierarchy of "memcg" not "curr". Because checking
1496 * use_hierarchy of "curr" here make this function true if hierarchy is
1497 * enabled in "curr" and "curr" is a child of "memcg" in *cgroup*
1498 * hierarchy(even if use_hierarchy is disabled in "memcg").
1499 */
1500 ret = mem_cgroup_same_or_subtree(memcg, curr);
1501 css_put(&curr->css);
1502 return ret;
1503 }
1504
1505 int mem_cgroup_inactive_anon_is_low(struct lruvec *lruvec)
1506 {
1507 unsigned long inactive_ratio;
1508 unsigned long inactive;
1509 unsigned long active;
1510 unsigned long gb;
1511
1512 inactive = mem_cgroup_get_lru_size(lruvec, LRU_INACTIVE_ANON);
1513 active = mem_cgroup_get_lru_size(lruvec, LRU_ACTIVE_ANON);
1514
1515 gb = (inactive + active) >> (30 - PAGE_SHIFT);
1516 if (gb)
1517 inactive_ratio = int_sqrt(10 * gb);
1518 else
1519 inactive_ratio = 1;
1520
1521 return inactive * inactive_ratio < active;
1522 }
1523
1524 #define mem_cgroup_from_res_counter(counter, member) \
1525 container_of(counter, struct mem_cgroup, member)
1526
1527 /**
1528 * mem_cgroup_margin - calculate chargeable space of a memory cgroup
1529 * @memcg: the memory cgroup
1530 *
1531 * Returns the maximum amount of memory @mem can be charged with, in
1532 * pages.
1533 */
1534 static unsigned long mem_cgroup_margin(struct mem_cgroup *memcg)
1535 {
1536 unsigned long long margin;
1537
1538 margin = res_counter_margin(&memcg->res);
1539 if (do_swap_account)
1540 margin = min(margin, res_counter_margin(&memcg->memsw));
1541 return margin >> PAGE_SHIFT;
1542 }
1543
1544 int mem_cgroup_swappiness(struct mem_cgroup *memcg)
1545 {
1546 /* root ? */
1547 if (!css_parent(&memcg->css))
1548 return vm_swappiness;
1549
1550 return memcg->swappiness;
1551 }
1552
1553 /*
1554 * memcg->moving_account is used for checking possibility that some thread is
1555 * calling move_account(). When a thread on CPU-A starts moving pages under
1556 * a memcg, other threads should check memcg->moving_account under
1557 * rcu_read_lock(), like this:
1558 *
1559 * CPU-A CPU-B
1560 * rcu_read_lock()
1561 * memcg->moving_account+1 if (memcg->mocing_account)
1562 * take heavy locks.
1563 * synchronize_rcu() update something.
1564 * rcu_read_unlock()
1565 * start move here.
1566 */
1567
1568 /* for quick checking without looking up memcg */
1569 atomic_t memcg_moving __read_mostly;
1570
1571 static void mem_cgroup_start_move(struct mem_cgroup *memcg)
1572 {
1573 atomic_inc(&memcg_moving);
1574 atomic_inc(&memcg->moving_account);
1575 synchronize_rcu();
1576 }
1577
1578 static void mem_cgroup_end_move(struct mem_cgroup *memcg)
1579 {
1580 /*
1581 * Now, mem_cgroup_clear_mc() may call this function with NULL.
1582 * We check NULL in callee rather than caller.
1583 */
1584 if (memcg) {
1585 atomic_dec(&memcg_moving);
1586 atomic_dec(&memcg->moving_account);
1587 }
1588 }
1589
1590 /*
1591 * 2 routines for checking "mem" is under move_account() or not.
1592 *
1593 * mem_cgroup_stolen() - checking whether a cgroup is mc.from or not. This
1594 * is used for avoiding races in accounting. If true,
1595 * pc->mem_cgroup may be overwritten.
1596 *
1597 * mem_cgroup_under_move() - checking a cgroup is mc.from or mc.to or
1598 * under hierarchy of moving cgroups. This is for
1599 * waiting at hith-memory prressure caused by "move".
1600 */
1601
1602 static bool mem_cgroup_stolen(struct mem_cgroup *memcg)
1603 {
1604 VM_BUG_ON(!rcu_read_lock_held());
1605 return atomic_read(&memcg->moving_account) > 0;
1606 }
1607
1608 static bool mem_cgroup_under_move(struct mem_cgroup *memcg)
1609 {
1610 struct mem_cgroup *from;
1611 struct mem_cgroup *to;
1612 bool ret = false;
1613 /*
1614 * Unlike task_move routines, we access mc.to, mc.from not under
1615 * mutual exclusion by cgroup_mutex. Here, we take spinlock instead.
1616 */
1617 spin_lock(&mc.lock);
1618 from = mc.from;
1619 to = mc.to;
1620 if (!from)
1621 goto unlock;
1622
1623 ret = mem_cgroup_same_or_subtree(memcg, from)
1624 || mem_cgroup_same_or_subtree(memcg, to);
1625 unlock:
1626 spin_unlock(&mc.lock);
1627 return ret;
1628 }
1629
1630 static bool mem_cgroup_wait_acct_move(struct mem_cgroup *memcg)
1631 {
1632 if (mc.moving_task && current != mc.moving_task) {
1633 if (mem_cgroup_under_move(memcg)) {
1634 DEFINE_WAIT(wait);
1635 prepare_to_wait(&mc.waitq, &wait, TASK_INTERRUPTIBLE);
1636 /* moving charge context might have finished. */
1637 if (mc.moving_task)
1638 schedule();
1639 finish_wait(&mc.waitq, &wait);
1640 return true;
1641 }
1642 }
1643 return false;
1644 }
1645
1646 /*
1647 * Take this lock when
1648 * - a code tries to modify page's memcg while it's USED.
1649 * - a code tries to modify page state accounting in a memcg.
1650 * see mem_cgroup_stolen(), too.
1651 */
1652 static void move_lock_mem_cgroup(struct mem_cgroup *memcg,
1653 unsigned long *flags)
1654 {
1655 spin_lock_irqsave(&memcg->move_lock, *flags);
1656 }
1657
1658 static void move_unlock_mem_cgroup(struct mem_cgroup *memcg,
1659 unsigned long *flags)
1660 {
1661 spin_unlock_irqrestore(&memcg->move_lock, *flags);
1662 }
1663
1664 #define K(x) ((x) << (PAGE_SHIFT-10))
1665 /**
1666 * mem_cgroup_print_oom_info: Print OOM information relevant to memory controller.
1667 * @memcg: The memory cgroup that went over limit
1668 * @p: Task that is going to be killed
1669 *
1670 * NOTE: @memcg and @p's mem_cgroup can be different when hierarchy is
1671 * enabled
1672 */
1673 void mem_cgroup_print_oom_info(struct mem_cgroup *memcg, struct task_struct *p)
1674 {
1675 /* oom_info_lock ensures that parallel ooms do not interleave */
1676 static DEFINE_MUTEX(oom_info_lock);
1677 struct mem_cgroup *iter;
1678 unsigned int i;
1679
1680 if (!p)
1681 return;
1682
1683 mutex_lock(&oom_info_lock);
1684 rcu_read_lock();
1685
1686 pr_info("Task in ");
1687 pr_cont_cgroup_path(task_cgroup(p, memory_cgrp_id));
1688 pr_info(" killed as a result of limit of ");
1689 pr_cont_cgroup_path(memcg->css.cgroup);
1690 pr_info("\n");
1691
1692 rcu_read_unlock();
1693
1694 pr_info("memory: usage %llukB, limit %llukB, failcnt %llu\n",
1695 res_counter_read_u64(&memcg->res, RES_USAGE) >> 10,
1696 res_counter_read_u64(&memcg->res, RES_LIMIT) >> 10,
1697 res_counter_read_u64(&memcg->res, RES_FAILCNT));
1698 pr_info("memory+swap: usage %llukB, limit %llukB, failcnt %llu\n",
1699 res_counter_read_u64(&memcg->memsw, RES_USAGE) >> 10,
1700 res_counter_read_u64(&memcg->memsw, RES_LIMIT) >> 10,
1701 res_counter_read_u64(&memcg->memsw, RES_FAILCNT));
1702 pr_info("kmem: usage %llukB, limit %llukB, failcnt %llu\n",
1703 res_counter_read_u64(&memcg->kmem, RES_USAGE) >> 10,
1704 res_counter_read_u64(&memcg->kmem, RES_LIMIT) >> 10,
1705 res_counter_read_u64(&memcg->kmem, RES_FAILCNT));
1706
1707 for_each_mem_cgroup_tree(iter, memcg) {
1708 pr_info("Memory cgroup stats for ");
1709 pr_cont_cgroup_path(iter->css.cgroup);
1710 pr_cont(":");
1711
1712 for (i = 0; i < MEM_CGROUP_STAT_NSTATS; i++) {
1713 if (i == MEM_CGROUP_STAT_SWAP && !do_swap_account)
1714 continue;
1715 pr_cont(" %s:%ldKB", mem_cgroup_stat_names[i],
1716 K(mem_cgroup_read_stat(iter, i)));
1717 }
1718
1719 for (i = 0; i < NR_LRU_LISTS; i++)
1720 pr_cont(" %s:%luKB", mem_cgroup_lru_names[i],
1721 K(mem_cgroup_nr_lru_pages(iter, BIT(i))));
1722
1723 pr_cont("\n");
1724 }
1725 mutex_unlock(&oom_info_lock);
1726 }
1727
1728 /*
1729 * This function returns the number of memcg under hierarchy tree. Returns
1730 * 1(self count) if no children.
1731 */
1732 static int mem_cgroup_count_children(struct mem_cgroup *memcg)
1733 {
1734 int num = 0;
1735 struct mem_cgroup *iter;
1736
1737 for_each_mem_cgroup_tree(iter, memcg)
1738 num++;
1739 return num;
1740 }
1741
1742 /*
1743 * Return the memory (and swap, if configured) limit for a memcg.
1744 */
1745 static u64 mem_cgroup_get_limit(struct mem_cgroup *memcg)
1746 {
1747 u64 limit;
1748
1749 limit = res_counter_read_u64(&memcg->res, RES_LIMIT);
1750
1751 /*
1752 * Do not consider swap space if we cannot swap due to swappiness
1753 */
1754 if (mem_cgroup_swappiness(memcg)) {
1755 u64 memsw;
1756
1757 limit += total_swap_pages << PAGE_SHIFT;
1758 memsw = res_counter_read_u64(&memcg->memsw, RES_LIMIT);
1759
1760 /*
1761 * If memsw is finite and limits the amount of swap space
1762 * available to this memcg, return that limit.
1763 */
1764 limit = min(limit, memsw);
1765 }
1766
1767 return limit;
1768 }
1769
1770 static void mem_cgroup_out_of_memory(struct mem_cgroup *memcg, gfp_t gfp_mask,
1771 int order)
1772 {
1773 struct mem_cgroup *iter;
1774 unsigned long chosen_points = 0;
1775 unsigned long totalpages;
1776 unsigned int points = 0;
1777 struct task_struct *chosen = NULL;
1778
1779 /*
1780 * If current has a pending SIGKILL or is exiting, then automatically
1781 * select it. The goal is to allow it to allocate so that it may
1782 * quickly exit and free its memory.
1783 */
1784 if (fatal_signal_pending(current) || current->flags & PF_EXITING) {
1785 set_thread_flag(TIF_MEMDIE);
1786 return;
1787 }
1788
1789 check_panic_on_oom(CONSTRAINT_MEMCG, gfp_mask, order, NULL);
1790 totalpages = mem_cgroup_get_limit(memcg) >> PAGE_SHIFT ? : 1;
1791 for_each_mem_cgroup_tree(iter, memcg) {
1792 struct css_task_iter it;
1793 struct task_struct *task;
1794
1795 css_task_iter_start(&iter->css, &it);
1796 while ((task = css_task_iter_next(&it))) {
1797 switch (oom_scan_process_thread(task, totalpages, NULL,
1798 false)) {
1799 case OOM_SCAN_SELECT:
1800 if (chosen)
1801 put_task_struct(chosen);
1802 chosen = task;
1803 chosen_points = ULONG_MAX;
1804 get_task_struct(chosen);
1805 /* fall through */
1806 case OOM_SCAN_CONTINUE:
1807 continue;
1808 case OOM_SCAN_ABORT:
1809 css_task_iter_end(&it);
1810 mem_cgroup_iter_break(memcg, iter);
1811 if (chosen)
1812 put_task_struct(chosen);
1813 return;
1814 case OOM_SCAN_OK:
1815 break;
1816 };
1817 points = oom_badness(task, memcg, NULL, totalpages);
1818 if (!points || points < chosen_points)
1819 continue;
1820 /* Prefer thread group leaders for display purposes */
1821 if (points == chosen_points &&
1822 thread_group_leader(chosen))
1823 continue;
1824
1825 if (chosen)
1826 put_task_struct(chosen);
1827 chosen = task;
1828 chosen_points = points;
1829 get_task_struct(chosen);
1830 }
1831 css_task_iter_end(&it);
1832 }
1833
1834 if (!chosen)
1835 return;
1836 points = chosen_points * 1000 / totalpages;
1837 oom_kill_process(chosen, gfp_mask, order, points, totalpages, memcg,
1838 NULL, "Memory cgroup out of memory");
1839 }
1840
1841 static unsigned long mem_cgroup_reclaim(struct mem_cgroup *memcg,
1842 gfp_t gfp_mask,
1843 unsigned long flags)
1844 {
1845 unsigned long total = 0;
1846 bool noswap = false;
1847 int loop;
1848
1849 if (flags & MEM_CGROUP_RECLAIM_NOSWAP)
1850 noswap = true;
1851 if (!(flags & MEM_CGROUP_RECLAIM_SHRINK) && memcg->memsw_is_minimum)
1852 noswap = true;
1853
1854 for (loop = 0; loop < MEM_CGROUP_MAX_RECLAIM_LOOPS; loop++) {
1855 if (loop)
1856 drain_all_stock_async(memcg);
1857 total += try_to_free_mem_cgroup_pages(memcg, gfp_mask, noswap);
1858 /*
1859 * Allow limit shrinkers, which are triggered directly
1860 * by userspace, to catch signals and stop reclaim
1861 * after minimal progress, regardless of the margin.
1862 */
1863 if (total && (flags & MEM_CGROUP_RECLAIM_SHRINK))
1864 break;
1865 if (mem_cgroup_margin(memcg))
1866 break;
1867 /*
1868 * If nothing was reclaimed after two attempts, there
1869 * may be no reclaimable pages in this hierarchy.
1870 */
1871 if (loop && !total)
1872 break;
1873 }
1874 return total;
1875 }
1876
1877 /**
1878 * test_mem_cgroup_node_reclaimable
1879 * @memcg: the target memcg
1880 * @nid: the node ID to be checked.
1881 * @noswap : specify true here if the user wants flle only information.
1882 *
1883 * This function returns whether the specified memcg contains any
1884 * reclaimable pages on a node. Returns true if there are any reclaimable
1885 * pages in the node.
1886 */
1887 static bool test_mem_cgroup_node_reclaimable(struct mem_cgroup *memcg,
1888 int nid, bool noswap)
1889 {
1890 if (mem_cgroup_node_nr_lru_pages(memcg, nid, LRU_ALL_FILE))
1891 return true;
1892 if (noswap || !total_swap_pages)
1893 return false;
1894 if (mem_cgroup_node_nr_lru_pages(memcg, nid, LRU_ALL_ANON))
1895 return true;
1896 return false;
1897
1898 }
1899 #if MAX_NUMNODES > 1
1900
1901 /*
1902 * Always updating the nodemask is not very good - even if we have an empty
1903 * list or the wrong list here, we can start from some node and traverse all
1904 * nodes based on the zonelist. So update the list loosely once per 10 secs.
1905 *
1906 */
1907 static void mem_cgroup_may_update_nodemask(struct mem_cgroup *memcg)
1908 {
1909 int nid;
1910 /*
1911 * numainfo_events > 0 means there was at least NUMAINFO_EVENTS_TARGET
1912 * pagein/pageout changes since the last update.
1913 */
1914 if (!atomic_read(&memcg->numainfo_events))
1915 return;
1916 if (atomic_inc_return(&memcg->numainfo_updating) > 1)
1917 return;
1918
1919 /* make a nodemask where this memcg uses memory from */
1920 memcg->scan_nodes = node_states[N_MEMORY];
1921
1922 for_each_node_mask(nid, node_states[N_MEMORY]) {
1923
1924 if (!test_mem_cgroup_node_reclaimable(memcg, nid, false))
1925 node_clear(nid, memcg->scan_nodes);
1926 }
1927
1928 atomic_set(&memcg->numainfo_events, 0);
1929 atomic_set(&memcg->numainfo_updating, 0);
1930 }
1931
1932 /*
1933 * Selecting a node where we start reclaim from. Because what we need is just
1934 * reducing usage counter, start from anywhere is O,K. Considering
1935 * memory reclaim from current node, there are pros. and cons.
1936 *
1937 * Freeing memory from current node means freeing memory from a node which
1938 * we'll use or we've used. So, it may make LRU bad. And if several threads
1939 * hit limits, it will see a contention on a node. But freeing from remote
1940 * node means more costs for memory reclaim because of memory latency.
1941 *
1942 * Now, we use round-robin. Better algorithm is welcomed.
1943 */
1944 int mem_cgroup_select_victim_node(struct mem_cgroup *memcg)
1945 {
1946 int node;
1947
1948 mem_cgroup_may_update_nodemask(memcg);
1949 node = memcg->last_scanned_node;
1950
1951 node = next_node(node, memcg->scan_nodes);
1952 if (node == MAX_NUMNODES)
1953 node = first_node(memcg->scan_nodes);
1954 /*
1955 * We call this when we hit limit, not when pages are added to LRU.
1956 * No LRU may hold pages because all pages are UNEVICTABLE or
1957 * memcg is too small and all pages are not on LRU. In that case,
1958 * we use curret node.
1959 */
1960 if (unlikely(node == MAX_NUMNODES))
1961 node = numa_node_id();
1962
1963 memcg->last_scanned_node = node;
1964 return node;
1965 }
1966
1967 /*
1968 * Check all nodes whether it contains reclaimable pages or not.
1969 * For quick scan, we make use of scan_nodes. This will allow us to skip
1970 * unused nodes. But scan_nodes is lazily updated and may not cotain
1971 * enough new information. We need to do double check.
1972 */
1973 static bool mem_cgroup_reclaimable(struct mem_cgroup *memcg, bool noswap)
1974 {
1975 int nid;
1976
1977 /*
1978 * quick check...making use of scan_node.
1979 * We can skip unused nodes.
1980 */
1981 if (!nodes_empty(memcg->scan_nodes)) {
1982 for (nid = first_node(memcg->scan_nodes);
1983 nid < MAX_NUMNODES;
1984 nid = next_node(nid, memcg->scan_nodes)) {
1985
1986 if (test_mem_cgroup_node_reclaimable(memcg, nid, noswap))
1987 return true;
1988 }
1989 }
1990 /*
1991 * Check rest of nodes.
1992 */
1993 for_each_node_state(nid, N_MEMORY) {
1994 if (node_isset(nid, memcg->scan_nodes))
1995 continue;
1996 if (test_mem_cgroup_node_reclaimable(memcg, nid, noswap))
1997 return true;
1998 }
1999 return false;
2000 }
2001
2002 #else
2003 int mem_cgroup_select_victim_node(struct mem_cgroup *memcg)
2004 {
2005 return 0;
2006 }
2007
2008 static bool mem_cgroup_reclaimable(struct mem_cgroup *memcg, bool noswap)
2009 {
2010 return test_mem_cgroup_node_reclaimable(memcg, 0, noswap);
2011 }
2012 #endif
2013
2014 static int mem_cgroup_soft_reclaim(struct mem_cgroup *root_memcg,
2015 struct zone *zone,
2016 gfp_t gfp_mask,
2017 unsigned long *total_scanned)
2018 {
2019 struct mem_cgroup *victim = NULL;
2020 int total = 0;
2021 int loop = 0;
2022 unsigned long excess;
2023 unsigned long nr_scanned;
2024 struct mem_cgroup_reclaim_cookie reclaim = {
2025 .zone = zone,
2026 .priority = 0,
2027 };
2028
2029 excess = res_counter_soft_limit_excess(&root_memcg->res) >> PAGE_SHIFT;
2030
2031 while (1) {
2032 victim = mem_cgroup_iter(root_memcg, victim, &reclaim);
2033 if (!victim) {
2034 loop++;
2035 if (loop >= 2) {
2036 /*
2037 * If we have not been able to reclaim
2038 * anything, it might because there are
2039 * no reclaimable pages under this hierarchy
2040 */
2041 if (!total)
2042 break;
2043 /*
2044 * We want to do more targeted reclaim.
2045 * excess >> 2 is not to excessive so as to
2046 * reclaim too much, nor too less that we keep
2047 * coming back to reclaim from this cgroup
2048 */
2049 if (total >= (excess >> 2) ||
2050 (loop > MEM_CGROUP_MAX_RECLAIM_LOOPS))
2051 break;
2052 }
2053 continue;
2054 }
2055 if (!mem_cgroup_reclaimable(victim, false))
2056 continue;
2057 total += mem_cgroup_shrink_node_zone(victim, gfp_mask, false,
2058 zone, &nr_scanned);
2059 *total_scanned += nr_scanned;
2060 if (!res_counter_soft_limit_excess(&root_memcg->res))
2061 break;
2062 }
2063 mem_cgroup_iter_break(root_memcg, victim);
2064 return total;
2065 }
2066
2067 #ifdef CONFIG_LOCKDEP
2068 static struct lockdep_map memcg_oom_lock_dep_map = {
2069 .name = "memcg_oom_lock",
2070 };
2071 #endif
2072
2073 static DEFINE_SPINLOCK(memcg_oom_lock);
2074
2075 /*
2076 * Check OOM-Killer is already running under our hierarchy.
2077 * If someone is running, return false.
2078 */
2079 static bool mem_cgroup_oom_trylock(struct mem_cgroup *memcg)
2080 {
2081 struct mem_cgroup *iter, *failed = NULL;
2082
2083 spin_lock(&memcg_oom_lock);
2084
2085 for_each_mem_cgroup_tree(iter, memcg) {
2086 if (iter->oom_lock) {
2087 /*
2088 * this subtree of our hierarchy is already locked
2089 * so we cannot give a lock.
2090 */
2091 failed = iter;
2092 mem_cgroup_iter_break(memcg, iter);
2093 break;
2094 } else
2095 iter->oom_lock = true;
2096 }
2097
2098 if (failed) {
2099 /*
2100 * OK, we failed to lock the whole subtree so we have
2101 * to clean up what we set up to the failing subtree
2102 */
2103 for_each_mem_cgroup_tree(iter, memcg) {
2104 if (iter == failed) {
2105 mem_cgroup_iter_break(memcg, iter);
2106 break;
2107 }
2108 iter->oom_lock = false;
2109 }
2110 } else
2111 mutex_acquire(&memcg_oom_lock_dep_map, 0, 1, _RET_IP_);
2112
2113 spin_unlock(&memcg_oom_lock);
2114
2115 return !failed;
2116 }
2117
2118 static void mem_cgroup_oom_unlock(struct mem_cgroup *memcg)
2119 {
2120 struct mem_cgroup *iter;
2121
2122 spin_lock(&memcg_oom_lock);
2123 mutex_release(&memcg_oom_lock_dep_map, 1, _RET_IP_);
2124 for_each_mem_cgroup_tree(iter, memcg)
2125 iter->oom_lock = false;
2126 spin_unlock(&memcg_oom_lock);
2127 }
2128
2129 static void mem_cgroup_mark_under_oom(struct mem_cgroup *memcg)
2130 {
2131 struct mem_cgroup *iter;
2132
2133 for_each_mem_cgroup_tree(iter, memcg)
2134 atomic_inc(&iter->under_oom);
2135 }
2136
2137 static void mem_cgroup_unmark_under_oom(struct mem_cgroup *memcg)
2138 {
2139 struct mem_cgroup *iter;
2140
2141 /*
2142 * When a new child is created while the hierarchy is under oom,
2143 * mem_cgroup_oom_lock() may not be called. We have to use
2144 * atomic_add_unless() here.
2145 */
2146 for_each_mem_cgroup_tree(iter, memcg)
2147 atomic_add_unless(&iter->under_oom, -1, 0);
2148 }
2149
2150 static DECLARE_WAIT_QUEUE_HEAD(memcg_oom_waitq);
2151
2152 struct oom_wait_info {
2153 struct mem_cgroup *memcg;
2154 wait_queue_t wait;
2155 };
2156
2157 static int memcg_oom_wake_function(wait_queue_t *wait,
2158 unsigned mode, int sync, void *arg)
2159 {
2160 struct mem_cgroup *wake_memcg = (struct mem_cgroup *)arg;
2161 struct mem_cgroup *oom_wait_memcg;
2162 struct oom_wait_info *oom_wait_info;
2163
2164 oom_wait_info = container_of(wait, struct oom_wait_info, wait);
2165 oom_wait_memcg = oom_wait_info->memcg;
2166
2167 /*
2168 * Both of oom_wait_info->memcg and wake_memcg are stable under us.
2169 * Then we can use css_is_ancestor without taking care of RCU.
2170 */
2171 if (!mem_cgroup_same_or_subtree(oom_wait_memcg, wake_memcg)
2172 && !mem_cgroup_same_or_subtree(wake_memcg, oom_wait_memcg))
2173 return 0;
2174 return autoremove_wake_function(wait, mode, sync, arg);
2175 }
2176
2177 static void memcg_wakeup_oom(struct mem_cgroup *memcg)
2178 {
2179 atomic_inc(&memcg->oom_wakeups);
2180 /* for filtering, pass "memcg" as argument. */
2181 __wake_up(&memcg_oom_waitq, TASK_NORMAL, 0, memcg);
2182 }
2183
2184 static void memcg_oom_recover(struct mem_cgroup *memcg)
2185 {
2186 if (memcg && atomic_read(&memcg->under_oom))
2187 memcg_wakeup_oom(memcg);
2188 }
2189
2190 static void mem_cgroup_oom(struct mem_cgroup *memcg, gfp_t mask, int order)
2191 {
2192 if (!current->memcg_oom.may_oom)
2193 return;
2194 /*
2195 * We are in the middle of the charge context here, so we
2196 * don't want to block when potentially sitting on a callstack
2197 * that holds all kinds of filesystem and mm locks.
2198 *
2199 * Also, the caller may handle a failed allocation gracefully
2200 * (like optional page cache readahead) and so an OOM killer
2201 * invocation might not even be necessary.
2202 *
2203 * That's why we don't do anything here except remember the
2204 * OOM context and then deal with it at the end of the page
2205 * fault when the stack is unwound, the locks are released,
2206 * and when we know whether the fault was overall successful.
2207 */
2208 css_get(&memcg->css);
2209 current->memcg_oom.memcg = memcg;
2210 current->memcg_oom.gfp_mask = mask;
2211 current->memcg_oom.order = order;
2212 }
2213
2214 /**
2215 * mem_cgroup_oom_synchronize - complete memcg OOM handling
2216 * @handle: actually kill/wait or just clean up the OOM state
2217 *
2218 * This has to be called at the end of a page fault if the memcg OOM
2219 * handler was enabled.
2220 *
2221 * Memcg supports userspace OOM handling where failed allocations must
2222 * sleep on a waitqueue until the userspace task resolves the
2223 * situation. Sleeping directly in the charge context with all kinds
2224 * of locks held is not a good idea, instead we remember an OOM state
2225 * in the task and mem_cgroup_oom_synchronize() has to be called at
2226 * the end of the page fault to complete the OOM handling.
2227 *
2228 * Returns %true if an ongoing memcg OOM situation was detected and
2229 * completed, %false otherwise.
2230 */
2231 bool mem_cgroup_oom_synchronize(bool handle)
2232 {
2233 struct mem_cgroup *memcg = current->memcg_oom.memcg;
2234 struct oom_wait_info owait;
2235 bool locked;
2236
2237 /* OOM is global, do not handle */
2238 if (!memcg)
2239 return false;
2240
2241 if (!handle)
2242 goto cleanup;
2243
2244 owait.memcg = memcg;
2245 owait.wait.flags = 0;
2246 owait.wait.func = memcg_oom_wake_function;
2247 owait.wait.private = current;
2248 INIT_LIST_HEAD(&owait.wait.task_list);
2249
2250 prepare_to_wait(&memcg_oom_waitq, &owait.wait, TASK_KILLABLE);
2251 mem_cgroup_mark_under_oom(memcg);
2252
2253 locked = mem_cgroup_oom_trylock(memcg);
2254
2255 if (locked)
2256 mem_cgroup_oom_notify(memcg);
2257
2258 if (locked && !memcg->oom_kill_disable) {
2259 mem_cgroup_unmark_under_oom(memcg);
2260 finish_wait(&memcg_oom_waitq, &owait.wait);
2261 mem_cgroup_out_of_memory(memcg, current->memcg_oom.gfp_mask,
2262 current->memcg_oom.order);
2263 } else {
2264 schedule();
2265 mem_cgroup_unmark_under_oom(memcg);
2266 finish_wait(&memcg_oom_waitq, &owait.wait);
2267 }
2268
2269 if (locked) {
2270 mem_cgroup_oom_unlock(memcg);
2271 /*
2272 * There is no guarantee that an OOM-lock contender
2273 * sees the wakeups triggered by the OOM kill
2274 * uncharges. Wake any sleepers explicitely.
2275 */
2276 memcg_oom_recover(memcg);
2277 }
2278 cleanup:
2279 current->memcg_oom.memcg = NULL;
2280 css_put(&memcg->css);
2281 return true;
2282 }
2283
2284 /*
2285 * Currently used to update mapped file statistics, but the routine can be
2286 * generalized to update other statistics as well.
2287 *
2288 * Notes: Race condition
2289 *
2290 * We usually use page_cgroup_lock() for accessing page_cgroup member but
2291 * it tends to be costly. But considering some conditions, we doesn't need
2292 * to do so _always_.
2293 *
2294 * Considering "charge", lock_page_cgroup() is not required because all
2295 * file-stat operations happen after a page is attached to radix-tree. There
2296 * are no race with "charge".
2297 *
2298 * Considering "uncharge", we know that memcg doesn't clear pc->mem_cgroup
2299 * at "uncharge" intentionally. So, we always see valid pc->mem_cgroup even
2300 * if there are race with "uncharge". Statistics itself is properly handled
2301 * by flags.
2302 *
2303 * Considering "move", this is an only case we see a race. To make the race
2304 * small, we check mm->moving_account and detect there are possibility of race
2305 * If there is, we take a lock.
2306 */
2307
2308 void __mem_cgroup_begin_update_page_stat(struct page *page,
2309 bool *locked, unsigned long *flags)
2310 {
2311 struct mem_cgroup *memcg;
2312 struct page_cgroup *pc;
2313
2314 pc = lookup_page_cgroup(page);
2315 again:
2316 memcg = pc->mem_cgroup;
2317 if (unlikely(!memcg || !PageCgroupUsed(pc)))
2318 return;
2319 /*
2320 * If this memory cgroup is not under account moving, we don't
2321 * need to take move_lock_mem_cgroup(). Because we already hold
2322 * rcu_read_lock(), any calls to move_account will be delayed until
2323 * rcu_read_unlock() if mem_cgroup_stolen() == true.
2324 */
2325 if (!mem_cgroup_stolen(memcg))
2326 return;
2327
2328 move_lock_mem_cgroup(memcg, flags);
2329 if (memcg != pc->mem_cgroup || !PageCgroupUsed(pc)) {
2330 move_unlock_mem_cgroup(memcg, flags);
2331 goto again;
2332 }
2333 *locked = true;
2334 }
2335
2336 void __mem_cgroup_end_update_page_stat(struct page *page, unsigned long *flags)
2337 {
2338 struct page_cgroup *pc = lookup_page_cgroup(page);
2339
2340 /*
2341 * It's guaranteed that pc->mem_cgroup never changes while
2342 * lock is held because a routine modifies pc->mem_cgroup
2343 * should take move_lock_mem_cgroup().
2344 */
2345 move_unlock_mem_cgroup(pc->mem_cgroup, flags);
2346 }
2347
2348 void mem_cgroup_update_page_stat(struct page *page,
2349 enum mem_cgroup_stat_index idx, int val)
2350 {
2351 struct mem_cgroup *memcg;
2352 struct page_cgroup *pc = lookup_page_cgroup(page);
2353 unsigned long uninitialized_var(flags);
2354
2355 if (mem_cgroup_disabled())
2356 return;
2357
2358 VM_BUG_ON(!rcu_read_lock_held());
2359 memcg = pc->mem_cgroup;
2360 if (unlikely(!memcg || !PageCgroupUsed(pc)))
2361 return;
2362
2363 this_cpu_add(memcg->stat->count[idx], val);
2364 }
2365
2366 /*
2367 * size of first charge trial. "32" comes from vmscan.c's magic value.
2368 * TODO: maybe necessary to use big numbers in big irons.
2369 */
2370 #define CHARGE_BATCH 32U
2371 struct memcg_stock_pcp {
2372 struct mem_cgroup *cached; /* this never be root cgroup */
2373 unsigned int nr_pages;
2374 struct work_struct work;
2375 unsigned long flags;
2376 #define FLUSHING_CACHED_CHARGE 0
2377 };
2378 static DEFINE_PER_CPU(struct memcg_stock_pcp, memcg_stock);
2379 static DEFINE_MUTEX(percpu_charge_mutex);
2380
2381 /**
2382 * consume_stock: Try to consume stocked charge on this cpu.
2383 * @memcg: memcg to consume from.
2384 * @nr_pages: how many pages to charge.
2385 *
2386 * The charges will only happen if @memcg matches the current cpu's memcg
2387 * stock, and at least @nr_pages are available in that stock. Failure to
2388 * service an allocation will refill the stock.
2389 *
2390 * returns true if successful, false otherwise.
2391 */
2392 static bool consume_stock(struct mem_cgroup *memcg, unsigned int nr_pages)
2393 {
2394 struct memcg_stock_pcp *stock;
2395 bool ret = true;
2396
2397 if (nr_pages > CHARGE_BATCH)
2398 return false;
2399
2400 stock = &get_cpu_var(memcg_stock);
2401 if (memcg == stock->cached && stock->nr_pages >= nr_pages)
2402 stock->nr_pages -= nr_pages;
2403 else /* need to call res_counter_charge */
2404 ret = false;
2405 put_cpu_var(memcg_stock);
2406 return ret;
2407 }
2408
2409 /*
2410 * Returns stocks cached in percpu to res_counter and reset cached information.
2411 */
2412 static void drain_stock(struct memcg_stock_pcp *stock)
2413 {
2414 struct mem_cgroup *old = stock->cached;
2415
2416 if (stock->nr_pages) {
2417 unsigned long bytes = stock->nr_pages * PAGE_SIZE;
2418
2419 res_counter_uncharge(&old->res, bytes);
2420 if (do_swap_account)
2421 res_counter_uncharge(&old->memsw, bytes);
2422 stock->nr_pages = 0;
2423 }
2424 stock->cached = NULL;
2425 }
2426
2427 /*
2428 * This must be called under preempt disabled or must be called by
2429 * a thread which is pinned to local cpu.
2430 */
2431 static void drain_local_stock(struct work_struct *dummy)
2432 {
2433 struct memcg_stock_pcp *stock = &__get_cpu_var(memcg_stock);
2434 drain_stock(stock);
2435 clear_bit(FLUSHING_CACHED_CHARGE, &stock->flags);
2436 }
2437
2438 static void __init memcg_stock_init(void)
2439 {
2440 int cpu;
2441
2442 for_each_possible_cpu(cpu) {
2443 struct memcg_stock_pcp *stock =
2444 &per_cpu(memcg_stock, cpu);
2445 INIT_WORK(&stock->work, drain_local_stock);
2446 }
2447 }
2448
2449 /*
2450 * Cache charges(val) which is from res_counter, to local per_cpu area.
2451 * This will be consumed by consume_stock() function, later.
2452 */
2453 static void refill_stock(struct mem_cgroup *memcg, unsigned int nr_pages)
2454 {
2455 struct memcg_stock_pcp *stock = &get_cpu_var(memcg_stock);
2456
2457 if (stock->cached != memcg) { /* reset if necessary */
2458 drain_stock(stock);
2459 stock->cached = memcg;
2460 }
2461 stock->nr_pages += nr_pages;
2462 put_cpu_var(memcg_stock);
2463 }
2464
2465 /*
2466 * Drains all per-CPU charge caches for given root_memcg resp. subtree
2467 * of the hierarchy under it. sync flag says whether we should block
2468 * until the work is done.
2469 */
2470 static void drain_all_stock(struct mem_cgroup *root_memcg, bool sync)
2471 {
2472 int cpu, curcpu;
2473
2474 /* Notify other cpus that system-wide "drain" is running */
2475 get_online_cpus();
2476 curcpu = get_cpu();
2477 for_each_online_cpu(cpu) {
2478 struct memcg_stock_pcp *stock = &per_cpu(memcg_stock, cpu);
2479 struct mem_cgroup *memcg;
2480
2481 memcg = stock->cached;
2482 if (!memcg || !stock->nr_pages)
2483 continue;
2484 if (!mem_cgroup_same_or_subtree(root_memcg, memcg))
2485 continue;
2486 if (!test_and_set_bit(FLUSHING_CACHED_CHARGE, &stock->flags)) {
2487 if (cpu == curcpu)
2488 drain_local_stock(&stock->work);
2489 else
2490 schedule_work_on(cpu, &stock->work);
2491 }
2492 }
2493 put_cpu();
2494
2495 if (!sync)
2496 goto out;
2497
2498 for_each_online_cpu(cpu) {
2499 struct memcg_stock_pcp *stock = &per_cpu(memcg_stock, cpu);
2500 if (test_bit(FLUSHING_CACHED_CHARGE, &stock->flags))
2501 flush_work(&stock->work);
2502 }
2503 out:
2504 put_online_cpus();
2505 }
2506
2507 /*
2508 * Tries to drain stocked charges in other cpus. This function is asynchronous
2509 * and just put a work per cpu for draining localy on each cpu. Caller can
2510 * expects some charges will be back to res_counter later but cannot wait for
2511 * it.
2512 */
2513 static void drain_all_stock_async(struct mem_cgroup *root_memcg)
2514 {
2515 /*
2516 * If someone calls draining, avoid adding more kworker runs.
2517 */
2518 if (!mutex_trylock(&percpu_charge_mutex))
2519 return;
2520 drain_all_stock(root_memcg, false);
2521 mutex_unlock(&percpu_charge_mutex);
2522 }
2523
2524 /* This is a synchronous drain interface. */
2525 static void drain_all_stock_sync(struct mem_cgroup *root_memcg)
2526 {
2527 /* called when force_empty is called */
2528 mutex_lock(&percpu_charge_mutex);
2529 drain_all_stock(root_memcg, true);
2530 mutex_unlock(&percpu_charge_mutex);
2531 }
2532
2533 /*
2534 * This function drains percpu counter value from DEAD cpu and
2535 * move it to local cpu. Note that this function can be preempted.
2536 */
2537 static void mem_cgroup_drain_pcp_counter(struct mem_cgroup *memcg, int cpu)
2538 {
2539 int i;
2540
2541 spin_lock(&memcg->pcp_counter_lock);
2542 for (i = 0; i < MEM_CGROUP_STAT_NSTATS; i++) {
2543 long x = per_cpu(memcg->stat->count[i], cpu);
2544
2545 per_cpu(memcg->stat->count[i], cpu) = 0;
2546 memcg->nocpu_base.count[i] += x;
2547 }
2548 for (i = 0; i < MEM_CGROUP_EVENTS_NSTATS; i++) {
2549 unsigned long x = per_cpu(memcg->stat->events[i], cpu);
2550
2551 per_cpu(memcg->stat->events[i], cpu) = 0;
2552 memcg->nocpu_base.events[i] += x;
2553 }
2554 spin_unlock(&memcg->pcp_counter_lock);
2555 }
2556
2557 static int memcg_cpu_hotplug_callback(struct notifier_block *nb,
2558 unsigned long action,
2559 void *hcpu)
2560 {
2561 int cpu = (unsigned long)hcpu;
2562 struct memcg_stock_pcp *stock;
2563 struct mem_cgroup *iter;
2564
2565 if (action == CPU_ONLINE)
2566 return NOTIFY_OK;
2567
2568 if (action != CPU_DEAD && action != CPU_DEAD_FROZEN)
2569 return NOTIFY_OK;
2570
2571 for_each_mem_cgroup(iter)
2572 mem_cgroup_drain_pcp_counter(iter, cpu);
2573
2574 stock = &per_cpu(memcg_stock, cpu);
2575 drain_stock(stock);
2576 return NOTIFY_OK;
2577 }
2578
2579
2580 /* See __mem_cgroup_try_charge() for details */
2581 enum {
2582 CHARGE_OK, /* success */
2583 CHARGE_RETRY, /* need to retry but retry is not bad */
2584 CHARGE_NOMEM, /* we can't do more. return -ENOMEM */
2585 CHARGE_WOULDBLOCK, /* GFP_WAIT wasn't set and no enough res. */
2586 };
2587
2588 static int mem_cgroup_do_charge(struct mem_cgroup *memcg, gfp_t gfp_mask,
2589 unsigned int nr_pages, unsigned int min_pages,
2590 bool invoke_oom)
2591 {
2592 unsigned long csize = nr_pages * PAGE_SIZE;
2593 struct mem_cgroup *mem_over_limit;
2594 struct res_counter *fail_res;
2595 unsigned long flags = 0;
2596 int ret;
2597
2598 ret = res_counter_charge(&memcg->res, csize, &fail_res);
2599
2600 if (likely(!ret)) {
2601 if (!do_swap_account)
2602 return CHARGE_OK;
2603 ret = res_counter_charge(&memcg->memsw, csize, &fail_res);
2604 if (likely(!ret))
2605 return CHARGE_OK;
2606
2607 res_counter_uncharge(&memcg->res, csize);
2608 mem_over_limit = mem_cgroup_from_res_counter(fail_res, memsw);
2609 flags |= MEM_CGROUP_RECLAIM_NOSWAP;
2610 } else
2611 mem_over_limit = mem_cgroup_from_res_counter(fail_res, res);
2612 /*
2613 * Never reclaim on behalf of optional batching, retry with a
2614 * single page instead.
2615 */
2616 if (nr_pages > min_pages)
2617 return CHARGE_RETRY;
2618
2619 if (!(gfp_mask & __GFP_WAIT))
2620 return CHARGE_WOULDBLOCK;
2621
2622 if (gfp_mask & __GFP_NORETRY)
2623 return CHARGE_NOMEM;
2624
2625 ret = mem_cgroup_reclaim(mem_over_limit, gfp_mask, flags);
2626 if (mem_cgroup_margin(mem_over_limit) >= nr_pages)
2627 return CHARGE_RETRY;
2628 /*
2629 * Even though the limit is exceeded at this point, reclaim
2630 * may have been able to free some pages. Retry the charge
2631 * before killing the task.
2632 *
2633 * Only for regular pages, though: huge pages are rather
2634 * unlikely to succeed so close to the limit, and we fall back
2635 * to regular pages anyway in case of failure.
2636 */
2637 if (nr_pages <= (1 << PAGE_ALLOC_COSTLY_ORDER) && ret)
2638 return CHARGE_RETRY;
2639
2640 /*
2641 * At task move, charge accounts can be doubly counted. So, it's
2642 * better to wait until the end of task_move if something is going on.
2643 */
2644 if (mem_cgroup_wait_acct_move(mem_over_limit))
2645 return CHARGE_RETRY;
2646
2647 if (invoke_oom)
2648 mem_cgroup_oom(mem_over_limit, gfp_mask, get_order(csize));
2649
2650 return CHARGE_NOMEM;
2651 }
2652
2653 /*
2654 * __mem_cgroup_try_charge() does
2655 * 1. detect memcg to be charged against from passed *mm and *ptr,
2656 * 2. update res_counter
2657 * 3. call memory reclaim if necessary.
2658 *
2659 * In some special case, if the task is fatal, fatal_signal_pending() or
2660 * has TIF_MEMDIE, this function returns -EINTR while writing root_mem_cgroup
2661 * to *ptr. There are two reasons for this. 1: fatal threads should quit as soon
2662 * as possible without any hazards. 2: all pages should have a valid
2663 * pc->mem_cgroup. If mm is NULL and the caller doesn't pass a valid memcg
2664 * pointer, that is treated as a charge to root_mem_cgroup.
2665 *
2666 * So __mem_cgroup_try_charge() will return
2667 * 0 ... on success, filling *ptr with a valid memcg pointer.
2668 * -ENOMEM ... charge failure because of resource limits.
2669 * -EINTR ... if thread is fatal. *ptr is filled with root_mem_cgroup.
2670 *
2671 * Unlike the exported interface, an "oom" parameter is added. if oom==true,
2672 * the oom-killer can be invoked.
2673 */
2674 static int __mem_cgroup_try_charge(struct mm_struct *mm,
2675 gfp_t gfp_mask,
2676 unsigned int nr_pages,
2677 struct mem_cgroup **ptr,
2678 bool oom)
2679 {
2680 unsigned int batch = max(CHARGE_BATCH, nr_pages);
2681 int nr_oom_retries = MEM_CGROUP_RECLAIM_RETRIES;
2682 struct mem_cgroup *memcg = NULL;
2683 int ret;
2684
2685 /*
2686 * Unlike gloval-vm's OOM-kill, we're not in memory shortage
2687 * in system level. So, allow to go ahead dying process in addition to
2688 * MEMDIE process.
2689 */
2690 if (unlikely(test_thread_flag(TIF_MEMDIE)
2691 || fatal_signal_pending(current)))
2692 goto bypass;
2693
2694 if (unlikely(task_in_memcg_oom(current)))
2695 goto nomem;
2696
2697 if (gfp_mask & __GFP_NOFAIL)
2698 oom = false;
2699 again:
2700 if (*ptr) { /* css should be a valid one */
2701 memcg = *ptr;
2702 if (mem_cgroup_is_root(memcg))
2703 goto done;
2704 if (consume_stock(memcg, nr_pages))
2705 goto done;
2706 css_get(&memcg->css);
2707 } else {
2708 struct task_struct *p;
2709
2710 rcu_read_lock();
2711 p = rcu_dereference(mm->owner);
2712 /*
2713 * Because we don't have task_lock(), "p" can exit.
2714 * In that case, "memcg" can point to root or p can be NULL with
2715 * race with swapoff. Then, we have small risk of mis-accouning.
2716 * But such kind of mis-account by race always happens because
2717 * we don't have cgroup_mutex(). It's overkill and we allo that
2718 * small race, here.
2719 * (*) swapoff at el will charge against mm-struct not against
2720 * task-struct. So, mm->owner can be NULL.
2721 */
2722 memcg = mem_cgroup_from_task(p);
2723 if (!memcg)
2724 memcg = root_mem_cgroup;
2725 if (mem_cgroup_is_root(memcg)) {
2726 rcu_read_unlock();
2727 goto done;
2728 }
2729 if (consume_stock(memcg, nr_pages)) {
2730 /*
2731 * It seems dagerous to access memcg without css_get().
2732 * But considering how consume_stok works, it's not
2733 * necessary. If consume_stock success, some charges
2734 * from this memcg are cached on this cpu. So, we
2735 * don't need to call css_get()/css_tryget() before
2736 * calling consume_stock().
2737 */
2738 rcu_read_unlock();
2739 goto done;
2740 }
2741 /* after here, we may be blocked. we need to get refcnt */
2742 if (!css_tryget(&memcg->css)) {
2743 rcu_read_unlock();
2744 goto again;
2745 }
2746 rcu_read_unlock();
2747 }
2748
2749 do {
2750 bool invoke_oom = oom && !nr_oom_retries;
2751
2752 /* If killed, bypass charge */
2753 if (fatal_signal_pending(current)) {
2754 css_put(&memcg->css);
2755 goto bypass;
2756 }
2757
2758 ret = mem_cgroup_do_charge(memcg, gfp_mask, batch,
2759 nr_pages, invoke_oom);
2760 switch (ret) {
2761 case CHARGE_OK:
2762 break;
2763 case CHARGE_RETRY: /* not in OOM situation but retry */
2764 batch = nr_pages;
2765 css_put(&memcg->css);
2766 memcg = NULL;
2767 goto again;
2768 case CHARGE_WOULDBLOCK: /* !__GFP_WAIT */
2769 css_put(&memcg->css);
2770 goto nomem;
2771 case CHARGE_NOMEM: /* OOM routine works */
2772 if (!oom || invoke_oom) {
2773 css_put(&memcg->css);
2774 goto nomem;
2775 }
2776 nr_oom_retries--;
2777 break;
2778 }
2779 } while (ret != CHARGE_OK);
2780
2781 if (batch > nr_pages)
2782 refill_stock(memcg, batch - nr_pages);
2783 css_put(&memcg->css);
2784 done:
2785 *ptr = memcg;
2786 return 0;
2787 nomem:
2788 if (!(gfp_mask & __GFP_NOFAIL)) {
2789 *ptr = NULL;
2790 return -ENOMEM;
2791 }
2792 bypass:
2793 *ptr = root_mem_cgroup;
2794 return -EINTR;
2795 }
2796
2797 /*
2798 * Somemtimes we have to undo a charge we got by try_charge().
2799 * This function is for that and do uncharge, put css's refcnt.
2800 * gotten by try_charge().
2801 */
2802 static void __mem_cgroup_cancel_charge(struct mem_cgroup *memcg,
2803 unsigned int nr_pages)
2804 {
2805 if (!mem_cgroup_is_root(memcg)) {
2806 unsigned long bytes = nr_pages * PAGE_SIZE;
2807
2808 res_counter_uncharge(&memcg->res, bytes);
2809 if (do_swap_account)
2810 res_counter_uncharge(&memcg->memsw, bytes);
2811 }
2812 }
2813
2814 /*
2815 * Cancel chrages in this cgroup....doesn't propagate to parent cgroup.
2816 * This is useful when moving usage to parent cgroup.
2817 */
2818 static void __mem_cgroup_cancel_local_charge(struct mem_cgroup *memcg,
2819 unsigned int nr_pages)
2820 {
2821 unsigned long bytes = nr_pages * PAGE_SIZE;
2822
2823 if (mem_cgroup_is_root(memcg))
2824 return;
2825
2826 res_counter_uncharge_until(&memcg->res, memcg->res.parent, bytes);
2827 if (do_swap_account)
2828 res_counter_uncharge_until(&memcg->memsw,
2829 memcg->memsw.parent, bytes);
2830 }
2831
2832 /*
2833 * A helper function to get mem_cgroup from ID. must be called under
2834 * rcu_read_lock(). The caller is responsible for calling css_tryget if
2835 * the mem_cgroup is used for charging. (dropping refcnt from swap can be
2836 * called against removed memcg.)
2837 */
2838 static struct mem_cgroup *mem_cgroup_lookup(unsigned short id)
2839 {
2840 /* ID 0 is unused ID */
2841 if (!id)
2842 return NULL;
2843 return mem_cgroup_from_id(id);
2844 }
2845
2846 struct mem_cgroup *try_get_mem_cgroup_from_page(struct page *page)
2847 {
2848 struct mem_cgroup *memcg = NULL;
2849 struct page_cgroup *pc;
2850 unsigned short id;
2851 swp_entry_t ent;
2852
2853 VM_BUG_ON_PAGE(!PageLocked(page), page);
2854
2855 pc = lookup_page_cgroup(page);
2856 lock_page_cgroup(pc);
2857 if (PageCgroupUsed(pc)) {
2858 memcg = pc->mem_cgroup;
2859 if (memcg && !css_tryget(&memcg->css))
2860 memcg = NULL;
2861 } else if (PageSwapCache(page)) {
2862 ent.val = page_private(page);
2863 id = lookup_swap_cgroup_id(ent);
2864 rcu_read_lock();
2865 memcg = mem_cgroup_lookup(id);
2866 if (memcg && !css_tryget(&memcg->css))
2867 memcg = NULL;
2868 rcu_read_unlock();
2869 }
2870 unlock_page_cgroup(pc);
2871 return memcg;
2872 }
2873
2874 static void __mem_cgroup_commit_charge(struct mem_cgroup *memcg,
2875 struct page *page,
2876 unsigned int nr_pages,
2877 enum charge_type ctype,
2878 bool lrucare)
2879 {
2880 struct page_cgroup *pc = lookup_page_cgroup(page);
2881 struct zone *uninitialized_var(zone);
2882 struct lruvec *lruvec;
2883 bool was_on_lru = false;
2884 bool anon;
2885
2886 lock_page_cgroup(pc);
2887 VM_BUG_ON_PAGE(PageCgroupUsed(pc), page);
2888 /*
2889 * we don't need page_cgroup_lock about tail pages, becase they are not
2890 * accessed by any other context at this point.
2891 */
2892
2893 /*
2894 * In some cases, SwapCache and FUSE(splice_buf->radixtree), the page
2895 * may already be on some other mem_cgroup's LRU. Take care of it.
2896 */
2897 if (lrucare) {
2898 zone = page_zone(page);
2899 spin_lock_irq(&zone->lru_lock);
2900 if (PageLRU(page)) {
2901 lruvec = mem_cgroup_zone_lruvec(zone, pc->mem_cgroup);
2902 ClearPageLRU(page);
2903 del_page_from_lru_list(page, lruvec, page_lru(page));
2904 was_on_lru = true;
2905 }
2906 }
2907
2908 pc->mem_cgroup = memcg;
2909 /*
2910 * We access a page_cgroup asynchronously without lock_page_cgroup().
2911 * Especially when a page_cgroup is taken from a page, pc->mem_cgroup
2912 * is accessed after testing USED bit. To make pc->mem_cgroup visible
2913 * before USED bit, we need memory barrier here.
2914 * See mem_cgroup_add_lru_list(), etc.
2915 */
2916 smp_wmb();
2917 SetPageCgroupUsed(pc);
2918
2919 if (lrucare) {
2920 if (was_on_lru) {
2921 lruvec = mem_cgroup_zone_lruvec(zone, pc->mem_cgroup);
2922 VM_BUG_ON_PAGE(PageLRU(page), page);
2923 SetPageLRU(page);
2924 add_page_to_lru_list(page, lruvec, page_lru(page));
2925 }
2926 spin_unlock_irq(&zone->lru_lock);
2927 }
2928
2929 if (ctype == MEM_CGROUP_CHARGE_TYPE_ANON)
2930 anon = true;
2931 else
2932 anon = false;
2933
2934 mem_cgroup_charge_statistics(memcg, page, anon, nr_pages);
2935 unlock_page_cgroup(pc);
2936
2937 /*
2938 * "charge_statistics" updated event counter. Then, check it.
2939 * Insert ancestor (and ancestor's ancestors), to softlimit RB-tree.
2940 * if they exceeds softlimit.
2941 */
2942 memcg_check_events(memcg, page);
2943 }
2944
2945 static DEFINE_MUTEX(set_limit_mutex);
2946
2947 #ifdef CONFIG_MEMCG_KMEM
2948 static DEFINE_MUTEX(activate_kmem_mutex);
2949
2950 static inline bool memcg_can_account_kmem(struct mem_cgroup *memcg)
2951 {
2952 return !mem_cgroup_disabled() && !mem_cgroup_is_root(memcg) &&
2953 memcg_kmem_is_active(memcg);
2954 }
2955
2956 /*
2957 * This is a bit cumbersome, but it is rarely used and avoids a backpointer
2958 * in the memcg_cache_params struct.
2959 */
2960 static struct kmem_cache *memcg_params_to_cache(struct memcg_cache_params *p)
2961 {
2962 struct kmem_cache *cachep;
2963
2964 VM_BUG_ON(p->is_root_cache);
2965 cachep = p->root_cache;
2966 return cache_from_memcg_idx(cachep, memcg_cache_id(p->memcg));
2967 }
2968
2969 #ifdef CONFIG_SLABINFO
2970 static int mem_cgroup_slabinfo_read(struct seq_file *m, void *v)
2971 {
2972 struct mem_cgroup *memcg = mem_cgroup_from_css(seq_css(m));
2973 struct memcg_cache_params *params;
2974
2975 if (!memcg_can_account_kmem(memcg))
2976 return -EIO;
2977
2978 print_slabinfo_header(m);
2979
2980 mutex_lock(&memcg->slab_caches_mutex);
2981 list_for_each_entry(params, &memcg->memcg_slab_caches, list)
2982 cache_show(memcg_params_to_cache(params), m);
2983 mutex_unlock(&memcg->slab_caches_mutex);
2984
2985 return 0;
2986 }
2987 #endif
2988
2989 static int memcg_charge_kmem(struct mem_cgroup *memcg, gfp_t gfp, u64 size)
2990 {
2991 struct res_counter *fail_res;
2992 struct mem_cgroup *_memcg;
2993 int ret = 0;
2994
2995 ret = res_counter_charge(&memcg->kmem, size, &fail_res);
2996 if (ret)
2997 return ret;
2998
2999 _memcg = memcg;
3000 ret = __mem_cgroup_try_charge(NULL, gfp, size >> PAGE_SHIFT,
3001 &_memcg, oom_gfp_allowed(gfp));
3002
3003 if (ret == -EINTR) {
3004 /*
3005 * __mem_cgroup_try_charge() chosed to bypass to root due to
3006 * OOM kill or fatal signal. Since our only options are to
3007 * either fail the allocation or charge it to this cgroup, do
3008 * it as a temporary condition. But we can't fail. From a
3009 * kmem/slab perspective, the cache has already been selected,
3010 * by mem_cgroup_kmem_get_cache(), so it is too late to change
3011 * our minds.
3012 *
3013 * This condition will only trigger if the task entered
3014 * memcg_charge_kmem in a sane state, but was OOM-killed during
3015 * __mem_cgroup_try_charge() above. Tasks that were already
3016 * dying when the allocation triggers should have been already
3017 * directed to the root cgroup in memcontrol.h
3018 */
3019 res_counter_charge_nofail(&memcg->res, size, &fail_res);
3020 if (do_swap_account)
3021 res_counter_charge_nofail(&memcg->memsw, size,
3022 &fail_res);
3023 ret = 0;
3024 } else if (ret)
3025 res_counter_uncharge(&memcg->kmem, size);
3026
3027 return ret;
3028 }
3029
3030 static void memcg_uncharge_kmem(struct mem_cgroup *memcg, u64 size)
3031 {
3032 res_counter_uncharge(&memcg->res, size);
3033 if (do_swap_account)
3034 res_counter_uncharge(&memcg->memsw, size);
3035
3036 /* Not down to 0 */
3037 if (res_counter_uncharge(&memcg->kmem, size))
3038 return;
3039
3040 /*
3041 * Releases a reference taken in kmem_cgroup_css_offline in case
3042 * this last uncharge is racing with the offlining code or it is
3043 * outliving the memcg existence.
3044 *
3045 * The memory barrier imposed by test&clear is paired with the
3046 * explicit one in memcg_kmem_mark_dead().
3047 */
3048 if (memcg_kmem_test_and_clear_dead(memcg))
3049 css_put(&memcg->css);
3050 }
3051
3052 /*
3053 * helper for acessing a memcg's index. It will be used as an index in the
3054 * child cache array in kmem_cache, and also to derive its name. This function
3055 * will return -1 when this is not a kmem-limited memcg.
3056 */
3057 int memcg_cache_id(struct mem_cgroup *memcg)
3058 {
3059 return memcg ? memcg->kmemcg_id : -1;
3060 }
3061
3062 static size_t memcg_caches_array_size(int num_groups)
3063 {
3064 ssize_t size;
3065 if (num_groups <= 0)
3066 return 0;
3067
3068 size = 2 * num_groups;
3069 if (size < MEMCG_CACHES_MIN_SIZE)
3070 size = MEMCG_CACHES_MIN_SIZE;
3071 else if (size > MEMCG_CACHES_MAX_SIZE)
3072 size = MEMCG_CACHES_MAX_SIZE;
3073
3074 return size;
3075 }
3076
3077 /*
3078 * We should update the current array size iff all caches updates succeed. This
3079 * can only be done from the slab side. The slab mutex needs to be held when
3080 * calling this.
3081 */
3082 void memcg_update_array_size(int num)
3083 {
3084 if (num > memcg_limited_groups_array_size)
3085 memcg_limited_groups_array_size = memcg_caches_array_size(num);
3086 }
3087
3088 static void kmem_cache_destroy_work_func(struct work_struct *w);
3089
3090 int memcg_update_cache_size(struct kmem_cache *s, int num_groups)
3091 {
3092 struct memcg_cache_params *cur_params = s->memcg_params;
3093
3094 VM_BUG_ON(!is_root_cache(s));
3095
3096 if (num_groups > memcg_limited_groups_array_size) {
3097 int i;
3098 struct memcg_cache_params *new_params;
3099 ssize_t size = memcg_caches_array_size(num_groups);
3100
3101 size *= sizeof(void *);
3102 size += offsetof(struct memcg_cache_params, memcg_caches);
3103
3104 new_params = kzalloc(size, GFP_KERNEL);
3105 if (!new_params)
3106 return -ENOMEM;
3107
3108 new_params->is_root_cache = true;
3109
3110 /*
3111 * There is the chance it will be bigger than
3112 * memcg_limited_groups_array_size, if we failed an allocation
3113 * in a cache, in which case all caches updated before it, will
3114 * have a bigger array.
3115 *
3116 * But if that is the case, the data after
3117 * memcg_limited_groups_array_size is certainly unused
3118 */
3119 for (i = 0; i < memcg_limited_groups_array_size; i++) {
3120 if (!cur_params->memcg_caches[i])
3121 continue;
3122 new_params->memcg_caches[i] =
3123 cur_params->memcg_caches[i];
3124 }
3125
3126 /*
3127 * Ideally, we would wait until all caches succeed, and only
3128 * then free the old one. But this is not worth the extra
3129 * pointer per-cache we'd have to have for this.
3130 *
3131 * It is not a big deal if some caches are left with a size
3132 * bigger than the others. And all updates will reset this
3133 * anyway.
3134 */
3135 rcu_assign_pointer(s->memcg_params, new_params);
3136 if (cur_params)
3137 kfree_rcu(cur_params, rcu_head);
3138 }
3139 return 0;
3140 }
3141
3142 int memcg_alloc_cache_params(struct mem_cgroup *memcg, struct kmem_cache *s,
3143 struct kmem_cache *root_cache)
3144 {
3145 size_t size;
3146
3147 if (!memcg_kmem_enabled())
3148 return 0;
3149
3150 if (!memcg) {
3151 size = offsetof(struct memcg_cache_params, memcg_caches);
3152 size += memcg_limited_groups_array_size * sizeof(void *);
3153 } else
3154 size = sizeof(struct memcg_cache_params);
3155
3156 s->memcg_params = kzalloc(size, GFP_KERNEL);
3157 if (!s->memcg_params)
3158 return -ENOMEM;
3159
3160 if (memcg) {
3161 s->memcg_params->memcg = memcg;
3162 s->memcg_params->root_cache = root_cache;
3163 INIT_WORK(&s->memcg_params->destroy,
3164 kmem_cache_destroy_work_func);
3165 } else
3166 s->memcg_params->is_root_cache = true;
3167
3168 return 0;
3169 }
3170
3171 void memcg_free_cache_params(struct kmem_cache *s)
3172 {
3173 kfree(s->memcg_params);
3174 }
3175
3176 void memcg_register_cache(struct kmem_cache *s)
3177 {
3178 struct kmem_cache *root;
3179 struct mem_cgroup *memcg;
3180 int id;
3181
3182 if (is_root_cache(s))
3183 return;
3184
3185 /*
3186 * Holding the slab_mutex assures nobody will touch the memcg_caches
3187 * array while we are modifying it.
3188 */
3189 lockdep_assert_held(&slab_mutex);
3190
3191 root = s->memcg_params->root_cache;
3192 memcg = s->memcg_params->memcg;
3193 id = memcg_cache_id(memcg);
3194
3195 css_get(&memcg->css);
3196
3197
3198 /*
3199 * Since readers won't lock (see cache_from_memcg_idx()), we need a
3200 * barrier here to ensure nobody will see the kmem_cache partially
3201 * initialized.
3202 */
3203 smp_wmb();
3204
3205 /*
3206 * Initialize the pointer to this cache in its parent's memcg_params
3207 * before adding it to the memcg_slab_caches list, otherwise we can
3208 * fail to convert memcg_params_to_cache() while traversing the list.
3209 */
3210 VM_BUG_ON(root->memcg_params->memcg_caches[id]);
3211 root->memcg_params->memcg_caches[id] = s;
3212
3213 mutex_lock(&memcg->slab_caches_mutex);
3214 list_add(&s->memcg_params->list, &memcg->memcg_slab_caches);
3215 mutex_unlock(&memcg->slab_caches_mutex);
3216 }
3217
3218 void memcg_unregister_cache(struct kmem_cache *s)
3219 {
3220 struct kmem_cache *root;
3221 struct mem_cgroup *memcg;
3222 int id;
3223
3224 if (is_root_cache(s))
3225 return;
3226
3227 /*
3228 * Holding the slab_mutex assures nobody will touch the memcg_caches
3229 * array while we are modifying it.
3230 */
3231 lockdep_assert_held(&slab_mutex);
3232
3233 root = s->memcg_params->root_cache;
3234 memcg = s->memcg_params->memcg;
3235 id = memcg_cache_id(memcg);
3236
3237 mutex_lock(&memcg->slab_caches_mutex);
3238 list_del(&s->memcg_params->list);
3239 mutex_unlock(&memcg->slab_caches_mutex);
3240
3241 /*
3242 * Clear the pointer to this cache in its parent's memcg_params only
3243 * after removing it from the memcg_slab_caches list, otherwise we can
3244 * fail to convert memcg_params_to_cache() while traversing the list.
3245 */
3246 VM_BUG_ON(!root->memcg_params->memcg_caches[id]);
3247 root->memcg_params->memcg_caches[id] = NULL;
3248
3249 css_put(&memcg->css);
3250 }
3251
3252 /*
3253 * During the creation a new cache, we need to disable our accounting mechanism
3254 * altogether. This is true even if we are not creating, but rather just
3255 * enqueing new caches to be created.
3256 *
3257 * This is because that process will trigger allocations; some visible, like
3258 * explicit kmallocs to auxiliary data structures, name strings and internal
3259 * cache structures; some well concealed, like INIT_WORK() that can allocate
3260 * objects during debug.
3261 *
3262 * If any allocation happens during memcg_kmem_get_cache, we will recurse back
3263 * to it. This may not be a bounded recursion: since the first cache creation
3264 * failed to complete (waiting on the allocation), we'll just try to create the
3265 * cache again, failing at the same point.
3266 *
3267 * memcg_kmem_get_cache is prepared to abort after seeing a positive count of
3268 * memcg_kmem_skip_account. So we enclose anything that might allocate memory
3269 * inside the following two functions.
3270 */
3271 static inline void memcg_stop_kmem_account(void)
3272 {
3273 VM_BUG_ON(!current->mm);
3274 current->memcg_kmem_skip_account++;
3275 }
3276
3277 static inline void memcg_resume_kmem_account(void)
3278 {
3279 VM_BUG_ON(!current->mm);
3280 current->memcg_kmem_skip_account--;
3281 }
3282
3283 static void kmem_cache_destroy_work_func(struct work_struct *w)
3284 {
3285 struct kmem_cache *cachep;
3286 struct memcg_cache_params *p;
3287
3288 p = container_of(w, struct memcg_cache_params, destroy);
3289
3290 cachep = memcg_params_to_cache(p);
3291
3292 /*
3293 * If we get down to 0 after shrink, we could delete right away.
3294 * However, memcg_release_pages() already puts us back in the workqueue
3295 * in that case. If we proceed deleting, we'll get a dangling
3296 * reference, and removing the object from the workqueue in that case
3297 * is unnecessary complication. We are not a fast path.
3298 *
3299 * Note that this case is fundamentally different from racing with
3300 * shrink_slab(): if memcg_cgroup_destroy_cache() is called in
3301 * kmem_cache_shrink, not only we would be reinserting a dead cache
3302 * into the queue, but doing so from inside the worker racing to
3303 * destroy it.
3304 *
3305 * So if we aren't down to zero, we'll just schedule a worker and try
3306 * again
3307 */
3308 if (atomic_read(&cachep->memcg_params->nr_pages) != 0)
3309 kmem_cache_shrink(cachep);
3310 else
3311 kmem_cache_destroy(cachep);
3312 }
3313
3314 void mem_cgroup_destroy_cache(struct kmem_cache *cachep)
3315 {
3316 if (!cachep->memcg_params->dead)
3317 return;
3318
3319 /*
3320 * There are many ways in which we can get here.
3321 *
3322 * We can get to a memory-pressure situation while the delayed work is
3323 * still pending to run. The vmscan shrinkers can then release all
3324 * cache memory and get us to destruction. If this is the case, we'll
3325 * be executed twice, which is a bug (the second time will execute over
3326 * bogus data). In this case, cancelling the work should be fine.
3327 *
3328 * But we can also get here from the worker itself, if
3329 * kmem_cache_shrink is enough to shake all the remaining objects and
3330 * get the page count to 0. In this case, we'll deadlock if we try to
3331 * cancel the work (the worker runs with an internal lock held, which
3332 * is the same lock we would hold for cancel_work_sync().)
3333 *
3334 * Since we can't possibly know who got us here, just refrain from
3335 * running if there is already work pending
3336 */
3337 if (work_pending(&cachep->memcg_params->destroy))
3338 return;
3339 /*
3340 * We have to defer the actual destroying to a workqueue, because
3341 * we might currently be in a context that cannot sleep.
3342 */
3343 schedule_work(&cachep->memcg_params->destroy);
3344 }
3345
3346 static struct kmem_cache *memcg_create_kmem_cache(struct mem_cgroup *memcg,
3347 struct kmem_cache *s)
3348 {
3349 struct kmem_cache *new = NULL;
3350 static char *tmp_path = NULL, *tmp_name = NULL;
3351 static DEFINE_MUTEX(mutex); /* protects tmp_name */
3352
3353 BUG_ON(!memcg_can_account_kmem(memcg));
3354
3355 mutex_lock(&mutex);
3356 /*
3357 * kmem_cache_create_memcg duplicates the given name and
3358 * cgroup_name for this name requires RCU context.
3359 * This static temporary buffer is used to prevent from
3360 * pointless shortliving allocation.
3361 */
3362 if (!tmp_path || !tmp_name) {
3363 if (!tmp_path)
3364 tmp_path = kmalloc(PATH_MAX, GFP_KERNEL);
3365 if (!tmp_name)
3366 tmp_name = kmalloc(NAME_MAX + 1, GFP_KERNEL);
3367 if (!tmp_path || !tmp_name)
3368 goto out;
3369 }
3370
3371 cgroup_name(memcg->css.cgroup, tmp_name, NAME_MAX + 1);
3372 snprintf(tmp_path, PATH_MAX, "%s(%d:%s)", s->name,
3373 memcg_cache_id(memcg), tmp_name);
3374
3375 new = kmem_cache_create_memcg(memcg, tmp_path, s->object_size, s->align,
3376 (s->flags & ~SLAB_PANIC), s->ctor, s);
3377 if (new)
3378 new->allocflags |= __GFP_KMEMCG;
3379 else
3380 new = s;
3381 out:
3382 mutex_unlock(&mutex);
3383 return new;
3384 }
3385
3386 void kmem_cache_destroy_memcg_children(struct kmem_cache *s)
3387 {
3388 struct kmem_cache *c;
3389 int i;
3390
3391 if (!s->memcg_params)
3392 return;
3393 if (!s->memcg_params->is_root_cache)
3394 return;
3395
3396 /*
3397 * If the cache is being destroyed, we trust that there is no one else
3398 * requesting objects from it. Even if there are, the sanity checks in
3399 * kmem_cache_destroy should caught this ill-case.
3400 *
3401 * Still, we don't want anyone else freeing memcg_caches under our
3402 * noses, which can happen if a new memcg comes to life. As usual,
3403 * we'll take the activate_kmem_mutex to protect ourselves against
3404 * this.
3405 */
3406 mutex_lock(&activate_kmem_mutex);
3407 for_each_memcg_cache_index(i) {
3408 c = cache_from_memcg_idx(s, i);
3409 if (!c)
3410 continue;
3411
3412 /*
3413 * We will now manually delete the caches, so to avoid races
3414 * we need to cancel all pending destruction workers and
3415 * proceed with destruction ourselves.
3416 *
3417 * kmem_cache_destroy() will call kmem_cache_shrink internally,
3418 * and that could spawn the workers again: it is likely that
3419 * the cache still have active pages until this very moment.
3420 * This would lead us back to mem_cgroup_destroy_cache.
3421 *
3422 * But that will not execute at all if the "dead" flag is not
3423 * set, so flip it down to guarantee we are in control.
3424 */
3425 c->memcg_params->dead = false;
3426 cancel_work_sync(&c->memcg_params->destroy);
3427 kmem_cache_destroy(c);
3428 }
3429 mutex_unlock(&activate_kmem_mutex);
3430 }
3431
3432 struct create_work {
3433 struct mem_cgroup *memcg;
3434 struct kmem_cache *cachep;
3435 struct work_struct work;
3436 };
3437
3438 static void mem_cgroup_destroy_all_caches(struct mem_cgroup *memcg)
3439 {
3440 struct kmem_cache *cachep;
3441 struct memcg_cache_params *params;
3442
3443 if (!memcg_kmem_is_active(memcg))
3444 return;
3445
3446 mutex_lock(&memcg->slab_caches_mutex);
3447 list_for_each_entry(params, &memcg->memcg_slab_caches, list) {
3448 cachep = memcg_params_to_cache(params);
3449 cachep->memcg_params->dead = true;
3450 schedule_work(&cachep->memcg_params->destroy);
3451 }
3452 mutex_unlock(&memcg->slab_caches_mutex);
3453 }
3454
3455 static void memcg_create_cache_work_func(struct work_struct *w)
3456 {
3457 struct create_work *cw;
3458
3459 cw = container_of(w, struct create_work, work);
3460 memcg_create_kmem_cache(cw->memcg, cw->cachep);
3461 css_put(&cw->memcg->css);
3462 kfree(cw);
3463 }
3464
3465 /*
3466 * Enqueue the creation of a per-memcg kmem_cache.
3467 */
3468 static void __memcg_create_cache_enqueue(struct mem_cgroup *memcg,
3469 struct kmem_cache *cachep)
3470 {
3471 struct create_work *cw;
3472
3473 cw = kmalloc(sizeof(struct create_work), GFP_NOWAIT);
3474 if (cw == NULL) {
3475 css_put(&memcg->css);
3476 return;
3477 }
3478
3479 cw->memcg = memcg;
3480 cw->cachep = cachep;
3481
3482 INIT_WORK(&cw->work, memcg_create_cache_work_func);
3483 schedule_work(&cw->work);
3484 }
3485
3486 static void memcg_create_cache_enqueue(struct mem_cgroup *memcg,
3487 struct kmem_cache *cachep)
3488 {
3489 /*
3490 * We need to stop accounting when we kmalloc, because if the
3491 * corresponding kmalloc cache is not yet created, the first allocation
3492 * in __memcg_create_cache_enqueue will recurse.
3493 *
3494 * However, it is better to enclose the whole function. Depending on
3495 * the debugging options enabled, INIT_WORK(), for instance, can
3496 * trigger an allocation. This too, will make us recurse. Because at
3497 * this point we can't allow ourselves back into memcg_kmem_get_cache,
3498 * the safest choice is to do it like this, wrapping the whole function.
3499 */
3500 memcg_stop_kmem_account();
3501 __memcg_create_cache_enqueue(memcg, cachep);
3502 memcg_resume_kmem_account();
3503 }
3504 /*
3505 * Return the kmem_cache we're supposed to use for a slab allocation.
3506 * We try to use the current memcg's version of the cache.
3507 *
3508 * If the cache does not exist yet, if we are the first user of it,
3509 * we either create it immediately, if possible, or create it asynchronously
3510 * in a workqueue.
3511 * In the latter case, we will let the current allocation go through with
3512 * the original cache.
3513 *
3514 * Can't be called in interrupt context or from kernel threads.
3515 * This function needs to be called with rcu_read_lock() held.
3516 */
3517 struct kmem_cache *__memcg_kmem_get_cache(struct kmem_cache *cachep,
3518 gfp_t gfp)
3519 {
3520 struct mem_cgroup *memcg;
3521 struct kmem_cache *memcg_cachep;
3522
3523 VM_BUG_ON(!cachep->memcg_params);
3524 VM_BUG_ON(!cachep->memcg_params->is_root_cache);
3525
3526 if (!current->mm || current->memcg_kmem_skip_account)
3527 return cachep;
3528
3529 rcu_read_lock();
3530 memcg = mem_cgroup_from_task(rcu_dereference(current->mm->owner));
3531
3532 if (!memcg_can_account_kmem(memcg))
3533 goto out;
3534
3535 memcg_cachep = cache_from_memcg_idx(cachep, memcg_cache_id(memcg));
3536 if (likely(memcg_cachep)) {
3537 cachep = memcg_cachep;
3538 goto out;
3539 }
3540
3541 /* The corresponding put will be done in the workqueue. */
3542 if (!css_tryget(&memcg->css))
3543 goto out;
3544 rcu_read_unlock();
3545
3546 /*
3547 * If we are in a safe context (can wait, and not in interrupt
3548 * context), we could be be predictable and return right away.
3549 * This would guarantee that the allocation being performed
3550 * already belongs in the new cache.
3551 *
3552 * However, there are some clashes that can arrive from locking.
3553 * For instance, because we acquire the slab_mutex while doing
3554 * kmem_cache_dup, this means no further allocation could happen
3555 * with the slab_mutex held.
3556 *
3557 * Also, because cache creation issue get_online_cpus(), this
3558 * creates a lock chain: memcg_slab_mutex -> cpu_hotplug_mutex,
3559 * that ends up reversed during cpu hotplug. (cpuset allocates
3560 * a bunch of GFP_KERNEL memory during cpuup). Due to all that,
3561 * better to defer everything.
3562 */
3563 memcg_create_cache_enqueue(memcg, cachep);
3564 return cachep;
3565 out:
3566 rcu_read_unlock();
3567 return cachep;
3568 }
3569 EXPORT_SYMBOL(__memcg_kmem_get_cache);
3570
3571 /*
3572 * We need to verify if the allocation against current->mm->owner's memcg is
3573 * possible for the given order. But the page is not allocated yet, so we'll
3574 * need a further commit step to do the final arrangements.
3575 *
3576 * It is possible for the task to switch cgroups in this mean time, so at
3577 * commit time, we can't rely on task conversion any longer. We'll then use
3578 * the handle argument to return to the caller which cgroup we should commit
3579 * against. We could also return the memcg directly and avoid the pointer
3580 * passing, but a boolean return value gives better semantics considering
3581 * the compiled-out case as well.
3582 *
3583 * Returning true means the allocation is possible.
3584 */
3585 bool
3586 __memcg_kmem_newpage_charge(gfp_t gfp, struct mem_cgroup **_memcg, int order)
3587 {
3588 struct mem_cgroup *memcg;
3589 int ret;
3590
3591 *_memcg = NULL;
3592
3593 /*
3594 * Disabling accounting is only relevant for some specific memcg
3595 * internal allocations. Therefore we would initially not have such
3596 * check here, since direct calls to the page allocator that are marked
3597 * with GFP_KMEMCG only happen outside memcg core. We are mostly
3598 * concerned with cache allocations, and by having this test at
3599 * memcg_kmem_get_cache, we are already able to relay the allocation to
3600 * the root cache and bypass the memcg cache altogether.
3601 *
3602 * There is one exception, though: the SLUB allocator does not create
3603 * large order caches, but rather service large kmallocs directly from
3604 * the page allocator. Therefore, the following sequence when backed by
3605 * the SLUB allocator:
3606 *
3607 * memcg_stop_kmem_account();
3608 * kmalloc(<large_number>)
3609 * memcg_resume_kmem_account();
3610 *
3611 * would effectively ignore the fact that we should skip accounting,
3612 * since it will drive us directly to this function without passing
3613 * through the cache selector memcg_kmem_get_cache. Such large
3614 * allocations are extremely rare but can happen, for instance, for the
3615 * cache arrays. We bring this test here.
3616 */
3617 if (!current->mm || current->memcg_kmem_skip_account)
3618 return true;
3619
3620 memcg = try_get_mem_cgroup_from_mm(current->mm);
3621
3622 /*
3623 * very rare case described in mem_cgroup_from_task. Unfortunately there
3624 * isn't much we can do without complicating this too much, and it would
3625 * be gfp-dependent anyway. Just let it go
3626 */
3627 if (unlikely(!memcg))
3628 return true;
3629
3630 if (!memcg_can_account_kmem(memcg)) {
3631 css_put(&memcg->css);
3632 return true;
3633 }
3634
3635 ret = memcg_charge_kmem(memcg, gfp, PAGE_SIZE << order);
3636 if (!ret)
3637 *_memcg = memcg;
3638
3639 css_put(&memcg->css);
3640 return (ret == 0);
3641 }
3642
3643 void __memcg_kmem_commit_charge(struct page *page, struct mem_cgroup *memcg,
3644 int order)
3645 {
3646 struct page_cgroup *pc;
3647
3648 VM_BUG_ON(mem_cgroup_is_root(memcg));
3649
3650 /* The page allocation failed. Revert */
3651 if (!page) {
3652 memcg_uncharge_kmem(memcg, PAGE_SIZE << order);
3653 return;
3654 }
3655
3656 pc = lookup_page_cgroup(page);
3657 lock_page_cgroup(pc);
3658 pc->mem_cgroup = memcg;
3659 SetPageCgroupUsed(pc);
3660 unlock_page_cgroup(pc);
3661 }
3662
3663 void __memcg_kmem_uncharge_pages(struct page *page, int order)
3664 {
3665 struct mem_cgroup *memcg = NULL;
3666 struct page_cgroup *pc;
3667
3668
3669 pc = lookup_page_cgroup(page);
3670 /*
3671 * Fast unlocked return. Theoretically might have changed, have to
3672 * check again after locking.
3673 */
3674 if (!PageCgroupUsed(pc))
3675 return;
3676
3677 lock_page_cgroup(pc);
3678 if (PageCgroupUsed(pc)) {
3679 memcg = pc->mem_cgroup;
3680 ClearPageCgroupUsed(pc);
3681 }
3682 unlock_page_cgroup(pc);
3683
3684 /*
3685 * We trust that only if there is a memcg associated with the page, it
3686 * is a valid allocation
3687 */
3688 if (!memcg)
3689 return;
3690
3691 VM_BUG_ON_PAGE(mem_cgroup_is_root(memcg), page);
3692 memcg_uncharge_kmem(memcg, PAGE_SIZE << order);
3693 }
3694 #else
3695 static inline void mem_cgroup_destroy_all_caches(struct mem_cgroup *memcg)
3696 {
3697 }
3698 #endif /* CONFIG_MEMCG_KMEM */
3699
3700 #ifdef CONFIG_TRANSPARENT_HUGEPAGE
3701
3702 #define PCGF_NOCOPY_AT_SPLIT (1 << PCG_LOCK | 1 << PCG_MIGRATION)
3703 /*
3704 * Because tail pages are not marked as "used", set it. We're under
3705 * zone->lru_lock, 'splitting on pmd' and compound_lock.
3706 * charge/uncharge will be never happen and move_account() is done under
3707 * compound_lock(), so we don't have to take care of races.
3708 */
3709 void mem_cgroup_split_huge_fixup(struct page *head)
3710 {
3711 struct page_cgroup *head_pc = lookup_page_cgroup(head);
3712 struct page_cgroup *pc;
3713 struct mem_cgroup *memcg;
3714 int i;
3715
3716 if (mem_cgroup_disabled())
3717 return;
3718
3719 memcg = head_pc->mem_cgroup;
3720 for (i = 1; i < HPAGE_PMD_NR; i++) {
3721 pc = head_pc + i;
3722 pc->mem_cgroup = memcg;
3723 smp_wmb();/* see __commit_charge() */
3724 pc->flags = head_pc->flags & ~PCGF_NOCOPY_AT_SPLIT;
3725 }
3726 __this_cpu_sub(memcg->stat->count[MEM_CGROUP_STAT_RSS_HUGE],
3727 HPAGE_PMD_NR);
3728 }
3729 #endif /* CONFIG_TRANSPARENT_HUGEPAGE */
3730
3731 /**
3732 * mem_cgroup_move_account - move account of the page
3733 * @page: the page
3734 * @nr_pages: number of regular pages (>1 for huge pages)
3735 * @pc: page_cgroup of the page.
3736 * @from: mem_cgroup which the page is moved from.
3737 * @to: mem_cgroup which the page is moved to. @from != @to.
3738 *
3739 * The caller must confirm following.
3740 * - page is not on LRU (isolate_page() is useful.)
3741 * - compound_lock is held when nr_pages > 1
3742 *
3743 * This function doesn't do "charge" to new cgroup and doesn't do "uncharge"
3744 * from old cgroup.
3745 */
3746 static int mem_cgroup_move_account(struct page *page,
3747 unsigned int nr_pages,
3748 struct page_cgroup *pc,
3749 struct mem_cgroup *from,
3750 struct mem_cgroup *to)
3751 {
3752 unsigned long flags;
3753 int ret;
3754 bool anon = PageAnon(page);
3755
3756 VM_BUG_ON(from == to);
3757 VM_BUG_ON_PAGE(PageLRU(page), page);
3758 /*
3759 * The page is isolated from LRU. So, collapse function
3760 * will not handle this page. But page splitting can happen.
3761 * Do this check under compound_page_lock(). The caller should
3762 * hold it.
3763 */
3764 ret = -EBUSY;
3765 if (nr_pages > 1 && !PageTransHuge(page))
3766 goto out;
3767
3768 lock_page_cgroup(pc);
3769
3770 ret = -EINVAL;
3771 if (!PageCgroupUsed(pc) || pc->mem_cgroup != from)
3772 goto unlock;
3773
3774 move_lock_mem_cgroup(from, &flags);
3775
3776 if (!anon && page_mapped(page)) {
3777 __this_cpu_sub(from->stat->count[MEM_CGROUP_STAT_FILE_MAPPED],
3778 nr_pages);
3779 __this_cpu_add(to->stat->count[MEM_CGROUP_STAT_FILE_MAPPED],
3780 nr_pages);
3781 }
3782
3783 if (PageWriteback(page)) {
3784 __this_cpu_sub(from->stat->count[MEM_CGROUP_STAT_WRITEBACK],
3785 nr_pages);
3786 __this_cpu_add(to->stat->count[MEM_CGROUP_STAT_WRITEBACK],
3787 nr_pages);
3788 }
3789
3790 mem_cgroup_charge_statistics(from, page, anon, -nr_pages);
3791
3792 /* caller should have done css_get */
3793 pc->mem_cgroup = to;
3794 mem_cgroup_charge_statistics(to, page, anon, nr_pages);
3795 move_unlock_mem_cgroup(from, &flags);
3796 ret = 0;
3797 unlock:
3798 unlock_page_cgroup(pc);
3799 /*
3800 * check events
3801 */
3802 memcg_check_events(to, page);
3803 memcg_check_events(from, page);
3804 out:
3805 return ret;
3806 }
3807
3808 /**
3809 * mem_cgroup_move_parent - moves page to the parent group
3810 * @page: the page to move
3811 * @pc: page_cgroup of the page
3812 * @child: page's cgroup
3813 *
3814 * move charges to its parent or the root cgroup if the group has no
3815 * parent (aka use_hierarchy==0).
3816 * Although this might fail (get_page_unless_zero, isolate_lru_page or
3817 * mem_cgroup_move_account fails) the failure is always temporary and
3818 * it signals a race with a page removal/uncharge or migration. In the
3819 * first case the page is on the way out and it will vanish from the LRU
3820 * on the next attempt and the call should be retried later.
3821 * Isolation from the LRU fails only if page has been isolated from
3822 * the LRU since we looked at it and that usually means either global
3823 * reclaim or migration going on. The page will either get back to the
3824 * LRU or vanish.
3825 * Finaly mem_cgroup_move_account fails only if the page got uncharged
3826 * (!PageCgroupUsed) or moved to a different group. The page will
3827 * disappear in the next attempt.
3828 */
3829 static int mem_cgroup_move_parent(struct page *page,
3830 struct page_cgroup *pc,
3831 struct mem_cgroup *child)
3832 {
3833 struct mem_cgroup *parent;
3834 unsigned int nr_pages;
3835 unsigned long uninitialized_var(flags);
3836 int ret;
3837
3838 VM_BUG_ON(mem_cgroup_is_root(child));
3839
3840 ret = -EBUSY;
3841 if (!get_page_unless_zero(page))
3842 goto out;
3843 if (isolate_lru_page(page))
3844 goto put;
3845
3846 nr_pages = hpage_nr_pages(page);
3847
3848 parent = parent_mem_cgroup(child);
3849 /*
3850 * If no parent, move charges to root cgroup.
3851 */
3852 if (!parent)
3853 parent = root_mem_cgroup;
3854
3855 if (nr_pages > 1) {
3856 VM_BUG_ON_PAGE(!PageTransHuge(page), page);
3857 flags = compound_lock_irqsave(page);
3858 }
3859
3860 ret = mem_cgroup_move_account(page, nr_pages,
3861 pc, child, parent);
3862 if (!ret)
3863 __mem_cgroup_cancel_local_charge(child, nr_pages);
3864
3865 if (nr_pages > 1)
3866 compound_unlock_irqrestore(page, flags);
3867 putback_lru_page(page);
3868 put:
3869 put_page(page);
3870 out:
3871 return ret;
3872 }
3873
3874 int mem_cgroup_newpage_charge(struct page *page,
3875 struct mm_struct *mm, gfp_t gfp_mask)
3876 {
3877 struct mem_cgroup *memcg = NULL;
3878 unsigned int nr_pages = 1;
3879 bool oom = true;
3880 int ret;
3881
3882 if (mem_cgroup_disabled())
3883 return 0;
3884
3885 VM_BUG_ON_PAGE(page_mapped(page), page);
3886 VM_BUG_ON_PAGE(page->mapping && !PageAnon(page), page);
3887 VM_BUG_ON(!mm);
3888
3889 if (PageTransHuge(page)) {
3890 nr_pages <<= compound_order(page);
3891 VM_BUG_ON_PAGE(!PageTransHuge(page), page);
3892 /*
3893 * Never OOM-kill a process for a huge page. The
3894 * fault handler will fall back to regular pages.
3895 */
3896 oom = false;
3897 }
3898
3899 ret = __mem_cgroup_try_charge(mm, gfp_mask, nr_pages, &memcg, oom);
3900 if (ret == -ENOMEM)
3901 return ret;
3902 __mem_cgroup_commit_charge(memcg, page, nr_pages,
3903 MEM_CGROUP_CHARGE_TYPE_ANON, false);
3904 return 0;
3905 }
3906
3907 /*
3908 * While swap-in, try_charge -> commit or cancel, the page is locked.
3909 * And when try_charge() successfully returns, one refcnt to memcg without
3910 * struct page_cgroup is acquired. This refcnt will be consumed by
3911 * "commit()" or removed by "cancel()"
3912 */
3913 static int __mem_cgroup_try_charge_swapin(struct mm_struct *mm,
3914 struct page *page,
3915 gfp_t mask,
3916 struct mem_cgroup **memcgp)
3917 {
3918 struct mem_cgroup *memcg;
3919 struct page_cgroup *pc;
3920 int ret;
3921
3922 pc = lookup_page_cgroup(page);
3923 /*
3924 * Every swap fault against a single page tries to charge the
3925 * page, bail as early as possible. shmem_unuse() encounters
3926 * already charged pages, too. The USED bit is protected by
3927 * the page lock, which serializes swap cache removal, which
3928 * in turn serializes uncharging.
3929 */
3930 if (PageCgroupUsed(pc))
3931 return 0;
3932 if (!do_swap_account)
3933 goto charge_cur_mm;
3934 memcg = try_get_mem_cgroup_from_page(page);
3935 if (!memcg)
3936 goto charge_cur_mm;
3937 *memcgp = memcg;
3938 ret = __mem_cgroup_try_charge(NULL, mask, 1, memcgp, true);
3939 css_put(&memcg->css);
3940 if (ret == -EINTR)
3941 ret = 0;
3942 return ret;
3943 charge_cur_mm:
3944 ret = __mem_cgroup_try_charge(mm, mask, 1, memcgp, true);
3945 if (ret == -EINTR)
3946 ret = 0;
3947 return ret;
3948 }
3949
3950 int mem_cgroup_try_charge_swapin(struct mm_struct *mm, struct page *page,
3951 gfp_t gfp_mask, struct mem_cgroup **memcgp)
3952 {
3953 *memcgp = NULL;
3954 if (mem_cgroup_disabled())
3955 return 0;
3956 /*
3957 * A racing thread's fault, or swapoff, may have already
3958 * updated the pte, and even removed page from swap cache: in
3959 * those cases unuse_pte()'s pte_same() test will fail; but
3960 * there's also a KSM case which does need to charge the page.
3961 */
3962 if (!PageSwapCache(page)) {
3963 int ret;
3964
3965 ret = __mem_cgroup_try_charge(mm, gfp_mask, 1, memcgp, true);
3966 if (ret == -EINTR)
3967 ret = 0;
3968 return ret;
3969 }
3970 return __mem_cgroup_try_charge_swapin(mm, page, gfp_mask, memcgp);
3971 }
3972
3973 void mem_cgroup_cancel_charge_swapin(struct mem_cgroup *memcg)
3974 {
3975 if (mem_cgroup_disabled())
3976 return;
3977 if (!memcg)
3978 return;
3979 __mem_cgroup_cancel_charge(memcg, 1);
3980 }
3981
3982 static void
3983 __mem_cgroup_commit_charge_swapin(struct page *page, struct mem_cgroup *memcg,
3984 enum charge_type ctype)
3985 {
3986 if (mem_cgroup_disabled())
3987 return;
3988 if (!memcg)
3989 return;
3990
3991 __mem_cgroup_commit_charge(memcg, page, 1, ctype, true);
3992 /*
3993 * Now swap is on-memory. This means this page may be
3994 * counted both as mem and swap....double count.
3995 * Fix it by uncharging from memsw. Basically, this SwapCache is stable
3996 * under lock_page(). But in do_swap_page()::memory.c, reuse_swap_page()
3997 * may call delete_from_swap_cache() before reach here.
3998 */
3999 if (do_swap_account && PageSwapCache(page)) {
4000 swp_entry_t ent = {.val = page_private(page)};
4001 mem_cgroup_uncharge_swap(ent);
4002 }
4003 }
4004
4005 void mem_cgroup_commit_charge_swapin(struct page *page,
4006 struct mem_cgroup *memcg)
4007 {
4008 __mem_cgroup_commit_charge_swapin(page, memcg,
4009 MEM_CGROUP_CHARGE_TYPE_ANON);
4010 }
4011
4012 int mem_cgroup_cache_charge(struct page *page, struct mm_struct *mm,
4013 gfp_t gfp_mask)
4014 {
4015 struct mem_cgroup *memcg = NULL;
4016 enum charge_type type = MEM_CGROUP_CHARGE_TYPE_CACHE;
4017 int ret;
4018
4019 if (mem_cgroup_disabled())
4020 return 0;
4021 if (PageCompound(page))
4022 return 0;
4023
4024 if (!PageSwapCache(page)) {
4025 /*
4026 * Page cache insertions can happen without an actual
4027 * task context, e.g. during disk probing on boot.
4028 */
4029 if (!mm)
4030 memcg = root_mem_cgroup;
4031 ret = __mem_cgroup_try_charge(mm, gfp_mask, 1, &memcg, true);
4032 if (ret != -ENOMEM)
4033 __mem_cgroup_commit_charge(memcg, page, 1, type, false);
4034 } else { /* page is swapcache/shmem */
4035 ret = __mem_cgroup_try_charge_swapin(mm, page,
4036 gfp_mask, &memcg);
4037 if (!ret)
4038 __mem_cgroup_commit_charge_swapin(page, memcg, type);
4039 }
4040 return ret;
4041 }
4042
4043 static void mem_cgroup_do_uncharge(struct mem_cgroup *memcg,
4044 unsigned int nr_pages,
4045 const enum charge_type ctype)
4046 {
4047 struct memcg_batch_info *batch = NULL;
4048 bool uncharge_memsw = true;
4049
4050 /* If swapout, usage of swap doesn't decrease */
4051 if (!do_swap_account || ctype == MEM_CGROUP_CHARGE_TYPE_SWAPOUT)
4052 uncharge_memsw = false;
4053
4054 batch = &current->memcg_batch;
4055 /*
4056 * In usual, we do css_get() when we remember memcg pointer.
4057 * But in this case, we keep res->usage until end of a series of
4058 * uncharges. Then, it's ok to ignore memcg's refcnt.
4059 */
4060 if (!batch->memcg)
4061 batch->memcg = memcg;
4062 /*
4063 * do_batch > 0 when unmapping pages or inode invalidate/truncate.
4064 * In those cases, all pages freed continuously can be expected to be in
4065 * the same cgroup and we have chance to coalesce uncharges.
4066 * But we do uncharge one by one if this is killed by OOM(TIF_MEMDIE)
4067 * because we want to do uncharge as soon as possible.
4068 */
4069
4070 if (!batch->do_batch || test_thread_flag(TIF_MEMDIE))
4071 goto direct_uncharge;
4072
4073 if (nr_pages > 1)
4074 goto direct_uncharge;
4075
4076 /*
4077 * In typical case, batch->memcg == mem. This means we can
4078 * merge a series of uncharges to an uncharge of res_counter.
4079 * If not, we uncharge res_counter ony by one.
4080 */
4081 if (batch->memcg != memcg)
4082 goto direct_uncharge;
4083 /* remember freed charge and uncharge it later */
4084 batch->nr_pages++;
4085 if (uncharge_memsw)
4086 batch->memsw_nr_pages++;
4087 return;
4088 direct_uncharge:
4089 res_counter_uncharge(&memcg->res, nr_pages * PAGE_SIZE);
4090 if (uncharge_memsw)
4091 res_counter_uncharge(&memcg->memsw, nr_pages * PAGE_SIZE);
4092 if (unlikely(batch->memcg != memcg))
4093 memcg_oom_recover(memcg);
4094 }
4095
4096 /*
4097 * uncharge if !page_mapped(page)
4098 */
4099 static struct mem_cgroup *
4100 __mem_cgroup_uncharge_common(struct page *page, enum charge_type ctype,
4101 bool end_migration)
4102 {
4103 struct mem_cgroup *memcg = NULL;
4104 unsigned int nr_pages = 1;
4105 struct page_cgroup *pc;
4106 bool anon;
4107
4108 if (mem_cgroup_disabled())
4109 return NULL;
4110
4111 if (PageTransHuge(page)) {
4112 nr_pages <<= compound_order(page);
4113 VM_BUG_ON_PAGE(!PageTransHuge(page), page);
4114 }
4115 /*
4116 * Check if our page_cgroup is valid
4117 */
4118 pc = lookup_page_cgroup(page);
4119 if (unlikely(!PageCgroupUsed(pc)))
4120 return NULL;
4121
4122 lock_page_cgroup(pc);
4123
4124 memcg = pc->mem_cgroup;
4125
4126 if (!PageCgroupUsed(pc))
4127 goto unlock_out;
4128
4129 anon = PageAnon(page);
4130
4131 switch (ctype) {
4132 case MEM_CGROUP_CHARGE_TYPE_ANON:
4133 /*
4134 * Generally PageAnon tells if it's the anon statistics to be
4135 * updated; but sometimes e.g. mem_cgroup_uncharge_page() is
4136 * used before page reached the stage of being marked PageAnon.
4137 */
4138 anon = true;
4139 /* fallthrough */
4140 case MEM_CGROUP_CHARGE_TYPE_DROP:
4141 /* See mem_cgroup_prepare_migration() */
4142 if (page_mapped(page))
4143 goto unlock_out;
4144 /*
4145 * Pages under migration may not be uncharged. But
4146 * end_migration() /must/ be the one uncharging the
4147 * unused post-migration page and so it has to call
4148 * here with the migration bit still set. See the
4149 * res_counter handling below.
4150 */
4151 if (!end_migration && PageCgroupMigration(pc))
4152 goto unlock_out;
4153 break;
4154 case MEM_CGROUP_CHARGE_TYPE_SWAPOUT:
4155 if (!PageAnon(page)) { /* Shared memory */
4156 if (page->mapping && !page_is_file_cache(page))
4157 goto unlock_out;
4158 } else if (page_mapped(page)) /* Anon */
4159 goto unlock_out;
4160 break;
4161 default:
4162 break;
4163 }
4164
4165 mem_cgroup_charge_statistics(memcg, page, anon, -nr_pages);
4166
4167 ClearPageCgroupUsed(pc);
4168 /*
4169 * pc->mem_cgroup is not cleared here. It will be accessed when it's
4170 * freed from LRU. This is safe because uncharged page is expected not
4171 * to be reused (freed soon). Exception is SwapCache, it's handled by
4172 * special functions.
4173 */
4174
4175 unlock_page_cgroup(pc);
4176 /*
4177 * even after unlock, we have memcg->res.usage here and this memcg
4178 * will never be freed, so it's safe to call css_get().
4179 */
4180 memcg_check_events(memcg, page);
4181 if (do_swap_account && ctype == MEM_CGROUP_CHARGE_TYPE_SWAPOUT) {
4182 mem_cgroup_swap_statistics(memcg, true);
4183 css_get(&memcg->css);
4184 }
4185 /*
4186 * Migration does not charge the res_counter for the
4187 * replacement page, so leave it alone when phasing out the
4188 * page that is unused after the migration.
4189 */
4190 if (!end_migration && !mem_cgroup_is_root(memcg))
4191 mem_cgroup_do_uncharge(memcg, nr_pages, ctype);
4192
4193 return memcg;
4194
4195 unlock_out:
4196 unlock_page_cgroup(pc);
4197 return NULL;
4198 }
4199
4200 void mem_cgroup_uncharge_page(struct page *page)
4201 {
4202 /* early check. */
4203 if (page_mapped(page))
4204 return;
4205 VM_BUG_ON_PAGE(page->mapping && !PageAnon(page), page);
4206 /*
4207 * If the page is in swap cache, uncharge should be deferred
4208 * to the swap path, which also properly accounts swap usage
4209 * and handles memcg lifetime.
4210 *
4211 * Note that this check is not stable and reclaim may add the
4212 * page to swap cache at any time after this. However, if the
4213 * page is not in swap cache by the time page->mapcount hits
4214 * 0, there won't be any page table references to the swap
4215 * slot, and reclaim will free it and not actually write the
4216 * page to disk.
4217 */
4218 if (PageSwapCache(page))
4219 return;
4220 __mem_cgroup_uncharge_common(page, MEM_CGROUP_CHARGE_TYPE_ANON, false);
4221 }
4222
4223 void mem_cgroup_uncharge_cache_page(struct page *page)
4224 {
4225 VM_BUG_ON_PAGE(page_mapped(page), page);
4226 VM_BUG_ON_PAGE(page->mapping, page);
4227 __mem_cgroup_uncharge_common(page, MEM_CGROUP_CHARGE_TYPE_CACHE, false);
4228 }
4229
4230 /*
4231 * Batch_start/batch_end is called in unmap_page_range/invlidate/trucate.
4232 * In that cases, pages are freed continuously and we can expect pages
4233 * are in the same memcg. All these calls itself limits the number of
4234 * pages freed at once, then uncharge_start/end() is called properly.
4235 * This may be called prural(2) times in a context,
4236 */
4237
4238 void mem_cgroup_uncharge_start(void)
4239 {
4240 current->memcg_batch.do_batch++;
4241 /* We can do nest. */
4242 if (current->memcg_batch.do_batch == 1) {
4243 current->memcg_batch.memcg = NULL;
4244 current->memcg_batch.nr_pages = 0;
4245 current->memcg_batch.memsw_nr_pages = 0;
4246 }
4247 }
4248
4249 void mem_cgroup_uncharge_end(void)
4250 {
4251 struct memcg_batch_info *batch = &current->memcg_batch;
4252
4253 if (!batch->do_batch)
4254 return;
4255
4256 batch->do_batch--;
4257 if (batch->do_batch) /* If stacked, do nothing. */
4258 return;
4259
4260 if (!batch->memcg)
4261 return;
4262 /*
4263 * This "batch->memcg" is valid without any css_get/put etc...
4264 * bacause we hide charges behind us.
4265 */
4266 if (batch->nr_pages)
4267 res_counter_uncharge(&batch->memcg->res,
4268 batch->nr_pages * PAGE_SIZE);
4269 if (batch->memsw_nr_pages)
4270 res_counter_uncharge(&batch->memcg->memsw,
4271 batch->memsw_nr_pages * PAGE_SIZE);
4272 memcg_oom_recover(batch->memcg);
4273 /* forget this pointer (for sanity check) */
4274 batch->memcg = NULL;
4275 }
4276
4277 #ifdef CONFIG_SWAP
4278 /*
4279 * called after __delete_from_swap_cache() and drop "page" account.
4280 * memcg information is recorded to swap_cgroup of "ent"
4281 */
4282 void
4283 mem_cgroup_uncharge_swapcache(struct page *page, swp_entry_t ent, bool swapout)
4284 {
4285 struct mem_cgroup *memcg;
4286 int ctype = MEM_CGROUP_CHARGE_TYPE_SWAPOUT;
4287
4288 if (!swapout) /* this was a swap cache but the swap is unused ! */
4289 ctype = MEM_CGROUP_CHARGE_TYPE_DROP;
4290
4291 memcg = __mem_cgroup_uncharge_common(page, ctype, false);
4292
4293 /*
4294 * record memcg information, if swapout && memcg != NULL,
4295 * css_get() was called in uncharge().
4296 */
4297 if (do_swap_account && swapout && memcg)
4298 swap_cgroup_record(ent, mem_cgroup_id(memcg));
4299 }
4300 #endif
4301
4302 #ifdef CONFIG_MEMCG_SWAP
4303 /*
4304 * called from swap_entry_free(). remove record in swap_cgroup and
4305 * uncharge "memsw" account.
4306 */
4307 void mem_cgroup_uncharge_swap(swp_entry_t ent)
4308 {
4309 struct mem_cgroup *memcg;
4310 unsigned short id;
4311
4312 if (!do_swap_account)
4313 return;
4314
4315 id = swap_cgroup_record(ent, 0);
4316 rcu_read_lock();
4317 memcg = mem_cgroup_lookup(id);
4318 if (memcg) {
4319 /*
4320 * We uncharge this because swap is freed.
4321 * This memcg can be obsolete one. We avoid calling css_tryget
4322 */
4323 if (!mem_cgroup_is_root(memcg))
4324 res_counter_uncharge(&memcg->memsw, PAGE_SIZE);
4325 mem_cgroup_swap_statistics(memcg, false);
4326 css_put(&memcg->css);
4327 }
4328 rcu_read_unlock();
4329 }
4330
4331 /**
4332 * mem_cgroup_move_swap_account - move swap charge and swap_cgroup's record.
4333 * @entry: swap entry to be moved
4334 * @from: mem_cgroup which the entry is moved from
4335 * @to: mem_cgroup which the entry is moved to
4336 *
4337 * It succeeds only when the swap_cgroup's record for this entry is the same
4338 * as the mem_cgroup's id of @from.
4339 *
4340 * Returns 0 on success, -EINVAL on failure.
4341 *
4342 * The caller must have charged to @to, IOW, called res_counter_charge() about
4343 * both res and memsw, and called css_get().
4344 */
4345 static int mem_cgroup_move_swap_account(swp_entry_t entry,
4346 struct mem_cgroup *from, struct mem_cgroup *to)
4347 {
4348 unsigned short old_id, new_id;
4349
4350 old_id = mem_cgroup_id(from);
4351 new_id = mem_cgroup_id(to);
4352
4353 if (swap_cgroup_cmpxchg(entry, old_id, new_id) == old_id) {
4354 mem_cgroup_swap_statistics(from, false);
4355 mem_cgroup_swap_statistics(to, true);
4356 /*
4357 * This function is only called from task migration context now.
4358 * It postpones res_counter and refcount handling till the end
4359 * of task migration(mem_cgroup_clear_mc()) for performance
4360 * improvement. But we cannot postpone css_get(to) because if
4361 * the process that has been moved to @to does swap-in, the
4362 * refcount of @to might be decreased to 0.
4363 *
4364 * We are in attach() phase, so the cgroup is guaranteed to be
4365 * alive, so we can just call css_get().
4366 */
4367 css_get(&to->css);
4368 return 0;
4369 }
4370 return -EINVAL;
4371 }
4372 #else
4373 static inline int mem_cgroup_move_swap_account(swp_entry_t entry,
4374 struct mem_cgroup *from, struct mem_cgroup *to)
4375 {
4376 return -EINVAL;
4377 }
4378 #endif
4379
4380 /*
4381 * Before starting migration, account PAGE_SIZE to mem_cgroup that the old
4382 * page belongs to.
4383 */
4384 void mem_cgroup_prepare_migration(struct page *page, struct page *newpage,
4385 struct mem_cgroup **memcgp)
4386 {
4387 struct mem_cgroup *memcg = NULL;
4388 unsigned int nr_pages = 1;
4389 struct page_cgroup *pc;
4390 enum charge_type ctype;
4391
4392 *memcgp = NULL;
4393
4394 if (mem_cgroup_disabled())
4395 return;
4396
4397 if (PageTransHuge(page))
4398 nr_pages <<= compound_order(page);
4399
4400 pc = lookup_page_cgroup(page);
4401 lock_page_cgroup(pc);
4402 if (PageCgroupUsed(pc)) {
4403 memcg = pc->mem_cgroup;
4404 css_get(&memcg->css);
4405 /*
4406 * At migrating an anonymous page, its mapcount goes down
4407 * to 0 and uncharge() will be called. But, even if it's fully
4408 * unmapped, migration may fail and this page has to be
4409 * charged again. We set MIGRATION flag here and delay uncharge
4410 * until end_migration() is called
4411 *
4412 * Corner Case Thinking
4413 * A)
4414 * When the old page was mapped as Anon and it's unmap-and-freed
4415 * while migration was ongoing.
4416 * If unmap finds the old page, uncharge() of it will be delayed
4417 * until end_migration(). If unmap finds a new page, it's
4418 * uncharged when it make mapcount to be 1->0. If unmap code
4419 * finds swap_migration_entry, the new page will not be mapped
4420 * and end_migration() will find it(mapcount==0).
4421 *
4422 * B)
4423 * When the old page was mapped but migraion fails, the kernel
4424 * remaps it. A charge for it is kept by MIGRATION flag even
4425 * if mapcount goes down to 0. We can do remap successfully
4426 * without charging it again.
4427 *
4428 * C)
4429 * The "old" page is under lock_page() until the end of
4430 * migration, so, the old page itself will not be swapped-out.
4431 * If the new page is swapped out before end_migraton, our
4432 * hook to usual swap-out path will catch the event.
4433 */
4434 if (PageAnon(page))
4435 SetPageCgroupMigration(pc);
4436 }
4437 unlock_page_cgroup(pc);
4438 /*
4439 * If the page is not charged at this point,
4440 * we return here.
4441 */
4442 if (!memcg)
4443 return;
4444
4445 *memcgp = memcg;
4446 /*
4447 * We charge new page before it's used/mapped. So, even if unlock_page()
4448 * is called before end_migration, we can catch all events on this new
4449 * page. In the case new page is migrated but not remapped, new page's
4450 * mapcount will be finally 0 and we call uncharge in end_migration().
4451 */
4452 if (PageAnon(page))
4453 ctype = MEM_CGROUP_CHARGE_TYPE_ANON;
4454 else
4455 ctype = MEM_CGROUP_CHARGE_TYPE_CACHE;
4456 /*
4457 * The page is committed to the memcg, but it's not actually
4458 * charged to the res_counter since we plan on replacing the
4459 * old one and only one page is going to be left afterwards.
4460 */
4461 __mem_cgroup_commit_charge(memcg, newpage, nr_pages, ctype, false);
4462 }
4463
4464 /* remove redundant charge if migration failed*/
4465 void mem_cgroup_end_migration(struct mem_cgroup *memcg,
4466 struct page *oldpage, struct page *newpage, bool migration_ok)
4467 {
4468 struct page *used, *unused;
4469 struct page_cgroup *pc;
4470 bool anon;
4471
4472 if (!memcg)
4473 return;
4474
4475 if (!migration_ok) {
4476 used = oldpage;
4477 unused = newpage;
4478 } else {
4479 used = newpage;
4480 unused = oldpage;
4481 }
4482 anon = PageAnon(used);
4483 __mem_cgroup_uncharge_common(unused,
4484 anon ? MEM_CGROUP_CHARGE_TYPE_ANON
4485 : MEM_CGROUP_CHARGE_TYPE_CACHE,
4486 true);
4487 css_put(&memcg->css);
4488 /*
4489 * We disallowed uncharge of pages under migration because mapcount
4490 * of the page goes down to zero, temporarly.
4491 * Clear the flag and check the page should be charged.
4492 */
4493 pc = lookup_page_cgroup(oldpage);
4494 lock_page_cgroup(pc);
4495 ClearPageCgroupMigration(pc);
4496 unlock_page_cgroup(pc);
4497
4498 /*
4499 * If a page is a file cache, radix-tree replacement is very atomic
4500 * and we can skip this check. When it was an Anon page, its mapcount
4501 * goes down to 0. But because we added MIGRATION flage, it's not
4502 * uncharged yet. There are several case but page->mapcount check
4503 * and USED bit check in mem_cgroup_uncharge_page() will do enough
4504 * check. (see prepare_charge() also)
4505 */
4506 if (anon)
4507 mem_cgroup_uncharge_page(used);
4508 }
4509
4510 /*
4511 * At replace page cache, newpage is not under any memcg but it's on
4512 * LRU. So, this function doesn't touch res_counter but handles LRU
4513 * in correct way. Both pages are locked so we cannot race with uncharge.
4514 */
4515 void mem_cgroup_replace_page_cache(struct page *oldpage,
4516 struct page *newpage)
4517 {
4518 struct mem_cgroup *memcg = NULL;
4519 struct page_cgroup *pc;
4520 enum charge_type type = MEM_CGROUP_CHARGE_TYPE_CACHE;
4521
4522 if (mem_cgroup_disabled())
4523 return;
4524
4525 pc = lookup_page_cgroup(oldpage);
4526 /* fix accounting on old pages */
4527 lock_page_cgroup(pc);
4528 if (PageCgroupUsed(pc)) {
4529 memcg = pc->mem_cgroup;
4530 mem_cgroup_charge_statistics(memcg, oldpage, false, -1);
4531 ClearPageCgroupUsed(pc);
4532 }
4533 unlock_page_cgroup(pc);
4534
4535 /*
4536 * When called from shmem_replace_page(), in some cases the
4537 * oldpage has already been charged, and in some cases not.
4538 */
4539 if (!memcg)
4540 return;
4541 /*
4542 * Even if newpage->mapping was NULL before starting replacement,
4543 * the newpage may be on LRU(or pagevec for LRU) already. We lock
4544 * LRU while we overwrite pc->mem_cgroup.
4545 */
4546 __mem_cgroup_commit_charge(memcg, newpage, 1, type, true);
4547 }
4548
4549 #ifdef CONFIG_DEBUG_VM
4550 static struct page_cgroup *lookup_page_cgroup_used(struct page *page)
4551 {
4552 struct page_cgroup *pc;
4553
4554 pc = lookup_page_cgroup(page);
4555 /*
4556 * Can be NULL while feeding pages into the page allocator for
4557 * the first time, i.e. during boot or memory hotplug;
4558 * or when mem_cgroup_disabled().
4559 */
4560 if (likely(pc) && PageCgroupUsed(pc))
4561 return pc;
4562 return NULL;
4563 }
4564
4565 bool mem_cgroup_bad_page_check(struct page *page)
4566 {
4567 if (mem_cgroup_disabled())
4568 return false;
4569
4570 return lookup_page_cgroup_used(page) != NULL;
4571 }
4572
4573 void mem_cgroup_print_bad_page(struct page *page)
4574 {
4575 struct page_cgroup *pc;
4576
4577 pc = lookup_page_cgroup_used(page);
4578 if (pc) {
4579 pr_alert("pc:%p pc->flags:%lx pc->mem_cgroup:%p\n",
4580 pc, pc->flags, pc->mem_cgroup);
4581 }
4582 }
4583 #endif
4584
4585 static int mem_cgroup_resize_limit(struct mem_cgroup *memcg,
4586 unsigned long long val)
4587 {
4588 int retry_count;
4589 u64 memswlimit, memlimit;
4590 int ret = 0;
4591 int children = mem_cgroup_count_children(memcg);
4592 u64 curusage, oldusage;
4593 int enlarge;
4594
4595 /*
4596 * For keeping hierarchical_reclaim simple, how long we should retry
4597 * is depends on callers. We set our retry-count to be function
4598 * of # of children which we should visit in this loop.
4599 */
4600 retry_count = MEM_CGROUP_RECLAIM_RETRIES * children;
4601
4602 oldusage = res_counter_read_u64(&memcg->res, RES_USAGE);
4603
4604 enlarge = 0;
4605 while (retry_count) {
4606 if (signal_pending(current)) {
4607 ret = -EINTR;
4608 break;
4609 }
4610 /*
4611 * Rather than hide all in some function, I do this in
4612 * open coded manner. You see what this really does.
4613 * We have to guarantee memcg->res.limit <= memcg->memsw.limit.
4614 */
4615 mutex_lock(&set_limit_mutex);
4616 memswlimit = res_counter_read_u64(&memcg->memsw, RES_LIMIT);
4617 if (memswlimit < val) {
4618 ret = -EINVAL;
4619 mutex_unlock(&set_limit_mutex);
4620 break;
4621 }
4622
4623 memlimit = res_counter_read_u64(&memcg->res, RES_LIMIT);
4624 if (memlimit < val)
4625 enlarge = 1;
4626
4627 ret = res_counter_set_limit(&memcg->res, val);
4628 if (!ret) {
4629 if (memswlimit == val)
4630 memcg->memsw_is_minimum = true;
4631 else
4632 memcg->memsw_is_minimum = false;
4633 }
4634 mutex_unlock(&set_limit_mutex);
4635
4636 if (!ret)
4637 break;
4638
4639 mem_cgroup_reclaim(memcg, GFP_KERNEL,
4640 MEM_CGROUP_RECLAIM_SHRINK);
4641 curusage = res_counter_read_u64(&memcg->res, RES_USAGE);
4642 /* Usage is reduced ? */
4643 if (curusage >= oldusage)
4644 retry_count--;
4645 else
4646 oldusage = curusage;
4647 }
4648 if (!ret && enlarge)
4649 memcg_oom_recover(memcg);
4650
4651 return ret;
4652 }
4653
4654 static int mem_cgroup_resize_memsw_limit(struct mem_cgroup *memcg,
4655 unsigned long long val)
4656 {
4657 int retry_count;
4658 u64 memlimit, memswlimit, oldusage, curusage;
4659 int children = mem_cgroup_count_children(memcg);
4660 int ret = -EBUSY;
4661 int enlarge = 0;
4662
4663 /* see mem_cgroup_resize_res_limit */
4664 retry_count = children * MEM_CGROUP_RECLAIM_RETRIES;
4665 oldusage = res_counter_read_u64(&memcg->memsw, RES_USAGE);
4666 while (retry_count) {
4667 if (signal_pending(current)) {
4668 ret = -EINTR;
4669 break;
4670 }
4671 /*
4672 * Rather than hide all in some function, I do this in
4673 * open coded manner. You see what this really does.
4674 * We have to guarantee memcg->res.limit <= memcg->memsw.limit.
4675 */
4676 mutex_lock(&set_limit_mutex);
4677 memlimit = res_counter_read_u64(&memcg->res, RES_LIMIT);
4678 if (memlimit > val) {
4679 ret = -EINVAL;
4680 mutex_unlock(&set_limit_mutex);
4681 break;
4682 }
4683 memswlimit = res_counter_read_u64(&memcg->memsw, RES_LIMIT);
4684 if (memswlimit < val)
4685 enlarge = 1;
4686 ret = res_counter_set_limit(&memcg->memsw, val);
4687 if (!ret) {
4688 if (memlimit == val)
4689 memcg->memsw_is_minimum = true;
4690 else
4691 memcg->memsw_is_minimum = false;
4692 }
4693 mutex_unlock(&set_limit_mutex);
4694
4695 if (!ret)
4696 break;
4697
4698 mem_cgroup_reclaim(memcg, GFP_KERNEL,
4699 MEM_CGROUP_RECLAIM_NOSWAP |
4700 MEM_CGROUP_RECLAIM_SHRINK);
4701 curusage = res_counter_read_u64(&memcg->memsw, RES_USAGE);
4702 /* Usage is reduced ? */
4703 if (curusage >= oldusage)
4704 retry_count--;
4705 else
4706 oldusage = curusage;
4707 }
4708 if (!ret && enlarge)
4709 memcg_oom_recover(memcg);
4710 return ret;
4711 }
4712
4713 unsigned long mem_cgroup_soft_limit_reclaim(struct zone *zone, int order,
4714 gfp_t gfp_mask,
4715 unsigned long *total_scanned)
4716 {
4717 unsigned long nr_reclaimed = 0;
4718 struct mem_cgroup_per_zone *mz, *next_mz = NULL;
4719 unsigned long reclaimed;
4720 int loop = 0;
4721 struct mem_cgroup_tree_per_zone *mctz;
4722 unsigned long long excess;
4723 unsigned long nr_scanned;
4724
4725 if (order > 0)
4726 return 0;
4727
4728 mctz = soft_limit_tree_node_zone(zone_to_nid(zone), zone_idx(zone));
4729 /*
4730 * This loop can run a while, specially if mem_cgroup's continuously
4731 * keep exceeding their soft limit and putting the system under
4732 * pressure
4733 */
4734 do {
4735 if (next_mz)
4736 mz = next_mz;
4737 else
4738 mz = mem_cgroup_largest_soft_limit_node(mctz);
4739 if (!mz)
4740 break;
4741
4742 nr_scanned = 0;
4743 reclaimed = mem_cgroup_soft_reclaim(mz->memcg, zone,
4744 gfp_mask, &nr_scanned);
4745 nr_reclaimed += reclaimed;
4746 *total_scanned += nr_scanned;
4747 spin_lock(&mctz->lock);
4748
4749 /*
4750 * If we failed to reclaim anything from this memory cgroup
4751 * it is time to move on to the next cgroup
4752 */
4753 next_mz = NULL;
4754 if (!reclaimed) {
4755 do {
4756 /*
4757 * Loop until we find yet another one.
4758 *
4759 * By the time we get the soft_limit lock
4760 * again, someone might have aded the
4761 * group back on the RB tree. Iterate to
4762 * make sure we get a different mem.
4763 * mem_cgroup_largest_soft_limit_node returns
4764 * NULL if no other cgroup is present on
4765 * the tree
4766 */
4767 next_mz =
4768 __mem_cgroup_largest_soft_limit_node(mctz);
4769 if (next_mz == mz)
4770 css_put(&next_mz->memcg->css);
4771 else /* next_mz == NULL or other memcg */
4772 break;
4773 } while (1);
4774 }
4775 __mem_cgroup_remove_exceeded(mz->memcg, mz, mctz);
4776 excess = res_counter_soft_limit_excess(&mz->memcg->res);
4777 /*
4778 * One school of thought says that we should not add
4779 * back the node to the tree if reclaim returns 0.
4780 * But our reclaim could return 0, simply because due
4781 * to priority we are exposing a smaller subset of
4782 * memory to reclaim from. Consider this as a longer
4783 * term TODO.
4784 */
4785 /* If excess == 0, no tree ops */
4786 __mem_cgroup_insert_exceeded(mz->memcg, mz, mctz, excess);
4787 spin_unlock(&mctz->lock);
4788 css_put(&mz->memcg->css);
4789 loop++;
4790 /*
4791 * Could not reclaim anything and there are no more
4792 * mem cgroups to try or we seem to be looping without
4793 * reclaiming anything.
4794 */
4795 if (!nr_reclaimed &&
4796 (next_mz == NULL ||
4797 loop > MEM_CGROUP_MAX_SOFT_LIMIT_RECLAIM_LOOPS))
4798 break;
4799 } while (!nr_reclaimed);
4800 if (next_mz)
4801 css_put(&next_mz->memcg->css);
4802 return nr_reclaimed;
4803 }
4804
4805 /**
4806 * mem_cgroup_force_empty_list - clears LRU of a group
4807 * @memcg: group to clear
4808 * @node: NUMA node
4809 * @zid: zone id
4810 * @lru: lru to to clear
4811 *
4812 * Traverse a specified page_cgroup list and try to drop them all. This doesn't
4813 * reclaim the pages page themselves - pages are moved to the parent (or root)
4814 * group.
4815 */
4816 static void mem_cgroup_force_empty_list(struct mem_cgroup *memcg,
4817 int node, int zid, enum lru_list lru)
4818 {
4819 struct lruvec *lruvec;
4820 unsigned long flags;
4821 struct list_head *list;
4822 struct page *busy;
4823 struct zone *zone;
4824
4825 zone = &NODE_DATA(node)->node_zones[zid];
4826 lruvec = mem_cgroup_zone_lruvec(zone, memcg);
4827 list = &lruvec->lists[lru];
4828
4829 busy = NULL;
4830 do {
4831 struct page_cgroup *pc;
4832 struct page *page;
4833
4834 spin_lock_irqsave(&zone->lru_lock, flags);
4835 if (list_empty(list)) {
4836 spin_unlock_irqrestore(&zone->lru_lock, flags);
4837 break;
4838 }
4839 page = list_entry(list->prev, struct page, lru);
4840 if (busy == page) {
4841 list_move(&page->lru, list);
4842 busy = NULL;
4843 spin_unlock_irqrestore(&zone->lru_lock, flags);
4844 continue;
4845 }
4846 spin_unlock_irqrestore(&zone->lru_lock, flags);
4847
4848 pc = lookup_page_cgroup(page);
4849
4850 if (mem_cgroup_move_parent(page, pc, memcg)) {
4851 /* found lock contention or "pc" is obsolete. */
4852 busy = page;
4853 cond_resched();
4854 } else
4855 busy = NULL;
4856 } while (!list_empty(list));
4857 }
4858
4859 /*
4860 * make mem_cgroup's charge to be 0 if there is no task by moving
4861 * all the charges and pages to the parent.
4862 * This enables deleting this mem_cgroup.
4863 *
4864 * Caller is responsible for holding css reference on the memcg.
4865 */
4866 static void mem_cgroup_reparent_charges(struct mem_cgroup *memcg)
4867 {
4868 int node, zid;
4869 u64 usage;
4870
4871 do {
4872 /* This is for making all *used* pages to be on LRU. */
4873 lru_add_drain_all();
4874 drain_all_stock_sync(memcg);
4875 mem_cgroup_start_move(memcg);
4876 for_each_node_state(node, N_MEMORY) {
4877 for (zid = 0; zid < MAX_NR_ZONES; zid++) {
4878 enum lru_list lru;
4879 for_each_lru(lru) {
4880 mem_cgroup_force_empty_list(memcg,
4881 node, zid, lru);
4882 }
4883 }
4884 }
4885 mem_cgroup_end_move(memcg);
4886 memcg_oom_recover(memcg);
4887 cond_resched();
4888
4889 /*
4890 * Kernel memory may not necessarily be trackable to a specific
4891 * process. So they are not migrated, and therefore we can't
4892 * expect their value to drop to 0 here.
4893 * Having res filled up with kmem only is enough.
4894 *
4895 * This is a safety check because mem_cgroup_force_empty_list
4896 * could have raced with mem_cgroup_replace_page_cache callers
4897 * so the lru seemed empty but the page could have been added
4898 * right after the check. RES_USAGE should be safe as we always
4899 * charge before adding to the LRU.
4900 */
4901 usage = res_counter_read_u64(&memcg->res, RES_USAGE) -
4902 res_counter_read_u64(&memcg->kmem, RES_USAGE);
4903 } while (usage > 0);
4904 }
4905
4906 static inline bool memcg_has_children(struct mem_cgroup *memcg)
4907 {
4908 lockdep_assert_held(&memcg_create_mutex);
4909 /*
4910 * The lock does not prevent addition or deletion to the list
4911 * of children, but it prevents a new child from being
4912 * initialized based on this parent in css_online(), so it's
4913 * enough to decide whether hierarchically inherited
4914 * attributes can still be changed or not.
4915 */
4916 return memcg->use_hierarchy &&
4917 !list_empty(&memcg->css.cgroup->children);
4918 }
4919
4920 /*
4921 * Reclaims as many pages from the given memcg as possible and moves
4922 * the rest to the parent.
4923 *
4924 * Caller is responsible for holding css reference for memcg.
4925 */
4926 static int mem_cgroup_force_empty(struct mem_cgroup *memcg)
4927 {
4928 int nr_retries = MEM_CGROUP_RECLAIM_RETRIES;
4929 struct cgroup *cgrp = memcg->css.cgroup;
4930
4931 /* returns EBUSY if there is a task or if we come here twice. */
4932 if (cgroup_has_tasks(cgrp) || !list_empty(&cgrp->children))
4933 return -EBUSY;
4934
4935 /* we call try-to-free pages for make this cgroup empty */
4936 lru_add_drain_all();
4937 /* try to free all pages in this cgroup */
4938 while (nr_retries && res_counter_read_u64(&memcg->res, RES_USAGE) > 0) {
4939 int progress;
4940
4941 if (signal_pending(current))
4942 return -EINTR;
4943
4944 progress = try_to_free_mem_cgroup_pages(memcg, GFP_KERNEL,
4945 false);
4946 if (!progress) {
4947 nr_retries--;
4948 /* maybe some writeback is necessary */
4949 congestion_wait(BLK_RW_ASYNC, HZ/10);
4950 }
4951
4952 }
4953 lru_add_drain();
4954 mem_cgroup_reparent_charges(memcg);
4955
4956 return 0;
4957 }
4958
4959 static int mem_cgroup_force_empty_write(struct cgroup_subsys_state *css,
4960 unsigned int event)
4961 {
4962 struct mem_cgroup *memcg = mem_cgroup_from_css(css);
4963
4964 if (mem_cgroup_is_root(memcg))
4965 return -EINVAL;
4966 return mem_cgroup_force_empty(memcg);
4967 }
4968
4969 static u64 mem_cgroup_hierarchy_read(struct cgroup_subsys_state *css,
4970 struct cftype *cft)
4971 {
4972 return mem_cgroup_from_css(css)->use_hierarchy;
4973 }
4974
4975 static int mem_cgroup_hierarchy_write(struct cgroup_subsys_state *css,
4976 struct cftype *cft, u64 val)
4977 {
4978 int retval = 0;
4979 struct mem_cgroup *memcg = mem_cgroup_from_css(css);
4980 struct mem_cgroup *parent_memcg = mem_cgroup_from_css(css_parent(&memcg->css));
4981
4982 mutex_lock(&memcg_create_mutex);
4983
4984 if (memcg->use_hierarchy == val)
4985 goto out;
4986
4987 /*
4988 * If parent's use_hierarchy is set, we can't make any modifications
4989 * in the child subtrees. If it is unset, then the change can
4990 * occur, provided the current cgroup has no children.
4991 *
4992 * For the root cgroup, parent_mem is NULL, we allow value to be
4993 * set if there are no children.
4994 */
4995 if ((!parent_memcg || !parent_memcg->use_hierarchy) &&
4996 (val == 1 || val == 0)) {
4997 if (list_empty(&memcg->css.cgroup->children))
4998 memcg->use_hierarchy = val;
4999 else
5000 retval = -EBUSY;
5001 } else
5002 retval = -EINVAL;
5003
5004 out:
5005 mutex_unlock(&memcg_create_mutex);
5006
5007 return retval;
5008 }
5009
5010
5011 static unsigned long mem_cgroup_recursive_stat(struct mem_cgroup *memcg,
5012 enum mem_cgroup_stat_index idx)
5013 {
5014 struct mem_cgroup *iter;
5015 long val = 0;
5016
5017 /* Per-cpu values can be negative, use a signed accumulator */
5018 for_each_mem_cgroup_tree(iter, memcg)
5019 val += mem_cgroup_read_stat(iter, idx);
5020
5021 if (val < 0) /* race ? */
5022 val = 0;
5023 return val;
5024 }
5025
5026 static inline u64 mem_cgroup_usage(struct mem_cgroup *memcg, bool swap)
5027 {
5028 u64 val;
5029
5030 if (!mem_cgroup_is_root(memcg)) {
5031 if (!swap)
5032 return res_counter_read_u64(&memcg->res, RES_USAGE);
5033 else
5034 return res_counter_read_u64(&memcg->memsw, RES_USAGE);
5035 }
5036
5037 /*
5038 * Transparent hugepages are still accounted for in MEM_CGROUP_STAT_RSS
5039 * as well as in MEM_CGROUP_STAT_RSS_HUGE.
5040 */
5041 val = mem_cgroup_recursive_stat(memcg, MEM_CGROUP_STAT_CACHE);
5042 val += mem_cgroup_recursive_stat(memcg, MEM_CGROUP_STAT_RSS);
5043
5044 if (swap)
5045 val += mem_cgroup_recursive_stat(memcg, MEM_CGROUP_STAT_SWAP);
5046
5047 return val << PAGE_SHIFT;
5048 }
5049
5050 static u64 mem_cgroup_read_u64(struct cgroup_subsys_state *css,
5051 struct cftype *cft)
5052 {
5053 struct mem_cgroup *memcg = mem_cgroup_from_css(css);
5054 u64 val;
5055 int name;
5056 enum res_type type;
5057
5058 type = MEMFILE_TYPE(cft->private);
5059 name = MEMFILE_ATTR(cft->private);
5060
5061 switch (type) {
5062 case _MEM:
5063 if (name == RES_USAGE)
5064 val = mem_cgroup_usage(memcg, false);
5065 else
5066 val = res_counter_read_u64(&memcg->res, name);
5067 break;
5068 case _MEMSWAP:
5069 if (name == RES_USAGE)
5070 val = mem_cgroup_usage(memcg, true);
5071 else
5072 val = res_counter_read_u64(&memcg->memsw, name);
5073 break;
5074 case _KMEM:
5075 val = res_counter_read_u64(&memcg->kmem, name);
5076 break;
5077 default:
5078 BUG();
5079 }
5080
5081 return val;
5082 }
5083
5084 #ifdef CONFIG_MEMCG_KMEM
5085 /* should be called with activate_kmem_mutex held */
5086 static int __memcg_activate_kmem(struct mem_cgroup *memcg,
5087 unsigned long long limit)
5088 {
5089 int err = 0;
5090 int memcg_id;
5091
5092 if (memcg_kmem_is_active(memcg))
5093 return 0;
5094
5095 /*
5096 * We are going to allocate memory for data shared by all memory
5097 * cgroups so let's stop accounting here.
5098 */
5099 memcg_stop_kmem_account();
5100
5101 /*
5102 * For simplicity, we won't allow this to be disabled. It also can't
5103 * be changed if the cgroup has children already, or if tasks had
5104 * already joined.
5105 *
5106 * If tasks join before we set the limit, a person looking at
5107 * kmem.usage_in_bytes will have no way to determine when it took
5108 * place, which makes the value quite meaningless.
5109 *
5110 * After it first became limited, changes in the value of the limit are
5111 * of course permitted.
5112 */
5113 mutex_lock(&memcg_create_mutex);
5114 if (cgroup_has_tasks(memcg->css.cgroup) || memcg_has_children(memcg))
5115 err = -EBUSY;
5116 mutex_unlock(&memcg_create_mutex);
5117 if (err)
5118 goto out;
5119
5120 memcg_id = ida_simple_get(&kmem_limited_groups,
5121 0, MEMCG_CACHES_MAX_SIZE, GFP_KERNEL);
5122 if (memcg_id < 0) {
5123 err = memcg_id;
5124 goto out;
5125 }
5126
5127 /*
5128 * Make sure we have enough space for this cgroup in each root cache's
5129 * memcg_params.
5130 */
5131 err = memcg_update_all_caches(memcg_id + 1);
5132 if (err)
5133 goto out_rmid;
5134
5135 memcg->kmemcg_id = memcg_id;
5136 INIT_LIST_HEAD(&memcg->memcg_slab_caches);
5137 mutex_init(&memcg->slab_caches_mutex);
5138
5139 /*
5140 * We couldn't have accounted to this cgroup, because it hasn't got the
5141 * active bit set yet, so this should succeed.
5142 */
5143 err = res_counter_set_limit(&memcg->kmem, limit);
5144 VM_BUG_ON(err);
5145
5146 static_key_slow_inc(&memcg_kmem_enabled_key);
5147 /*
5148 * Setting the active bit after enabling static branching will
5149 * guarantee no one starts accounting before all call sites are
5150 * patched.
5151 */
5152 memcg_kmem_set_active(memcg);
5153 out:
5154 memcg_resume_kmem_account();
5155 return err;
5156
5157 out_rmid:
5158 ida_simple_remove(&kmem_limited_groups, memcg_id);
5159 goto out;
5160 }
5161
5162 static int memcg_activate_kmem(struct mem_cgroup *memcg,
5163 unsigned long long limit)
5164 {
5165 int ret;
5166
5167 mutex_lock(&activate_kmem_mutex);
5168 ret = __memcg_activate_kmem(memcg, limit);
5169 mutex_unlock(&activate_kmem_mutex);
5170 return ret;
5171 }
5172
5173 static int memcg_update_kmem_limit(struct mem_cgroup *memcg,
5174 unsigned long long val)
5175 {
5176 int ret;
5177
5178 if (!memcg_kmem_is_active(memcg))
5179 ret = memcg_activate_kmem(memcg, val);
5180 else
5181 ret = res_counter_set_limit(&memcg->kmem, val);
5182 return ret;
5183 }
5184
5185 static int memcg_propagate_kmem(struct mem_cgroup *memcg)
5186 {
5187 int ret = 0;
5188 struct mem_cgroup *parent = parent_mem_cgroup(memcg);
5189
5190 if (!parent)
5191 return 0;
5192
5193 mutex_lock(&activate_kmem_mutex);
5194 /*
5195 * If the parent cgroup is not kmem-active now, it cannot be activated
5196 * after this point, because it has at least one child already.
5197 */
5198 if (memcg_kmem_is_active(parent))
5199 ret = __memcg_activate_kmem(memcg, RES_COUNTER_MAX);
5200 mutex_unlock(&activate_kmem_mutex);
5201 return ret;
5202 }
5203 #else
5204 static int memcg_update_kmem_limit(struct mem_cgroup *memcg,
5205 unsigned long long val)
5206 {
5207 return -EINVAL;
5208 }
5209 #endif /* CONFIG_MEMCG_KMEM */
5210
5211 /*
5212 * The user of this function is...
5213 * RES_LIMIT.
5214 */
5215 static int mem_cgroup_write(struct cgroup_subsys_state *css, struct cftype *cft,
5216 char *buffer)
5217 {
5218 struct mem_cgroup *memcg = mem_cgroup_from_css(css);
5219 enum res_type type;
5220 int name;
5221 unsigned long long val;
5222 int ret;
5223
5224 type = MEMFILE_TYPE(cft->private);
5225 name = MEMFILE_ATTR(cft->private);
5226
5227 switch (name) {
5228 case RES_LIMIT:
5229 if (mem_cgroup_is_root(memcg)) { /* Can't set limit on root */
5230 ret = -EINVAL;
5231 break;
5232 }
5233 /* This function does all necessary parse...reuse it */
5234 ret = res_counter_memparse_write_strategy(buffer, &val);
5235 if (ret)
5236 break;
5237 if (type == _MEM)
5238 ret = mem_cgroup_resize_limit(memcg, val);
5239 else if (type == _MEMSWAP)
5240 ret = mem_cgroup_resize_memsw_limit(memcg, val);
5241 else if (type == _KMEM)
5242 ret = memcg_update_kmem_limit(memcg, val);
5243 else
5244 return -EINVAL;
5245 break;
5246 case RES_SOFT_LIMIT:
5247 ret = res_counter_memparse_write_strategy(buffer, &val);
5248 if (ret)
5249 break;
5250 /*
5251 * For memsw, soft limits are hard to implement in terms
5252 * of semantics, for now, we support soft limits for
5253 * control without swap
5254 */
5255 if (type == _MEM)
5256 ret = res_counter_set_soft_limit(&memcg->res, val);
5257 else
5258 ret = -EINVAL;
5259 break;
5260 default:
5261 ret = -EINVAL; /* should be BUG() ? */
5262 break;
5263 }
5264 return ret;
5265 }
5266
5267 static void memcg_get_hierarchical_limit(struct mem_cgroup *memcg,
5268 unsigned long long *mem_limit, unsigned long long *memsw_limit)
5269 {
5270 unsigned long long min_limit, min_memsw_limit, tmp;
5271
5272 min_limit = res_counter_read_u64(&memcg->res, RES_LIMIT);
5273 min_memsw_limit = res_counter_read_u64(&memcg->memsw, RES_LIMIT);
5274 if (!memcg->use_hierarchy)
5275 goto out;
5276
5277 while (css_parent(&memcg->css)) {
5278 memcg = mem_cgroup_from_css(css_parent(&memcg->css));
5279 if (!memcg->use_hierarchy)
5280 break;
5281 tmp = res_counter_read_u64(&memcg->res, RES_LIMIT);
5282 min_limit = min(min_limit, tmp);
5283 tmp = res_counter_read_u64(&memcg->memsw, RES_LIMIT);
5284 min_memsw_limit = min(min_memsw_limit, tmp);
5285 }
5286 out:
5287 *mem_limit = min_limit;
5288 *memsw_limit = min_memsw_limit;
5289 }
5290
5291 static int mem_cgroup_reset(struct cgroup_subsys_state *css, unsigned int event)
5292 {
5293 struct mem_cgroup *memcg = mem_cgroup_from_css(css);
5294 int name;
5295 enum res_type type;
5296
5297 type = MEMFILE_TYPE(event);
5298 name = MEMFILE_ATTR(event);
5299
5300 switch (name) {
5301 case RES_MAX_USAGE:
5302 if (type == _MEM)
5303 res_counter_reset_max(&memcg->res);
5304 else if (type == _MEMSWAP)
5305 res_counter_reset_max(&memcg->memsw);
5306 else if (type == _KMEM)
5307 res_counter_reset_max(&memcg->kmem);
5308 else
5309 return -EINVAL;
5310 break;
5311 case RES_FAILCNT:
5312 if (type == _MEM)
5313 res_counter_reset_failcnt(&memcg->res);
5314 else if (type == _MEMSWAP)
5315 res_counter_reset_failcnt(&memcg->memsw);
5316 else if (type == _KMEM)
5317 res_counter_reset_failcnt(&memcg->kmem);
5318 else
5319 return -EINVAL;
5320 break;
5321 }
5322
5323 return 0;
5324 }
5325
5326 static u64 mem_cgroup_move_charge_read(struct cgroup_subsys_state *css,
5327 struct cftype *cft)
5328 {
5329 return mem_cgroup_from_css(css)->move_charge_at_immigrate;
5330 }
5331
5332 #ifdef CONFIG_MMU
5333 static int mem_cgroup_move_charge_write(struct cgroup_subsys_state *css,
5334 struct cftype *cft, u64 val)
5335 {
5336 struct mem_cgroup *memcg = mem_cgroup_from_css(css);
5337
5338 if (val >= (1 << NR_MOVE_TYPE))
5339 return -EINVAL;
5340
5341 /*
5342 * No kind of locking is needed in here, because ->can_attach() will
5343 * check this value once in the beginning of the process, and then carry
5344 * on with stale data. This means that changes to this value will only
5345 * affect task migrations starting after the change.
5346 */
5347 memcg->move_charge_at_immigrate = val;
5348 return 0;
5349 }
5350 #else
5351 static int mem_cgroup_move_charge_write(struct cgroup_subsys_state *css,
5352 struct cftype *cft, u64 val)
5353 {
5354 return -ENOSYS;
5355 }
5356 #endif
5357
5358 #ifdef CONFIG_NUMA
5359 static int memcg_numa_stat_show(struct seq_file *m, void *v)
5360 {
5361 struct numa_stat {
5362 const char *name;
5363 unsigned int lru_mask;
5364 };
5365
5366 static const struct numa_stat stats[] = {
5367 { "total", LRU_ALL },
5368 { "file", LRU_ALL_FILE },
5369 { "anon", LRU_ALL_ANON },
5370 { "unevictable", BIT(LRU_UNEVICTABLE) },
5371 };
5372 const struct numa_stat *stat;
5373 int nid;
5374 unsigned long nr;
5375 struct mem_cgroup *memcg = mem_cgroup_from_css(seq_css(m));
5376
5377 for (stat = stats; stat < stats + ARRAY_SIZE(stats); stat++) {
5378 nr = mem_cgroup_nr_lru_pages(memcg, stat->lru_mask);
5379 seq_printf(m, "%s=%lu", stat->name, nr);
5380 for_each_node_state(nid, N_MEMORY) {
5381 nr = mem_cgroup_node_nr_lru_pages(memcg, nid,
5382 stat->lru_mask);
5383 seq_printf(m, " N%d=%lu", nid, nr);
5384 }
5385 seq_putc(m, '\n');
5386 }
5387
5388 for (stat = stats; stat < stats + ARRAY_SIZE(stats); stat++) {
5389 struct mem_cgroup *iter;
5390
5391 nr = 0;
5392 for_each_mem_cgroup_tree(iter, memcg)
5393 nr += mem_cgroup_nr_lru_pages(iter, stat->lru_mask);
5394 seq_printf(m, "hierarchical_%s=%lu", stat->name, nr);
5395 for_each_node_state(nid, N_MEMORY) {
5396 nr = 0;
5397 for_each_mem_cgroup_tree(iter, memcg)
5398 nr += mem_cgroup_node_nr_lru_pages(
5399 iter, nid, stat->lru_mask);
5400 seq_printf(m, " N%d=%lu", nid, nr);
5401 }
5402 seq_putc(m, '\n');
5403 }
5404
5405 return 0;
5406 }
5407 #endif /* CONFIG_NUMA */
5408
5409 static inline void mem_cgroup_lru_names_not_uptodate(void)
5410 {
5411 BUILD_BUG_ON(ARRAY_SIZE(mem_cgroup_lru_names) != NR_LRU_LISTS);
5412 }
5413
5414 static int memcg_stat_show(struct seq_file *m, void *v)
5415 {
5416 struct mem_cgroup *memcg = mem_cgroup_from_css(seq_css(m));
5417 struct mem_cgroup *mi;
5418 unsigned int i;
5419
5420 for (i = 0; i < MEM_CGROUP_STAT_NSTATS; i++) {
5421 if (i == MEM_CGROUP_STAT_SWAP && !do_swap_account)
5422 continue;
5423 seq_printf(m, "%s %ld\n", mem_cgroup_stat_names[i],
5424 mem_cgroup_read_stat(memcg, i) * PAGE_SIZE);
5425 }
5426
5427 for (i = 0; i < MEM_CGROUP_EVENTS_NSTATS; i++)
5428 seq_printf(m, "%s %lu\n", mem_cgroup_events_names[i],
5429 mem_cgroup_read_events(memcg, i));
5430
5431 for (i = 0; i < NR_LRU_LISTS; i++)
5432 seq_printf(m, "%s %lu\n", mem_cgroup_lru_names[i],
5433 mem_cgroup_nr_lru_pages(memcg, BIT(i)) * PAGE_SIZE);
5434
5435 /* Hierarchical information */
5436 {
5437 unsigned long long limit, memsw_limit;
5438 memcg_get_hierarchical_limit(memcg, &limit, &memsw_limit);
5439 seq_printf(m, "hierarchical_memory_limit %llu\n", limit);
5440 if (do_swap_account)
5441 seq_printf(m, "hierarchical_memsw_limit %llu\n",
5442 memsw_limit);
5443 }
5444
5445 for (i = 0; i < MEM_CGROUP_STAT_NSTATS; i++) {
5446 long long val = 0;
5447
5448 if (i == MEM_CGROUP_STAT_SWAP && !do_swap_account)
5449 continue;
5450 for_each_mem_cgroup_tree(mi, memcg)
5451 val += mem_cgroup_read_stat(mi, i) * PAGE_SIZE;
5452 seq_printf(m, "total_%s %lld\n", mem_cgroup_stat_names[i], val);
5453 }
5454
5455 for (i = 0; i < MEM_CGROUP_EVENTS_NSTATS; i++) {
5456 unsigned long long val = 0;
5457
5458 for_each_mem_cgroup_tree(mi, memcg)
5459 val += mem_cgroup_read_events(mi, i);
5460 seq_printf(m, "total_%s %llu\n",
5461 mem_cgroup_events_names[i], val);
5462 }
5463
5464 for (i = 0; i < NR_LRU_LISTS; i++) {
5465 unsigned long long val = 0;
5466
5467 for_each_mem_cgroup_tree(mi, memcg)
5468 val += mem_cgroup_nr_lru_pages(mi, BIT(i)) * PAGE_SIZE;
5469 seq_printf(m, "total_%s %llu\n", mem_cgroup_lru_names[i], val);
5470 }
5471
5472 #ifdef CONFIG_DEBUG_VM
5473 {
5474 int nid, zid;
5475 struct mem_cgroup_per_zone *mz;
5476 struct zone_reclaim_stat *rstat;
5477 unsigned long recent_rotated[2] = {0, 0};
5478 unsigned long recent_scanned[2] = {0, 0};
5479
5480 for_each_online_node(nid)
5481 for (zid = 0; zid < MAX_NR_ZONES; zid++) {
5482 mz = mem_cgroup_zoneinfo(memcg, nid, zid);
5483 rstat = &mz->lruvec.reclaim_stat;
5484
5485 recent_rotated[0] += rstat->recent_rotated[0];
5486 recent_rotated[1] += rstat->recent_rotated[1];
5487 recent_scanned[0] += rstat->recent_scanned[0];
5488 recent_scanned[1] += rstat->recent_scanned[1];
5489 }
5490 seq_printf(m, "recent_rotated_anon %lu\n", recent_rotated[0]);
5491 seq_printf(m, "recent_rotated_file %lu\n", recent_rotated[1]);
5492 seq_printf(m, "recent_scanned_anon %lu\n", recent_scanned[0]);
5493 seq_printf(m, "recent_scanned_file %lu\n", recent_scanned[1]);
5494 }
5495 #endif
5496
5497 return 0;
5498 }
5499
5500 static u64 mem_cgroup_swappiness_read(struct cgroup_subsys_state *css,
5501 struct cftype *cft)
5502 {
5503 struct mem_cgroup *memcg = mem_cgroup_from_css(css);
5504
5505 return mem_cgroup_swappiness(memcg);
5506 }
5507
5508 static int mem_cgroup_swappiness_write(struct cgroup_subsys_state *css,
5509 struct cftype *cft, u64 val)
5510 {
5511 struct mem_cgroup *memcg = mem_cgroup_from_css(css);
5512 struct mem_cgroup *parent = mem_cgroup_from_css(css_parent(&memcg->css));
5513
5514 if (val > 100 || !parent)
5515 return -EINVAL;
5516
5517 mutex_lock(&memcg_create_mutex);
5518
5519 /* If under hierarchy, only empty-root can set this value */
5520 if ((parent->use_hierarchy) || memcg_has_children(memcg)) {
5521 mutex_unlock(&memcg_create_mutex);
5522 return -EINVAL;
5523 }
5524
5525 memcg->swappiness = val;
5526
5527 mutex_unlock(&memcg_create_mutex);
5528
5529 return 0;
5530 }
5531
5532 static void __mem_cgroup_threshold(struct mem_cgroup *memcg, bool swap)
5533 {
5534 struct mem_cgroup_threshold_ary *t;
5535 u64 usage;
5536 int i;
5537
5538 rcu_read_lock();
5539 if (!swap)
5540 t = rcu_dereference(memcg->thresholds.primary);
5541 else
5542 t = rcu_dereference(memcg->memsw_thresholds.primary);
5543
5544 if (!t)
5545 goto unlock;
5546
5547 usage = mem_cgroup_usage(memcg, swap);
5548
5549 /*
5550 * current_threshold points to threshold just below or equal to usage.
5551 * If it's not true, a threshold was crossed after last
5552 * call of __mem_cgroup_threshold().
5553 */
5554 i = t->current_threshold;
5555
5556 /*
5557 * Iterate backward over array of thresholds starting from
5558 * current_threshold and check if a threshold is crossed.
5559 * If none of thresholds below usage is crossed, we read
5560 * only one element of the array here.
5561 */
5562 for (; i >= 0 && unlikely(t->entries[i].threshold > usage); i--)
5563 eventfd_signal(t->entries[i].eventfd, 1);
5564
5565 /* i = current_threshold + 1 */
5566 i++;
5567
5568 /*
5569 * Iterate forward over array of thresholds starting from
5570 * current_threshold+1 and check if a threshold is crossed.
5571 * If none of thresholds above usage is crossed, we read
5572 * only one element of the array here.
5573 */
5574 for (; i < t->size && unlikely(t->entries[i].threshold <= usage); i++)
5575 eventfd_signal(t->entries[i].eventfd, 1);
5576
5577 /* Update current_threshold */
5578 t->current_threshold = i - 1;
5579 unlock:
5580 rcu_read_unlock();
5581 }
5582
5583 static void mem_cgroup_threshold(struct mem_cgroup *memcg)
5584 {
5585 while (memcg) {
5586 __mem_cgroup_threshold(memcg, false);
5587 if (do_swap_account)
5588 __mem_cgroup_threshold(memcg, true);
5589
5590 memcg = parent_mem_cgroup(memcg);
5591 }
5592 }
5593
5594 static int compare_thresholds(const void *a, const void *b)
5595 {
5596 const struct mem_cgroup_threshold *_a = a;
5597 const struct mem_cgroup_threshold *_b = b;
5598
5599 if (_a->threshold > _b->threshold)
5600 return 1;
5601
5602 if (_a->threshold < _b->threshold)
5603 return -1;
5604
5605 return 0;
5606 }
5607
5608 static int mem_cgroup_oom_notify_cb(struct mem_cgroup *memcg)
5609 {
5610 struct mem_cgroup_eventfd_list *ev;
5611
5612 list_for_each_entry(ev, &memcg->oom_notify, list)
5613 eventfd_signal(ev->eventfd, 1);
5614 return 0;
5615 }
5616
5617 static void mem_cgroup_oom_notify(struct mem_cgroup *memcg)
5618 {
5619 struct mem_cgroup *iter;
5620
5621 for_each_mem_cgroup_tree(iter, memcg)
5622 mem_cgroup_oom_notify_cb(iter);
5623 }
5624
5625 static int __mem_cgroup_usage_register_event(struct mem_cgroup *memcg,
5626 struct eventfd_ctx *eventfd, const char *args, enum res_type type)
5627 {
5628 struct mem_cgroup_thresholds *thresholds;
5629 struct mem_cgroup_threshold_ary *new;
5630 u64 threshold, usage;
5631 int i, size, ret;
5632
5633 ret = res_counter_memparse_write_strategy(args, &threshold);
5634 if (ret)
5635 return ret;
5636
5637 mutex_lock(&memcg->thresholds_lock);
5638
5639 if (type == _MEM)
5640 thresholds = &memcg->thresholds;
5641 else if (type == _MEMSWAP)
5642 thresholds = &memcg->memsw_thresholds;
5643 else
5644 BUG();
5645
5646 usage = mem_cgroup_usage(memcg, type == _MEMSWAP);
5647
5648 /* Check if a threshold crossed before adding a new one */
5649 if (thresholds->primary)
5650 __mem_cgroup_threshold(memcg, type == _MEMSWAP);
5651
5652 size = thresholds->primary ? thresholds->primary->size + 1 : 1;
5653
5654 /* Allocate memory for new array of thresholds */
5655 new = kmalloc(sizeof(*new) + size * sizeof(struct mem_cgroup_threshold),
5656 GFP_KERNEL);
5657 if (!new) {
5658 ret = -ENOMEM;
5659 goto unlock;
5660 }
5661 new->size = size;
5662
5663 /* Copy thresholds (if any) to new array */
5664 if (thresholds->primary) {
5665 memcpy(new->entries, thresholds->primary->entries, (size - 1) *
5666 sizeof(struct mem_cgroup_threshold));
5667 }
5668
5669 /* Add new threshold */
5670 new->entries[size - 1].eventfd = eventfd;
5671 new->entries[size - 1].threshold = threshold;
5672
5673 /* Sort thresholds. Registering of new threshold isn't time-critical */
5674 sort(new->entries, size, sizeof(struct mem_cgroup_threshold),
5675 compare_thresholds, NULL);
5676
5677 /* Find current threshold */
5678 new->current_threshold = -1;
5679 for (i = 0; i < size; i++) {
5680 if (new->entries[i].threshold <= usage) {
5681 /*
5682 * new->current_threshold will not be used until
5683 * rcu_assign_pointer(), so it's safe to increment
5684 * it here.
5685 */
5686 ++new->current_threshold;
5687 } else
5688 break;
5689 }
5690
5691 /* Free old spare buffer and save old primary buffer as spare */
5692 kfree(thresholds->spare);
5693 thresholds->spare = thresholds->primary;
5694
5695 rcu_assign_pointer(thresholds->primary, new);
5696
5697 /* To be sure that nobody uses thresholds */
5698 synchronize_rcu();
5699
5700 unlock:
5701 mutex_unlock(&memcg->thresholds_lock);
5702
5703 return ret;
5704 }
5705
5706 static int mem_cgroup_usage_register_event(struct mem_cgroup *memcg,
5707 struct eventfd_ctx *eventfd, const char *args)
5708 {
5709 return __mem_cgroup_usage_register_event(memcg, eventfd, args, _MEM);
5710 }
5711
5712 static int memsw_cgroup_usage_register_event(struct mem_cgroup *memcg,
5713 struct eventfd_ctx *eventfd, const char *args)
5714 {
5715 return __mem_cgroup_usage_register_event(memcg, eventfd, args, _MEMSWAP);
5716 }
5717
5718 static void __mem_cgroup_usage_unregister_event(struct mem_cgroup *memcg,
5719 struct eventfd_ctx *eventfd, enum res_type type)
5720 {
5721 struct mem_cgroup_thresholds *thresholds;
5722 struct mem_cgroup_threshold_ary *new;
5723 u64 usage;
5724 int i, j, size;
5725
5726 mutex_lock(&memcg->thresholds_lock);
5727 if (type == _MEM)
5728 thresholds = &memcg->thresholds;
5729 else if (type == _MEMSWAP)
5730 thresholds = &memcg->memsw_thresholds;
5731 else
5732 BUG();
5733
5734 if (!thresholds->primary)
5735 goto unlock;
5736
5737 usage = mem_cgroup_usage(memcg, type == _MEMSWAP);
5738
5739 /* Check if a threshold crossed before removing */
5740 __mem_cgroup_threshold(memcg, type == _MEMSWAP);
5741
5742 /* Calculate new number of threshold */
5743 size = 0;
5744 for (i = 0; i < thresholds->primary->size; i++) {
5745 if (thresholds->primary->entries[i].eventfd != eventfd)
5746 size++;
5747 }
5748
5749 new = thresholds->spare;
5750
5751 /* Set thresholds array to NULL if we don't have thresholds */
5752 if (!size) {
5753 kfree(new);
5754 new = NULL;
5755 goto swap_buffers;
5756 }
5757
5758 new->size = size;
5759
5760 /* Copy thresholds and find current threshold */
5761 new->current_threshold = -1;
5762 for (i = 0, j = 0; i < thresholds->primary->size; i++) {
5763 if (thresholds->primary->entries[i].eventfd == eventfd)
5764 continue;
5765
5766 new->entries[j] = thresholds->primary->entries[i];
5767 if (new->entries[j].threshold <= usage) {
5768 /*
5769 * new->current_threshold will not be used
5770 * until rcu_assign_pointer(), so it's safe to increment
5771 * it here.
5772 */
5773 ++new->current_threshold;
5774 }
5775 j++;
5776 }
5777
5778 swap_buffers:
5779 /* Swap primary and spare array */
5780 thresholds->spare = thresholds->primary;
5781 /* If all events are unregistered, free the spare array */
5782 if (!new) {
5783 kfree(thresholds->spare);
5784 thresholds->spare = NULL;
5785 }
5786
5787 rcu_assign_pointer(thresholds->primary, new);
5788
5789 /* To be sure that nobody uses thresholds */
5790 synchronize_rcu();
5791 unlock:
5792 mutex_unlock(&memcg->thresholds_lock);
5793 }
5794
5795 static void mem_cgroup_usage_unregister_event(struct mem_cgroup *memcg,
5796 struct eventfd_ctx *eventfd)
5797 {
5798 return __mem_cgroup_usage_unregister_event(memcg, eventfd, _MEM);
5799 }
5800
5801 static void memsw_cgroup_usage_unregister_event(struct mem_cgroup *memcg,
5802 struct eventfd_ctx *eventfd)
5803 {
5804 return __mem_cgroup_usage_unregister_event(memcg, eventfd, _MEMSWAP);
5805 }
5806
5807 static int mem_cgroup_oom_register_event(struct mem_cgroup *memcg,
5808 struct eventfd_ctx *eventfd, const char *args)
5809 {
5810 struct mem_cgroup_eventfd_list *event;
5811
5812 event = kmalloc(sizeof(*event), GFP_KERNEL);
5813 if (!event)
5814 return -ENOMEM;
5815
5816 spin_lock(&memcg_oom_lock);
5817
5818 event->eventfd = eventfd;
5819 list_add(&event->list, &memcg->oom_notify);
5820
5821 /* already in OOM ? */
5822 if (atomic_read(&memcg->under_oom))
5823 eventfd_signal(eventfd, 1);
5824 spin_unlock(&memcg_oom_lock);
5825
5826 return 0;
5827 }
5828
5829 static void mem_cgroup_oom_unregister_event(struct mem_cgroup *memcg,
5830 struct eventfd_ctx *eventfd)
5831 {
5832 struct mem_cgroup_eventfd_list *ev, *tmp;
5833
5834 spin_lock(&memcg_oom_lock);
5835
5836 list_for_each_entry_safe(ev, tmp, &memcg->oom_notify, list) {
5837 if (ev->eventfd == eventfd) {
5838 list_del(&ev->list);
5839 kfree(ev);
5840 }
5841 }
5842
5843 spin_unlock(&memcg_oom_lock);
5844 }
5845
5846 static int mem_cgroup_oom_control_read(struct seq_file *sf, void *v)
5847 {
5848 struct mem_cgroup *memcg = mem_cgroup_from_css(seq_css(sf));
5849
5850 seq_printf(sf, "oom_kill_disable %d\n", memcg->oom_kill_disable);
5851 seq_printf(sf, "under_oom %d\n", (bool)atomic_read(&memcg->under_oom));
5852 return 0;
5853 }
5854
5855 static int mem_cgroup_oom_control_write(struct cgroup_subsys_state *css,
5856 struct cftype *cft, u64 val)
5857 {
5858 struct mem_cgroup *memcg = mem_cgroup_from_css(css);
5859 struct mem_cgroup *parent = mem_cgroup_from_css(css_parent(&memcg->css));
5860
5861 /* cannot set to root cgroup and only 0 and 1 are allowed */
5862 if (!parent || !((val == 0) || (val == 1)))
5863 return -EINVAL;
5864
5865 mutex_lock(&memcg_create_mutex);
5866 /* oom-kill-disable is a flag for subhierarchy. */
5867 if ((parent->use_hierarchy) || memcg_has_children(memcg)) {
5868 mutex_unlock(&memcg_create_mutex);
5869 return -EINVAL;
5870 }
5871 memcg->oom_kill_disable = val;
5872 if (!val)
5873 memcg_oom_recover(memcg);
5874 mutex_unlock(&memcg_create_mutex);
5875 return 0;
5876 }
5877
5878 #ifdef CONFIG_MEMCG_KMEM
5879 static int memcg_init_kmem(struct mem_cgroup *memcg, struct cgroup_subsys *ss)
5880 {
5881 int ret;
5882
5883 memcg->kmemcg_id = -1;
5884 ret = memcg_propagate_kmem(memcg);
5885 if (ret)
5886 return ret;
5887
5888 return mem_cgroup_sockets_init(memcg, ss);
5889 }
5890
5891 static void memcg_destroy_kmem(struct mem_cgroup *memcg)
5892 {
5893 mem_cgroup_sockets_destroy(memcg);
5894 }
5895
5896 static void kmem_cgroup_css_offline(struct mem_cgroup *memcg)
5897 {
5898 if (!memcg_kmem_is_active(memcg))
5899 return;
5900
5901 /*
5902 * kmem charges can outlive the cgroup. In the case of slab
5903 * pages, for instance, a page contain objects from various
5904 * processes. As we prevent from taking a reference for every
5905 * such allocation we have to be careful when doing uncharge
5906 * (see memcg_uncharge_kmem) and here during offlining.
5907 *
5908 * The idea is that that only the _last_ uncharge which sees
5909 * the dead memcg will drop the last reference. An additional
5910 * reference is taken here before the group is marked dead
5911 * which is then paired with css_put during uncharge resp. here.
5912 *
5913 * Although this might sound strange as this path is called from
5914 * css_offline() when the referencemight have dropped down to 0
5915 * and shouldn't be incremented anymore (css_tryget would fail)
5916 * we do not have other options because of the kmem allocations
5917 * lifetime.
5918 */
5919 css_get(&memcg->css);
5920
5921 memcg_kmem_mark_dead(memcg);
5922
5923 if (res_counter_read_u64(&memcg->kmem, RES_USAGE) != 0)
5924 return;
5925
5926 if (memcg_kmem_test_and_clear_dead(memcg))
5927 css_put(&memcg->css);
5928 }
5929 #else
5930 static int memcg_init_kmem(struct mem_cgroup *memcg, struct cgroup_subsys *ss)
5931 {
5932 return 0;
5933 }
5934
5935 static void memcg_destroy_kmem(struct mem_cgroup *memcg)
5936 {
5937 }
5938
5939 static void kmem_cgroup_css_offline(struct mem_cgroup *memcg)
5940 {
5941 }
5942 #endif
5943
5944 /*
5945 * DO NOT USE IN NEW FILES.
5946 *
5947 * "cgroup.event_control" implementation.
5948 *
5949 * This is way over-engineered. It tries to support fully configurable
5950 * events for each user. Such level of flexibility is completely
5951 * unnecessary especially in the light of the planned unified hierarchy.
5952 *
5953 * Please deprecate this and replace with something simpler if at all
5954 * possible.
5955 */
5956
5957 /*
5958 * Unregister event and free resources.
5959 *
5960 * Gets called from workqueue.
5961 */
5962 static void memcg_event_remove(struct work_struct *work)
5963 {
5964 struct mem_cgroup_event *event =
5965 container_of(work, struct mem_cgroup_event, remove);
5966 struct mem_cgroup *memcg = event->memcg;
5967
5968 remove_wait_queue(event->wqh, &event->wait);
5969
5970 event->unregister_event(memcg, event->eventfd);
5971
5972 /* Notify userspace the event is going away. */
5973 eventfd_signal(event->eventfd, 1);
5974
5975 eventfd_ctx_put(event->eventfd);
5976 kfree(event);
5977 css_put(&memcg->css);
5978 }
5979
5980 /*
5981 * Gets called on POLLHUP on eventfd when user closes it.
5982 *
5983 * Called with wqh->lock held and interrupts disabled.
5984 */
5985 static int memcg_event_wake(wait_queue_t *wait, unsigned mode,
5986 int sync, void *key)
5987 {
5988 struct mem_cgroup_event *event =
5989 container_of(wait, struct mem_cgroup_event, wait);
5990 struct mem_cgroup *memcg = event->memcg;
5991 unsigned long flags = (unsigned long)key;
5992
5993 if (flags & POLLHUP) {
5994 /*
5995 * If the event has been detached at cgroup removal, we
5996 * can simply return knowing the other side will cleanup
5997 * for us.
5998 *
5999 * We can't race against event freeing since the other
6000 * side will require wqh->lock via remove_wait_queue(),
6001 * which we hold.
6002 */
6003 spin_lock(&memcg->event_list_lock);
6004 if (!list_empty(&event->list)) {
6005 list_del_init(&event->list);
6006 /*
6007 * We are in atomic context, but cgroup_event_remove()
6008 * may sleep, so we have to call it in workqueue.
6009 */
6010 schedule_work(&event->remove);
6011 }
6012 spin_unlock(&memcg->event_list_lock);
6013 }
6014
6015 return 0;
6016 }
6017
6018 static void memcg_event_ptable_queue_proc(struct file *file,
6019 wait_queue_head_t *wqh, poll_table *pt)
6020 {
6021 struct mem_cgroup_event *event =
6022 container_of(pt, struct mem_cgroup_event, pt);
6023
6024 event->wqh = wqh;
6025 add_wait_queue(wqh, &event->wait);
6026 }
6027
6028 /*
6029 * DO NOT USE IN NEW FILES.
6030 *
6031 * Parse input and register new cgroup event handler.
6032 *
6033 * Input must be in format '<event_fd> <control_fd> <args>'.
6034 * Interpretation of args is defined by control file implementation.
6035 */
6036 static int memcg_write_event_control(struct cgroup_subsys_state *css,
6037 struct cftype *cft, char *buffer)
6038 {
6039 struct mem_cgroup *memcg = mem_cgroup_from_css(css);
6040 struct mem_cgroup_event *event;
6041 struct cgroup_subsys_state *cfile_css;
6042 unsigned int efd, cfd;
6043 struct fd efile;
6044 struct fd cfile;
6045 const char *name;
6046 char *endp;
6047 int ret;
6048
6049 efd = simple_strtoul(buffer, &endp, 10);
6050 if (*endp != ' ')
6051 return -EINVAL;
6052 buffer = endp + 1;
6053
6054 cfd = simple_strtoul(buffer, &endp, 10);
6055 if ((*endp != ' ') && (*endp != '\0'))
6056 return -EINVAL;
6057 buffer = endp + 1;
6058
6059 event = kzalloc(sizeof(*event), GFP_KERNEL);
6060 if (!event)
6061 return -ENOMEM;
6062
6063 event->memcg = memcg;
6064 INIT_LIST_HEAD(&event->list);
6065 init_poll_funcptr(&event->pt, memcg_event_ptable_queue_proc);
6066 init_waitqueue_func_entry(&event->wait, memcg_event_wake);
6067 INIT_WORK(&event->remove, memcg_event_remove);
6068
6069 efile = fdget(efd);
6070 if (!efile.file) {
6071 ret = -EBADF;
6072 goto out_kfree;
6073 }
6074
6075 event->eventfd = eventfd_ctx_fileget(efile.file);
6076 if (IS_ERR(event->eventfd)) {
6077 ret = PTR_ERR(event->eventfd);
6078 goto out_put_efile;
6079 }
6080
6081 cfile = fdget(cfd);
6082 if (!cfile.file) {
6083 ret = -EBADF;
6084 goto out_put_eventfd;
6085 }
6086
6087 /* the process need read permission on control file */
6088 /* AV: shouldn't we check that it's been opened for read instead? */
6089 ret = inode_permission(file_inode(cfile.file), MAY_READ);
6090 if (ret < 0)
6091 goto out_put_cfile;
6092
6093 /*
6094 * Determine the event callbacks and set them in @event. This used
6095 * to be done via struct cftype but cgroup core no longer knows
6096 * about these events. The following is crude but the whole thing
6097 * is for compatibility anyway.
6098 *
6099 * DO NOT ADD NEW FILES.
6100 */
6101 name = cfile.file->f_dentry->d_name.name;
6102
6103 if (!strcmp(name, "memory.usage_in_bytes")) {
6104 event->register_event = mem_cgroup_usage_register_event;
6105 event->unregister_event = mem_cgroup_usage_unregister_event;
6106 } else if (!strcmp(name, "memory.oom_control")) {
6107 event->register_event = mem_cgroup_oom_register_event;
6108 event->unregister_event = mem_cgroup_oom_unregister_event;
6109 } else if (!strcmp(name, "memory.pressure_level")) {
6110 event->register_event = vmpressure_register_event;
6111 event->unregister_event = vmpressure_unregister_event;
6112 } else if (!strcmp(name, "memory.memsw.usage_in_bytes")) {
6113 event->register_event = memsw_cgroup_usage_register_event;
6114 event->unregister_event = memsw_cgroup_usage_unregister_event;
6115 } else {
6116 ret = -EINVAL;
6117 goto out_put_cfile;
6118 }
6119
6120 /*
6121 * Verify @cfile should belong to @css. Also, remaining events are
6122 * automatically removed on cgroup destruction but the removal is
6123 * asynchronous, so take an extra ref on @css.
6124 */
6125 cfile_css = css_tryget_from_dir(cfile.file->f_dentry->d_parent,
6126 &memory_cgrp_subsys);
6127 ret = -EINVAL;
6128 if (IS_ERR(cfile_css))
6129 goto out_put_cfile;
6130 if (cfile_css != css) {
6131 css_put(cfile_css);
6132 goto out_put_cfile;
6133 }
6134
6135 ret = event->register_event(memcg, event->eventfd, buffer);
6136 if (ret)
6137 goto out_put_css;
6138
6139 efile.file->f_op->poll(efile.file, &event->pt);
6140
6141 spin_lock(&memcg->event_list_lock);
6142 list_add(&event->list, &memcg->event_list);
6143 spin_unlock(&memcg->event_list_lock);
6144
6145 fdput(cfile);
6146 fdput(efile);
6147
6148 return 0;
6149
6150 out_put_css:
6151 css_put(css);
6152 out_put_cfile:
6153 fdput(cfile);
6154 out_put_eventfd:
6155 eventfd_ctx_put(event->eventfd);
6156 out_put_efile:
6157 fdput(efile);
6158 out_kfree:
6159 kfree(event);
6160
6161 return ret;
6162 }
6163
6164 static struct cftype mem_cgroup_files[] = {
6165 {
6166 .name = "usage_in_bytes",
6167 .private = MEMFILE_PRIVATE(_MEM, RES_USAGE),
6168 .read_u64 = mem_cgroup_read_u64,
6169 },
6170 {
6171 .name = "max_usage_in_bytes",
6172 .private = MEMFILE_PRIVATE(_MEM, RES_MAX_USAGE),
6173 .trigger = mem_cgroup_reset,
6174 .read_u64 = mem_cgroup_read_u64,
6175 },
6176 {
6177 .name = "limit_in_bytes",
6178 .private = MEMFILE_PRIVATE(_MEM, RES_LIMIT),
6179 .write_string = mem_cgroup_write,
6180 .read_u64 = mem_cgroup_read_u64,
6181 },
6182 {
6183 .name = "soft_limit_in_bytes",
6184 .private = MEMFILE_PRIVATE(_MEM, RES_SOFT_LIMIT),
6185 .write_string = mem_cgroup_write,
6186 .read_u64 = mem_cgroup_read_u64,
6187 },
6188 {
6189 .name = "failcnt",
6190 .private = MEMFILE_PRIVATE(_MEM, RES_FAILCNT),
6191 .trigger = mem_cgroup_reset,
6192 .read_u64 = mem_cgroup_read_u64,
6193 },
6194 {
6195 .name = "stat",
6196 .seq_show = memcg_stat_show,
6197 },
6198 {
6199 .name = "force_empty",
6200 .trigger = mem_cgroup_force_empty_write,
6201 },
6202 {
6203 .name = "use_hierarchy",
6204 .flags = CFTYPE_INSANE,
6205 .write_u64 = mem_cgroup_hierarchy_write,
6206 .read_u64 = mem_cgroup_hierarchy_read,
6207 },
6208 {
6209 .name = "cgroup.event_control", /* XXX: for compat */
6210 .write_string = memcg_write_event_control,
6211 .flags = CFTYPE_NO_PREFIX,
6212 .mode = S_IWUGO,
6213 },
6214 {
6215 .name = "swappiness",
6216 .read_u64 = mem_cgroup_swappiness_read,
6217 .write_u64 = mem_cgroup_swappiness_write,
6218 },
6219 {
6220 .name = "move_charge_at_immigrate",
6221 .read_u64 = mem_cgroup_move_charge_read,
6222 .write_u64 = mem_cgroup_move_charge_write,
6223 },
6224 {
6225 .name = "oom_control",
6226 .seq_show = mem_cgroup_oom_control_read,
6227 .write_u64 = mem_cgroup_oom_control_write,
6228 .private = MEMFILE_PRIVATE(_OOM_TYPE, OOM_CONTROL),
6229 },
6230 {
6231 .name = "pressure_level",
6232 },
6233 #ifdef CONFIG_NUMA
6234 {
6235 .name = "numa_stat",
6236 .seq_show = memcg_numa_stat_show,
6237 },
6238 #endif
6239 #ifdef CONFIG_MEMCG_KMEM
6240 {
6241 .name = "kmem.limit_in_bytes",
6242 .private = MEMFILE_PRIVATE(_KMEM, RES_LIMIT),
6243 .write_string = mem_cgroup_write,
6244 .read_u64 = mem_cgroup_read_u64,
6245 },
6246 {
6247 .name = "kmem.usage_in_bytes",
6248 .private = MEMFILE_PRIVATE(_KMEM, RES_USAGE),
6249 .read_u64 = mem_cgroup_read_u64,
6250 },
6251 {
6252 .name = "kmem.failcnt",
6253 .private = MEMFILE_PRIVATE(_KMEM, RES_FAILCNT),
6254 .trigger = mem_cgroup_reset,
6255 .read_u64 = mem_cgroup_read_u64,
6256 },
6257 {
6258 .name = "kmem.max_usage_in_bytes",
6259 .private = MEMFILE_PRIVATE(_KMEM, RES_MAX_USAGE),
6260 .trigger = mem_cgroup_reset,
6261 .read_u64 = mem_cgroup_read_u64,
6262 },
6263 #ifdef CONFIG_SLABINFO
6264 {
6265 .name = "kmem.slabinfo",
6266 .seq_show = mem_cgroup_slabinfo_read,
6267 },
6268 #endif
6269 #endif
6270 { }, /* terminate */
6271 };
6272
6273 #ifdef CONFIG_MEMCG_SWAP
6274 static struct cftype memsw_cgroup_files[] = {
6275 {
6276 .name = "memsw.usage_in_bytes",
6277 .private = MEMFILE_PRIVATE(_MEMSWAP, RES_USAGE),
6278 .read_u64 = mem_cgroup_read_u64,
6279 },
6280 {
6281 .name = "memsw.max_usage_in_bytes",
6282 .private = MEMFILE_PRIVATE(_MEMSWAP, RES_MAX_USAGE),
6283 .trigger = mem_cgroup_reset,
6284 .read_u64 = mem_cgroup_read_u64,
6285 },
6286 {
6287 .name = "memsw.limit_in_bytes",
6288 .private = MEMFILE_PRIVATE(_MEMSWAP, RES_LIMIT),
6289 .write_string = mem_cgroup_write,
6290 .read_u64 = mem_cgroup_read_u64,
6291 },
6292 {
6293 .name = "memsw.failcnt",
6294 .private = MEMFILE_PRIVATE(_MEMSWAP, RES_FAILCNT),
6295 .trigger = mem_cgroup_reset,
6296 .read_u64 = mem_cgroup_read_u64,
6297 },
6298 { }, /* terminate */
6299 };
6300 #endif
6301 static int alloc_mem_cgroup_per_zone_info(struct mem_cgroup *memcg, int node)
6302 {
6303 struct mem_cgroup_per_node *pn;
6304 struct mem_cgroup_per_zone *mz;
6305 int zone, tmp = node;
6306 /*
6307 * This routine is called against possible nodes.
6308 * But it's BUG to call kmalloc() against offline node.
6309 *
6310 * TODO: this routine can waste much memory for nodes which will
6311 * never be onlined. It's better to use memory hotplug callback
6312 * function.
6313 */
6314 if (!node_state(node, N_NORMAL_MEMORY))
6315 tmp = -1;
6316 pn = kzalloc_node(sizeof(*pn), GFP_KERNEL, tmp);
6317 if (!pn)
6318 return 1;
6319
6320 for (zone = 0; zone < MAX_NR_ZONES; zone++) {
6321 mz = &pn->zoneinfo[zone];
6322 lruvec_init(&mz->lruvec);
6323 mz->usage_in_excess = 0;
6324 mz->on_tree = false;
6325 mz->memcg = memcg;
6326 }
6327 memcg->nodeinfo[node] = pn;
6328 return 0;
6329 }
6330
6331 static void free_mem_cgroup_per_zone_info(struct mem_cgroup *memcg, int node)
6332 {
6333 kfree(memcg->nodeinfo[node]);
6334 }
6335
6336 static struct mem_cgroup *mem_cgroup_alloc(void)
6337 {
6338 struct mem_cgroup *memcg;
6339 size_t size;
6340
6341 size = sizeof(struct mem_cgroup);
6342 size += nr_node_ids * sizeof(struct mem_cgroup_per_node *);
6343
6344 memcg = kzalloc(size, GFP_KERNEL);
6345 if (!memcg)
6346 return NULL;
6347
6348 memcg->stat = alloc_percpu(struct mem_cgroup_stat_cpu);
6349 if (!memcg->stat)
6350 goto out_free;
6351 spin_lock_init(&memcg->pcp_counter_lock);
6352 return memcg;
6353
6354 out_free:
6355 kfree(memcg);
6356 return NULL;
6357 }
6358
6359 /*
6360 * At destroying mem_cgroup, references from swap_cgroup can remain.
6361 * (scanning all at force_empty is too costly...)
6362 *
6363 * Instead of clearing all references at force_empty, we remember
6364 * the number of reference from swap_cgroup and free mem_cgroup when
6365 * it goes down to 0.
6366 *
6367 * Removal of cgroup itself succeeds regardless of refs from swap.
6368 */
6369
6370 static void __mem_cgroup_free(struct mem_cgroup *memcg)
6371 {
6372 int node;
6373
6374 mem_cgroup_remove_from_trees(memcg);
6375
6376 for_each_node(node)
6377 free_mem_cgroup_per_zone_info(memcg, node);
6378
6379 free_percpu(memcg->stat);
6380
6381 /*
6382 * We need to make sure that (at least for now), the jump label
6383 * destruction code runs outside of the cgroup lock. This is because
6384 * get_online_cpus(), which is called from the static_branch update,
6385 * can't be called inside the cgroup_lock. cpusets are the ones
6386 * enforcing this dependency, so if they ever change, we might as well.
6387 *
6388 * schedule_work() will guarantee this happens. Be careful if you need
6389 * to move this code around, and make sure it is outside
6390 * the cgroup_lock.
6391 */
6392 disarm_static_keys(memcg);
6393 kfree(memcg);
6394 }
6395
6396 /*
6397 * Returns the parent mem_cgroup in memcgroup hierarchy with hierarchy enabled.
6398 */
6399 struct mem_cgroup *parent_mem_cgroup(struct mem_cgroup *memcg)
6400 {
6401 if (!memcg->res.parent)
6402 return NULL;
6403 return mem_cgroup_from_res_counter(memcg->res.parent, res);
6404 }
6405 EXPORT_SYMBOL(parent_mem_cgroup);
6406
6407 static void __init mem_cgroup_soft_limit_tree_init(void)
6408 {
6409 struct mem_cgroup_tree_per_node *rtpn;
6410 struct mem_cgroup_tree_per_zone *rtpz;
6411 int tmp, node, zone;
6412
6413 for_each_node(node) {
6414 tmp = node;
6415 if (!node_state(node, N_NORMAL_MEMORY))
6416 tmp = -1;
6417 rtpn = kzalloc_node(sizeof(*rtpn), GFP_KERNEL, tmp);
6418 BUG_ON(!rtpn);
6419
6420 soft_limit_tree.rb_tree_per_node[node] = rtpn;
6421
6422 for (zone = 0; zone < MAX_NR_ZONES; zone++) {
6423 rtpz = &rtpn->rb_tree_per_zone[zone];
6424 rtpz->rb_root = RB_ROOT;
6425 spin_lock_init(&rtpz->lock);
6426 }
6427 }
6428 }
6429
6430 static struct cgroup_subsys_state * __ref
6431 mem_cgroup_css_alloc(struct cgroup_subsys_state *parent_css)
6432 {
6433 struct mem_cgroup *memcg;
6434 long error = -ENOMEM;
6435 int node;
6436
6437 memcg = mem_cgroup_alloc();
6438 if (!memcg)
6439 return ERR_PTR(error);
6440
6441 for_each_node(node)
6442 if (alloc_mem_cgroup_per_zone_info(memcg, node))
6443 goto free_out;
6444
6445 /* root ? */
6446 if (parent_css == NULL) {
6447 root_mem_cgroup = memcg;
6448 res_counter_init(&memcg->res, NULL);
6449 res_counter_init(&memcg->memsw, NULL);
6450 res_counter_init(&memcg->kmem, NULL);
6451 }
6452
6453 memcg->last_scanned_node = MAX_NUMNODES;
6454 INIT_LIST_HEAD(&memcg->oom_notify);
6455 memcg->move_charge_at_immigrate = 0;
6456 mutex_init(&memcg->thresholds_lock);
6457 spin_lock_init(&memcg->move_lock);
6458 vmpressure_init(&memcg->vmpressure);
6459 INIT_LIST_HEAD(&memcg->event_list);
6460 spin_lock_init(&memcg->event_list_lock);
6461
6462 return &memcg->css;
6463
6464 free_out:
6465 __mem_cgroup_free(memcg);
6466 return ERR_PTR(error);
6467 }
6468
6469 static int
6470 mem_cgroup_css_online(struct cgroup_subsys_state *css)
6471 {
6472 struct mem_cgroup *memcg = mem_cgroup_from_css(css);
6473 struct mem_cgroup *parent = mem_cgroup_from_css(css_parent(css));
6474
6475 if (css->cgroup->id > MEM_CGROUP_ID_MAX)
6476 return -ENOSPC;
6477
6478 if (!parent)
6479 return 0;
6480
6481 mutex_lock(&memcg_create_mutex);
6482
6483 memcg->use_hierarchy = parent->use_hierarchy;
6484 memcg->oom_kill_disable = parent->oom_kill_disable;
6485 memcg->swappiness = mem_cgroup_swappiness(parent);
6486
6487 if (parent->use_hierarchy) {
6488 res_counter_init(&memcg->res, &parent->res);
6489 res_counter_init(&memcg->memsw, &parent->memsw);
6490 res_counter_init(&memcg->kmem, &parent->kmem);
6491
6492 /*
6493 * No need to take a reference to the parent because cgroup
6494 * core guarantees its existence.
6495 */
6496 } else {
6497 res_counter_init(&memcg->res, NULL);
6498 res_counter_init(&memcg->memsw, NULL);
6499 res_counter_init(&memcg->kmem, NULL);
6500 /*
6501 * Deeper hierachy with use_hierarchy == false doesn't make
6502 * much sense so let cgroup subsystem know about this
6503 * unfortunate state in our controller.
6504 */
6505 if (parent != root_mem_cgroup)
6506 memory_cgrp_subsys.broken_hierarchy = true;
6507 }
6508 mutex_unlock(&memcg_create_mutex);
6509
6510 return memcg_init_kmem(memcg, &memory_cgrp_subsys);
6511 }
6512
6513 /*
6514 * Announce all parents that a group from their hierarchy is gone.
6515 */
6516 static void mem_cgroup_invalidate_reclaim_iterators(struct mem_cgroup *memcg)
6517 {
6518 struct mem_cgroup *parent = memcg;
6519
6520 while ((parent = parent_mem_cgroup(parent)))
6521 mem_cgroup_iter_invalidate(parent);
6522
6523 /*
6524 * if the root memcg is not hierarchical we have to check it
6525 * explicitely.
6526 */
6527 if (!root_mem_cgroup->use_hierarchy)
6528 mem_cgroup_iter_invalidate(root_mem_cgroup);
6529 }
6530
6531 static void mem_cgroup_css_offline(struct cgroup_subsys_state *css)
6532 {
6533 struct mem_cgroup *memcg = mem_cgroup_from_css(css);
6534 struct mem_cgroup_event *event, *tmp;
6535 struct cgroup_subsys_state *iter;
6536
6537 /*
6538 * Unregister events and notify userspace.
6539 * Notify userspace about cgroup removing only after rmdir of cgroup
6540 * directory to avoid race between userspace and kernelspace.
6541 */
6542 spin_lock(&memcg->event_list_lock);
6543 list_for_each_entry_safe(event, tmp, &memcg->event_list, list) {
6544 list_del_init(&event->list);
6545 schedule_work(&event->remove);
6546 }
6547 spin_unlock(&memcg->event_list_lock);
6548
6549 kmem_cgroup_css_offline(memcg);
6550
6551 mem_cgroup_invalidate_reclaim_iterators(memcg);
6552
6553 /*
6554 * This requires that offlining is serialized. Right now that is
6555 * guaranteed because css_killed_work_fn() holds the cgroup_mutex.
6556 */
6557 css_for_each_descendant_post(iter, css)
6558 mem_cgroup_reparent_charges(mem_cgroup_from_css(iter));
6559
6560 mem_cgroup_destroy_all_caches(memcg);
6561 vmpressure_cleanup(&memcg->vmpressure);
6562 }
6563
6564 static void mem_cgroup_css_free(struct cgroup_subsys_state *css)
6565 {
6566 struct mem_cgroup *memcg = mem_cgroup_from_css(css);
6567 /*
6568 * XXX: css_offline() would be where we should reparent all
6569 * memory to prepare the cgroup for destruction. However,
6570 * memcg does not do css_tryget() and res_counter charging
6571 * under the same RCU lock region, which means that charging
6572 * could race with offlining. Offlining only happens to
6573 * cgroups with no tasks in them but charges can show up
6574 * without any tasks from the swapin path when the target
6575 * memcg is looked up from the swapout record and not from the
6576 * current task as it usually is. A race like this can leak
6577 * charges and put pages with stale cgroup pointers into
6578 * circulation:
6579 *
6580 * #0 #1
6581 * lookup_swap_cgroup_id()
6582 * rcu_read_lock()
6583 * mem_cgroup_lookup()
6584 * css_tryget()
6585 * rcu_read_unlock()
6586 * disable css_tryget()
6587 * call_rcu()
6588 * offline_css()
6589 * reparent_charges()
6590 * res_counter_charge()
6591 * css_put()
6592 * css_free()
6593 * pc->mem_cgroup = dead memcg
6594 * add page to lru
6595 *
6596 * The bulk of the charges are still moved in offline_css() to
6597 * avoid pinning a lot of pages in case a long-term reference
6598 * like a swapout record is deferring the css_free() to long
6599 * after offlining. But this makes sure we catch any charges
6600 * made after offlining:
6601 */
6602 mem_cgroup_reparent_charges(memcg);
6603
6604 memcg_destroy_kmem(memcg);
6605 __mem_cgroup_free(memcg);
6606 }
6607
6608 #ifdef CONFIG_MMU
6609 /* Handlers for move charge at task migration. */
6610 #define PRECHARGE_COUNT_AT_ONCE 256
6611 static int mem_cgroup_do_precharge(unsigned long count)
6612 {
6613 int ret = 0;
6614 int batch_count = PRECHARGE_COUNT_AT_ONCE;
6615 struct mem_cgroup *memcg = mc.to;
6616
6617 if (mem_cgroup_is_root(memcg)) {
6618 mc.precharge += count;
6619 /* we don't need css_get for root */
6620 return ret;
6621 }
6622 /* try to charge at once */
6623 if (count > 1) {
6624 struct res_counter *dummy;
6625 /*
6626 * "memcg" cannot be under rmdir() because we've already checked
6627 * by cgroup_lock_live_cgroup() that it is not removed and we
6628 * are still under the same cgroup_mutex. So we can postpone
6629 * css_get().
6630 */
6631 if (res_counter_charge(&memcg->res, PAGE_SIZE * count, &dummy))
6632 goto one_by_one;
6633 if (do_swap_account && res_counter_charge(&memcg->memsw,
6634 PAGE_SIZE * count, &dummy)) {
6635 res_counter_uncharge(&memcg->res, PAGE_SIZE * count);
6636 goto one_by_one;
6637 }
6638 mc.precharge += count;
6639 return ret;
6640 }
6641 one_by_one:
6642 /* fall back to one by one charge */
6643 while (count--) {
6644 if (signal_pending(current)) {
6645 ret = -EINTR;
6646 break;
6647 }
6648 if (!batch_count--) {
6649 batch_count = PRECHARGE_COUNT_AT_ONCE;
6650 cond_resched();
6651 }
6652 ret = __mem_cgroup_try_charge(NULL,
6653 GFP_KERNEL, 1, &memcg, false);
6654 if (ret)
6655 /* mem_cgroup_clear_mc() will do uncharge later */
6656 return ret;
6657 mc.precharge++;
6658 }
6659 return ret;
6660 }
6661
6662 /**
6663 * get_mctgt_type - get target type of moving charge
6664 * @vma: the vma the pte to be checked belongs
6665 * @addr: the address corresponding to the pte to be checked
6666 * @ptent: the pte to be checked
6667 * @target: the pointer the target page or swap ent will be stored(can be NULL)
6668 *
6669 * Returns
6670 * 0(MC_TARGET_NONE): if the pte is not a target for move charge.
6671 * 1(MC_TARGET_PAGE): if the page corresponding to this pte is a target for
6672 * move charge. if @target is not NULL, the page is stored in target->page
6673 * with extra refcnt got(Callers should handle it).
6674 * 2(MC_TARGET_SWAP): if the swap entry corresponding to this pte is a
6675 * target for charge migration. if @target is not NULL, the entry is stored
6676 * in target->ent.
6677 *
6678 * Called with pte lock held.
6679 */
6680 union mc_target {
6681 struct page *page;
6682 swp_entry_t ent;
6683 };
6684
6685 enum mc_target_type {
6686 MC_TARGET_NONE = 0,
6687 MC_TARGET_PAGE,
6688 MC_TARGET_SWAP,
6689 };
6690
6691 static struct page *mc_handle_present_pte(struct vm_area_struct *vma,
6692 unsigned long addr, pte_t ptent)
6693 {
6694 struct page *page = vm_normal_page(vma, addr, ptent);
6695
6696 if (!page || !page_mapped(page))
6697 return NULL;
6698 if (PageAnon(page)) {
6699 /* we don't move shared anon */
6700 if (!move_anon())
6701 return NULL;
6702 } else if (!move_file())
6703 /* we ignore mapcount for file pages */
6704 return NULL;
6705 if (!get_page_unless_zero(page))
6706 return NULL;
6707
6708 return page;
6709 }
6710
6711 #ifdef CONFIG_SWAP
6712 static struct page *mc_handle_swap_pte(struct vm_area_struct *vma,
6713 unsigned long addr, pte_t ptent, swp_entry_t *entry)
6714 {
6715 struct page *page = NULL;
6716 swp_entry_t ent = pte_to_swp_entry(ptent);
6717
6718 if (!move_anon() || non_swap_entry(ent))
6719 return NULL;
6720 /*
6721 * Because lookup_swap_cache() updates some statistics counter,
6722 * we call find_get_page() with swapper_space directly.
6723 */
6724 page = find_get_page(swap_address_space(ent), ent.val);
6725 if (do_swap_account)
6726 entry->val = ent.val;
6727
6728 return page;
6729 }
6730 #else
6731 static struct page *mc_handle_swap_pte(struct vm_area_struct *vma,
6732 unsigned long addr, pte_t ptent, swp_entry_t *entry)
6733 {
6734 return NULL;
6735 }
6736 #endif
6737
6738 static struct page *mc_handle_file_pte(struct vm_area_struct *vma,
6739 unsigned long addr, pte_t ptent, swp_entry_t *entry)
6740 {
6741 struct page *page = NULL;
6742 struct address_space *mapping;
6743 pgoff_t pgoff;
6744
6745 if (!vma->vm_file) /* anonymous vma */
6746 return NULL;
6747 if (!move_file())
6748 return NULL;
6749
6750 mapping = vma->vm_file->f_mapping;
6751 if (pte_none(ptent))
6752 pgoff = linear_page_index(vma, addr);
6753 else /* pte_file(ptent) is true */
6754 pgoff = pte_to_pgoff(ptent);
6755
6756 /* page is moved even if it's not RSS of this task(page-faulted). */
6757 page = find_get_page(mapping, pgoff);
6758
6759 #ifdef CONFIG_SWAP
6760 /* shmem/tmpfs may report page out on swap: account for that too. */
6761 if (radix_tree_exceptional_entry(page)) {
6762 swp_entry_t swap = radix_to_swp_entry(page);
6763 if (do_swap_account)
6764 *entry = swap;
6765 page = find_get_page(swap_address_space(swap), swap.val);
6766 }
6767 #endif
6768 return page;
6769 }
6770
6771 static enum mc_target_type get_mctgt_type(struct vm_area_struct *vma,
6772 unsigned long addr, pte_t ptent, union mc_target *target)
6773 {
6774 struct page *page = NULL;
6775 struct page_cgroup *pc;
6776 enum mc_target_type ret = MC_TARGET_NONE;
6777 swp_entry_t ent = { .val = 0 };
6778
6779 if (pte_present(ptent))
6780 page = mc_handle_present_pte(vma, addr, ptent);
6781 else if (is_swap_pte(ptent))
6782 page = mc_handle_swap_pte(vma, addr, ptent, &ent);
6783 else if (pte_none(ptent) || pte_file(ptent))
6784 page = mc_handle_file_pte(vma, addr, ptent, &ent);
6785
6786 if (!page && !ent.val)
6787 return ret;
6788 if (page) {
6789 pc = lookup_page_cgroup(page);
6790 /*
6791 * Do only loose check w/o page_cgroup lock.
6792 * mem_cgroup_move_account() checks the pc is valid or not under
6793 * the lock.
6794 */
6795 if (PageCgroupUsed(pc) && pc->mem_cgroup == mc.from) {
6796 ret = MC_TARGET_PAGE;
6797 if (target)
6798 target->page = page;
6799 }
6800 if (!ret || !target)
6801 put_page(page);
6802 }
6803 /* There is a swap entry and a page doesn't exist or isn't charged */
6804 if (ent.val && !ret &&
6805 mem_cgroup_id(mc.from) == lookup_swap_cgroup_id(ent)) {
6806 ret = MC_TARGET_SWAP;
6807 if (target)
6808 target->ent = ent;
6809 }
6810 return ret;
6811 }
6812
6813 #ifdef CONFIG_TRANSPARENT_HUGEPAGE
6814 /*
6815 * We don't consider swapping or file mapped pages because THP does not
6816 * support them for now.
6817 * Caller should make sure that pmd_trans_huge(pmd) is true.
6818 */
6819 static enum mc_target_type get_mctgt_type_thp(struct vm_area_struct *vma,
6820 unsigned long addr, pmd_t pmd, union mc_target *target)
6821 {
6822 struct page *page = NULL;
6823 struct page_cgroup *pc;
6824 enum mc_target_type ret = MC_TARGET_NONE;
6825
6826 page = pmd_page(pmd);
6827 VM_BUG_ON_PAGE(!page || !PageHead(page), page);
6828 if (!move_anon())
6829 return ret;
6830 pc = lookup_page_cgroup(page);
6831 if (PageCgroupUsed(pc) && pc->mem_cgroup == mc.from) {
6832 ret = MC_TARGET_PAGE;
6833 if (target) {
6834 get_page(page);
6835 target->page = page;
6836 }
6837 }
6838 return ret;
6839 }
6840 #else
6841 static inline enum mc_target_type get_mctgt_type_thp(struct vm_area_struct *vma,
6842 unsigned long addr, pmd_t pmd, union mc_target *target)
6843 {
6844 return MC_TARGET_NONE;
6845 }
6846 #endif
6847
6848 static int mem_cgroup_count_precharge_pte_range(pmd_t *pmd,
6849 unsigned long addr, unsigned long end,
6850 struct mm_walk *walk)
6851 {
6852 struct vm_area_struct *vma = walk->private;
6853 pte_t *pte;
6854 spinlock_t *ptl;
6855
6856 if (pmd_trans_huge_lock(pmd, vma, &ptl) == 1) {
6857 if (get_mctgt_type_thp(vma, addr, *pmd, NULL) == MC_TARGET_PAGE)
6858 mc.precharge += HPAGE_PMD_NR;
6859 spin_unlock(ptl);
6860 return 0;
6861 }
6862
6863 if (pmd_trans_unstable(pmd))
6864 return 0;
6865 pte = pte_offset_map_lock(vma->vm_mm, pmd, addr, &ptl);
6866 for (; addr != end; pte++, addr += PAGE_SIZE)
6867 if (get_mctgt_type(vma, addr, *pte, NULL))
6868 mc.precharge++; /* increment precharge temporarily */
6869 pte_unmap_unlock(pte - 1, ptl);
6870 cond_resched();
6871
6872 return 0;
6873 }
6874
6875 static unsigned long mem_cgroup_count_precharge(struct mm_struct *mm)
6876 {
6877 unsigned long precharge;
6878 struct vm_area_struct *vma;
6879
6880 down_read(&mm->mmap_sem);
6881 for (vma = mm->mmap; vma; vma = vma->vm_next) {
6882 struct mm_walk mem_cgroup_count_precharge_walk = {
6883 .pmd_entry = mem_cgroup_count_precharge_pte_range,
6884 .mm = mm,
6885 .private = vma,
6886 };
6887 if (is_vm_hugetlb_page(vma))
6888 continue;
6889 walk_page_range(vma->vm_start, vma->vm_end,
6890 &mem_cgroup_count_precharge_walk);
6891 }
6892 up_read(&mm->mmap_sem);
6893
6894 precharge = mc.precharge;
6895 mc.precharge = 0;
6896
6897 return precharge;
6898 }
6899
6900 static int mem_cgroup_precharge_mc(struct mm_struct *mm)
6901 {
6902 unsigned long precharge = mem_cgroup_count_precharge(mm);
6903
6904 VM_BUG_ON(mc.moving_task);
6905 mc.moving_task = current;
6906 return mem_cgroup_do_precharge(precharge);
6907 }
6908
6909 /* cancels all extra charges on mc.from and mc.to, and wakes up all waiters. */
6910 static void __mem_cgroup_clear_mc(void)
6911 {
6912 struct mem_cgroup *from = mc.from;
6913 struct mem_cgroup *to = mc.to;
6914 int i;
6915
6916 /* we must uncharge all the leftover precharges from mc.to */
6917 if (mc.precharge) {
6918 __mem_cgroup_cancel_charge(mc.to, mc.precharge);
6919 mc.precharge = 0;
6920 }
6921 /*
6922 * we didn't uncharge from mc.from at mem_cgroup_move_account(), so
6923 * we must uncharge here.
6924 */
6925 if (mc.moved_charge) {
6926 __mem_cgroup_cancel_charge(mc.from, mc.moved_charge);
6927 mc.moved_charge = 0;
6928 }
6929 /* we must fixup refcnts and charges */
6930 if (mc.moved_swap) {
6931 /* uncharge swap account from the old cgroup */
6932 if (!mem_cgroup_is_root(mc.from))
6933 res_counter_uncharge(&mc.from->memsw,
6934 PAGE_SIZE * mc.moved_swap);
6935
6936 for (i = 0; i < mc.moved_swap; i++)
6937 css_put(&mc.from->css);
6938
6939 if (!mem_cgroup_is_root(mc.to)) {
6940 /*
6941 * we charged both to->res and to->memsw, so we should
6942 * uncharge to->res.
6943 */
6944 res_counter_uncharge(&mc.to->res,
6945 PAGE_SIZE * mc.moved_swap);
6946 }
6947 /* we've already done css_get(mc.to) */
6948 mc.moved_swap = 0;
6949 }
6950 memcg_oom_recover(from);
6951 memcg_oom_recover(to);
6952 wake_up_all(&mc.waitq);
6953 }
6954
6955 static void mem_cgroup_clear_mc(void)
6956 {
6957 struct mem_cgroup *from = mc.from;
6958
6959 /*
6960 * we must clear moving_task before waking up waiters at the end of
6961 * task migration.
6962 */
6963 mc.moving_task = NULL;
6964 __mem_cgroup_clear_mc();
6965 spin_lock(&mc.lock);
6966 mc.from = NULL;
6967 mc.to = NULL;
6968 spin_unlock(&mc.lock);
6969 mem_cgroup_end_move(from);
6970 }
6971
6972 static int mem_cgroup_can_attach(struct cgroup_subsys_state *css,
6973 struct cgroup_taskset *tset)
6974 {
6975 struct task_struct *p = cgroup_taskset_first(tset);
6976 int ret = 0;
6977 struct mem_cgroup *memcg = mem_cgroup_from_css(css);
6978 unsigned long move_charge_at_immigrate;
6979
6980 /*
6981 * We are now commited to this value whatever it is. Changes in this
6982 * tunable will only affect upcoming migrations, not the current one.
6983 * So we need to save it, and keep it going.
6984 */
6985 move_charge_at_immigrate = memcg->move_charge_at_immigrate;
6986 if (move_charge_at_immigrate) {
6987 struct mm_struct *mm;
6988 struct mem_cgroup *from = mem_cgroup_from_task(p);
6989
6990 VM_BUG_ON(from == memcg);
6991
6992 mm = get_task_mm(p);
6993 if (!mm)
6994 return 0;
6995 /* We move charges only when we move a owner of the mm */
6996 if (mm->owner == p) {
6997 VM_BUG_ON(mc.from);
6998 VM_BUG_ON(mc.to);
6999 VM_BUG_ON(mc.precharge);
7000 VM_BUG_ON(mc.moved_charge);
7001 VM_BUG_ON(mc.moved_swap);
7002 mem_cgroup_start_move(from);
7003 spin_lock(&mc.lock);
7004 mc.from = from;
7005 mc.to = memcg;
7006 mc.immigrate_flags = move_charge_at_immigrate;
7007 spin_unlock(&mc.lock);
7008 /* We set mc.moving_task later */
7009
7010 ret = mem_cgroup_precharge_mc(mm);
7011 if (ret)
7012 mem_cgroup_clear_mc();
7013 }
7014 mmput(mm);
7015 }
7016 return ret;
7017 }
7018
7019 static void mem_cgroup_cancel_attach(struct cgroup_subsys_state *css,
7020 struct cgroup_taskset *tset)
7021 {
7022 mem_cgroup_clear_mc();
7023 }
7024
7025 static int mem_cgroup_move_charge_pte_range(pmd_t *pmd,
7026 unsigned long addr, unsigned long end,
7027 struct mm_walk *walk)
7028 {
7029 int ret = 0;
7030 struct vm_area_struct *vma = walk->private;
7031 pte_t *pte;
7032 spinlock_t *ptl;
7033 enum mc_target_type target_type;
7034 union mc_target target;
7035 struct page *page;
7036 struct page_cgroup *pc;
7037
7038 /*
7039 * We don't take compound_lock() here but no race with splitting thp
7040 * happens because:
7041 * - if pmd_trans_huge_lock() returns 1, the relevant thp is not
7042 * under splitting, which means there's no concurrent thp split,
7043 * - if another thread runs into split_huge_page() just after we
7044 * entered this if-block, the thread must wait for page table lock
7045 * to be unlocked in __split_huge_page_splitting(), where the main
7046 * part of thp split is not executed yet.
7047 */
7048 if (pmd_trans_huge_lock(pmd, vma, &ptl) == 1) {
7049 if (mc.precharge < HPAGE_PMD_NR) {
7050 spin_unlock(ptl);
7051 return 0;
7052 }
7053 target_type = get_mctgt_type_thp(vma, addr, *pmd, &target);
7054 if (target_type == MC_TARGET_PAGE) {
7055 page = target.page;
7056 if (!isolate_lru_page(page)) {
7057 pc = lookup_page_cgroup(page);
7058 if (!mem_cgroup_move_account(page, HPAGE_PMD_NR,
7059 pc, mc.from, mc.to)) {
7060 mc.precharge -= HPAGE_PMD_NR;
7061 mc.moved_charge += HPAGE_PMD_NR;
7062 }
7063 putback_lru_page(page);
7064 }
7065 put_page(page);
7066 }
7067 spin_unlock(ptl);
7068 return 0;
7069 }
7070
7071 if (pmd_trans_unstable(pmd))
7072 return 0;
7073 retry:
7074 pte = pte_offset_map_lock(vma->vm_mm, pmd, addr, &ptl);
7075 for (; addr != end; addr += PAGE_SIZE) {
7076 pte_t ptent = *(pte++);
7077 swp_entry_t ent;
7078
7079 if (!mc.precharge)
7080 break;
7081
7082 switch (get_mctgt_type(vma, addr, ptent, &target)) {
7083 case MC_TARGET_PAGE:
7084 page = target.page;
7085 if (isolate_lru_page(page))
7086 goto put;
7087 pc = lookup_page_cgroup(page);
7088 if (!mem_cgroup_move_account(page, 1, pc,
7089 mc.from, mc.to)) {
7090 mc.precharge--;
7091 /* we uncharge from mc.from later. */
7092 mc.moved_charge++;
7093 }
7094 putback_lru_page(page);
7095 put: /* get_mctgt_type() gets the page */
7096 put_page(page);
7097 break;
7098 case MC_TARGET_SWAP:
7099 ent = target.ent;
7100 if (!mem_cgroup_move_swap_account(ent, mc.from, mc.to)) {
7101 mc.precharge--;
7102 /* we fixup refcnts and charges later. */
7103 mc.moved_swap++;
7104 }
7105 break;
7106 default:
7107 break;
7108 }
7109 }
7110 pte_unmap_unlock(pte - 1, ptl);
7111 cond_resched();
7112
7113 if (addr != end) {
7114 /*
7115 * We have consumed all precharges we got in can_attach().
7116 * We try charge one by one, but don't do any additional
7117 * charges to mc.to if we have failed in charge once in attach()
7118 * phase.
7119 */
7120 ret = mem_cgroup_do_precharge(1);
7121 if (!ret)
7122 goto retry;
7123 }
7124
7125 return ret;
7126 }
7127
7128 static void mem_cgroup_move_charge(struct mm_struct *mm)
7129 {
7130 struct vm_area_struct *vma;
7131
7132 lru_add_drain_all();
7133 retry:
7134 if (unlikely(!down_read_trylock(&mm->mmap_sem))) {
7135 /*
7136 * Someone who are holding the mmap_sem might be waiting in
7137 * waitq. So we cancel all extra charges, wake up all waiters,
7138 * and retry. Because we cancel precharges, we might not be able
7139 * to move enough charges, but moving charge is a best-effort
7140 * feature anyway, so it wouldn't be a big problem.
7141 */
7142 __mem_cgroup_clear_mc();
7143 cond_resched();
7144 goto retry;
7145 }
7146 for (vma = mm->mmap; vma; vma = vma->vm_next) {
7147 int ret;
7148 struct mm_walk mem_cgroup_move_charge_walk = {
7149 .pmd_entry = mem_cgroup_move_charge_pte_range,
7150 .mm = mm,
7151 .private = vma,
7152 };
7153 if (is_vm_hugetlb_page(vma))
7154 continue;
7155 ret = walk_page_range(vma->vm_start, vma->vm_end,
7156 &mem_cgroup_move_charge_walk);
7157 if (ret)
7158 /*
7159 * means we have consumed all precharges and failed in
7160 * doing additional charge. Just abandon here.
7161 */
7162 break;
7163 }
7164 up_read(&mm->mmap_sem);
7165 }
7166
7167 static void mem_cgroup_move_task(struct cgroup_subsys_state *css,
7168 struct cgroup_taskset *tset)
7169 {
7170 struct task_struct *p = cgroup_taskset_first(tset);
7171 struct mm_struct *mm = get_task_mm(p);
7172
7173 if (mm) {
7174 if (mc.to)
7175 mem_cgroup_move_charge(mm);
7176 mmput(mm);
7177 }
7178 if (mc.to)
7179 mem_cgroup_clear_mc();
7180 }
7181 #else /* !CONFIG_MMU */
7182 static int mem_cgroup_can_attach(struct cgroup_subsys_state *css,
7183 struct cgroup_taskset *tset)
7184 {
7185 return 0;
7186 }
7187 static void mem_cgroup_cancel_attach(struct cgroup_subsys_state *css,
7188 struct cgroup_taskset *tset)
7189 {
7190 }
7191 static void mem_cgroup_move_task(struct cgroup_subsys_state *css,
7192 struct cgroup_taskset *tset)
7193 {
7194 }
7195 #endif
7196
7197 /*
7198 * Cgroup retains root cgroups across [un]mount cycles making it necessary
7199 * to verify sane_behavior flag on each mount attempt.
7200 */
7201 static void mem_cgroup_bind(struct cgroup_subsys_state *root_css)
7202 {
7203 /*
7204 * use_hierarchy is forced with sane_behavior. cgroup core
7205 * guarantees that @root doesn't have any children, so turning it
7206 * on for the root memcg is enough.
7207 */
7208 if (cgroup_sane_behavior(root_css->cgroup))
7209 mem_cgroup_from_css(root_css)->use_hierarchy = true;
7210 }
7211
7212 struct cgroup_subsys memory_cgrp_subsys = {
7213 .css_alloc = mem_cgroup_css_alloc,
7214 .css_online = mem_cgroup_css_online,
7215 .css_offline = mem_cgroup_css_offline,
7216 .css_free = mem_cgroup_css_free,
7217 .can_attach = mem_cgroup_can_attach,
7218 .cancel_attach = mem_cgroup_cancel_attach,
7219 .attach = mem_cgroup_move_task,
7220 .bind = mem_cgroup_bind,
7221 .base_cftypes = mem_cgroup_files,
7222 .early_init = 0,
7223 };
7224
7225 #ifdef CONFIG_MEMCG_SWAP
7226 static int __init enable_swap_account(char *s)
7227 {
7228 if (!strcmp(s, "1"))
7229 really_do_swap_account = 1;
7230 else if (!strcmp(s, "0"))
7231 really_do_swap_account = 0;
7232 return 1;
7233 }
7234 __setup("swapaccount=", enable_swap_account);
7235
7236 static void __init memsw_file_init(void)
7237 {
7238 WARN_ON(cgroup_add_cftypes(&memory_cgrp_subsys, memsw_cgroup_files));
7239 }
7240
7241 static void __init enable_swap_cgroup(void)
7242 {
7243 if (!mem_cgroup_disabled() && really_do_swap_account) {
7244 do_swap_account = 1;
7245 memsw_file_init();
7246 }
7247 }
7248
7249 #else
7250 static void __init enable_swap_cgroup(void)
7251 {
7252 }
7253 #endif
7254
7255 /*
7256 * subsys_initcall() for memory controller.
7257 *
7258 * Some parts like hotcpu_notifier() have to be initialized from this context
7259 * because of lock dependencies (cgroup_lock -> cpu hotplug) but basically
7260 * everything that doesn't depend on a specific mem_cgroup structure should
7261 * be initialized from here.
7262 */
7263 static int __init mem_cgroup_init(void)
7264 {
7265 hotcpu_notifier(memcg_cpu_hotplug_callback, 0);
7266 enable_swap_cgroup();
7267 mem_cgroup_soft_limit_tree_init();
7268 memcg_stock_init();
7269 return 0;
7270 }
7271 subsys_initcall(mem_cgroup_init);
Linux kernel - Deliverables
This page took 0.172809 seconds and 6 git commands to generate.