memcg: swapout refcnt fix css's refcnt is dropped before end of following access. Hold it until end of access. Reported-by: Li Zefan <lizf@cn.fujitsu.com> Signed-off-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Cc: Balbir Singh <balbir@in.ibm.com> Cc: Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp> Cc: Hugh Dickins <hugh@veritas.com> Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

commit: a7fe942e94b2f66aa0f11d37699c0ec8155d3ad1 [log] [tgz]
author: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Wed Jan 07 18:08:13 2009 -0800
committer: Linus Torvalds <torvalds@linux-foundation.org> Thu Jan 08 08:31:07 2009 -0800
tree: 27525266a70f8bd9aadc45695ed8db220eaf2e9a
parent: b85a96c0b6cb79c67e7b01b66368f2e31579d7c5 [diff] [blame]
diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index 6ad309e..964a700 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c

@@ -1171,7 +1171,9 @@
 	mz = page_cgroup_zoneinfo(pc);
 	unlock_page_cgroup(pc);
 
-	css_put(&mem->css);
+	/* at swapout, this memcg will be accessed to record to swap */
+	if (ctype != MEM_CGROUP_CHARGE_TYPE_SWAPOUT)
+		css_put(&mem->css);
 
 	return mem;
 
@@ -1212,6 +1214,8 @@
 		swap_cgroup_record(ent, memcg);
 		mem_cgroup_get(memcg);
 	}
+	if (memcg)
+		css_put(&memcg->css);
 }
 
 #ifdef CONFIG_CGROUP_MEM_RES_CTLR_SWAP
commit	a7fe942e94b2f66aa0f11d37699c0ec8155d3ad1	[log] [tgz]
author	KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>	Wed Jan 07 18:08:13 2009 -0800
committer	Linus Torvalds <torvalds@linux-foundation.org>	Thu Jan 08 08:31:07 2009 -0800
tree	27525266a70f8bd9aadc45695ed8db220eaf2e9a
parent	b85a96c0b6cb79c67e7b01b66368f2e31579d7c5 [diff] [blame]