// SPDX-License-Identifier: GPL-2.0-or-later
/* memcontrol.c - Memory Controller
 *
 * Copyright IBM Corporation, 2007
 * Author Balbir Singh <balbir@linux.vnet.ibm.com>
 *
 * Copyright 2007 OpenVZ SWsoft Inc
 * Author: Pavel Emelianov <xemul@openvz.org>
 *
 * Memory thresholds
 * Copyright (C) 2009 Nokia Corporation
 * Author: Kirill A. Shutemov
 *
 * Kernel Memory Controller
 * Copyright (C) 2012 Parallels Inc. and Google Inc.
 * Authors: Glauber Costa and Suleiman Souhlal
 *
 * Native page reclaim
 * Charge lifetime sanitation
 * Lockless page tracking & accounting
 * Unified hierarchy configuration model
 * Copyright (C) 2015 Red Hat, Inc., Johannes Weiner
 */

#include <linux/page_counter.h>
#include <linux/memcontrol.h>
#include <linux/cgroup.h>
#include <linux/mm.h>
#include <linux/sched/mm.h>
#include <linux/shmem_fs.h>
#include <linux/hugetlb.h>
#include <linux/pagemap.h>
#include <linux/vm_event_item.h>
#include <linux/smp.h>
#include <linux/page-flags.h>
#include <linux/backing-dev.h>
#include <linux/bit_spinlock.h>
#include <linux/rcupdate.h>
#include <linux/limits.h>
#include <linux/export.h>
#include <linux/mutex.h>
#include <linux/rbtree.h>
#include <linux/slab.h>
#include <linux/swap.h>
#include <linux/swapops.h>
#include <linux/spinlock.h>
#include <linux/eventfd.h>
#include <linux/poll.h>
#include <linux/sort.h>
#include <linux/fs.h>
#include <linux/seq_file.h>
#include <linux/vmpressure.h>
#include <linux/mm_inline.h>
#include <linux/swap_cgroup.h>
#include <linux/cpu.h>
#include <linux/oom.h>
#include <linux/lockdep.h>
#include <linux/file.h>
#include <linux/tracehook.h>
#include <linux/seq_buf.h>
#include "internal.h"
#include <net/sock.h>
#include <net/ip.h>
#include "slab.h"

#include <linux/uaccess.h>

#include <trace/events/vmscan.h>

struct cgroup_subsys memory_cgrp_subsys __read_mostly;
EXPORT_SYMBOL(memory_cgrp_subsys);

struct mem_cgroup *root_mem_cgroup __read_mostly;

#define MEM_CGROUP_RECLAIM_RETRIES      5

/* Socket memory accounting disabled? */
static bool cgroup_memory_nosocket;

/* Kernel memory accounting disabled? */
static bool cgroup_memory_nokmem;

/* Whether the swap controller is active */
#ifdef CONFIG_MEMCG_SWAP
int do_swap_account __read_mostly;
#else
#define do_swap_account         0
#endif

/* Whether legacy memory+swap accounting is active */
static bool do_memsw_account(void)
{
        return !cgroup_subsys_on_dfl(memory_cgrp_subsys) && do_swap_account;
}

static const char *const mem_cgroup_lru_names[] = {
        "inactive_anon",
        "active_anon",
        "inactive_file",
        "active_file",
        "unevictable",
};

#define THRESHOLDS_EVENTS_TARGET 128
#define SOFTLIMIT_EVENTS_TARGET 1024
#define NUMAINFO_EVENTS_TARGET  1024

/*
 * Cgroups above their limits are maintained in a RB-Tree, independent of
 * their hierarchy representation
 */

struct mem_cgroup_tree_per_node {
        struct rb_root rb_root;
        struct rb_node *rb_rightmost;
        spinlock_t lock;
};

struct mem_cgroup_tree {
        struct mem_cgroup_tree_per_node *rb_tree_per_node[MAX_NUMNODES];
};

static struct mem_cgroup_tree soft_limit_tree __read_mostly;

/* for OOM */
struct mem_cgroup_eventfd_list {
        struct list_head list;
        struct eventfd_ctx *eventfd;
};

/*
 * cgroup_event represents events which userspace want to receive.
 */
struct mem_cgroup_event {
        /*
         * memcg which the event belongs to.
         */
        struct mem_cgroup *memcg;
        /*
         * eventfd to signal userspace about the event.
         */
        struct eventfd_ctx *eventfd;
        /*
         * Each of these stored in a list by the cgroup.
         */
        struct list_head list;
        /*
         * register_event() callback will be used to add new userspace
         * waiter for changes related to this event.  Use eventfd_signal()
         * on eventfd to send notification to userspace.
         */
        int (*register_event)(struct mem_cgroup *memcg,
                              struct eventfd_ctx *eventfd, const char *args);
        /*
         * unregister_event() callback will be called when userspace closes
         * the eventfd or on cgroup removing.  This callback must be set,
         * if you want provide notification functionality.
         */
        void (*unregister_event)(struct mem_cgroup *memcg,
                                 struct eventfd_ctx *eventfd);
        /*
         * All fields below needed to unregister event when
         * userspace closes eventfd.
         */
        poll_table pt;
        wait_queue_head_t *wqh;
        wait_queue_entry_t wait;
        struct work_struct remove;
};

static void mem_cgroup_threshold(struct mem_cgroup *memcg);
static void mem_cgroup_oom_notify(struct mem_cgroup *memcg);

/* Stuffs for move charges at task migration. */
/*
 * Types of charges to be moved.
 */
#define MOVE_ANON       0x1U
#define MOVE_FILE       0x2U
#define MOVE_MASK       (MOVE_ANON | MOVE_FILE)

/* "mc" and its members are protected by cgroup_mutex */
static struct move_charge_struct {
        spinlock_t        lock; /* for from, to */
        struct mm_struct  *mm;
        struct mem_cgroup *from;
        struct mem_cgroup *to;
        unsigned long flags;
        unsigned long precharge;
        unsigned long moved_charge;
        unsigned long moved_swap;
        struct task_struct *moving_task;        /* a task moving charges */
        wait_queue_head_t waitq;                /* a waitq for other context */
} mc = {
        .lock = __SPIN_LOCK_UNLOCKED(mc.lock),
        .waitq = __WAIT_QUEUE_HEAD_INITIALIZER(mc.waitq),
};

/*
 * Maximum loops in mem_cgroup_hierarchical_reclaim(), used for soft
 * limit reclaim to prevent infinite loops, if they ever occur.
 */
#define MEM_CGROUP_MAX_RECLAIM_LOOPS            100
#define MEM_CGROUP_MAX_SOFT_LIMIT_RECLAIM_LOOPS 2

enum charge_type {
        MEM_CGROUP_CHARGE_TYPE_CACHE = 0,
        MEM_CGROUP_CHARGE_TYPE_ANON,
        MEM_CGROUP_CHARGE_TYPE_SWAPOUT, /* for accounting swapcache */
        MEM_CGROUP_CHARGE_TYPE_DROP,    /* a page was unused swap cache */
        NR_CHARGE_TYPE,
};

/* for encoding cft->private value on file */
enum res_type {
        _MEM,
        _MEMSWAP,
        _OOM_TYPE,
        _KMEM,
        _TCP,
};

#define MEMFILE_PRIVATE(x, val) ((x) << 16 | (val))
#define MEMFILE_TYPE(val)       ((val) >> 16 & 0xffff)
#define MEMFILE_ATTR(val)       ((val) & 0xffff)
/* Used for OOM nofiier */
#define OOM_CONTROL             (0)

/*
 * Iteration constructs for visiting all cgroups (under a tree).  If
 * loops are exited prematurely (break), mem_cgroup_iter_break() must
 * be used for reference counting.
 */
#define for_each_mem_cgroup_tree(iter, root)            \
        for (iter = mem_cgroup_iter(root, NULL, NULL);  \
             iter != NULL;                              \
             iter = mem_cgroup_iter(root, iter, NULL))

#define for_each_mem_cgroup(iter)                       \
        for (iter = mem_cgroup_iter(NULL, NULL, NULL);  \
             iter != NULL;                              \
             iter = mem_cgroup_iter(NULL, iter, NULL))

static inline bool should_force_charge(void)
{
        return tsk_is_oom_victim(current) || fatal_signal_pending(current) ||
                (current->flags & PF_EXITING);
}

/* Some nice accessors for the vmpressure. */
struct vmpressure *memcg_to_vmpressure(struct mem_cgroup *memcg)
{
        if (!memcg)
                memcg = root_mem_cgroup;
        return &memcg->vmpressure;
}

struct cgroup_subsys_state *vmpressure_to_css(struct vmpressure *vmpr)
{
        return &container_of(vmpr, struct mem_cgroup, vmpressure)->css;
}

#ifdef CONFIG_MEMCG_KMEM
/*
 * This will be the memcg's index in each cache's ->memcg_params.memcg_caches.
 * The main reason for not using cgroup id for this:
 *  this works better in sparse environments, where we have a lot of memcgs,
 *  but only a few kmem-limited. Or also, if we have, for instance, 200
 *  memcgs, and none but the 200th is kmem-limited, we'd have to have a
 *  200 entry array for that.
 *
 * The current size of the caches array is stored in memcg_nr_cache_ids. It
 * will double each time we have to increase it.
 */
static DEFINE_IDA(memcg_cache_ida);
int memcg_nr_cache_ids;

/* Protects memcg_nr_cache_ids */
static DECLARE_RWSEM(memcg_cache_ids_sem);

void memcg_get_cache_ids(void)
{
        down_read(&memcg_cache_ids_sem);
}

void memcg_put_cache_ids(void)
{
        up_read(&memcg_cache_ids_sem);
}

/*
 * MIN_SIZE is different than 1, because we would like to avoid going through
 * the alloc/free process all the time. In a small machine, 4 kmem-limited
 * cgroups is a reasonable guess. In the future, it could be a parameter or
 * tunable, but that is strictly not necessary.
 *
 * MAX_SIZE should be as large as the number of cgrp_ids. Ideally, we could get
 * this constant directly from cgroup, but it is understandable that this is
 * better kept as an internal representation in cgroup.c. In any case, the
 * cgrp_id space is not getting any smaller, and we don't have to necessarily
 * increase ours as well if it increases.
 */
#define MEMCG_CACHES_MIN_SIZE 4
#define MEMCG_CACHES_MAX_SIZE MEM_CGROUP_ID_MAX

/*
 * A lot of the calls to the cache allocation functions are expected to be
 * inlined by the compiler. Since the calls to memcg_kmem_get_cache are
 * conditional to this static branch, we'll have to allow modules that does
 * kmem_cache_alloc and the such to see this symbol as well
 */
DEFINE_STATIC_KEY_FALSE(memcg_kmem_enabled_key);
EXPORT_SYMBOL(memcg_kmem_enabled_key);

struct workqueue_struct *memcg_kmem_cache_wq;

static int memcg_shrinker_map_size;
static DEFINE_MUTEX(memcg_shrinker_map_mutex);

static void memcg_free_shrinker_map_rcu(struct rcu_head *head)
{
        kvfree(container_of(head, struct memcg_shrinker_map, rcu));
}

static int memcg_expand_one_shrinker_map(struct mem_cgroup *memcg,
                                         int size, int old_size)
{
        struct memcg_shrinker_map *new, *old;
        int nid;

        lockdep_assert_held(&memcg_shrinker_map_mutex);

        for_each_node(nid) {
                old = rcu_dereference_protected(
                        mem_cgroup_nodeinfo(memcg, nid)->shrinker_map, true);
                /* Not yet online memcg */
                if (!old)
                        return 0;

                new = kvmalloc(sizeof(*new) + size, GFP_KERNEL);
                if (!new)
                        return -ENOMEM;

                /* Set all old bits, clear all new bits */
                memset(new->map, (int)0xff, old_size);
                memset((void *)new->map + old_size, 0, size - old_size);

                rcu_assign_pointer(memcg->nodeinfo[nid]->shrinker_map, new);
                call_rcu(&old->rcu, memcg_free_shrinker_map_rcu);
        }

        return 0;
}

static void memcg_free_shrinker_maps(struct mem_cgroup *memcg)
{
        struct mem_cgroup_per_node *pn;
        struct memcg_shrinker_map *map;
        int nid;

        if (mem_cgroup_is_root(memcg))
                return;

        for_each_node(nid) {
                pn = mem_cgroup_nodeinfo(memcg, nid);
                map = rcu_dereference_protected(pn->shrinker_map, true);
                if (map)
                        kvfree(map);
                rcu_assign_pointer(pn->shrinker_map, NULL);
        }
}

static int memcg_alloc_shrinker_maps(struct mem_cgroup *memcg)
{
        struct memcg_shrinker_map *map;
        int nid, size, ret = 0;

        if (mem_cgroup_is_root(memcg))
                return 0;

        mutex_lock(&memcg_shrinker_map_mutex);
        size = memcg_shrinker_map_size;
        for_each_node(nid) {
                map = kvzalloc(sizeof(*map) + size, GFP_KERNEL);
                if (!map) {
                        memcg_free_shrinker_maps(memcg);
                        ret = -ENOMEM;
                        break;
                }
                rcu_assign_pointer(memcg->nodeinfo[nid]->shrinker_map, map);
        }
        mutex_unlock(&memcg_shrinker_map_mutex);

        return ret;
}

int memcg_expand_shrinker_maps(int new_id)
{
        int size, old_size, ret = 0;
        struct mem_cgroup *memcg;

        size = DIV_ROUND_UP(new_id + 1, BITS_PER_LONG) * sizeof(unsigned long);
        old_size = memcg_shrinker_map_size;
        if (size <= old_size)
                return 0;

        mutex_lock(&memcg_shrinker_map_mutex);
        if (!root_mem_cgroup)
                goto unlock;

        for_each_mem_cgroup(memcg) {
                if (mem_cgroup_is_root(memcg))
                        continue;
                ret = memcg_expand_one_shrinker_map(memcg, size, old_size);
                if (ret)
                        goto unlock;
        }
unlock:
        if (!ret)
                memcg_shrinker_map_size = size;
        mutex_unlock(&memcg_shrinker_map_mutex);
        return ret;
}

void memcg_set_shrinker_bit(struct mem_cgroup *memcg, int nid, int shrinker_id)
{
        if (shrinker_id >= 0 && memcg && !mem_cgroup_is_root(memcg)) {
                struct memcg_shrinker_map *map;

                rcu_read_lock();
                map = rcu_dereference(memcg->nodeinfo[nid]->shrinker_map);
                /* Pairs with smp mb in shrink_slab() */
                smp_mb__before_atomic();
                set_bit(shrinker_id, map->map);
                rcu_read_unlock();
        }
}

#else /* CONFIG_MEMCG_KMEM */
static int memcg_alloc_shrinker_maps(struct mem_cgroup *memcg)
{
        return 0;
}
static void memcg_free_shrinker_maps(struct mem_cgroup *memcg) { }
#endif /* CONFIG_MEMCG_KMEM */

/**
 * mem_cgroup_css_from_page - css of the memcg associated with a page
 * @page: page of interest
 *
 * If memcg is bound to the default hierarchy, css of the memcg associated
 * with @page is returned.  The returned css remains associated with @page
 * until it is released.
 *
 * If memcg is bound to a traditional hierarchy, the css of root_mem_cgroup
 * is returned.
 */
struct cgroup_subsys_state *mem_cgroup_css_from_page(struct page *page)
{
        struct mem_cgroup *memcg;

        memcg = page->mem_cgroup;

        if (!memcg || !cgroup_subsys_on_dfl(memory_cgrp_subsys))
                memcg = root_mem_cgroup;

        return &memcg->css;
}

/**
 * page_cgroup_ino - return inode number of the memcg a page is charged to
 * @page: the page
 *
 * Look up the closest online ancestor of the memory cgroup @page is charged to
 * and return its inode number or 0 if @page is not charged to any cgroup. It
 * is safe to call this function without holding a reference to @page.
 *
 * Note, this function is inherently racy, because there is nothing to prevent
 * the cgroup inode from getting torn down and potentially reallocated a moment
 * after page_cgroup_ino() returns, so it only should be used by callers that
 * do not care (such as procfs interfaces).
 */
ino_t page_cgroup_ino(struct page *page)
{
        struct mem_cgroup *memcg;
        unsigned long ino = 0;

        rcu_read_lock();
        if (PageHead(page) && PageSlab(page))
                memcg = memcg_from_slab_page(page);
        else
                memcg = READ_ONCE(page->mem_cgroup);
        while (memcg && !(memcg->css.flags & CSS_ONLINE))
                memcg = parent_mem_cgroup(memcg);
        if (memcg)
                ino = cgroup_ino(memcg->css.cgroup);
        rcu_read_unlock();
        return ino;
}

static struct mem_cgroup_per_node *
mem_cgroup_page_nodeinfo(struct mem_cgroup *memcg, struct page *page)
{
        int nid = page_to_nid(page);

        return memcg->nodeinfo[nid];
}

static struct mem_cgroup_tree_per_node *
soft_limit_tree_node(int nid)
{
        return soft_limit_tree.rb_tree_per_node[nid];
}

static struct mem_cgroup_tree_per_node *
soft_limit_tree_from_page(struct page *page)
{
        int nid = page_to_nid(page);

        return soft_limit_tree.rb_tree_per_node[nid];
}

static void __mem_cgroup_insert_exceeded(struct mem_cgroup_per_node *mz,
                                         struct mem_cgroup_tree_per_node *mctz,
                                         unsigned long new_usage_in_excess)
{
        struct rb_node **p = &mctz->rb_root.rb_node;
        struct rb_node *parent = NULL;
        struct mem_cgroup_per_node *mz_node;
        bool rightmost = true;

        if (mz->on_tree)
                return;

        mz->usage_in_excess = new_usage_in_excess;
        if (!mz->usage_in_excess)
                return;
        while (*p) {
                parent = *p;
                mz_node = rb_entry(parent, struct mem_cgroup_per_node,
                                        tree_node);
                if (mz->usage_in_excess < mz_node->usage_in_excess) {
                        p = &(*p)->rb_left;
                        rightmost = false;
                }

                /*
                 * We can't avoid mem cgroups that are over their soft
                 * limit by the same amount
                 */
                else if (mz->usage_in_excess >= mz_node->usage_in_excess)
                        p = &(*p)->rb_right;
        }

        if (rightmost)
                mctz->rb_rightmost = &mz->tree_node;

        rb_link_node(&mz->tree_node, parent, p);
        rb_insert_color(&mz->tree_node, &mctz->rb_root);
        mz->on_tree = true;
}

static void __mem_cgroup_remove_exceeded(struct mem_cgroup_per_node *mz,
                                         struct mem_cgroup_tree_per_node *mctz)
{
        if (!mz->on_tree)
                return;

        if (&mz->tree_node == mctz->rb_rightmost)
                mctz->rb_rightmost = rb_prev(&mz->tree_node);

        rb_erase(&mz->tree_node, &mctz->rb_root);
        mz->on_tree = false;
}

static void mem_cgroup_remove_exceeded(struct mem_cgroup_per_node *mz,
                                       struct mem_cgroup_tree_per_node *mctz)
{
        unsigned long flags;

        spin_lock_irqsave(&mctz->lock, flags);
        __mem_cgroup_remove_exceeded(mz, mctz);
        spin_unlock_irqrestore(&mctz->lock, flags);
}

static unsigned long soft_limit_excess(struct mem_cgroup *memcg)
{
        unsigned long nr_pages = page_counter_read(&memcg->memory);
        unsigned long soft_limit = READ_ONCE(memcg->soft_limit);
        unsigned long excess = 0;

        if (nr_pages > soft_limit)
                excess = nr_pages - soft_limit;

        return excess;
}

static void mem_cgroup_update_tree(struct mem_cgroup *memcg, struct page *page)
{
        unsigned long excess;
        struct mem_cgroup_per_node *mz;
        struct mem_cgroup_tree_per_node *mctz;

        mctz = soft_limit_tree_from_page(page);
        if (!mctz)
                return;
        /*
         * Necessary to update all ancestors when hierarchy is used.
         * because their event counter is not touched.
         */
        for (; memcg; memcg = parent_mem_cgroup(memcg)) {
                mz = mem_cgroup_page_nodeinfo(memcg, page);
                excess = soft_limit_excess(memcg);
                /*
                 * We have to update the tree if mz is on RB-tree or
                 * mem is over its softlimit.
                 */
                if (excess || mz->on_tree) {
                        unsigned long flags;

                        spin_lock_irqsave(&mctz->lock, flags);
                        /* if on-tree, remove it */
                        if (mz->on_tree)
                                __mem_cgroup_remove_exceeded(mz, mctz);
                        /*
                         * Insert again. mz->usage_in_excess will be updated.
                         * If excess is 0, no tree ops.
                         */
                        __mem_cgroup_insert_exceeded(mz, mctz, excess);
                        spin_unlock_irqrestore(&mctz->lock, flags);
                }
        }
}

static void mem_cgroup_remove_from_trees(struct mem_cgroup *memcg)
{
        struct mem_cgroup_tree_per_node *mctz;
        struct mem_cgroup_per_node *mz;
        int nid;

        for_each_node(nid) {
                mz = mem_cgroup_nodeinfo(memcg, nid);
                mctz = soft_limit_tree_node(nid);
                if (mctz)
                        mem_cgroup_remove_exceeded(mz, mctz);
        }
}

static struct mem_cgroup_per_node *
__mem_cgroup_largest_soft_limit_node(struct mem_cgroup_tree_per_node *mctz)
{
        struct mem_cgroup_per_node *mz;

retry:
        mz = NULL;
        if (!mctz->rb_rightmost)
                goto done;              /* Nothing to reclaim from */

        mz = rb_entry(mctz->rb_rightmost,
                      struct mem_cgroup_per_node, tree_node);
        /*
         * Remove the node now but someone else can add it back,
         * we will to add it back at the end of reclaim to its correct
         * position in the tree.
         */
        __mem_cgroup_remove_exceeded(mz, mctz);
        if (!soft_limit_excess(mz->memcg) ||
            !css_tryget_online(&mz->memcg->css))
                goto retry;
done:
        return mz;
}

static struct mem_cgroup_per_node *
mem_cgroup_largest_soft_limit_node(struct mem_cgroup_tree_per_node *mctz)
{
        struct mem_cgroup_per_node *mz;

        spin_lock_irq(&mctz->lock);
        mz = __mem_cgroup_largest_soft_limit_node(mctz);
        spin_unlock_irq(&mctz->lock);
        return mz;
}

/**
 * __mod_memcg_state - update cgroup memory statistics
 * @memcg: the memory cgroup
 * @idx: the stat item - can be enum memcg_stat_item or enum node_stat_item
 * @val: delta to add to the counter, can be negative
 */
void __mod_memcg_state(struct mem_cgroup *memcg, int idx, int val)
{
        long x;

        if (mem_cgroup_disabled())
                return;

        x = val + __this_cpu_read(memcg->vmstats_percpu->stat[idx]);
        if (unlikely(abs(x) > MEMCG_CHARGE_BATCH)) {
                struct mem_cgroup *mi;

                /*
                 * Batch local counters to keep them in sync with
                 * the hierarchical ones.
                 */
                __this_cpu_add(memcg->vmstats_local->stat[idx], x);
                for (mi = memcg; mi; mi = parent_mem_cgroup(mi))
                        atomic_long_add(x, &mi->vmstats[idx]);
                x = 0;
        }
        __this_cpu_write(memcg->vmstats_percpu->stat[idx], x);
}

static struct mem_cgroup_per_node *
parent_nodeinfo(struct mem_cgroup_per_node *pn, int nid)
{
        struct mem_cgroup *parent;

        parent = parent_mem_cgroup(pn->memcg);
        if (!parent)
                return NULL;
        return mem_cgroup_nodeinfo(parent, nid);
}

/**
 * __mod_lruvec_state - update lruvec memory statistics
 * @lruvec: the lruvec
 * @idx: the stat item
 * @val: delta to add to the counter, can be negative
 *
 * The lruvec is the intersection of the NUMA node and a cgroup. This
 * function updates the all three counters that are affected by a
 * change of state at this level: per-node, per-cgroup, per-lruvec.
 */
void __mod_lruvec_state(struct lruvec *lruvec, enum node_stat_item idx,
                        int val)
{
        pg_data_t *pgdat = lruvec_pgdat(lruvec);
        struct mem_cgroup_per_node *pn;
        struct mem_cgroup *memcg;
        long x;

        /* Update node */
        __mod_node_page_state(pgdat, idx, val);

        if (mem_cgroup_disabled())
                return;

        pn = container_of(lruvec, struct mem_cgroup_per_node, lruvec);
        memcg = pn->memcg;

        /* Update memcg */
        __mod_memcg_state(memcg, idx, val);

        /* Update lruvec */
        __this_cpu_add(pn->lruvec_stat_local->count[idx], val);

        x = val + __this_cpu_read(pn->lruvec_stat_cpu->count[idx]);
        if (unlikely(abs(x) > MEMCG_CHARGE_BATCH)) {
                struct mem_cgroup_per_node *pi;

                for (pi = pn; pi; pi = parent_nodeinfo(pi, pgdat->node_id))
                        atomic_long_add(x, &pi->lruvec_stat[idx]);
                x = 0;
        }
        __this_cpu_write(pn->lruvec_stat_cpu->count[idx], x);
}

void __mod_lruvec_slab_state(void *p, enum node_stat_item idx, int val)
{
        struct page *page = virt_to_head_page(p);
        pg_data_t *pgdat = page_pgdat(page);
        struct mem_cgroup *memcg;
        struct lruvec *lruvec;

        rcu_read_lock();
        memcg = memcg_from_slab_page(page);

        /* Untracked pages have no memcg, no lruvec. Update only the node */
        if (!memcg || memcg == root_mem_cgroup) {
                __mod_node_page_state(pgdat, idx, val);
        } else {
                lruvec = mem_cgroup_lruvec(pgdat, memcg);
                __mod_lruvec_state(lruvec, idx, val);
        }
        rcu_read_unlock();
}

/**
 * __count_memcg_events - account VM events in a cgroup
 * @memcg: the memory cgroup
 * @idx: the event item
 * @count: the number of events that occured
 */
void __count_memcg_events(struct mem_cgroup *memcg, enum vm_event_item idx,
                          unsigned long count)
{
        unsigned long x;

        if (mem_cgroup_disabled())
                return;

        x = count + __this_cpu_read(memcg->vmstats_percpu->events[idx]);
        if (unlikely(x > MEMCG_CHARGE_BATCH)) {
                struct mem_cgroup *mi;

                /*
                 * Batch local counters to keep them in sync with
                 * the hierarchical ones.
                 */
                __this_cpu_add(memcg->vmstats_local->events[idx], x);
                for (mi = memcg; mi; mi = parent_mem_cgroup(mi))
                        atomic_long_add(x, &mi->vmevents[idx]);
                x = 0;
        }
        __this_cpu_write(memcg->vmstats_percpu->events[idx], x);
}

static unsigned long memcg_events(struct mem_cgroup *memcg, int event)
{
        return atomic_long_read(&memcg->vmevents[event]);
}

static unsigned long memcg_events_local(struct mem_cgroup *memcg, int event)
{
        long x = 0;
        int cpu;

        for_each_possible_cpu(cpu)
                x += per_cpu(memcg->vmstats_local->events[event], cpu);
        return x;
}

static void mem_cgroup_charge_statistics(struct mem_cgroup *memcg,
                                         struct page *page,
                                         bool compound, int nr_pages)
{
        /*
         * Here, RSS means 'mapped anon' and anon's SwapCache. Shmem/tmpfs is
         * counted as CACHE even if it's on ANON LRU.
         */
        if (PageAnon(page))
                __mod_memcg_state(memcg, MEMCG_RSS, nr_pages);
        else {
                __mod_memcg_state(memcg, MEMCG_CACHE, nr_pages);
                if (PageSwapBacked(page))
                        __mod_memcg_state(memcg, NR_SHMEM, nr_pages);
        }

        if (compound) {
                VM_BUG_ON_PAGE(!PageTransHuge(page), page);
                __mod_memcg_state(memcg, MEMCG_RSS_HUGE, nr_pages);
        }

        /* pagein of a big page is an event. So, ignore page size */
        if (nr_pages > 0)
                __count_memcg_events(memcg, PGPGIN, 1);
        else {
                __count_memcg_events(memcg, PGPGOUT, 1);
                nr_pages = -nr_pages; /* for event */
        }

        __this_cpu_add(memcg->vmstats_percpu->nr_page_events, nr_pages);
}

static bool mem_cgroup_event_ratelimit(struct mem_cgroup *memcg,
                                       enum mem_cgroup_events_target target)
{
        unsigned long val, next;

        val = __this_cpu_read(memcg->vmstats_percpu->nr_page_events);
        next = __this_cpu_read(memcg->vmstats_percpu->targets[target]);
        /* from time_after() in jiffies.h */
        if ((long)(next - val) < 0) {
                switch (target) {
                case MEM_CGROUP_TARGET_THRESH:
                        next = val + THRESHOLDS_EVENTS_TARGET;
                        break;
                case MEM_CGROUP_TARGET_SOFTLIMIT:
                        next = val + SOFTLIMIT_EVENTS_TARGET;
                        break;
                case MEM_CGROUP_TARGET_NUMAINFO:
                        next = val + NUMAINFO_EVENTS_TARGET;
                        break;
                default:
                        break;
                }
                __this_cpu_write(memcg->vmstats_percpu->targets[target], next);
                return true;
        }
        return false;
}

/*
 * Check events in order.
 *
 */
static void memcg_check_events(struct mem_cgroup *memcg, struct page *page)
{
        /* threshold event is triggered in finer grain than soft limit */
        if (unlikely(mem_cgroup_event_ratelimit(memcg,
                                                MEM_CGROUP_TARGET_THRESH))) {
                bool do_softlimit;
                bool do_numainfo __maybe_unused;

                do_softlimit = mem_cgroup_event_ratelimit(memcg,
                                                MEM_CGROUP_TARGET_SOFTLIMIT);
#if MAX_NUMNODES > 1
                do_numainfo = mem_cgroup_event_ratelimit(memcg,
                                                MEM_CGROUP_TARGET_NUMAINFO);
#endif
                mem_cgroup_threshold(memcg);
                if (unlikely(do_softlimit))
                        mem_cgroup_update_tree(memcg, page);
#if MAX_NUMNODES > 1
                if (unlikely(do_numainfo))
                        atomic_inc(&memcg->numainfo_events);
#endif
        }
}

struct mem_cgroup *mem_cgroup_from_task(struct task_struct *p)
{
        /*
         * mm_update_next_owner() may clear mm->owner to NULL
         * if it races with swapoff, page migration, etc.
         * So this can be called with p == NULL.
         */
        if (unlikely(!p))
                return NULL;

        return mem_cgroup_from_css(task_css(p, memory_cgrp_id));
}
EXPORT_SYMBOL(mem_cgroup_from_task);

/**
 * get_mem_cgroup_from_mm: Obtain a reference on given mm_struct's memcg.
 * @mm: mm from which memcg should be extracted. It can be NULL.
 *
 * Obtain a reference on mm->memcg and returns it if successful. Otherwise
 * root_mem_cgroup is returned. However if mem_cgroup is disabled, NULL is
 * returned.
 */
struct mem_cgroup *get_mem_cgroup_from_mm(struct mm_struct *mm)
{
        struct mem_cgroup *memcg;

        if (mem_cgroup_disabled())
                return NULL;

        rcu_read_lock();
        do {
                /*
                 * Page cache insertions can happen withou an
                 * actual mm context, e.g. during disk probing
                 * on boot, loopback IO, acct() writes etc.
                 */
                if (unlikely(!mm))
                        memcg = root_mem_cgroup;
                else {
                        memcg = mem_cgroup_from_task(rcu_dereference(mm->owner));
                        if (unlikely(!memcg))
                                memcg = root_mem_cgroup;
                }
        } while (!css_tryget_online(&memcg->css));
        rcu_read_unlock();
        return memcg;
}
EXPORT_SYMBOL(get_mem_cgroup_from_mm);

/**
 * get_mem_cgroup_from_page: Obtain a reference on given page's memcg.
 * @page: page from which memcg should be extracted.
 *
 * Obtain a reference on page->memcg and returns it if successful. Otherwise
 * root_mem_cgroup is returned.
 */
struct mem_cgroup *get_mem_cgroup_from_page(struct page *page)
{
        struct mem_cgroup *memcg = page->mem_cgroup;

        if (mem_cgroup_disabled())
                return NULL;

        rcu_read_lock();
        if (!memcg || !css_tryget_online(&memcg->css))
                memcg = root_mem_cgroup;
        rcu_read_unlock();
        return memcg;
}
EXPORT_SYMBOL(get_mem_cgroup_from_page);

/**
 * If current->active_memcg is non-NULL, do not fallback to current->mm->memcg.
 */
static __always_inline struct mem_cgroup *get_mem_cgroup_from_current(void)
{
        if (unlikely(current->active_memcg)) {
                struct mem_cgroup *memcg = root_mem_cgroup;

                rcu_read_lock();
                if (css_tryget_online(&current->active_memcg->css))
                        memcg = current->active_memcg;
                rcu_read_unlock();
                return memcg;
        }
        return get_mem_cgroup_from_mm(current->mm);
}

/**
 * mem_cgroup_iter - iterate over memory cgroup hierarchy
 * @root: hierarchy root
 * @prev: previously returned memcg, NULL on first invocation
 * @reclaim: cookie for shared reclaim walks, NULL for full walks
 *
 * Returns references to children of the hierarchy below @root, or
 * @root itself, or %NULL after a full round-trip.
 *
 * Caller must pass the return value in @prev on subsequent
 * invocations for reference counting, or use mem_cgroup_iter_break()
 * to cancel a hierarchy walk before the round-trip is complete.
 *
 * Reclaimers can specify a node and a priority level in @reclaim to
 * divide up the memcgs in the hierarchy among all concurrent
 * reclaimers operating on the same node and priority.
 */
struct mem_cgroup *mem_cgroup_iter(struct mem_cgroup *root,
                                   struct mem_cgroup *prev,
                                   struct mem_cgroup_reclaim_cookie *reclaim)
{
        struct mem_cgroup_reclaim_iter *uninitialized_var(iter);
        struct cgroup_subsys_state *css = NULL;
        struct mem_cgroup *memcg = NULL;
        struct mem_cgroup *pos = NULL;

        if (mem_cgroup_disabled())
                return NULL;

        if (!root)
                root = root_mem_cgroup;

        if (prev && !reclaim)
                pos = prev;

        if (!root->use_hierarchy && root != root_mem_cgroup) {
                if (prev)
                        goto out;
                return root;
        }

        rcu_read_lock();

        if (reclaim) {
                struct mem_cgroup_per_node *mz;

                mz = mem_cgroup_nodeinfo(root, reclaim->pgdat->node_id);
                iter = &mz->iter[reclaim->priority];

                if (prev && reclaim->generation != iter->generation)
                        goto out_unlock;

                while (1) {
                        pos = READ_ONCE(iter->position);
                        if (!pos || css_tryget(&pos->css))
                                break;
                        /*
                         * css reference reached zero, so iter->position will
                         * be cleared by ->css_released. However, we should not
                         * rely on this happening soon, because ->css_released
                         * is called from a work queue, and by busy-waiting we
                         * might block it. So we clear iter->position right
                         * away.
                         */
                        (void)cmpxchg(&iter->position, pos, NULL);
                }
        }

        if (pos)
                css = &pos->css;

        for (;;) {
                css = css_next_descendant_pre(css, &root->css);
                if (!css) {
                        /*
                         * Reclaimers share the hierarchy walk, and a
                         * new one might jump in right at the end of
                         * the hierarchy - make sure they see at least
                         * one group and restart from the beginning.
                         */
                        if (!prev)
                                continue;
                        break;
                }

                /*
                 * Verify the css and acquire a reference.  The root
                 * is provided by the caller, so we know it's alive
                 * and kicking, and don't take an extra reference.
                 */
                memcg = mem_cgroup_from_css(css);

                if (css == &root->css)
                        break;

                if (css_tryget(css))
                        break;

                memcg = NULL;
        }

        if (reclaim) {
                /*
                 * The position could have already been updated by a competing
                 * thread, so check that the value hasn't changed since we read
                 * it to avoid reclaiming from the same cgroup twice.
                 */
                (void)cmpxchg(&iter->position, pos, memcg);

                if (pos)
                        css_put(&pos->css);

                if (!memcg)
                        iter->generation++;
                else if (!prev)
                        reclaim->generation = iter->generation;
        }

out_unlock:
        rcu_read_unlock();
out:
        if (prev && prev != root)
                css_put(&prev->css);

        return memcg;
}

/**
 * mem_cgroup_iter_break - abort a hierarchy walk prematurely
 * @root: hierarchy root
 * @prev: last visited hierarchy member as returned by mem_cgroup_iter()
 */
void mem_cgroup_iter_break(struct mem_cgroup *root,
                           struct mem_cgroup *prev)
{
        if (!root)
                root = root_mem_cgroup;
        if (prev && prev != root)
                css_put(&prev->css);
}

static void __invalidate_reclaim_iterators(struct mem_cgroup *from,
                                        struct mem_cgroup *dead_memcg)
{
        struct mem_cgroup_reclaim_iter *iter;
        struct mem_cgroup_per_node *mz;
        int nid;
        int i;

        for_each_node(nid) {
                mz = mem_cgroup_nodeinfo(from, nid);
                for (i = 0; i <= DEF_PRIORITY; i++) {
                        iter = &mz->iter[i];
                        cmpxchg(&iter->position,
                                dead_memcg, NULL);
                }
        }
}

static void invalidate_reclaim_iterators(struct mem_cgroup *dead_memcg)
{
        struct mem_cgroup *memcg = dead_memcg;
        struct mem_cgroup *last;

        do {
                __invalidate_reclaim_iterators(memcg, dead_memcg);
                last = memcg;
        } while ((memcg = parent_mem_cgroup(memcg)));

        /*
         * When cgruop1 non-hierarchy mode is used,
         * parent_mem_cgroup() does not walk all the way up to the
         * cgroup root (root_mem_cgroup). So we have to handle
         * dead_memcg from cgroup root separately.
         */
        if (last != root_mem_cgroup)
                __invalidate_reclaim_iterators(root_mem_cgroup,
                                                dead_memcg);
}

/**
 * mem_cgroup_scan_tasks - iterate over tasks of a memory cgroup hierarchy
 * @memcg: hierarchy root
 * @fn: function to call for each task
 * @arg: argument passed to @fn
 *
 * This function iterates over tasks attached to @memcg or to any of its
 * descendants and calls @fn for each task. If @fn returns a non-zero
 * value, the function breaks the iteration loop and returns the value.
 * Otherwise, it will iterate over all tasks and return 0.
 *
 * This function must not be called for the root memory cgroup.
 */
int mem_cgroup_scan_tasks(struct mem_cgroup *memcg,
                          int (*fn)(struct task_struct *, void *), void *arg)
{
        struct mem_cgroup *iter;
        int ret = 0;

        BUG_ON(memcg == root_mem_cgroup);

        for_each_mem_cgroup_tree(iter, memcg) {
                struct css_task_iter it;
                struct task_struct *task;

                css_task_iter_start(&iter->css, CSS_TASK_ITER_PROCS, &it);
                while (!ret && (task = css_task_iter_next(&it)))
                        ret = fn(task, arg);
                css_task_iter_end(&it);
                if (ret) {
                        mem_cgroup_iter_break(memcg, iter);
                        break;
                }
        }
        return ret;
}

/**
 * mem_cgroup_page_lruvec - return lruvec for isolating/putting an LRU page
 * @page: the page
 * @pgdat: pgdat of the page
 *
 * This function is only safe when following the LRU page isolation
 * and putback protocol: the LRU lock must be held, and the page must
 * either be PageLRU() or the caller must have isolated/allocated it.
 */
struct lruvec *mem_cgroup_page_lruvec(struct page *page, struct pglist_data *pgdat)
{
        struct mem_cgroup_per_node *mz;
        struct mem_cgroup *memcg;
        struct lruvec *lruvec;

        if (mem_cgroup_disabled()) {
                lruvec = &pgdat->lruvec;
                goto out;
        }

        memcg = page->mem_cgroup;
        /*
         * Swapcache readahead pages are added to the LRU - and
         * possibly migrated - before they are charged.
         */
        if (!memcg)
                memcg = root_mem_cgroup;

        mz = mem_cgroup_page_nodeinfo(memcg, page);
        lruvec = &mz->lruvec;
out:
        /*
         * Since a node can be onlined after the mem_cgroup was created,
         * we have to be prepared to initialize lruvec->zone here;
         * and if offlined then reonlined, we need to reinitialize it.
         */
        if (unlikely(lruvec->pgdat != pgdat))
                lruvec->pgdat = pgdat;
        return lruvec;
}

/**
 * mem_cgroup_update_lru_size - account for adding or removing an lru page
 * @lruvec: mem_cgroup per zone lru vector
 * @lru: index of lru list the page is sitting on
 * @zid: zone id of the accounted pages
 * @nr_pages: positive when adding or negative when removing
 *
 * This function must be called under lru_lock, just before a page is added
 * to or just after a page is removed from an lru list (that ordering being
 * so as to allow it to check that lru_size 0 is consistent with list_empty).
 */
void mem_cgroup_update_lru_size(struct lruvec *lruvec, enum lru_list lru,
                                int zid, int nr_pages)
{
        struct mem_cgroup_per_node *mz;
        unsigned long *lru_size;
        long size;

        if (mem_cgroup_disabled())
                return;

        mz = container_of(lruvec, struct mem_cgroup_per_node, lruvec);
        lru_size = &mz->lru_zone_size[zid][lru];

        if (nr_pages < 0)
                *lru_size += nr_pages;

        size = *lru_size;
        if (WARN_ONCE(size < 0,
                "%s(%p, %d, %d): lru_size %ld\n",
                __func__, lruvec, lru, nr_pages, size)) {
                VM_BUG_ON(1);
                *lru_size = 0;
        }

        if (nr_pages > 0)
                *lru_size += nr_pages;
}

/**
 * mem_cgroup_margin - calculate chargeable space of a memory cgroup
 * @memcg: the memory cgroup
 *
 * Returns the maximum amount of memory @mem can be charged with, in
 * pages.
 */
static unsigned long mem_cgroup_margin(struct mem_cgroup *memcg)
{
        unsigned long margin = 0;
        unsigned long count;
        unsigned long limit;

        count = page_counter_read(&memcg->memory);
        limit = READ_ONCE(memcg->memory.max);
        if (count < limit)
                margin = limit - count;

        if (do_memsw_account()) {
                count = page_counter_read(&memcg->memsw);
                limit = READ_ONCE(memcg->memsw.max);
                if (count <= limit)
                        margin = min(margin, limit - count);
                else
                        margin = 0;
        }

        return margin;
}

/*
 * A routine for checking "mem" is under move_account() or not.
 *
 * Checking a cgroup is mc.from or mc.to or under hierarchy of
 * moving cgroups. This is for waiting at high-memory pressure
 * caused by "move".
 */
static bool mem_cgroup_under_move(struct mem_cgroup *memcg)
{
        struct mem_cgroup *from;
        struct mem_cgroup *to;
        bool ret = false;
        /*
         * Unlike task_move routines, we access mc.to, mc.from not under
         * mutual exclusion by cgroup_mutex. Here, we take spinlock instead.
         */
        spin_lock(&mc.lock);
        from = mc.from;
        to = mc.to;
        if (!from)
                goto unlock;

        ret = mem_cgroup_is_descendant(from, memcg) ||
                mem_cgroup_is_descendant(to, memcg);
unlock:
        spin_unlock(&mc.lock);
        return ret;
}

static bool mem_cgroup_wait_acct_move(struct mem_cgroup *memcg)
{
        if (mc.moving_task && current != mc.moving_task) {
                if (mem_cgroup_under_move(memcg)) {
                        DEFINE_WAIT(wait);
                        prepare_to_wait(&mc.waitq, &wait, TASK_INTERRUPTIBLE);
                        /* moving charge context might have finished. */
                        if (mc.moving_task)
                                schedule();
                        finish_wait(&mc.waitq, &wait);
                        return true;
                }
        }
        return false;
}

static char *memory_stat_format(struct mem_cgroup *memcg)
{
        struct seq_buf s;
        int i;

        seq_buf_init(&s, kmalloc(PAGE_SIZE, GFP_KERNEL), PAGE_SIZE);
        if (!s.buffer)
                return NULL;

        /*
         * Provide statistics on the state of the memory subsystem as
         * well as cumulative event counters that show past behavior.
         *
         * This list is ordered following a combination of these gradients:
         * 1) generic big picture -> specifics and details
         * 2) reflecting userspace activity -> reflecting kernel heuristics
         *
         * Current memory state:
         */

        seq_buf_printf(&s, "anon %llu\n",
                       (u64)memcg_page_state(memcg, MEMCG_RSS) *
                       PAGE_SIZE);
        seq_buf_printf(&s, "file %llu\n",
                       (u64)memcg_page_state(memcg, MEMCG_CACHE) *
                       PAGE_SIZE);
        seq_buf_printf(&s, "kernel_stack %llu\n",
                       (u64)memcg_page_state(memcg, MEMCG_KERNEL_STACK_KB) *
                       1024);
        seq_buf_printf(&s, "slab %llu\n",
                       (u64)(memcg_page_state(memcg, NR_SLAB_RECLAIMABLE) +
                             memcg_page_state(memcg, NR_SLAB_UNRECLAIMABLE)) *
                       PAGE_SIZE);
        seq_buf_printf(&s, "sock %llu\n",
                       (u64)memcg_page_state(memcg, MEMCG_SOCK) *
                       PAGE_SIZE);

        seq_buf_printf(&s, "shmem %llu\n",
                       (u64)memcg_page_state(memcg, NR_SHMEM) *
                       PAGE_SIZE);
        seq_buf_printf(&s, "file_mapped %llu\n",
                       (u64)memcg_page_state(memcg, NR_FILE_MAPPED) *
                       PAGE_SIZE);
        seq_buf_printf(&s, "file_dirty %llu\n",
                       (u64)memcg_page_state(memcg, NR_FILE_DIRTY) *
                       PAGE_SIZE);
        seq_buf_printf(&s, "file_writeback %llu\n",
                       (u64)memcg_page_state(memcg, NR_WRITEBACK) *
                       PAGE_SIZE);

        /*
         * TODO: We should eventually replace our own MEMCG_RSS_HUGE counter
         * with the NR_ANON_THP vm counter, but right now it's a pain in the
         * arse because it requires migrating the work out of rmap to a place
         * where the page->mem_cgroup is set up and stable.
         */
        seq_buf_printf(&s, "anon_thp %llu\n",
                       (u64)memcg_page_state(memcg, MEMCG_RSS_HUGE) *
                       PAGE_SIZE);

        for (i = 0; i < NR_LRU_LISTS; i++)
                seq_buf_printf(&s, "%s %llu\n", mem_cgroup_lru_names[i],
                               (u64)memcg_page_state(memcg, NR_LRU_BASE + i) *
                               PAGE_SIZE);

        seq_buf_printf(&s, "slab_reclaimable %llu\n",
                       (u64)memcg_page_state(memcg, NR_SLAB_RECLAIMABLE) *
                       PAGE_SIZE);
        seq_buf_printf(&s, "slab_unreclaimable %llu\n",
                       (u64)memcg_page_state(memcg, NR_SLAB_UNRECLAIMABLE) *
                       PAGE_SIZE);

        /* Accumulated memory events */

        seq_buf_printf(&s, "pgfault %lu\n", memcg_events(memcg, PGFAULT));
        seq_buf_printf(&s, "pgmajfault %lu\n", memcg_events(memcg, PGMAJFAULT));

        seq_buf_printf(&s, "workingset_refault %lu\n",
                       memcg_page_state(memcg, WORKINGSET_REFAULT));
        seq_buf_printf(&s, "workingset_activate %lu\n",
                       memcg_page_state(memcg, WORKINGSET_ACTIVATE));
        seq_buf_printf(&s, "workingset_nodereclaim %lu\n",
                       memcg_page_state(memcg, WORKINGSET_NODERECLAIM));

        seq_buf_printf(&s, "pgrefill %lu\n", memcg_events(memcg, PGREFILL));
        seq_buf_printf(&s, "pgscan %lu\n",
                       memcg_events(memcg, PGSCAN_KSWAPD) +
                       memcg_events(memcg, PGSCAN_DIRECT));
        seq_buf_printf(&s, "pgsteal %lu\n",
                       memcg_events(memcg, PGSTEAL_KSWAPD) +
                       memcg_events(memcg, PGSTEAL_DIRECT));
        seq_buf_printf(&s, "pgactivate %lu\n", memcg_events(memcg, PGACTIVATE));
        seq_buf_printf(&s, "pgdeactivate %lu\n", memcg_events(memcg, PGDEACTIVATE));
        seq_buf_printf(&s, "pglazyfree %lu\n", memcg_events(memcg, PGLAZYFREE));
        seq_buf_printf(&s, "pglazyfreed %lu\n", memcg_events(memcg, PGLAZYFREED));

#ifdef CONFIG_TRANSPARENT_HUGEPAGE
        seq_buf_printf(&s, "thp_fault_alloc %lu\n",
                       memcg_events(memcg, THP_FAULT_ALLOC));
        seq_buf_printf(&s, "thp_collapse_alloc %lu\n",
                       memcg_events(memcg, THP_COLLAPSE_ALLOC));
#endif /* CONFIG_TRANSPARENT_HUGEPAGE */

        /* The above should easily fit into one page */
        WARN_ON_ONCE(seq_buf_has_overflowed(&s));

        return s.buffer;
}

#define K(x) ((x) << (PAGE_SHIFT-10))
/**
 * mem_cgroup_print_oom_context: Print OOM information relevant to
 * memory controller.
 * @memcg: The memory cgroup that went over limit
 * @p: Task that is going to be killed
 *
 * NOTE: @memcg and @p's mem_cgroup can be different when hierarchy is
 * enabled
 */
void mem_cgroup_print_oom_context(struct mem_cgroup *memcg, struct task_struct *p)
{
        rcu_read_lock();

        if (memcg) {
                pr_cont(",oom_memcg=");
                pr_cont_cgroup_path(memcg->css.cgroup);
        } else
                pr_cont(",global_oom");
        if (p) {
                pr_cont(",task_memcg=");
                pr_cont_cgroup_path(task_cgroup(p, memory_cgrp_id));
        }
        rcu_read_unlock();
}

/**
 * mem_cgroup_print_oom_meminfo: Print OOM memory information relevant to
 * memory controller.
 * @memcg: The memory cgroup that went over limit
 */
void mem_cgroup_print_oom_meminfo(struct mem_cgroup *memcg)
{
        char *buf;

        pr_info("memory: usage %llukB, limit %llukB, failcnt %lu\n",
                K((u64)page_counter_read(&memcg->memory)),
                K((u64)memcg->memory.max), memcg->memory.failcnt);
        if (cgroup_subsys_on_dfl(memory_cgrp_subsys))
                pr_info("swap: usage %llukB, limit %llukB, failcnt %lu\n",
                        K((u64)page_counter_read(&memcg->swap)),
                        K((u64)memcg->swap.max), memcg->swap.failcnt);
        else {
                pr_info("memory+swap: usage %llukB, limit %llukB, failcnt %lu\n",
                        K((u64)page_counter_read(&memcg->memsw)),
                        K((u64)memcg->memsw.max), memcg->memsw.failcnt);
                pr_info("kmem: usage %llukB, limit %llukB, failcnt %lu\n",
                        K((u64)page_counter_read(&memcg->kmem)),
                        K((u64)memcg->kmem.max), memcg->kmem.failcnt);
        }

        pr_info("Memory cgroup stats for ");
        pr_cont_cgroup_path(memcg->css.cgroup);
        pr_cont(":");
        buf = memory_stat_format(memcg);
        if (!buf)
                return;
        pr_info("%s", buf);
        kfree(buf);
}

/*
 * Return the memory (and swap, if configured) limit for a memcg.
 */
unsigned long mem_cgroup_get_max(struct mem_cgroup *memcg)
{
        unsigned long max;

        max = memcg->memory.max;
        if (mem_cgroup_swappiness(memcg)) {
                unsigned long memsw_max;
                unsigned long swap_max;

                memsw_max = memcg->memsw.max;
                swap_max = memcg->swap.max;
                swap_max = min(swap_max, (unsigned long)total_swap_pages);
                max = min(max + swap_max, memsw_max);
        }
        return max;
}

static bool mem_cgroup_out_of_memory(struct mem_cgroup *memcg, gfp_t gfp_mask,
                                     int order)
{
        struct oom_control oc = {
                .zonelist = NULL,
                .nodemask = NULL,
                .memcg = memcg,
                .gfp_mask = gfp_mask,
                .order = order,
        };
        bool ret;

        if (mutex_lock_killable(&oom_lock))
                return true;
        /*
         * A few threads which were not waiting at mutex_lock_killable() can
         * fail to bail out. Therefore, check again after holding oom_lock.
         */
        ret = should_force_charge() || out_of_memory(&oc);
        mutex_unlock(&oom_lock);
        return ret;
}

#if MAX_NUMNODES > 1

/**
 * test_mem_cgroup_node_reclaimable
 * @memcg: the target memcg
 * @nid: the node ID to be checked.
 * @noswap : specify true here if the user wants flle only information.
 *
 * This function returns whether the specified memcg contains any
 * reclaimable pages on a node. Returns true if there are any reclaimable
 * pages in the node.
 */
static bool test_mem_cgroup_node_reclaimable(struct mem_cgroup *memcg,
                int nid, bool noswap)
{
        struct lruvec *lruvec = mem_cgroup_lruvec(NODE_DATA(nid), memcg);

        if (lruvec_page_state(lruvec, NR_INACTIVE_FILE) ||
            lruvec_page_state(lruvec, NR_ACTIVE_FILE))
                return true;
        if (noswap || !total_swap_pages)
                return false;
        if (lruvec_page_state(lruvec, NR_INACTIVE_ANON) ||
            lruvec_page_state(lruvec, NR_ACTIVE_ANON))
                return true;
        return false;

}

/*
 * Always updating the nodemask is not very good - even if we have an empty
 * list or the wrong list here, we can start from some node and traverse all
 * nodes based on the zonelist. So update the list loosely once per 10 secs.
 *
 */
static void mem_cgroup_may_update_nodemask(struct mem_cgroup *memcg)
{
        int nid;
        /*
         * numainfo_events > 0 means there was at least NUMAINFO_EVENTS_TARGET
         * pagein/pageout changes since the last update.
         */
        if (!atomic_read(&memcg->numainfo_events))
                return;
        if (atomic_inc_return(&memcg->numainfo_updating) > 1)
                return;

        /* make a nodemask where this memcg uses memory from */
        memcg->scan_nodes = node_states[N_MEMORY];

        for_each_node_mask(nid, node_states[N_MEMORY]) {

                if (!test_mem_cgroup_node_reclaimable(memcg, nid, false))
                        node_clear(nid, memcg->scan_nodes);
        }

        atomic_set(&memcg->numainfo_events, 0);
        atomic_set(&memcg->numainfo_updating, 0);
}

/*
 * Selecting a node where we start reclaim from. Because what we need is just
 * reducing usage counter, start from anywhere is O,K. Considering
 * memory reclaim from current node, there are pros. and cons.
 *
 * Freeing memory from current node means freeing memory from a node which
 * we'll use or we've used. So, it may make LRU bad. And if several threads
 * hit limits, it will see a contention on a node. But freeing from remote
 * node means more costs for memory reclaim because of memory latency.
 *
 * Now, we use round-robin. Better algorithm is welcomed.
 */
int mem_cgroup_select_victim_node(struct mem_cgroup *memcg)
{
        int node;

        mem_cgroup_may_update_nodemask(memcg);
        node = memcg->last_scanned_node;

        node = next_node_in(node, memcg->scan_nodes);
        /*
         * mem_cgroup_may_update_nodemask might have seen no reclaimmable pages
         * last time it really checked all the LRUs due to rate limiting.
         * Fallback to the current node in that case for simplicity.
         */
        if (unlikely(node == MAX_NUMNODES))
                node = numa_node_id();

        memcg->last_scanned_node = node;
        return node;
}
#else
int mem_cgroup_select_victim_node(struct mem_cgroup *memcg)
{
        return 0;
}
#endif

static int mem_cgroup_soft_reclaim(struct mem_cgroup *root_memcg,
                                   pg_data_t *pgdat,
                                   gfp_t gfp_mask,
                                   unsigned long *total_scanned)
{
        struct mem_cgroup *victim = NULL;
        int total = 0;
        int loop = 0;
        unsigned long excess;
        unsigned long nr_scanned;
        struct mem_cgroup_reclaim_cookie reclaim = {
                .pgdat = pgdat,
                .priority = 0,
        };

        excess = soft_limit_excess(root_memcg);

        while (1) {
                victim = mem_cgroup_iter(root_memcg, victim, &reclaim);
                if (!victim) {
                        loop++;
                        if (loop >= 2) {
                                /*
                                 * If we have not been able to reclaim
                                 * anything, it might because there are
                                 * no reclaimable pages under this hierarchy
                                 */
                                if (!total)
                                        break;
                                /*
                                 * We want to do more targeted reclaim.
                                 * excess >> 2 is not to excessive so as to
                                 * reclaim too much, nor too less that we keep
                                 * coming back to reclaim from this cgroup
                                 */
                                if (total >= (excess >> 2) ||
                                        (loop > MEM_CGROUP_MAX_RECLAIM_LOOPS))
                                        break;
                        }
                        continue;
                }
                total += mem_cgroup_shrink_node(victim, gfp_mask, false,
                                        pgdat, &nr_scanned);
                *total_scanned += nr_scanned;
                if (!soft_limit_excess(root_memcg))
                        break;
        }
        mem_cgroup_iter_break(root_memcg, victim);
        return total;
}

#ifdef CONFIG_LOCKDEP
static struct lockdep_map memcg_oom_lock_dep_map = {
        .name = "memcg_oom_lock",
};
#endif

static DEFINE_SPINLOCK(memcg_oom_lock);

/*
 * Check OOM-Killer is already running under our hierarchy.
 * If someone is running, return false.
 */
static bool mem_cgroup_oom_trylock(struct mem_cgroup *memcg)
{
        struct mem_cgroup *iter, *failed = NULL;

        spin_lock(&memcg_oom_lock);

        for_each_mem_cgroup_tree(iter, memcg) {
                if (iter->oom_lock) {
                        /*
                         * this subtree of our hierarchy is already locked
                         * so we cannot give a lock.
                         */
                        failed = iter;
                        mem_cgroup_iter_break(memcg, iter);
                        break;
                } else
                        iter->oom_lock = true;
        }

        if (failed) {
                /*
                 * OK, we failed to lock the whole subtree so we have
                 * to clean up what we set up to the failing subtree
                 */
                for_each_mem_cgroup_tree(iter, memcg) {
                        if (iter == failed) {
                                mem_cgroup_iter_break(memcg, iter);
                                break;
                        }
                        iter->oom_lock = false;
                }
        } else
                mutex_acquire(&memcg_oom_lock_dep_map, 0, 1, _RET_IP_);

        spin_unlock(&memcg_oom_lock);

        return !failed;
}

static void mem_cgroup_oom_unlock(struct mem_cgroup *memcg)
{
        struct mem_cgroup *iter;

        spin_lock(&memcg_oom_lock);
        mutex_release(&memcg_oom_lock_dep_map, 1, _RET_IP_);
        for_each_mem_cgroup_tree(iter, memcg)
                iter->oom_lock = false;
        spin_unlock(&memcg_oom_lock);
}

static void mem_cgroup_mark_under_oom(struct mem_cgroup *memcg)
{
        struct mem_cgroup *iter;

        spin_lock(&memcg_oom_lock);
        for_each_mem_cgroup_tree(iter, memcg)
                iter->under_oom++;
        spin_unlock(&memcg_oom_lock);
}

static void mem_cgroup_unmark_under_oom(struct mem_cgroup *memcg)
{
        struct mem_cgroup *iter;

        /*
         * When a new child is created while the hierarchy is under oom,
         * mem_cgroup_oom_lock() may not be called. Watch for underflow.
         */
        spin_lock(&memcg_oom_lock);
        for_each_mem_cgroup_tree(iter, memcg)
                if (iter->under_oom > 0)
                        iter->under_oom--;
        spin_unlock(&memcg_oom_lock);
}

static DECLARE_WAIT_QUEUE_HEAD(memcg_oom_waitq);

struct oom_wait_info {
        struct mem_cgroup *memcg;
        wait_queue_entry_t      wait;
};

static int memcg_oom_wake_function(wait_queue_entry_t *wait,
        unsigned mode, int sync, void *arg)
{
        struct mem_cgroup *wake_memcg = (struct mem_cgroup *)arg;
        struct mem_cgroup *oom_wait_memcg;
        struct oom_wait_info *oom_wait_info;

        oom_wait_info = container_of(wait, struct oom_wait_info, wait);
        oom_wait_memcg = oom_wait_info->memcg;

        if (!mem_cgroup_is_descendant(wake_memcg, oom_wait_memcg) &&
            !mem_cgroup_is_descendant(oom_wait_memcg, wake_memcg))
                return 0;
        return autoremove_wake_function(wait, mode, sync, arg);
}

static void memcg_oom_recover(struct mem_cgroup *memcg)
{
        /*
         * For the following lockless ->under_oom test, the only required
         * guarantee is that it must see the state asserted by an OOM when
         * this function is called as a result of userland actions
         * triggered by the notification of the OOM.  This is trivially
         * achieved by invoking mem_cgroup_mark_under_oom() before
         * triggering notification.
         */
        if (memcg && memcg->under_oom)
                __wake_up(&memcg_oom_waitq, TASK_NORMAL, 0, memcg);
}

enum oom_status {
        OOM_SUCCESS,
        OOM_FAILED,
        OOM_ASYNC,
        OOM_SKIPPED
};

static enum oom_status mem_cgroup_oom(struct mem_cgroup *memcg, gfp_t mask, int order)
{
        enum oom_status ret;
        bool locked;

        if (order > PAGE_ALLOC_COSTLY_ORDER)
                return OOM_SKIPPED;

        memcg_memory_event(memcg, MEMCG_OOM);

        /*
         * We are in the middle of the charge context here, so we
         * don't want to block when potentially sitting on a callstack
         * that holds all kinds of filesystem and mm locks.
         *
         * cgroup1 allows disabling the OOM killer and waiting for outside
         * handling until the charge can succeed; remember the context and put
         * the task to sleep at the end of the page fault when all locks are
         * released.
         *
         * On the other hand, in-kernel OOM killer allows for an async victim
         * memory reclaim (oom_reaper) and that means that we are not solely
         * relying on the oom victim to make a forward progress and we can
         * invoke the oom killer here.
         *
         * Please note that mem_cgroup_out_of_memory might fail to find a
         * victim and then we have to bail out from the charge path.
         */
        if (memcg->oom_kill_disable) {
                if (!current->in_user_fault)
                        return OOM_SKIPPED;
                css_get(&memcg->css);
                current->memcg_in_oom = memcg;
                current->memcg_oom_gfp_mask = mask;
                current->memcg_oom_order = order;

                return OOM_ASYNC;
        }

        mem_cgroup_mark_under_oom(memcg);

        locked = mem_cgroup_oom_trylock(memcg);

        if (locked)
                mem_cgroup_oom_notify(memcg);

        mem_cgroup_unmark_under_oom(memcg);
        if (mem_cgroup_out_of_memory(memcg, mask, order))
                ret = OOM_SUCCESS;
        else
                ret = OOM_FAILED;

        if (locked)
                mem_cgroup_oom_unlock(memcg);

        return ret;
}

/**
 * mem_cgroup_oom_synchronize - complete memcg OOM handling
 * @handle: actually kill/wait or just clean up the OOM state
 *
 * This has to be called at the end of a page fault if the memcg OOM
 * handler was enabled.
 *
 * Memcg supports userspace OOM handling where failed allocations must
 * sleep on a waitqueue until the userspace task resolves the
 * situation.  Sleeping directly in the charge context with all kinds
 * of locks held is not a good idea, instead we remember an OOM state
 * in the task and mem_cgroup_oom_synchronize() has to be called at
 * the end of the page fault to complete the OOM handling.
 *
 * Returns %true if an ongoing memcg OOM situation was detected and
 * completed, %false otherwise.
 */
bool mem_cgroup_oom_synchronize(bool handle)
{
        struct mem_cgroup *memcg = current->memcg_in_oom;
        struct oom_wait_info owait;
        bool locked;

        /* OOM is global, do not handle */
        if (!memcg)
                return false;

        if (!handle)
                goto cleanup;

        owait.memcg = memcg;
        owait.wait.flags = 0;
        owait.wait.func = memcg_oom_wake_function;
        owait.wait.private = current;
        INIT_LIST_HEAD(&owait.wait.entry);

        prepare_to_wait(&memcg_oom_waitq, &owait.wait, TASK_KILLABLE);
        mem_cgroup_mark_under_oom(memcg);

        locked = mem_cgroup_oom_trylock(memcg);

        if (locked)
                mem_cgroup_oom_notify(memcg);

        if (locked && !memcg->oom_kill_disable) {
                mem_cgroup_unmark_under_oom(memcg);
                finish_wait(&memcg_oom_waitq, &owait.wait);
                mem_cgroup_out_of_memory(memcg, current->memcg_oom_gfp_mask,
                                         current->memcg_oom_order);
        } else {
                schedule();
                mem_cgroup_unmark_under_oom(memcg);
                finish_wait(&memcg_oom_waitq, &owait.wait);
        }

        if (locked) {
                mem_cgroup_oom_unlock(memcg);
                /*
                 * There is no guarantee that an OOM-lock contender
                 * sees the wakeups triggered by the OOM kill
                 * uncharges.  Wake any sleepers explicitely.
                 */
                memcg_oom_recover(memcg);
        }
cleanup:
        current->memcg_in_oom = NULL;
        css_put(&memcg->css);
        return true;

}

/**
 * mem_cgroup_get_oom_group - get a memory cgroup to clean up after OOM
 * @victim: task to be killed by the OOM killer
 * @oom_domain: memcg in case of memcg OOM, NULL in case of system-wide OOM
 *
 * Returns a pointer to a memory cgroup, which has to be cleaned up
 * by killing all belonging OOM-killable tasks.
 *
 * Caller has to call mem_cgroup_put() on the returned non-NULL memcg.
 */
struct mem_cgroup *mem_cgroup_get_oom_group(struct task_struct *victim,
                                            struct mem_cgroup *oom_domain)
{
        struct mem_cgroup *oom_group = NULL;
        struct mem_cgroup *memcg;

        if (!cgroup_subsys_on_dfl(memory_cgrp_subsys))
                return NULL;

        if (!oom_domain)
                oom_domain = root_mem_cgroup;

        rcu_read_lock();

        memcg = mem_cgroup_from_task(victim);
        if (memcg == root_mem_cgroup)
                goto out;

        /*
         * Traverse the memory cgroup hierarchy from the victim task's
         * cgroup up to the OOMing cgroup (or root) to find the
         * highest-level memory cgroup with oom.group set.
         */
        for (; memcg; memcg = parent_mem_cgroup(memcg)) {
                if (memcg->oom_group)
                        oom_group = memcg;

                if (memcg == oom_domain)
                        break;
        }

        if (oom_group)
                css_get(&oom_group->css);
out:
        rcu_read_unlock();

        return oom_group;
}

void mem_cgroup_print_oom_group(struct mem_cgroup *memcg)
{
        pr_info("Tasks in ");
        pr_cont_cgroup_path(memcg->css.cgroup);
        pr_cont(" are going to be killed due to memory.oom.group set\n");
}

/**
 * lock_page_memcg - lock a page->mem_cgroup binding
 * @page: the page
 *
 * This function protects unlocked LRU pages from being moved to
 * another cgroup.
 *
 * It ensures lifetime of the returned memcg. Caller is responsible
 * for the lifetime of the page; __unlock_page_memcg() is available
 * when @page might get freed inside the locked section.
 */
struct mem_cgroup *lock_page_memcg(struct page *page)
{
        struct mem_cgroup *memcg;
        unsigned long flags;

        /*
         * The RCU lock is held throughout the transaction.  The fast
         * path can get away without acquiring the memcg->move_lock
         * because page moving starts with an RCU grace period.
         *
         * The RCU lock also protects the memcg from being freed when
         * the page state that is going to change is the only thing
         * preventing the page itself from being freed. E.g. writeback
         * doesn't hold a page reference and relies on PG_writeback to
         * keep off truncation, migration and so forth.
         */
        rcu_read_lock();

        if (mem_cgroup_disabled())
                return NULL;
again:
        memcg = page->mem_cgroup;
        if (unlikely(!memcg))
                return NULL;

        if (atomic_read(&memcg->moving_account) <= 0)
                return memcg;

        spin_lock_irqsave(&memcg->move_lock, flags);
        if (memcg != page->mem_cgroup) {
                spin_unlock_irqrestore(&memcg->move_lock, flags);
                goto again;
        }

        /*
         * When charge migration first begins, we can have locked and
         * unlocked page stat updates happening concurrently.  Track
         * the task who has the lock for unlock_page_memcg().
         */
        memcg->move_lock_task = current;
        memcg->move_lock_flags = flags;

        return memcg;
}
EXPORT_SYMBOL(lock_page_memcg);

/**
 * __unlock_page_memcg - unlock and unpin a memcg
 * @memcg: the memcg
 *
 * Unlock and unpin a memcg returned by lock_page_memcg().
 */
void __unlock_page_memcg(struct mem_cgroup *memcg)
{
        if (memcg && memcg->move_lock_task == current) {
                unsigned long flags = memcg->move_lock_flags;

                memcg->move_lock_task = NULL;
                memcg->move_lock_flags = 0;

                spin_unlock_irqrestore(&memcg->move_lock, flags);
        }

        rcu_read_unlock();
}

/**
 * unlock_page_memcg - unlock a page->mem_cgroup binding
 * @page: the page
 */
void unlock_page_memcg(struct page *page)
{
        __unlock_page_memcg(page->mem_cgroup);
}
EXPORT_SYMBOL(unlock_page_memcg);

struct memcg_stock_pcp {
        struct mem_cgroup *cached; /* this never be root cgroup */
        unsigned int nr_pages;
        struct work_struct work;
        unsigned long flags;
#define FLUSHING_CACHED_CHARGE  0
};
static DEFINE_PER_CPU(struct memcg_stock_pcp, memcg_stock);
static DEFINE_MUTEX(percpu_charge_mutex);

/**
 * consume_stock: Try to consume stocked charge on this cpu.
 * @memcg: memcg to consume from.
 * @nr_pages: how many pages to charge.
 *
 * The charges will only happen if @memcg matches the current cpu's memcg
 * stock, and at least @nr_pages are available in that stock.  Failure to
 * service an allocation will refill the stock.
 *
 * returns true if successful, false otherwise.
 */
static bool consume_stock(struct mem_cgroup *memcg, unsigned int nr_pages)
{
        struct memcg_stock_pcp *stock;
        unsigned long flags;
        bool ret = false;

        if (nr_pages > MEMCG_CHARGE_BATCH)
                return ret;

        local_irq_save(flags);

        stock = this_cpu_ptr(&memcg_stock);
        if (memcg == stock->cached && stock->nr_pages >= nr_pages) {
                stock->nr_pages -= nr_pages;
                ret = true;
        }

        local_irq_restore(flags);

        return ret;
}

/*
 * Returns stocks cached in percpu and reset cached information.
 */
static void drain_stock(struct memcg_stock_pcp *stock)
{
        struct mem_cgroup *old = stock->cached;

        if (stock->nr_pages) {
                page_counter_uncharge(&old->memory, stock->nr_pages);
                if (do_memsw_account())
                        page_counter_uncharge(&old->memsw, stock->nr_pages);
                css_put_many(&old->css, stock->nr_pages);
                stock->nr_pages = 0;
        }
        stock->cached = NULL;
}

static void drain_local_stock(struct work_struct *dummy)
{
        struct memcg_stock_pcp *stock;
        unsigned long flags;

        /*
         * The only protection from memory hotplug vs. drain_stock races is
         * that we always operate on local CPU stock here with IRQ disabled
         */
        local_irq_save(flags);

        stock = this_cpu_ptr(&memcg_stock);
        drain_stock(stock);
        clear_bit(FLUSHING_CACHED_CHARGE, &stock->flags);

        local_irq_restore(flags);
}

/*
 * Cache charges(val) to local per_cpu area.
 * This will be consumed by consume_stock() function, later.
 */
static void refill_stock(struct mem_cgroup *memcg, unsigned int nr_pages)
{
        struct memcg_stock_pcp *stock;
        unsigned long flags;

        local_irq_save(flags);

        stock = this_cpu_ptr(&memcg_stock);
        if (stock->cached != memcg) { /* reset if necessary */
                drain_stock(stock);
                stock->cached = memcg;
        }
        stock->nr_pages += nr_pages;

        if (stock->nr_pages > MEMCG_CHARGE_BATCH)
                drain_stock(stock);

        local_irq_restore(flags);
}

/*
 * Drains all per-CPU charge caches for given root_memcg resp. subtree
 * of the hierarchy under it.
 */
static void drain_all_stock(struct mem_cgroup *root_memcg)
{
        int cpu, curcpu;

        /* If someone's already draining, avoid adding running more workers. */
        if (!mutex_trylock(&percpu_charge_mutex))
                return;
        /*
         * Notify other cpus that system-wide "drain" is running
         * We do not care about races with the cpu hotplug because cpu down
         * as well as workers from this path always operate on the local
         * per-cpu data. CPU up doesn't touch memcg_stock at all.
         */
        curcpu = get_cpu();
        for_each_online_cpu(cpu) {
                struct memcg_stock_pcp *stock = &per_cpu(memcg_stock, cpu);
                struct mem_cgroup *memcg;

                memcg = stock->cached;
                if (!memcg || !stock->nr_pages || !css_tryget(&memcg->css))
                        continue;
                if (!mem_cgroup_is_descendant(memcg, root_memcg)) {
                        css_put(&memcg->css);
                        continue;
                }
                if (!test_and_set_bit(FLUSHING_CACHED_CHARGE, &stock->flags)) {
                        if (cpu == curcpu)
                                drain_local_stock(&stock->work);
                        else
                                schedule_work_on(cpu, &stock->work);
                }
                css_put(&memcg->css);
        }
        put_cpu();
        mutex_unlock(&percpu_charge_mutex);
}

static int memcg_hotplug_cpu_dead(unsigned int cpu)
{
        struct memcg_stock_pcp *stock;
        struct mem_cgroup *memcg, *mi;

        stock = &per_cpu(memcg_stock, cpu);
        drain_stock(stock);

        for_each_mem_cgroup(memcg) {
                int i;

                for (i = 0; i < MEMCG_NR_STAT; i++) {
                        int nid;
                        long x;

                        x = this_cpu_xchg(memcg->vmstats_percpu->stat[i], 0);
                        if (x)
                                for (mi = memcg; mi; mi = parent_mem_cgroup(mi))
                                        atomic_long_add(x, &memcg->vmstats[i]);

                        if (i >= NR_VM_NODE_STAT_ITEMS)
                                continue;

                        for_each_node(nid) {
                                struct mem_cgroup_per_node *pn;

                                pn = mem_cgroup_nodeinfo(memcg, nid);
                                x = this_cpu_xchg(pn->lruvec_stat_cpu->count[i], 0);
                                if (x)
                                        do {
                                                atomic_long_add(x, &pn->lruvec_stat[i]);
                                        } while ((pn = parent_nodeinfo(pn, nid)));
                        }
                }

                for (i = 0; i < NR_VM_EVENT_ITEMS; i++) {
                        long x;

                        x = this_cpu_xchg(memcg->vmstats_percpu->events[i], 0);
                        if (x)
                                for (mi = memcg; mi; mi = parent_mem_cgroup(mi))
                                        atomic_long_add(x, &memcg->vmevents[i]);
                }
        }

        return 0;
}

static void reclaim_high(struct mem_cgroup *memcg,
                         unsigned int nr_pages,
                         gfp_t gfp_mask)
{
        do {
                if (page_counter_read(&memcg->memory) <= memcg->high)
                        continue;
                memcg_memory_event(memcg, MEMCG_HIGH);
                try_to_free_mem_cgroup_pages(memcg, nr_pages, gfp_mask, true);
        } while ((memcg = parent_mem_cgroup(memcg)));
}

static void high_work_func(struct work_struct *work)
{
        struct mem_cgroup *memcg;

        memcg = container_of(work, struct mem_cgroup, high_work);
        reclaim_high(memcg, MEMCG_CHARGE_BATCH, GFP_KERNEL);
}

/*
 * Scheduled by try_charge() to be executed from the userland return path
 * and reclaims memory over the high limit.
 */
void mem_cgroup_handle_over_high(void)
{
        unsigned int nr_pages = current->memcg_nr_pages_over_high;
        struct mem_cgroup *memcg;

        if (likely(!nr_pages))
                return;

        memcg = get_mem_cgroup_from_mm(current->mm);
        reclaim_high(memcg, nr_pages, GFP_KERNEL);
        css_put(&memcg->css);
        current->memcg_nr_pages_over_high = 0;
}

static int try_charge(struct mem_cgroup *memcg, gfp_t gfp_mask,
                      unsigned int nr_pages)
{
        unsigned int batch = max(MEMCG_CHARGE_BATCH, nr_pages);
        int nr_retries = MEM_CGROUP_RECLAIM_RETRIES;
        struct mem_cgroup *mem_over_limit;
        struct page_counter *counter;
        unsigned long nr_reclaimed;
        bool may_swap = true;
        bool drained = false;
        enum oom_status oom_status;

        if (mem_cgroup_is_root(memcg))
                return 0;
retry:
        if (consume_stock(memcg, nr_pages))
                return 0;

        if (!do_memsw_account() ||
            page_counter_try_charge(&memcg->memsw, batch, &counter)) {
                if (page_counter_try_charge(&memcg->memory, batch, &counter))
                        goto done_restock;
                if (do_memsw_account())
                        page_counter_uncharge(&memcg->memsw, batch);
                mem_over_limit = mem_cgroup_from_counter(counter, memory);
        } else {
                mem_over_limit = mem_cgroup_from_counter(counter, memsw);
                may_swap = false;
        }

        if (batch > nr_pages) {
                batch = nr_pages;
                goto retry;
        }

        /*
         * Unlike in global OOM situations, memcg is not in a physical
         * memory shortage.  Allow dying and OOM-killed tasks to
         * bypass the last charges so that they can exit quickly and
         * free their memory.
         */
        if (unlikely(should_force_charge()))
                goto force;

        /*
         * Prevent unbounded recursion when reclaim operations need to
         * allocate memory. This might exceed the limits temporarily,
         * but we prefer facilitating memory reclaim and getting back
         * under the limit over triggering OOM kills in these cases.
         */
        if (unlikely(current->flags & PF_MEMALLOC))
                goto force;

        if (unlikely(task_in_memcg_oom(current)))
                goto nomem;

        if (!gfpflags_allow_blocking(gfp_mask))
                goto nomem;

        memcg_memory_event(mem_over_limit, MEMCG_MAX);

        nr_reclaimed = try_to_free_mem_cgroup_pages(mem_over_limit, nr_pages,
                                                    gfp_mask, may_swap);

        if (mem_cgroup_margin(mem_over_limit) >= nr_pages)
                goto retry;

        if (!drained) {
                drain_all_stock(mem_over_limit);
                drained = true;
                goto retry;
        }

        if (gfp_mask & __GFP_NORETRY)
                goto nomem;
        /*
         * Even though the limit is exceeded at this point, reclaim
         * may have been able to free some pages.  Retry the charge
         * before killing the task.
         *
         * Only for regular pages, though: huge pages are rather
         * unlikely to succeed so close to the limit, and we fall back
         * to regular pages anyway in case of failure.
         */
        if (nr_reclaimed && nr_pages <= (1 << PAGE_ALLOC_COSTLY_ORDER))
                goto retry;
        /*
         * At task move, charge accounts can be doubly counted. So, it's
         * better to wait until the end of task_move if something is going on.
         */
        if (mem_cgroup_wait_acct_move(mem_over_limit))
                goto retry;

        if (nr_retries--)
                goto retry;

        if (gfp_mask & __GFP_RETRY_MAYFAIL)
                goto nomem;

        if (gfp_mask & __GFP_NOFAIL)
                goto force;

        if (fatal_signal_pending(current))
                goto force;

        /*
         * keep retrying as long as the memcg oom killer is able to make
         * a forward progress or bypass the charge if the oom killer
         * couldn't make any progress.
         */
        oom_status = mem_cgroup_oom(mem_over_limit, gfp_mask,
                       get_order(nr_pages * PAGE_SIZE));
        switch (oom_status) {
        case OOM_SUCCESS:
                nr_retries = MEM_CGROUP_RECLAIM_RETRIES;
                goto retry;
        case OOM_FAILED:
                goto force;
        default:
                goto nomem;
        }
nomem:
        if (!(gfp_mask & __GFP_NOFAIL))
                return -ENOMEM;
force:
        /*
         * The allocation either can't fail or will lead to more memory
         * being freed very soon.  Allow memory usage go over the limit
         * temporarily by force charging it.
         */
        page_counter_charge(&memcg->memory, nr_pages);
        if (do_memsw_account())
                page_counter_charge(&memcg->memsw, nr_pages);
        css_get_many(&memcg->css, nr_pages);

        return 0;

done_restock:
        css_get_many(&memcg->css, batch);
        if (batch > nr_pages)
                refill_stock(memcg, batch - nr_pages);

        /*
         * If the hierarchy is above the normal consumption range, schedule
         * reclaim on returning to userland.  We can perform reclaim here
         * if __GFP_RECLAIM but let's always punt for simplicity and so that
         * GFP_KERNEL can consistently be used during reclaim.  @memcg is
         * not recorded as it most likely matches current's and won't
         * change in the meantime.  As high limit is checked again before
         * reclaim, the cost of mismatch is negligible.
         */
        do {
                if (page_counter_read(&memcg->memory) > memcg->high) {
                        /* Don't bother a random interrupted task */
                        if (in_interrupt()) {
                                schedule_work(&memcg->high_work);
                                break;
                        }
                        current->memcg_nr_pages_over_high += batch;
                        set_notify_resume(current);
                        break;
                }
        } while ((memcg = parent_mem_cgroup(memcg)));

        return 0;
}

static void cancel_charge(struct mem_cgroup *memcg, unsigned int nr_pages)
{
        if (mem_cgroup_is_root(memcg))
                return;

        page_counter_uncharge(&memcg->memory, nr_pages);
        if (do_memsw_account())
                page_counter_uncharge(&memcg->memsw, nr_pages);

        css_put_many(&memcg->css, nr_pages);
}

static void lock_page_lru(struct page *page, int *isolated)
{
        pg_data_t *pgdat = page_pgdat(page);

        spin_lock_irq(&pgdat->lru_lock);
        if (PageLRU(page)) {
                struct lruvec *lruvec;

                lruvec = mem_cgroup_page_lruvec(page, pgdat);
                ClearPageLRU(page);
                del_page_from_lru_list(page, lruvec, page_lru(page));
                *isolated = 1;
        } else
                *isolated = 0;
}

static void unlock_page_lru(struct page *page, int isolated)
{
        pg_data_t *pgdat = page_pgdat(page);

        if (isolated) {
                struct lruvec *lruvec;

                lruvec = mem_cgroup_page_lruvec(page, pgdat);
                VM_BUG_ON_PAGE(PageLRU(page), page);
                SetPageLRU(page);
                add_page_to_lru_list(page, lruvec, page_lru(page));
        }
        spin_unlock_irq(&pgdat->lru_lock);
}

static void commit_charge(struct page *page, struct mem_cgroup *memcg,
                          bool lrucare)
{
        int isolated;

        VM_BUG_ON_PAGE(page->mem_cgroup, page);

        /*
         * In some cases, SwapCache and FUSE(splice_buf->radixtree), the page
         * may already be on some other mem_cgroup's LRU.  Take care of it.
         */
        if (lrucare)
                lock_page_lru(page, &isolated);

        /*
         * Nobody should be changing or seriously looking at
         * page->mem_cgroup at this point:
         *
         * - the page is uncharged
         *
         * - the page is off-LRU
         *
         * - an anonymous fault has exclusive page access, except for
         *   a locked page table
         *
         * - a page cache insertion, a swapin fault, or a migration
         *   have the page locked
         */
        page->mem_cgroup = memcg;

        if (lrucare)
                unlock_page_lru(page, isolated);
}

#ifdef CONFIG_MEMCG_KMEM
static int memcg_alloc_cache_id(void)
{
        int id, size;
        int err;

        id = ida_simple_get(&memcg_cache_ida,
                            0, MEMCG_CACHES_MAX_SIZE, GFP_KERNEL);
        if (id < 0)
                return id;

        if (id < memcg_nr_cache_ids)
                return id;

        /*
         * There's no space for the new id in memcg_caches arrays,
         * so we have to grow them.
         */
        down_write(&memcg_cache_ids_sem);

        size = 2 * (id + 1);
        if (size < MEMCG_CACHES_MIN_SIZE)
                size = MEMCG_CACHES_MIN_SIZE;
        else if (size > MEMCG_CACHES_MAX_SIZE)
                size = MEMCG_CACHES_MAX_SIZE;

        err = memcg_update_all_caches(size);
        if (!err)
                err = memcg_update_all_list_lrus(size);
        if (!err)
                memcg_nr_cache_ids = size;

        up_write(&memcg_cache_ids_sem);

        if (err) {
                ida_simple_remove(&memcg_cache_ida, id);
                return err;
        }
        return id;
}

static void memcg_free_cache_id(int id)
{
        ida_simple_remove(&memcg_cache_ida, id);
}

struct memcg_kmem_cache_create_work {
        struct mem_cgroup *memcg;
        struct kmem_cache *cachep;
        struct work_struct work;
};

static void memcg_kmem_cache_create_func(struct work_struct *w)
{
        struct memcg_kmem_cache_create_work *cw =
                container_of(w, struct memcg_kmem_cache_create_work, work);
        struct mem_cgroup *memcg = cw->memcg;
        struct kmem_cache *cachep = cw->cachep;

        memcg_create_kmem_cache(memcg, cachep);

        css_put(&memcg->css);
        kfree(cw);
}

/*
 * Enqueue the creation of a per-memcg kmem_cache.
 */
static void memcg_schedule_kmem_cache_create(struct mem_cgroup *memcg,
                                               struct kmem_cache *cachep)
{
        struct memcg_kmem_cache_create_work *cw;

        if (!css_tryget_online(&memcg->css))
                return;

        cw = kmalloc(sizeof(*cw), GFP_NOWAIT | __GFP_NOWARN);
        if (!cw)
                return;

        cw->memcg = memcg;
        cw->cachep = cachep;
        INIT_WORK(&cw->work, memcg_kmem_cache_create_func);

        queue_work(memcg_kmem_cache_wq, &cw->work);
}

static inline bool memcg_kmem_bypass(void)
{
        if (in_interrupt() || !current->mm || (current->flags & PF_KTHREAD))
                return true;
        return false;
}

/**
 * memcg_kmem_get_cache: select the correct per-memcg cache for allocation
 * @cachep: the original global kmem cache
 *
 * Return the kmem_cache we're supposed to use for a slab allocation.
 * We try to use the current memcg's version of the cache.
 *
 * If the cache does not exist yet, if we are the first user of it, we
 * create it asynchronously in a workqueue and let the current allocation
 * go through with the original cache.
 *
 * This function takes a reference to the cache it returns to assure it
 * won't get destroyed while we are working with it. Once the caller is
 * done with it, memcg_kmem_put_cache() must be called to release the
 * reference.
 */
struct kmem_cache *memcg_kmem_get_cache(struct kmem_cache *cachep)
{
        struct mem_cgroup *memcg;
        struct kmem_cache *memcg_cachep;
        struct memcg_cache_array *arr;
        int kmemcg_id;

        VM_BUG_ON(!is_root_cache(cachep));

        if (memcg_kmem_bypass())
                return cachep;

        rcu_read_lock();

        if (unlikely(current->active_memcg))
                memcg = current->active_memcg;
        else
                memcg = mem_cgroup_from_task(current);

        if (!memcg || memcg == root_mem_cgroup)
                goto out_unlock;

        kmemcg_id = READ_ONCE(memcg->kmemcg_id);
        if (kmemcg_id < 0)
                goto out_unlock;

        arr = rcu_dereference(cachep->memcg_params.memcg_caches);

        /*
         * Make sure we will access the up-to-date value. The code updating
         * memcg_caches issues a write barrier to match the data dependency
         * barrier inside READ_ONCE() (see memcg_create_kmem_cache()).
         */
        memcg_cachep = READ_ONCE(arr->entries[kmemcg_id]);

        /*
         * If we are in a safe context (can wait, and not in interrupt
         * context), we could be be predictable and return right away.
         * This would guarantee that the allocation being performed
         * already belongs in the new cache.
         *
         * However, there are some clashes that can arrive from locking.
         * For instance, because we acquire the slab_mutex while doing
         * memcg_create_kmem_cache, this means no further allocation
         * could happen with the slab_mutex held. So it's better to
         * defer everything.
         *
         * If the memcg is dying or memcg_cache is about to be released,
         * don't bother creating new kmem_caches. Because memcg_cachep
         * is ZEROed as the fist step of kmem offlining, we don't need
         * percpu_ref_tryget_live() here. css_tryget_online() check in
         * memcg_schedule_kmem_cache_create() will prevent us from
         * creation of a new kmem_cache.
         */
        if (unlikely(!memcg_cachep))
                memcg_schedule_kmem_cache_create(memcg, cachep);
        else if (percpu_ref_tryget(&memcg_cachep->memcg_params.refcnt))
                cachep = memcg_cachep;
out_unlock:
        rcu_read_unlock();
        return cachep;
}

/**
 * memcg_kmem_put_cache: drop reference taken by memcg_kmem_get_cache
 * @cachep: the cache returned by memcg_kmem_get_cache
 */
void memcg_kmem_put_cache(struct kmem_cache *cachep)
{
        if (!is_root_cache(cachep))
                percpu_ref_put(&cachep->memcg_params.refcnt);
}

/**
 * __memcg_kmem_charge_memcg: charge a kmem page
 * @page: page to charge
 * @gfp: reclaim mode
 * @order: allocation order
 * @memcg: memory cgroup to charge
 *
 * Returns 0 on success, an error code on failure.
 */
int __memcg_kmem_charge_memcg(struct page *page, gfp_t gfp, int order,
                            struct mem_cgroup *memcg)
{
        unsigned int nr_pages = 1 << order;
        struct page_counter *counter;
        int ret;

        ret = try_charge(memcg, gfp, nr_pages);
        if (ret)
                return ret;

        if (!cgroup_subsys_on_dfl(memory_cgrp_subsys) &&
            !page_counter_try_charge(&memcg->kmem, nr_pages, &counter)) {
                cancel_charge(memcg, nr_pages);
                return -ENOMEM;
        }
        return 0;
}

/**
 * __memcg_kmem_charge: charge a kmem page to the current memory cgroup
 * @page: page to charge
 * @gfp: reclaim mode
 * @order: allocation order
 *
 * Returns 0 on success, an error code on failure.
 */
int __memcg_kmem_charge(struct page *page, gfp_t gfp, int order)
{
        struct mem_cgroup *memcg;
        int ret = 0;

        if (memcg_kmem_bypass())
                return 0;

        memcg = get_mem_cgroup_from_current();
        if (!mem_cgroup_is_root(memcg)) {
                ret = __memcg_kmem_charge_memcg(page, gfp, order, memcg);
                if (!ret) {
                        page->mem_cgroup = memcg;
                        __SetPageKmemcg(page);
                }
        }
        css_put(&memcg->css);
        return ret;
}

/**
 * __memcg_kmem_uncharge_memcg: uncharge a kmem page
 * @memcg: memcg to uncharge
 * @nr_pages: number of pages to uncharge
 */
void __memcg_kmem_uncharge_memcg(struct mem_cgroup *memcg,
                                 unsigned int nr_pages)
{
        if (!cgroup_subsys_on_dfl(memory_cgrp_subsys))
                page_counter_uncharge(&memcg->kmem, nr_pages);

        page_counter_uncharge(&memcg->memory, nr_pages);
        if (do_memsw_account())
                page_counter_uncharge(&memcg->memsw, nr_pages);
}
/**
 * __memcg_kmem_uncharge: uncharge a kmem page
 * @page: page to uncharge
 * @order: allocation order
 */
void __memcg_kmem_uncharge(struct page *page, int order)
{
        struct mem_cgroup *memcg = page->mem_cgroup;
        unsigned int nr_pages = 1 << order;

        if (!memcg)
                return;

        VM_BUG_ON_PAGE(mem_cgroup_is_root(memcg), page);
        __memcg_kmem_uncharge_memcg(memcg, nr_pages);
        page->mem_cgroup = NULL;

        /* slab pages do not have PageKmemcg flag set */
        if (PageKmemcg(page))
                __ClearPageKmemcg(page);

        css_put_many(&memcg->css, nr_pages);
}
#endif /* CONFIG_MEMCG_KMEM */

#ifdef CONFIG_TRANSPARENT_HUGEPAGE

/*
 * Because tail pages are not marked as "used", set it. We're under
 * pgdat->lru_lock and migration entries setup in all page mappings.
 */
void mem_cgroup_split_huge_fixup(struct page *head)
{
        int i;

        if (mem_cgroup_disabled())
                return;

        for (i = 1; i < HPAGE_PMD_NR; i++)
                head[i].mem_cgroup = head->mem_cgroup;

        __mod_memcg_state(head->mem_cgroup, MEMCG_RSS_HUGE, -HPAGE_PMD_NR);
}
#endif /* CONFIG_TRANSPARENT_HUGEPAGE */

#ifdef CONFIG_MEMCG_SWAP
/**
 * mem_cgroup_move_swap_account - move swap charge and swap_cgroup's record.
 * @entry: swap entry to be moved
 * @from:  mem_cgroup which the entry is moved from
 * @to:  mem_cgroup which the entry is moved to
 *
 * It succeeds only when the swap_cgroup's record for this entry is the same
 * as the mem_cgroup's id of @from.
 *
 * Returns 0 on success, -EINVAL on failure.
 *
 * The caller must have charged to @to, IOW, called page_counter_charge() about
 * both res and memsw, and called css_get().
 */
static int mem_cgroup_move_swap_account(swp_entry_t entry,
                                struct mem_cgroup *from, struct mem_cgroup *to)
{
        unsigned short old_id, new_id;

        old_id = mem_cgroup_id(from);
        new_id = mem_cgroup_id(to);

        if (swap_cgroup_cmpxchg(entry, old_id, new_id) == old_id) {
                mod_memcg_state(from, MEMCG_SWAP, -1);
                mod_memcg_state(to, MEMCG_SWAP, 1);
                return 0;
        }
        return -EINVAL;
}
#else
static inline int mem_cgroup_move_swap_account(swp_entry_t entry,
                                struct mem_cgroup *from, struct mem_cgroup *to)
{
        return -EINVAL;
}
#endif

static DEFINE_MUTEX(memcg_max_mutex);

static int mem_cgroup_resize_max(struct mem_cgroup *memcg,
                                 unsigned long max, bool memsw)
{
        bool enlarge = false;
        bool drained = false;
        int ret;
        bool limits_invariant;
        struct page_counter *counter = memsw ? &memcg->memsw : &memcg->memory;

        do {
                if (signal_pending(current)) {
                        ret = -EINTR;
                        break;
                }

                mutex_lock(&memcg_max_mutex);
                /*
                 * Make sure that the new limit (memsw or memory limit) doesn't
                 * break our basic invariant rule memory.max <= memsw.max.
                 */
                limits_invariant = memsw ? max >= memcg->memory.max :
                                           max <= memcg->memsw.max;
                if (!limits_invariant) {
                        mutex_unlock(&memcg_max_mutex);
                        ret = -EINVAL;
                        break;
                }
                if (max > counter->max)
                        enlarge = true;
                ret = page_counter_set_max(counter, max);
                mutex_unlock(&memcg_max_mutex);

                if (!ret)
                        break;

                if (!drained) {
                        drain_all_stock(memcg);
                        drained = true;
                        continue;
                }

                if (!try_to_free_mem_cgroup_pages(memcg, 1,
                                        GFP_KERNEL, !memsw)) {

                        ret = -EBUSY;
                        break;
                }
        } while (true);

        if (!ret && enlarge)
                memcg_oom_recover(memcg);

        return ret;
}

unsigned long mem_cgroup_soft_limit_reclaim(pg_data_t *pgdat, int order,
                                            gfp_t gfp_mask,
                                            unsigned long *total_scanned)
{
        unsigned long nr_reclaimed = 0;
        struct mem_cgroup_per_node *mz, *next_mz = NULL;
        unsigned long reclaimed;
        int loop = 0;
        struct mem_cgroup_tree_per_node *mctz;
        unsigned long excess;
        unsigned long nr_scanned;

        if (order > 0)
                return 0;

        mctz = soft_limit_tree_node(pgdat->node_id);

        /*
         * Do not even bother to check the largest node if the root
         * is empty. Do it lockless to prevent lock bouncing. Races
         * are acceptable as soft limit is best effort anyway.
         */
        if (!mctz || RB_EMPTY_ROOT(&mctz->rb_root))
                return 0;

        /*
         * This loop can run a while, specially if mem_cgroup's continuously
         * keep exceeding their soft limit and putting the system under
         * pressure
         */
        do {
                if (next_mz)
                        mz = next_mz;
                else
                        mz = mem_cgroup_largest_soft_limit_node(mctz);
                if (!mz)
                        break;

                nr_scanned = 0;
                reclaimed = mem_cgroup_soft_reclaim(mz->memcg, pgdat,
                                                    gfp_mask, &nr_scanned);
                nr_reclaimed += reclaimed;
                *total_scanned += nr_scanned;
                spin_lock_irq(&mctz->lock);
                __mem_cgroup_remove_exceeded(mz, mctz);

                /*
                 * If we failed to reclaim anything from this memory cgroup
                 * it is time to move on to the next cgroup
                 */
                next_mz = NULL;
                if (!reclaimed)
                        next_mz = __mem_cgroup_largest_soft_limit_node(mctz);

                excess = soft_limit_excess(mz->memcg);
                /*
                 * One school of thought says that we should not add
                 * back the node to the tree if reclaim returns 0.
                 * But our reclaim could return 0, simply because due
                 * to priority we are exposing a smaller subset of
                 * memory to reclaim from. Consider this as a longer
                 * term TODO.
                 */
                /* If excess == 0, no tree ops */
                __mem_cgroup_insert_exceeded(mz, mctz, excess);
                spin_unlock_irq(&mctz->lock);
                css_put(&mz->memcg->css);
                loop++;
                /*
                 * Could not reclaim anything and there are no more
                 * mem cgroups to try or we seem to be looping without
                 * reclaiming anything.
                 */
                if (!nr_reclaimed &&
                        (next_mz == NULL ||
                        loop > MEM_CGROUP_MAX_SOFT_LIMIT_RECLAIM_LOOPS))
                        break;
        } while (!nr_reclaimed);
        if (next_mz)
                css_put(&next_mz->memcg->css);
        return nr_reclaimed;
}

/*
 * Test whether @memcg has children, dead or alive.  Note that this
 * function doesn't care whether @memcg has use_hierarchy enabled and
 * returns %true if there are child csses according to the cgroup
 * hierarchy.  Testing use_hierarchy is the caller's responsiblity.
 */
static inline bool memcg_has_children(struct mem_cgroup *memcg)
{
        bool ret;

        rcu_read_lock();
        ret = css_next_child(NULL, &memcg->css);
        rcu_read_unlock();
        return ret;
}

/*
 * Reclaims as many pages from the given memcg as possible.
 *
 * Caller is responsible for holding css reference for memcg.
 */
static int mem_cgroup_force_empty(struct mem_cgroup *memcg)
{
        int nr_retries = MEM_CGROUP_RECLAIM_RETRIES;

        /* we call try-to-free pages for make this cgroup empty */
        lru_add_drain_all();

        drain_all_stock(memcg);

        /* try to free all pages in this cgroup */
        while (nr_retries && page_counter_read(&memcg->memory)) {
                int progress;

                if (signal_pending(current))
                        return -EINTR;

                progress = try_to_free_mem_cgroup_pages(memcg, 1,
                                                        GFP_KERNEL, true);
                if (!progress) {
                        nr_retries--;
                        /* maybe some writeback is necessary */
                        congestion_wait(BLK_RW_ASYNC, HZ/10);
                }

        }

        return 0;
}

static ssize_t mem_cgroup_force_empty_write(struct kernfs_open_file *of,
                                            char *buf, size_t nbytes,
                                            loff_t off)
{
        struct mem_cgroup *memcg = mem_cgroup_from_css(of_css(of));

        if (mem_cgroup_is_root(memcg))
                return -EINVAL;
        return mem_cgroup_force_empty(memcg) ?: nbytes;
}

static u64 mem_cgroup_hierarchy_read(struct cgroup_subsys_state *css,
                                     struct cftype *cft)
{
        return mem_cgroup_from_css(css)->use_hierarchy;
}

static int mem_cgroup_hierarchy_write(struct cgroup_subsys_state *css,
                                      struct cftype *cft, u64 val)
{
        int retval = 0;
        struct mem_cgroup *memcg = mem_cgroup_from_css(css);
        struct mem_cgroup *parent_memcg = mem_cgroup_from_css(memcg->css.parent);

        if (memcg->use_hierarchy == val)
                return 0;

        /*
         * If parent's use_hierarchy is set, we can't make any modifications
         * in the child subtrees. If it is unset, then the change can
         * occur, provided the current cgroup has no children.
         *
         * For the root cgroup, parent_mem is NULL, we allow value to be
         * set if there are no children.
         */
        if ((!parent_memcg || !parent_memcg->use_hierarchy) &&
                                (val == 1 || val == 0)) {
                if (!memcg_has_children(memcg))
                        memcg->use_hierarchy = val;
                else
                        retval = -EBUSY;
        } else
                retval = -EINVAL;

        return retval;
}

static unsigned long mem_cgroup_usage(struct mem_cgroup *memcg, bool swap)
{
        unsigned long val;

        if (mem_cgroup_is_root(memcg)) {
                val = memcg_page_state(memcg, MEMCG_CACHE) +
                        memcg_page_state(memcg, MEMCG_RSS);
                if (swap)
                        val += memcg_page_state(memcg, MEMCG_SWAP);
        } else {
                if (!swap)
                        val = page_counter_read(&memcg->memory);
                else
                        val = page_counter_read(&memcg->memsw);
        }
        return val;
}

enum {
        RES_USAGE,
        RES_LIMIT,
        RES_MAX_USAGE,
        RES_FAILCNT,
        RES_SOFT_LIMIT,
};

static u64 mem_cgroup_read_u64(struct cgroup_subsys_state *css,
                               struct cftype *cft)
{
        struct mem_cgroup *memcg = mem_cgroup_from_css(css);
        struct page_counter *counter;

        switch (MEMFILE_TYPE(cft->private)) {
        case _MEM:
                counter = &memcg->memory;
                break;
        case _MEMSWAP:
                counter = &memcg->memsw;
                break;
        case _KMEM:
                counter = &memcg->kmem;
                break;
        case _TCP:
                counter = &memcg->tcpmem;
                break;
        default:
                BUG();
        }

        switch (MEMFILE_ATTR(cft->private)) {
        case RES_USAGE:
                if (counter == &memcg->memory)
                        return (u64)mem_cgroup_usage(memcg, false) * PAGE_SIZE;
                if (counter == &memcg->memsw)
                        return (u64)mem_cgroup_usage(memcg, true) * PAGE_SIZE;
                return (u64)page_counter_read(counter) * PAGE_SIZE;
        case RES_LIMIT:
                return (u64)counter->max * PAGE_SIZE;
        case RES_MAX_USAGE:
                return (u64)counter->watermark * PAGE_SIZE;
        case RES_FAILCNT:
                return counter->failcnt;
        case RES_SOFT_LIMIT:
                return (u64)memcg->soft_limit * PAGE_SIZE;
        default:
                BUG();
        }
}

static void memcg_flush_percpu_vmstats(struct mem_cgroup *memcg, bool slab_only)
{
        unsigned long stat[MEMCG_NR_STAT];
        struct mem_cgroup *mi;
        int node, cpu, i;
        int min_idx, max_idx;

        if (slab_only) {
                min_idx = NR_SLAB_RECLAIMABLE;
                max_idx = NR_SLAB_UNRECLAIMABLE;
        } else {
                min_idx = 0;
                max_idx = MEMCG_NR_STAT;
        }

        for (i = min_idx; i < max_idx; i++)
                stat[i] = 0;

        for_each_online_cpu(cpu)
                for (i = min_idx; i < max_idx; i++)
                        stat[i] += per_cpu(memcg->vmstats_percpu->stat[i], cpu);

        for (mi = memcg; mi; mi = parent_mem_cgroup(mi))
                for (i = min_idx; i < max_idx; i++)
                        atomic_long_add(stat[i], &mi->vmstats[i]);

        if (!slab_only)
                max_idx = NR_VM_NODE_STAT_ITEMS;

        for_each_node(node) {
                struct mem_cgroup_per_node *pn = memcg->nodeinfo[node];
                struct mem_cgroup_per_node *pi;

                for (i = min_idx; i < max_idx; i++)
                        stat[i] = 0;

                for_each_online_cpu(cpu)
                        for (i = min_idx; i < max_idx; i++)
                                stat[i] += per_cpu(
                                        pn->lruvec_stat_cpu->count[i], cpu);

                for (pi = pn; pi; pi = parent_nodeinfo(pi, node))
                        for (i = min_idx; i < max_idx; i++)
                                atomic_long_add(stat[i], &pi->lruvec_stat[i]);
        }
}

static void memcg_flush_percpu_vmevents(struct mem_cgroup *memcg)
{
        unsigned long events[NR_VM_EVENT_ITEMS];
        struct mem_cgroup *mi;
        int cpu, i;

        for (i = 0; i < NR_VM_EVENT_ITEMS; i++)
                events[i] = 0;

        for_each_online_cpu(cpu)
                for (i = 0; i < NR_VM_EVENT_ITEMS; i++)
                        events[i] += per_cpu(memcg->vmstats_percpu->events[i],
                                             cpu);

        for (mi = memcg; mi; mi = parent_mem_cgroup(mi))
                for (i = 0; i < NR_VM_EVENT_ITEMS; i++)
                        atomic_long_add(events[i], &mi->vmevents[i]);
}

#ifdef CONFIG_MEMCG_KMEM
static int memcg_online_kmem(struct mem_cgroup *memcg)
{
        int memcg_id;

        if (cgroup_memory_nokmem)
                return 0;

        BUG_ON(memcg->kmemcg_id >= 0);
        BUG_ON(memcg->kmem_state);

        memcg_id = memcg_alloc_cache_id();
        if (memcg_id < 0)
                return memcg_id;

        static_branch_inc(&memcg_kmem_enabled_key);
        /*
         * A memory cgroup is considered kmem-online as soon as it gets
         * kmemcg_id. Setting the id after enabling static branching will
         * guarantee no one starts accounting before all call sites are
         * patched.
         */
        memcg->kmemcg_id = memcg_id;
        memcg->kmem_state = KMEM_ONLINE;
        INIT_LIST_HEAD(&memcg->kmem_caches);

        return 0;
}

static void memcg_offline_kmem(struct mem_cgroup *memcg)
{
        struct cgroup_subsys_state *css;
        struct mem_cgroup *parent, *child;
        int kmemcg_id;

        if (memcg->kmem_state != KMEM_ONLINE)
                return;
        /*
         * Clear the online state before clearing memcg_caches array
         * entries. The slab_mutex in memcg_deactivate_kmem_caches()
         * guarantees that no cache will be created for this cgroup
         * after we are done (see memcg_create_kmem_cache()).
         */
        memcg->kmem_state = KMEM_ALLOCATED;

        parent = parent_mem_cgroup(memcg);
        if (!parent)
                parent = root_mem_cgroup;

        /*
         * Deactivate and reparent kmem_caches. Then flush percpu
         * slab statistics to have precise values at the parent and
         * all ancestor levels. It's required to keep slab stats
         * accurate after the reparenting of kmem_caches.
         */
        memcg_deactivate_kmem_caches(memcg, parent);
        memcg_flush_percpu_vmstats(memcg, true);

        kmemcg_id = memcg->kmemcg_id;
        BUG_ON(kmemcg_id < 0);

        /*
         * Change kmemcg_id of this cgroup and all its descendants to the
         * parent's id, and then move all entries from this cgroup's list_lrus
         * to ones of the parent. After we have finished, all list_lrus
         * corresponding to this cgroup are guaranteed to remain empty. The
         * ordering is imposed by list_lru_node->lock taken by
         * memcg_drain_all_list_lrus().
         */
        rcu_read_lock(); /* can be called from css_free w/o cgroup_mutex */
        css_for_each_descendant_pre(css, &memcg->css) {
                child = mem_cgroup_from_css(css);
                BUG_ON(child->kmemcg_id != kmemcg_id);
                child->kmemcg_id = parent->kmemcg_id;
                if (!memcg->use_hierarchy)
                        break;
        }
        rcu_read_unlock();

        memcg_drain_all_list_lrus(kmemcg_id, parent);

        memcg_free_cache_id(kmemcg_id);
}

static void memcg_free_kmem(struct mem_cgroup *memcg)
{
        /* css_alloc() failed, offlining didn't happen */
        if (unlikely(memcg->kmem_state == KMEM_ONLINE))
                memcg_offline_kmem(memcg);

        if (memcg->kmem_state == KMEM_ALLOCATED) {
                WARN_ON(!list_empty(&memcg->kmem_caches));
                static_branch_dec(&memcg_kmem_enabled_key);
        }
}
#else
static int memcg_online_kmem(struct mem_cgroup *memcg)
{
        return 0;
}
static void memcg_offline_kmem(struct mem_cgroup *memcg)
{
}
static void memcg_free_kmem(struct mem_cgroup *memcg)
{
}
#endif /* CONFIG_MEMCG_KMEM */

static int memcg_update_kmem_max(struct mem_cgroup *memcg,
                                 unsigned long max)
{
        int ret;

        mutex_lock(&memcg_max_mutex);
        ret = page_counter_set_max(&memcg->kmem, max);
        mutex_unlock(&memcg_max_mutex);
        return ret;
}

static int memcg_update_tcp_max(struct mem_cgroup *memcg, unsigned long max)
{
        int ret;

        mutex_lock(&memcg_max_mutex);

        ret = page_counter_set_max(&memcg->tcpmem, max);
        if (ret)
                goto out;

        if (!memcg->tcpmem_active) {
                /*
                 * The active flag needs to be written after the static_key
                 * update. This is what guarantees that the socket activation
                 * function is the last one to run. See mem_cgroup_sk_alloc()
                 * for details, and note that we don't mark any socket as
                 * belonging to this memcg until that flag is up.
                 *
                 * We need to do this, because static_keys will span multiple
                 * sites, but we can't control their order. If we mark a socket
                 * as accounted, but the accounting functions are not patched in
                 * yet, we'll lose accounting.
                 *
                 * We never race with the readers in mem_cgroup_sk_alloc(),
                 * because when this value change, the code to process it is not
                 * patched in yet.
                 */
                static_branch_inc(&memcg_sockets_enabled_key);
                memcg->tcpmem_active = true;
        }
out:
        mutex_unlock(&memcg_max_mutex);
        return ret;
}

/*
 * The user of this function is...
 * RES_LIMIT.
 */
static ssize_t mem_cgroup_write(struct kernfs_open_file *of,
                                char *buf, size_t nbytes, loff_t off)
{
        struct mem_cgroup *memcg = mem_cgroup_from_css(of_css(of));
        unsigned long nr_pages;
        int ret;

        buf = strstrip(buf);
        ret = page_counter_memparse(buf, "-1", &nr_pages);
        if (ret)
                return ret;

        switch (MEMFILE_ATTR(of_cft(of)->private)) {
        case RES_LIMIT:
                if (mem_cgroup_is_root(memcg)) { /* Can't set limit on root */
                        ret = -EINVAL;
                        break;
                }
                switch (MEMFILE_TYPE(of_cft(of)->private)) {
                case _MEM:
                        ret = mem_cgroup_resize_max(memcg, nr_pages, false);
                        break;
                case _MEMSWAP:
                        ret = mem_cgroup_resize_max(memcg, nr_pages, true);
                        break;
                case _KMEM:
                        ret = memcg_update_kmem_max(memcg, nr_pages);
                        break;
                case _TCP:
                        ret = memcg_update_tcp_max(memcg, nr_pages);
                        break;
                }
                break;
        case RES_SOFT_LIMIT:
                memcg->soft_limit = nr_pages;
                ret = 0;
                break;
        }
        return ret ?: nbytes;
}

static ssize_t mem_cgroup_reset(struct kernfs_open_file *of, char *buf,
                                size_t nbytes, loff_t off)
{
        struct mem_cgroup *memcg = mem_cgroup_from_css(of_css(of));
        struct page_counter *counter;

        switch (MEMFILE_TYPE(of_cft(of)->private)) {
        case _MEM:
                counter = &memcg->memory;
                break;
        case _MEMSWAP:
                counter = &memcg->memsw;
                break;
        case _KMEM:
                counter = &memcg->kmem;
                break;
        case _TCP:
                counter = &memcg->tcpmem;
                break;
        default:
                BUG();
        }

        switch (MEMFILE_ATTR(of_cft(of)->private)) {
        case RES_MAX_USAGE:
                page_counter_reset_watermark(counter);
                break;
        case RES_FAILCNT:
                counter->failcnt = 0;
                break;
        default:
                BUG();
        }

        return nbytes;
}

static u64 mem_cgroup_move_charge_read(struct cgroup_subsys_state *css,
                                        struct cftype *cft)
{
        return mem_cgroup_from_css(css)->move_charge_at_immigrate;
}

#ifdef CONFIG_MMU
static int mem_cgroup_move_charge_write(struct cgroup_subsys_state *css,
                                        struct cftype *cft, u64 val)
{
        struct mem_cgroup *memcg = mem_cgroup_from_css(css);

        if (val & ~MOVE_MASK)
                return -EINVAL;

        /*
         * No kind of locking is needed in here, because ->can_attach() will
         * check this value once in the beginning of the process, and then carry
         * on with stale data. This means that changes to this value will only
         * affect task migrations starting after the change.
         */
        memcg->move_charge_at_immigrate = val;
        return 0;
}
#else
static int mem_cgroup_move_charge_write(struct cgroup_subsys_state *css,
                                        struct cftype *cft, u64 val)
{
        return -ENOSYS;
}
#endif

#ifdef CONFIG_NUMA

#define LRU_ALL_FILE (BIT(LRU_INACTIVE_FILE) | BIT(LRU_ACTIVE_FILE))
#define LRU_ALL_ANON (BIT(LRU_INACTIVE_ANON) | BIT(LRU_ACTIVE_ANON))
#define LRU_ALL      ((1 << NR_LRU_LISTS) - 1)

static unsigned long mem_cgroup_node_nr_lru_pages(struct mem_cgroup *memcg,
                                           int nid, unsigned int lru_mask)
{
        struct lruvec *lruvec = mem_cgroup_lruvec(NODE_DATA(nid), memcg);
        unsigned long nr = 0;
        enum lru_list lru;

        VM_BUG_ON((unsigned)nid >= nr_node_ids);

        for_each_lru(lru) {
                if (!(BIT(lru) & lru_mask))
                        continue;
                nr += lruvec_page_state_local(lruvec, NR_LRU_BASE + lru);
        }
        return nr;
}

static unsigned long mem_cgroup_nr_lru_pages(struct mem_cgroup *memcg,
                                             unsigned int lru_mask)
{
        unsigned long nr = 0;
        enum lru_list lru;

        for_each_lru(lru) {
                if (!(BIT(lru) & lru_mask))
                        continue;
                nr += memcg_page_state_local(memcg, NR_LRU_BASE + lru);
        }
        return nr;
}

static int memcg_numa_stat_show(struct seq_file *m, void *v)
{
        struct numa_stat {
                const char *name;
                unsigned int lru_mask;
        };

        static const struct numa_stat stats[] = {
                { "total", LRU_ALL },
                { "file", LRU_ALL_FILE },
                { "anon", LRU_ALL_ANON },
                { "unevictable", BIT(LRU_UNEVICTABLE) },
        };
        const struct numa_stat *stat;
        int nid;
        unsigned long nr;
        struct mem_cgroup *memcg = mem_cgroup_from_seq(m);

        for (stat = stats; stat < stats + ARRAY_SIZE(stats); stat++) {
                nr = mem_cgroup_nr_lru_pages(memcg, stat->lru_mask);
                seq_printf(m, "%s=%lu", stat->name, nr);
                for_each_node_state(nid, N_MEMORY) {
                        nr = mem_cgroup_node_nr_lru_pages(memcg, nid,
                                                          stat->lru_mask);
                        seq_printf(m, " N%d=%lu", nid, nr);
                }
                seq_putc(m, '\n');
        }

        for (stat = stats; stat < stats + ARRAY_SIZE(stats); stat++) {
                struct mem_cgroup *iter;

                nr = 0;
                for_each_mem_cgroup_tree(iter, memcg)
                        nr += mem_cgroup_nr_lru_pages(iter, stat->lru_mask);
                seq_printf(m, "hierarchical_%s=%lu", stat->name, nr);
                for_each_node_state(nid, N_MEMORY) {
                        nr = 0;
                        for_each_mem_cgroup_tree(iter, memcg)
                                nr += mem_cgroup_node_nr_lru_pages(
                                        iter, nid, stat->lru_mask);
                        seq_printf(m, " N%d=%lu", nid, nr);
                }
                seq_putc(m, '\n');
        }

        return 0;
}
#endif /* CONFIG_NUMA */

static const unsigned int memcg1_stats[] = {
        MEMCG_CACHE,
        MEMCG_RSS,
        MEMCG_RSS_HUGE,
        NR_SHMEM,
        NR_FILE_MAPPED,
        NR_FILE_DIRTY,
        NR_WRITEBACK,
        MEMCG_SWAP,
};

static const char *const memcg1_stat_names[] = {
        "cache",
        "rss",
        "rss_huge",
        "shmem",
        "mapped_file",
        "dirty",
        "writeback",
        "swap",
};

/* Universal VM events cgroup1 shows, original sort order */
static const unsigned int memcg1_events[] = {
        PGPGIN,
        PGPGOUT,
        PGFAULT,
        PGMAJFAULT,
};

static const char *const memcg1_event_names[] = {
        "pgpgin",
        "pgpgout",
        "pgfault",
        "pgmajfault",
};

static int memcg_stat_show(struct seq_file *m, void *v)
{
        struct mem_cgroup *memcg = mem_cgroup_from_seq(m);
        unsigned long memory, memsw;
        struct mem_cgroup *mi;
        unsigned int i;

        BUILD_BUG_ON(ARRAY_SIZE(memcg1_stat_names) != ARRAY_SIZE(memcg1_stats));
        BUILD_BUG_ON(ARRAY_SIZE(mem_cgroup_lru_names) != NR_LRU_LISTS);

        for (i = 0; i < ARRAY_SIZE(memcg1_stats); i++) {
                if (memcg1_stats[i] == MEMCG_SWAP && !do_memsw_account())
                        continue;
                seq_printf(m, "%s %lu\n", memcg1_stat_names[i],
                           memcg_page_state_local(memcg, memcg1_stats[i]) *
                           PAGE_SIZE);
        }

        for (i = 0; i < ARRAY_SIZE(memcg1_events); i++)
                seq_printf(m, "%s %lu\n", memcg1_event_names[i],
                           memcg_events_local(memcg, memcg1_events[i]));

        for (i = 0; i < NR_LRU_LISTS; i++)
                seq_printf(m, "%s %lu\n", mem_cgroup_lru_names[i],
                           memcg_page_state_local(memcg, NR_LRU_BASE + i) *
                           PAGE_SIZE);

        /* Hierarchical information */
        memory = memsw = PAGE_COUNTER_MAX;
        for (mi = memcg; mi; mi = parent_mem_cgroup(mi)) {
                memory = min(memory, mi->memory.max);
                memsw = min(memsw, mi->memsw.max);
        }
        seq_printf(m, "hierarchical_memory_limit %llu\n",
                   (u64)memory * PAGE_SIZE);
        if (do_memsw_account())
                seq_printf(m, "hierarchical_memsw_limit %llu\n",
                           (u64)memsw * PAGE_SIZE);

        for (i = 0; i < ARRAY_SIZE(memcg1_stats); i++) {
                if (memcg1_stats[i] == MEMCG_SWAP && !do_memsw_account())
                        continue;
                seq_printf(m, "total_%s %llu\n", memcg1_stat_names[i],
                           (u64)memcg_page_state(memcg, memcg1_stats[i]) *
                           PAGE_SIZE);
        }

        for (i = 0; i < ARRAY_SIZE(memcg1_events); i++)
                seq_printf(m, "total_%s %llu\n", memcg1_event_names[i],
                           (u64)memcg_events(memcg, memcg1_events[i]));

        for (i = 0; i < NR_LRU_LISTS; i++)
                seq_printf(m, "total_%s %llu\n", mem_cgroup_lru_names[i],
                           (u64)memcg_page_state(memcg, NR_LRU_BASE + i) *
                           PAGE_SIZE);

#ifdef CONFIG_DEBUG_VM
        {
                pg_data_t *pgdat;
                struct mem_cgroup_per_node *mz;
                struct zone_reclaim_stat *rstat;
                unsigned long recent_rotated[2] = {0, 0};
                unsigned long recent_scanned[2] = {0, 0};

                for_each_online_pgdat(pgdat) {
                        mz = mem_cgroup_nodeinfo(memcg, pgdat->node_id);
                        rstat = &mz->lruvec.reclaim_stat;

                        recent_rotated[0] += rstat->recent_rotated[0];
                        recent_rotated[1] += rstat->recent_rotated[1];
                        recent_scanned[0] += rstat->recent_scanned[0];
                        recent_scanned[1] += rstat->recent_scanned[1];
                }
                seq_printf(m, "recent_rotated_anon %lu\n", recent_rotated[0]);
                seq_printf(m, "recent_rotated_file %lu\n", recent_rotated[1]);
                seq_printf(m, "recent_scanned_anon %lu\n", recent_scanned[0]);
                seq_printf(m, "recent_scanned_file %lu\n", recent_scanned[1]);
        }
#endif

        return 0;
}

static u64 mem_cgroup_swappiness_read(struct cgroup_subsys_state *css,
                                      struct cftype *cft)
{
        struct mem_cgroup *memcg = mem_cgroup_from_css(css);

        return mem_cgroup_swappiness(memcg);
}

static int mem_cgroup_swappiness_write(struct cgroup_subsys_state *css,
                                       struct cftype *cft, u64 val)
{
        struct mem_cgroup *memcg = mem_cgroup_from_css(css);

        if (val > 100)
                return -EINVAL;

        if (css->parent)
                memcg->swappiness = val;
        else
                vm_swappiness = val;

        return 0;
}

static void __mem_cgroup_threshold(struct mem_cgroup *memcg, bool swap)
{
        struct mem_cgroup_threshold_ary *t;
        unsigned long usage;
        int i;

        rcu_read_lock();
        if (!swap)
                t = rcu_dereference(memcg->thresholds.primary);
        else
                t = rcu_dereference(memcg->memsw_thresholds.primary);

        if (!t)
                goto unlock;

        usage = mem_cgroup_usage(memcg, swap);

        /*
         * current_threshold points to threshold just below or equal to usage.
         * If it's not true, a threshold was crossed after last
         * call of __mem_cgroup_threshold().
         */
        i = t->current_threshold;

        /*
         * Iterate backward over array of thresholds starting from
         * current_threshold and check if a threshold is crossed.
         * If none of thresholds below usage is crossed, we read
         * only one element of the array here.
         */
        for (; i >= 0 && unlikely(t->entries[i].threshold > usage); i--)
                eventfd_signal(t->entries[i].eventfd, 1);

        /* i = current_threshold + 1 */
        i++;

        /*
         * Iterate forward over array of thresholds starting from
         * current_threshold+1 and check if a threshold is crossed.
         * If none of thresholds above usage is crossed, we read
         * only one element of the array here.
         */
        for (; i < t->size && unlikely(t->entries[i].threshold <= usage); i++)
                eventfd_signal(t->entries[i].eventfd, 1);

        /* Update current_threshold */
        t->current_threshold = i - 1;
unlock:
        rcu_read_unlock();
}

static void mem_cgroup_threshold(struct mem_cgroup *memcg)
{
        while (memcg) {
                __mem_cgroup_threshold(memcg, false);
                if (do_memsw_account())
                        __mem_cgroup_threshold(memcg, true);

                memcg = parent_mem_cgroup(memcg);
        }
}

static int compare_thresholds(const void *a, const void *b)
{
        const struct mem_cgroup_threshold *_a = a;
        const struct mem_cgroup_threshold *_b = b;

        if (_a->threshold > _b->threshold)
                return 1;

        if (_a->threshold < _b->threshold)
                return -1;

        return 0;
}

static int mem_cgroup_oom_notify_cb(struct mem_cgroup *memcg)
{
        struct mem_cgroup_eventfd_list *ev;

        spin_lock(&memcg_oom_lock);

        list_for_each_entry(ev, &memcg->oom_notify, list)
                eventfd_signal(ev->eventfd, 1);

        spin_unlock(&memcg_oom_lock);
        return 0;
}

static void mem_cgroup_oom_notify(struct mem_cgroup *memcg)
{
        struct mem_cgroup *iter;

        for_each_mem_cgroup_tree(iter, memcg)
                mem_cgroup_oom_notify_cb(iter);
}

static int __mem_cgroup_usage_register_event(struct mem_cgroup *memcg,
        struct eventfd_ctx *eventfd, const char *args, enum res_type type)
{
        struct mem_cgroup_thresholds *thresholds;
        struct mem_cgroup_threshold_ary *new;
        unsigned long threshold;
        unsigned long usage;
        int i, size, ret;

        ret = page_counter_memparse(args, "-1", &threshold);
        if (ret)
                return ret;

        mutex_lock(&memcg->thresholds_lock);

        if (type == _MEM) {
                thresholds = &memcg->thresholds;
                usage = mem_cgroup_usage(memcg, false);
        } else if (type == _MEMSWAP) {
                thresholds = &memcg->memsw_thresholds;
                usage = mem_cgroup_usage(memcg, true);
        } else
                BUG();

        /* Check if a threshold crossed before adding a new one */
        if (thresholds->primary)
                __mem_cgroup_threshold(memcg, type == _MEMSWAP);

        size = thresholds->primary ? thresholds->primary->size + 1 : 1;

        /* Allocate memory for new array of thresholds */
        new = kmalloc(struct_size(new, entries, size), GFP_KERNEL);
        if (!new) {
                ret = -ENOMEM;
                goto unlock;
        }
        new->size = size;

        /* Copy thresholds (if any) to new array */
        if (thresholds->primary) {
                memcpy(new->entries, thresholds->primary->entries, (size - 1) *
                                sizeof(struct mem_cgroup_threshold));
        }

        /* Add new threshold */
        new->entries[size - 1].eventfd = eventfd;
        new->entries[size - 1].threshold = threshold;

        /* Sort thresholds. Registering of new threshold isn't time-critical */
        sort(new->entries, size, sizeof(struct mem_cgroup_threshold),
                        compare_thresholds, NULL);

        /* Find current threshold */
        new->current_threshold = -1;
        for (i = 0; i < size; i++) {
                if (new->entries[i].threshold <= usage) {
                        /*
                         * new->current_threshold will not be used until
                         * rcu_assign_pointer(), so it's safe to increment
                         * it here.
                         */
                        ++new->current_threshold;
                } else
                        break;
        }

        /* Free old spare buffer and save old primary buffer as spare */
        kfree(thresholds->spare);
        thresholds->spare = thresholds->primary;

        rcu_assign_pointer(thresholds->primary, new);

        /* To be sure that nobody uses thresholds */
        synchronize_rcu();

unlock:
        mutex_unlock(&memcg->thresholds_lock);