memcg: remove memcg_cgroup::id from IDR on mem_cgroup_css_alloc() failure

In case of memcg_online_kmem() failure, memcg_cgroup::id remains hashed
in mem_cgroup_idr even after memcg memory is freed.  This leads to leak
of ID in mem_cgroup_idr.

This patch adds removal into mem_cgroup_css_alloc(), which fixes the
problem.  For better readability, it adds a generic helper which is used
in mem_cgroup_alloc() and mem_cgroup_id_put_many() as well.

Fixes 73f576c0 ("mm: memcontrol: fix cgroup creation failure after many small jobs")
Signed-off-by: default avatarKirill Tkhai <>
Acked-by: default avatarJohannes Weiner <>
Acked-by: default avatarVladimir Davydov <>
Cc: Michal Hocko <>
Signed-off-by: default avatarAndrew Morton <>
Signed-off-by: default avatarLinus Torvalds <>
......@@ -4037,6 +4037,14 @@ static struct cftype mem_cgroup_legacy_files[] = {
static DEFINE_IDR(mem_cgroup_idr);
static void mem_cgroup_id_remove(struct mem_cgroup *memcg)
if (memcg-> > 0) {
idr_remove(&mem_cgroup_idr, memcg->;
memcg-> = 0;
static void mem_cgroup_id_get_many(struct mem_cgroup *memcg, unsigned int n)
VM_BUG_ON(atomic_read(&memcg->id.ref) <= 0);
......@@ -4047,8 +4055,7 @@ static void mem_cgroup_id_put_many(struct mem_cgroup *memcg, unsigned int n)
VM_BUG_ON(atomic_read(&memcg->id.ref) < n);
if (atomic_sub_and_test(n, &memcg->id.ref)) {
idr_remove(&mem_cgroup_idr, memcg->;
memcg-> = 0;
/* Memcg ID pins CSS */
......@@ -4185,8 +4192,7 @@ static struct mem_cgroup *mem_cgroup_alloc(void)
idr_replace(&mem_cgroup_idr, memcg, memcg->;
return memcg;
if (memcg-> > 0)
idr_remove(&mem_cgroup_idr, memcg->;
return NULL;
......@@ -4245,6 +4251,7 @@ mem_cgroup_css_alloc(struct cgroup_subsys_state *parent_css)
return &memcg->css;
return ERR_PTR(-ENOMEM);
