memcg,thp: fix res_counter:96 regression

[linux-flexiantxendom0-3.2.10.git] / mm / memcontrol.c
diff --git a/mm/memcontrol.c b/mm/memcontrol.c

index 3508777..7685d4a 100644 (file)
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -33,6 +33,7 @@
  #include <linux/bit_spinlock.h>
  #include <linux/rcupdate.h>
  #include <linux/limits.h>
+#include <linux/export.h>
  #include <linux/mutex.h>
  #include <linux/rbtree.h>
  #include <linux/slab.h>
@@ -49,6 +50,8 @@
  #include <linux/cpu.h>
  #include <linux/oom.h>
  #include "internal.h"
+#include <net/sock.h>
+#include <net/tcp_memcontrol.h>
  
  #include <asm/uaccess.h>
  
@@ -86,7 +89,6 @@ enum mem_cgroup_stat_index {
         MEM_CGROUP_STAT_FILE_MAPPED,  /* # of pages charged as file rss */
         MEM_CGROUP_STAT_SWAPOUT, /* # of pages, swapped out */
         MEM_CGROUP_STAT_DATA, /* end of data requires synchronization */
-       MEM_CGROUP_ON_MOVE,     /* someone is moving account between groups */
         MEM_CGROUP_STAT_NSTATS,
  };
  
@@ -120,26 +122,30 @@ struct mem_cgroup_stat_cpu {
         unsigned long targets[MEM_CGROUP_NTARGETS];
  };
  
+struct mem_cgroup_reclaim_iter {
+       /* css_id of the last scanned hierarchy member */
+       int position;
+       /* scan generation, increased every round-trip */
+       unsigned int generation;
+};
+
  /*
   * per-zone information in memory controller.
   */
  struct mem_cgroup_per_zone {
-       /*
-        * spin_lock to protect the per cgroup LRU
-        */
-       struct list_head        lists[NR_LRU_LISTS];
-       unsigned long           count[NR_LRU_LISTS];
+       struct lruvec           lruvec;
+       unsigned long           lru_size[NR_LRU_LISTS];
+
+       struct mem_cgroup_reclaim_iter reclaim_iter[DEF_PRIORITY + 1];
  
         struct zone_reclaim_stat reclaim_stat;
         struct rb_node          tree_node;      /* RB tree node */
         unsigned long long      usage_in_excess;/* Set to the value by which */
                                                 /* the soft limit is exceeded*/
         bool                    on_tree;
-       struct mem_cgroup       *mem;           /* Back pointer, we cannot */
+       struct mem_cgroup       *memcg;         /* Back pointer, we cannot */
                                                 /* use container_of        */
  };
-/* Macro for accessing counter */
-#define MEM_CGROUP_ZSTAT(mz, idx)      ((mz)->count[(idx)])
  
  struct mem_cgroup_per_node {
         struct mem_cgroup_per_zone zoneinfo[MAX_NR_ZONES];
@@ -201,8 +207,8 @@ struct mem_cgroup_eventfd_list {
         struct eventfd_ctx *eventfd;
  };
  
-static void mem_cgroup_threshold(struct mem_cgroup *mem);
-static void mem_cgroup_oom_notify(struct mem_cgroup *mem);
+static void mem_cgroup_threshold(struct mem_cgroup *memcg);
+static void mem_cgroup_oom_notify(struct mem_cgroup *memcg);
  
  /*
   * The memory controller data structure. The memory controller controls both
@@ -221,20 +227,35 @@ struct mem_cgroup {
          * the counter to account for memory usage
          */
         struct res_counter res;
-       /*
-        * the counter to account for mem+swap usage.
-        */
-       struct res_counter memsw;
+
+       union {
+               /*
+                * the counter to account for mem+swap usage.
+                */
+               struct res_counter memsw;
+
+               /*
+                * rcu_freeing is used only when freeing struct mem_cgroup,
+                * so put it into a union to avoid wasting more memory.
+                * It must be disjoint from the css field.  It could be
+                * in a union with the res field, but res plays a much
+                * larger part in mem_cgroup life than memsw, and might
+                * be of interest, even at time of free, when debugging.
+                * So share rcu_head with the less interesting memsw.
+                */
+               struct rcu_head rcu_freeing;
+               /*
+                * But when using vfree(), that cannot be done at
+                * interrupt time, so we must then queue the work.
+                */
+               struct work_struct work_freeing;
+       };
+
         /*
          * Per cgroup active and inactive list, similar to the
          * per zone LRU lists.
          */
         struct mem_cgroup_lru_info info;
-       /*
-        * While reclaiming in a hierarchy, we cache the last child we
-        * reclaimed from.
-        */
-       int last_scanned_child;
         int last_scanned_node;
  #if MAX_NUMNODES > 1
         nodemask_t      scan_nodes;
@@ -276,6 +297,12 @@ struct mem_cgroup {
          */
         unsigned long   move_charge_at_immigrate;
         /*
+        * set > 0 if pages under this cgroup are moving to other cgroup.
+        */
+       atomic_t        moving_account;
+       /* taken only while moving_account > 0 */
+       spinlock_t      move_lock;
+       /*
          * percpu counter.
          */
         struct mem_cgroup_stat_cpu *stat;
@@ -285,6 +312,10 @@ struct mem_cgroup {
          */
         struct mem_cgroup_stat_cpu nocpu_base;
         spinlock_t pcp_counter_lock;
+
+#ifdef CONFIG_INET
+       struct tcp_memcontrol tcp_mem;
+#endif
  };
  
  /* Stuffs for move charges at task migration. */
@@ -359,32 +390,90 @@ enum charge_type {
  #define MEM_CGROUP_RECLAIM_NOSWAP      (1 << MEM_CGROUP_RECLAIM_NOSWAP_BIT)
  #define MEM_CGROUP_RECLAIM_SHRINK_BIT  0x1
  #define MEM_CGROUP_RECLAIM_SHRINK      (1 << MEM_CGROUP_RECLAIM_SHRINK_BIT)
-#define MEM_CGROUP_RECLAIM_SOFT_BIT    0x2
-#define MEM_CGROUP_RECLAIM_SOFT                (1 << MEM_CGROUP_RECLAIM_SOFT_BIT)
  
-static void mem_cgroup_get(struct mem_cgroup *mem);
-static void mem_cgroup_put(struct mem_cgroup *mem);
-static struct mem_cgroup *parent_mem_cgroup(struct mem_cgroup *mem);
-static void drain_all_stock_async(struct mem_cgroup *mem);
+static void mem_cgroup_get(struct mem_cgroup *memcg);
+static void mem_cgroup_put(struct mem_cgroup *memcg);
+
+/* Writing them here to avoid exposing memcg's inner layout */
+#ifdef CONFIG_CGROUP_MEM_RES_CTLR_KMEM
+#include <net/sock.h>
+#include <net/ip.h>
+
+static bool mem_cgroup_is_root(struct mem_cgroup *memcg);
+void sock_update_memcg(struct sock *sk)
+{
+       if (mem_cgroup_sockets_enabled) {
+               struct mem_cgroup *memcg;
+
+               BUG_ON(!sk->sk_prot->proto_cgroup);
+
+               /* Socket cloning can throw us here with sk_cgrp already
+                * filled. It won't however, necessarily happen from
+                * process context. So the test for root memcg given
+                * the current task's memcg won't help us in this case.
+                *
+                * Respecting the original socket's memcg is a better
+                * decision in this case.
+                */
+               if (sk->sk_cgrp) {
+                       BUG_ON(mem_cgroup_is_root(sk->sk_cgrp->memcg));
+                       mem_cgroup_get(sk->sk_cgrp->memcg);
+                       return;
+               }
+
+               rcu_read_lock();
+               memcg = mem_cgroup_from_task(current);
+               if (!mem_cgroup_is_root(memcg)) {
+                       mem_cgroup_get(memcg);
+                       sk->sk_cgrp = sk->sk_prot->proto_cgroup(memcg);
+               }
+               rcu_read_unlock();
+       }
+}
+EXPORT_SYMBOL(sock_update_memcg);
+
+void sock_release_memcg(struct sock *sk)
+{
+       if (mem_cgroup_sockets_enabled && sk->sk_cgrp) {
+               struct mem_cgroup *memcg;
+               WARN_ON(!sk->sk_cgrp->memcg);
+               memcg = sk->sk_cgrp->memcg;
+               mem_cgroup_put(memcg);
+       }
+}
+
+#ifdef CONFIG_INET
+struct cg_proto *tcp_proto_cgroup(struct mem_cgroup *memcg)
+{
+       if (!memcg || mem_cgroup_is_root(memcg))
+               return NULL;
+
+       return &memcg->tcp_mem.cg_proto;
+}
+EXPORT_SYMBOL(tcp_proto_cgroup);
+#endif /* CONFIG_INET */
+#endif /* CONFIG_CGROUP_MEM_RES_CTLR_KMEM */
+
+static void drain_all_stock_async(struct mem_cgroup *memcg);
  
  static struct mem_cgroup_per_zone *
-mem_cgroup_zoneinfo(struct mem_cgroup *mem, int nid, int zid)
+mem_cgroup_zoneinfo(struct mem_cgroup *memcg, int nid, int zid)
  {
-       return &mem->info.nodeinfo[nid]->zoneinfo[zid];
+       return &memcg->info.nodeinfo[nid]->zoneinfo[zid];
  }
  
-struct cgroup_subsys_state *mem_cgroup_css(struct mem_cgroup *mem)
+struct cgroup_subsys_state *mem_cgroup_css(struct mem_cgroup *memcg)
  {
-       return &mem->css;
+       return &memcg->css;
  }
  
  static struct mem_cgroup_per_zone *
-page_cgroup_zoneinfo(struct mem_cgroup *mem, struct page *page)
+page_cgroup_zoneinfo(struct mem_cgroup *memcg, struct page *page)
  {
         int nid = page_to_nid(page);
         int zid = page_zonenum(page);
  
-       return mem_cgroup_zoneinfo(mem, nid, zid);
+       return mem_cgroup_zoneinfo(memcg, nid, zid);
  }
  
  static struct mem_cgroup_tree_per_zone *
@@ -403,7 +492,7 @@ soft_limit_tree_from_page(struct page *page)
  }
  
  static void
-__mem_cgroup_insert_exceeded(struct mem_cgroup *mem,
+__mem_cgroup_insert_exceeded(struct mem_cgroup *memcg,
                                 struct mem_cgroup_per_zone *mz,
                                 struct mem_cgroup_tree_per_zone *mctz,
                                 unsigned long long new_usage_in_excess)
@@ -437,7 +526,7 @@ __mem_cgroup_insert_exceeded(struct mem_cgroup *mem,
  }
  
  static void
-__mem_cgroup_remove_exceeded(struct mem_cgroup *mem,
+__mem_cgroup_remove_exceeded(struct mem_cgroup *memcg,
                                 struct mem_cgroup_per_zone *mz,
                                 struct mem_cgroup_tree_per_zone *mctz)
  {
@@ -448,17 +537,17 @@ __mem_cgroup_remove_exceeded(struct mem_cgroup *mem,
  }
  
  static void
-mem_cgroup_remove_exceeded(struct mem_cgroup *mem,
+mem_cgroup_remove_exceeded(struct mem_cgroup *memcg,
                                 struct mem_cgroup_per_zone *mz,
                                 struct mem_cgroup_tree_per_zone *mctz)
  {
         spin_lock(&mctz->lock);
-       __mem_cgroup_remove_exceeded(mem, mz, mctz);
+       __mem_cgroup_remove_exceeded(memcg, mz, mctz);
         spin_unlock(&mctz->lock);
  }
  
  
-static void mem_cgroup_update_tree(struct mem_cgroup *mem, struct page *page)
+static void mem_cgroup_update_tree(struct mem_cgroup *memcg, struct page *page)
  {
         unsigned long long excess;
         struct mem_cgroup_per_zone *mz;
@@ -471,9 +560,9 @@ static void mem_cgroup_update_tree(struct mem_cgroup *mem, struct page *page)
          * Necessary to update all ancestors when hierarchy is used.
          * because their event counter is not touched.
          */
-       for (; mem; mem = parent_mem_cgroup(mem)) {
-               mz = mem_cgroup_zoneinfo(mem, nid, zid);
-               excess = res_counter_soft_limit_excess(&mem->res);
+       for (; memcg; memcg = parent_mem_cgroup(memcg)) {
+               mz = mem_cgroup_zoneinfo(memcg, nid, zid);
+               excess = res_counter_soft_limit_excess(&memcg->res);
                 /*
                  * We have to update the tree if mz is on RB-tree or
                  * mem is over its softlimit.
@@ -482,28 +571,28 @@ static void mem_cgroup_update_tree(struct mem_cgroup *mem, struct page *page)
                         spin_lock(&mctz->lock);
                         /* if on-tree, remove it */
                         if (mz->on_tree)
-                               __mem_cgroup_remove_exceeded(mem, mz, mctz);
+                               __mem_cgroup_remove_exceeded(memcg, mz, mctz);
                         /*
                          * Insert again. mz->usage_in_excess will be updated.
                          * If excess is 0, no tree ops.
                          */
-                       __mem_cgroup_insert_exceeded(mem, mz, mctz, excess);
+                       __mem_cgroup_insert_exceeded(memcg, mz, mctz, excess);
                         spin_unlock(&mctz->lock);
                 }
         }
  }
  
-static void mem_cgroup_remove_from_trees(struct mem_cgroup *mem)
+static void mem_cgroup_remove_from_trees(struct mem_cgroup *memcg)
  {
         int node, zone;
         struct mem_cgroup_per_zone *mz;
         struct mem_cgroup_tree_per_zone *mctz;
  
-       for_each_node_state(node, N_POSSIBLE) {
+       for_each_node(node) {
                 for (zone = 0; zone < MAX_NR_ZONES; zone++) {
-                       mz = mem_cgroup_zoneinfo(mem, node, zone);
+                       mz = mem_cgroup_zoneinfo(memcg, node, zone);
                         mctz = soft_limit_tree_node_zone(node, zone);
-                       mem_cgroup_remove_exceeded(mem, mz, mctz);
+                       mem_cgroup_remove_exceeded(memcg, mz, mctz);
                 }
         }
  }
@@ -526,9 +615,9 @@ retry:
          * we will to add it back at the end of reclaim to its correct
          * position in the tree.
          */
-       __mem_cgroup_remove_exceeded(mz->mem, mz, mctz);
-       if (!res_counter_soft_limit_excess(&mz->mem->res) ||
-               !css_tryget(&mz->mem->css))
+       __mem_cgroup_remove_exceeded(mz->memcg, mz, mctz);
+       if (!res_counter_soft_limit_excess(&mz->memcg->res) ||
+               !css_tryget(&mz->memcg->css))
                 goto retry;
  done:
         return mz;
@@ -564,7 +653,7 @@ mem_cgroup_largest_soft_limit_node(struct mem_cgroup_tree_per_zone *mctz)
   * common workload, threashold and synchonization as vmstat[] should be
   * implemented.
   */
-static long mem_cgroup_read_stat(struct mem_cgroup *mem,
+static long mem_cgroup_read_stat(struct mem_cgroup *memcg,
                                  enum mem_cgroup_stat_index idx)
  {
         long val = 0;
@@ -572,174 +661,171 @@ static long mem_cgroup_read_stat(struct mem_cgroup *mem,
  
         get_online_cpus();
         for_each_online_cpu(cpu)
-               val += per_cpu(mem->stat->count[idx], cpu);
+               val += per_cpu(memcg->stat->count[idx], cpu);
  #ifdef CONFIG_HOTPLUG_CPU
-       spin_lock(&mem->pcp_counter_lock);
-       val += mem->nocpu_base.count[idx];
-       spin_unlock(&mem->pcp_counter_lock);
+       spin_lock(&memcg->pcp_counter_lock);
+       val += memcg->nocpu_base.count[idx];
+       spin_unlock(&memcg->pcp_counter_lock);
  #endif
         put_online_cpus();
         return val;
  }
  
-static void mem_cgroup_swap_statistics(struct mem_cgroup *mem,
+static void mem_cgroup_swap_statistics(struct mem_cgroup *memcg,
                                          bool charge)
  {
         int val = (charge) ? 1 : -1;
-       this_cpu_add(mem->stat->count[MEM_CGROUP_STAT_SWAPOUT], val);
-}
-
-void mem_cgroup_pgfault(struct mem_cgroup *mem, int val)
-{
-       this_cpu_add(mem->stat->events[MEM_CGROUP_EVENTS_PGFAULT], val);
+       this_cpu_add(memcg->stat->count[MEM_CGROUP_STAT_SWAPOUT], val);
  }
  
-void mem_cgroup_pgmajfault(struct mem_cgroup *mem, int val)
-{
-       this_cpu_add(mem->stat->events[MEM_CGROUP_EVENTS_PGMAJFAULT], val);
-}
-
-static unsigned long mem_cgroup_read_events(struct mem_cgroup *mem,
+static unsigned long mem_cgroup_read_events(struct mem_cgroup *memcg,
                                             enum mem_cgroup_events_index idx)
  {
         unsigned long val = 0;
         int cpu;
  
         for_each_online_cpu(cpu)
-               val += per_cpu(mem->stat->events[idx], cpu);
+               val += per_cpu(memcg->stat->events[idx], cpu);
  #ifdef CONFIG_HOTPLUG_CPU
-       spin_lock(&mem->pcp_counter_lock);
-       val += mem->nocpu_base.events[idx];
-       spin_unlock(&mem->pcp_counter_lock);
+       spin_lock(&memcg->pcp_counter_lock);
+       val += memcg->nocpu_base.events[idx];
+       spin_unlock(&memcg->pcp_counter_lock);
  #endif
         return val;
  }
  
-static void mem_cgroup_charge_statistics(struct mem_cgroup *mem,
-                                        bool file, int nr_pages)
+static void mem_cgroup_charge_statistics(struct mem_cgroup *memcg,
+                                        bool anon, int nr_pages)
  {
         preempt_disable();
  
-       if (file)
-               __this_cpu_add(mem->stat->count[MEM_CGROUP_STAT_CACHE], nr_pages);
+       /*
+        * Here, RSS means 'mapped anon' and anon's SwapCache. Shmem/tmpfs is
+        * counted as CACHE even if it's on ANON LRU.
+        */
+       if (anon)
+               __this_cpu_add(memcg->stat->count[MEM_CGROUP_STAT_RSS],
+                               nr_pages);
         else
-               __this_cpu_add(mem->stat->count[MEM_CGROUP_STAT_RSS], nr_pages);
+               __this_cpu_add(memcg->stat->count[MEM_CGROUP_STAT_CACHE],
+                               nr_pages);
  
         /* pagein of a big page is an event. So, ignore page size */
         if (nr_pages > 0)
-               __this_cpu_inc(mem->stat->events[MEM_CGROUP_EVENTS_PGPGIN]);
+               __this_cpu_inc(memcg->stat->events[MEM_CGROUP_EVENTS_PGPGIN]);
         else {
-               __this_cpu_inc(mem->stat->events[MEM_CGROUP_EVENTS_PGPGOUT]);
+               __this_cpu_inc(memcg->stat->events[MEM_CGROUP_EVENTS_PGPGOUT]);
                 nr_pages = -nr_pages; /* for event */
         }
  
-       __this_cpu_add(mem->stat->events[MEM_CGROUP_EVENTS_COUNT], nr_pages);
+       __this_cpu_add(memcg->stat->events[MEM_CGROUP_EVENTS_COUNT], nr_pages);
  
         preempt_enable();
  }
  
  unsigned long
-mem_cgroup_zone_nr_lru_pages(struct mem_cgroup *mem, int nid, int zid,
+mem_cgroup_zone_nr_lru_pages(struct mem_cgroup *memcg, int nid, int zid,
                         unsigned int lru_mask)
  {
         struct mem_cgroup_per_zone *mz;
-       enum lru_list l;
+       enum lru_list lru;
         unsigned long ret = 0;
  
-       mz = mem_cgroup_zoneinfo(mem, nid, zid);
+       mz = mem_cgroup_zoneinfo(memcg, nid, zid);
  
-       for_each_lru(l) {
-               if (BIT(l) & lru_mask)
-                       ret += MEM_CGROUP_ZSTAT(mz, l);
+       for_each_lru(lru) {
+               if (BIT(lru) & lru_mask)
+                       ret += mz->lru_size[lru];
         }
         return ret;
  }
  
  static unsigned long
-mem_cgroup_node_nr_lru_pages(struct mem_cgroup *mem,
+mem_cgroup_node_nr_lru_pages(struct mem_cgroup *memcg,
                         int nid, unsigned int lru_mask)
  {
         u64 total = 0;
         int zid;
  
         for (zid = 0; zid < MAX_NR_ZONES; zid++)
-               total += mem_cgroup_zone_nr_lru_pages(mem, nid, zid, lru_mask);
+               total += mem_cgroup_zone_nr_lru_pages(memcg,
+                                               nid, zid, lru_mask);
  
         return total;
  }
  
-static unsigned long mem_cgroup_nr_lru_pages(struct mem_cgroup *mem,
+static unsigned long mem_cgroup_nr_lru_pages(struct mem_cgroup *memcg,
                         unsigned int lru_mask)
  {
         int nid;
         u64 total = 0;
  
         for_each_node_state(nid, N_HIGH_MEMORY)
-               total += mem_cgroup_node_nr_lru_pages(mem, nid, lru_mask);
+               total += mem_cgroup_node_nr_lru_pages(memcg, nid, lru_mask);
         return total;
  }
  
-static bool __memcg_event_check(struct mem_cgroup *mem, int target)
+static bool mem_cgroup_event_ratelimit(struct mem_cgroup *memcg,
+                                      enum mem_cgroup_events_target target)
  {
         unsigned long val, next;
  
-       val = this_cpu_read(mem->stat->events[MEM_CGROUP_EVENTS_COUNT]);
-       next = this_cpu_read(mem->stat->targets[target]);
+       val = __this_cpu_read(memcg->stat->events[MEM_CGROUP_EVENTS_COUNT]);
+       next = __this_cpu_read(memcg->stat->targets[target]);
         /* from time_after() in jiffies.h */
-       return ((long)next - (long)val < 0);
-}
-
-static void __mem_cgroup_target_update(struct mem_cgroup *mem, int target)
-{
-       unsigned long val, next;
-
-       val = this_cpu_read(mem->stat->events[MEM_CGROUP_EVENTS_COUNT]);
-
-       switch (target) {
-       case MEM_CGROUP_TARGET_THRESH:
-               next = val + THRESHOLDS_EVENTS_TARGET;
-               break;
-       case MEM_CGROUP_TARGET_SOFTLIMIT:
-               next = val + SOFTLIMIT_EVENTS_TARGET;
-               break;
-       case MEM_CGROUP_TARGET_NUMAINFO:
-               next = val + NUMAINFO_EVENTS_TARGET;
-               break;
-       default:
-               return;
+       if ((long)next - (long)val < 0) {
+               switch (target) {
+               case MEM_CGROUP_TARGET_THRESH:
+                       next = val + THRESHOLDS_EVENTS_TARGET;
+                       break;
+               case MEM_CGROUP_TARGET_SOFTLIMIT:
+                       next = val + SOFTLIMIT_EVENTS_TARGET;
+                       break;
+               case MEM_CGROUP_TARGET_NUMAINFO:
+                       next = val + NUMAINFO_EVENTS_TARGET;
+                       break;
+               default:
+                       break;
+               }
+               __this_cpu_write(memcg->stat->targets[target], next);
+               return true;
         }
-
-       this_cpu_write(mem->stat->targets[target], next);
+       return false;
  }
  
  /*
   * Check events in order.
   *
   */
-static void memcg_check_events(struct mem_cgroup *mem, struct page *page)
+static void memcg_check_events(struct mem_cgroup *memcg, struct page *page)
  {
+       preempt_disable();
         /* threshold event is triggered in finer grain than soft limit */
-       if (unlikely(__memcg_event_check(mem, MEM_CGROUP_TARGET_THRESH))) {
-               mem_cgroup_threshold(mem);
-               __mem_cgroup_target_update(mem, MEM_CGROUP_TARGET_THRESH);
-               if (unlikely(__memcg_event_check(mem,
-                            MEM_CGROUP_TARGET_SOFTLIMIT))) {
-                       mem_cgroup_update_tree(mem, page);
-                       __mem_cgroup_target_update(mem,
-                                                  MEM_CGROUP_TARGET_SOFTLIMIT);
-               }
+       if (unlikely(mem_cgroup_event_ratelimit(memcg,
+                                               MEM_CGROUP_TARGET_THRESH))) {
+               bool do_softlimit;
+               bool do_numainfo __maybe_unused;
+
+               do_softlimit = mem_cgroup_event_ratelimit(memcg,
+                                               MEM_CGROUP_TARGET_SOFTLIMIT);
  #if MAX_NUMNODES > 1
-               if (unlikely(__memcg_event_check(mem,
-                       MEM_CGROUP_TARGET_NUMAINFO))) {
-                       atomic_inc(&mem->numainfo_events);
-                       __mem_cgroup_target_update(mem,
-                               MEM_CGROUP_TARGET_NUMAINFO);
-               }
+               do_numainfo = mem_cgroup_event_ratelimit(memcg,
+                                               MEM_CGROUP_TARGET_NUMAINFO);
  #endif
-       }
+               preempt_enable();
+
+               mem_cgroup_threshold(memcg);
+               if (unlikely(do_softlimit))
+                       mem_cgroup_update_tree(memcg, page);
+#if MAX_NUMNODES > 1
+               if (unlikely(do_numainfo))
+                       atomic_inc(&memcg->numainfo_events);
+#endif
+       } else
+               preempt_enable();
  }
  
-static struct mem_cgroup *mem_cgroup_from_cont(struct cgroup *cont)
+struct mem_cgroup *mem_cgroup_from_cont(struct cgroup *cont)
  {
         return container_of(cgroup_subsys_state(cont,
                                 mem_cgroup_subsys_id), struct mem_cgroup,
@@ -762,7 +848,7 @@ struct mem_cgroup *mem_cgroup_from_task(struct task_struct *p)
  
  struct mem_cgroup *try_get_mem_cgroup_from_mm(struct mm_struct *mm)
  {
-       struct mem_cgroup *mem = NULL;
+       struct mem_cgroup *memcg = NULL;
  
         if (!mm)
                 return NULL;
@@ -773,115 +859,148 @@ struct mem_cgroup *try_get_mem_cgroup_from_mm(struct mm_struct *mm)
          */
         rcu_read_lock();
         do {
-               mem = mem_cgroup_from_task(rcu_dereference(mm->owner));
-               if (unlikely(!mem))
+               memcg = mem_cgroup_from_task(rcu_dereference(mm->owner));
+               if (unlikely(!memcg))
                         break;
-       } while (!css_tryget(&mem->css));
+       } while (!css_tryget(&memcg->css));
         rcu_read_unlock();
-       return mem;
+       return memcg;
  }
  
-/* The caller has to guarantee "mem" exists before calling this */
-static struct mem_cgroup *mem_cgroup_start_loop(struct mem_cgroup *mem)
+/**
+ * mem_cgroup_iter - iterate over memory cgroup hierarchy
+ * @root: hierarchy root
+ * @prev: previously returned memcg, NULL on first invocation
+ * @reclaim: cookie for shared reclaim walks, NULL for full walks
+ *
+ * Returns references to children of the hierarchy below @root, or
+ * @root itself, or %NULL after a full round-trip.
+ *
+ * Caller must pass the return value in @prev on subsequent
+ * invocations for reference counting, or use mem_cgroup_iter_break()
+ * to cancel a hierarchy walk before the round-trip is complete.
+ *
+ * Reclaimers can specify a zone and a priority level in @reclaim to
+ * divide up the memcgs in the hierarchy among all concurrent
+ * reclaimers operating on the same zone and priority.
+ */
+struct mem_cgroup *mem_cgroup_iter(struct mem_cgroup *root,
+                                  struct mem_cgroup *prev,
+                                  struct mem_cgroup_reclaim_cookie *reclaim)
  {
-       struct cgroup_subsys_state *css;
-       int found;
+       struct mem_cgroup *memcg = NULL;
+       int id = 0;
  
-       if (!mem) /* ROOT cgroup has the smallest ID */
-               return root_mem_cgroup; /*css_put/get against root is ignored*/
-       if (!mem->use_hierarchy) {
-               if (css_tryget(&mem->css))
-                       return mem;
+       if (mem_cgroup_disabled())
                 return NULL;
-       }
-       rcu_read_lock();
-       /*
-        * searching a memory cgroup which has the smallest ID under given
-        * ROOT cgroup. (ID >= 1)
-        */
-       css = css_get_next(&mem_cgroup_subsys, 1, &mem->css, &found);
-       if (css && css_tryget(css))
-               mem = container_of(css, struct mem_cgroup, css);
-       else
-               mem = NULL;
-       rcu_read_unlock();
-       return mem;
-}
  
-static struct mem_cgroup *mem_cgroup_get_next(struct mem_cgroup *iter,
-                                       struct mem_cgroup *root,
-                                       bool cond)
-{
-       int nextid = css_id(&iter->css) + 1;
-       int found;
-       int hierarchy_used;
-       struct cgroup_subsys_state *css;
+       if (!root)
+               root = root_mem_cgroup;
  
-       hierarchy_used = iter->use_hierarchy;
+       if (prev && !reclaim)
+               id = css_id(&prev->css);
  
-       css_put(&iter->css);
-       /* If no ROOT, walk all, ignore hierarchy */
-       if (!cond || (root && !hierarchy_used))
-               return NULL;
+       if (prev && prev != root)
+               css_put(&prev->css);
  
-       if (!root)
-               root = root_mem_cgroup;
+       if (!root->use_hierarchy && root != root_mem_cgroup) {
+               if (prev)
+                       return NULL;
+               return root;
+       }
  
-       do {
-               iter = NULL;
-               rcu_read_lock();
+       while (!memcg) {
+               struct mem_cgroup_reclaim_iter *uninitialized_var(iter);
+               struct cgroup_subsys_state *css;
+
+               if (reclaim) {
+                       int nid = zone_to_nid(reclaim->zone);
+                       int zid = zone_idx(reclaim->zone);
+                       struct mem_cgroup_per_zone *mz;
+
+                       mz = mem_cgroup_zoneinfo(root, nid, zid);
+                       iter = &mz->reclaim_iter[reclaim->priority];
+                       if (prev && reclaim->generation != iter->generation)
+                               return NULL;
+                       id = iter->position;
+               }
  
-               css = css_get_next(&mem_cgroup_subsys, nextid,
-                               &root->css, &found);
-               if (css && css_tryget(css))
-                       iter = container_of(css, struct mem_cgroup, css);
+               rcu_read_lock();
+               css = css_get_next(&mem_cgroup_subsys, id + 1, &root->css, &id);
+               if (css) {
+                       if (css == &root->css || css_tryget(css))
+                               memcg = container_of(css,
+                                                    struct mem_cgroup, css);
+               } else
+                       id = 0;
                 rcu_read_unlock();
-               /* If css is NULL, no more cgroups will be found */
-               nextid = found + 1;
-       } while (css && !iter);
  
-       return iter;
+               if (reclaim) {
+                       iter->position = id;
+                       if (!css)
+                               iter->generation++;
+                       else if (!prev && memcg)
+                               reclaim->generation = iter->generation;
+               }
+
+               if (prev && !css)
+                       return NULL;
+       }
+       return memcg;
  }
-/*
- * for_eacn_mem_cgroup_tree() for visiting all cgroup under tree. Please
- * be careful that "break" loop is not allowed. We have reference count.
- * Instead of that modify "cond" to be false and "continue" to exit the loop.
- */
-#define for_each_mem_cgroup_tree_cond(iter, root, cond)        \
-       for (iter = mem_cgroup_start_loop(root);\
-            iter != NULL;\
-            iter = mem_cgroup_get_next(iter, root, cond))
  
-#define for_each_mem_cgroup_tree(iter, root) \
-       for_each_mem_cgroup_tree_cond(iter, root, true)
+/**
+ * mem_cgroup_iter_break - abort a hierarchy walk prematurely
+ * @root: hierarchy root
+ * @prev: last visited hierarchy member as returned by mem_cgroup_iter()
+ */
+void mem_cgroup_iter_break(struct mem_cgroup *root,
+                          struct mem_cgroup *prev)
+{
+       if (!root)
+               root = root_mem_cgroup;
+       if (prev && prev != root)
+               css_put(&prev->css);
+}
  
-#define for_each_mem_cgroup_all(iter) \
-       for_each_mem_cgroup_tree_cond(iter, NULL, true)
+/*
+ * Iteration constructs for visiting all cgroups (under a tree).  If
+ * loops are exited prematurely (break), mem_cgroup_iter_break() must
+ * be used for reference counting.
+ */
+#define for_each_mem_cgroup_tree(iter, root)           \
+       for (iter = mem_cgroup_iter(root, NULL, NULL);  \
+            iter != NULL;                              \
+            iter = mem_cgroup_iter(root, iter, NULL))
  
+#define for_each_mem_cgroup(iter)                      \
+       for (iter = mem_cgroup_iter(NULL, NULL, NULL);  \
+            iter != NULL;                              \
+            iter = mem_cgroup_iter(NULL, iter, NULL))
  
-static inline bool mem_cgroup_is_root(struct mem_cgroup *mem)
+static inline bool mem_cgroup_is_root(struct mem_cgroup *memcg)
  {
-       return (mem == root_mem_cgroup);
+       return (memcg == root_mem_cgroup);
  }
  
  void mem_cgroup_count_vm_event(struct mm_struct *mm, enum vm_event_item idx)
  {
-       struct mem_cgroup *mem;
+       struct mem_cgroup *memcg;
  
         if (!mm)
                 return;
  
         rcu_read_lock();
-       mem = mem_cgroup_from_task(rcu_dereference(mm->owner));
-       if (unlikely(!mem))
+       memcg = mem_cgroup_from_task(rcu_dereference(mm->owner));
+       if (unlikely(!memcg))
                 goto out;
  
         switch (idx) {
-       case PGMAJFAULT:
-               mem_cgroup_pgmajfault(mem, 1);
-               break;
         case PGFAULT:
-               mem_cgroup_pgfault(mem, 1);
+               this_cpu_inc(memcg->stat->events[MEM_CGROUP_EVENTS_PGFAULT]);
+               break;
+       case PGMAJFAULT:
+               this_cpu_inc(memcg->stat->events[MEM_CGROUP_EVENTS_PGMAJFAULT]);
                 break;
         default:
                 BUG();
@@ -891,6 +1010,27 @@ out:
  }
  EXPORT_SYMBOL(mem_cgroup_count_vm_event);
  
+/**
+ * mem_cgroup_zone_lruvec - get the lru list vector for a zone and memcg
+ * @zone: zone of the wanted lruvec
+ * @mem: memcg of the wanted lruvec
+ *
+ * Returns the lru list vector holding pages for the given @zone and
+ * @mem.  This can be the global zone lruvec, if the memory controller
+ * is disabled.
+ */
+struct lruvec *mem_cgroup_zone_lruvec(struct zone *zone,
+                                     struct mem_cgroup *memcg)
+{
+       struct mem_cgroup_per_zone *mz;
+
+       if (mem_cgroup_disabled())
+               return &zone->lruvec;
+
+       mz = mem_cgroup_zoneinfo(memcg, zone_to_nid(zone), zone_idx(zone));
+       return &mz->lruvec;
+}
+
  /*
   * Following LRU functions are allowed to be used without PCG_LOCK.
   * Operations are called by routine of global LRU independently from memcg.
@@ -905,211 +1045,169 @@ EXPORT_SYMBOL(mem_cgroup_count_vm_event);
   * When moving account, the page is not on LRU. It's isolated.
   */
  
-void mem_cgroup_del_lru_list(struct page *page, enum lru_list lru)
+/**
+ * mem_cgroup_lru_add_list - account for adding an lru page and return lruvec
+ * @zone: zone of the page
+ * @page: the page
+ * @lru: current lru
+ *
+ * This function accounts for @page being added to @lru, and returns
+ * the lruvec for the given @zone and the memcg @page is charged to.
+ *
+ * The callsite is then responsible for physically linking the page to
+ * the returned lruvec->lists[@lru].
+ */
+struct lruvec *mem_cgroup_lru_add_list(struct zone *zone, struct page *page,
+                                      enum lru_list lru)
  {
-       struct page_cgroup *pc;
         struct mem_cgroup_per_zone *mz;
+       struct mem_cgroup *memcg;
+       struct page_cgroup *pc;
  
         if (mem_cgroup_disabled())
-               return;
+               return &zone->lruvec;
+
         pc = lookup_page_cgroup(page);
-       /* can happen while we handle swapcache. */
-       if (!TestClearPageCgroupAcctLRU(pc))
-               return;
-       VM_BUG_ON(!pc->mem_cgroup);
+       memcg = pc->mem_cgroup;
+
         /*
-        * We don't check PCG_USED bit. It's cleared when the "page" is finally
-        * removed from global LRU.
+        * Surreptitiously switch any uncharged page to root:
+        * an uncharged page off lru does nothing to secure
+        * its former mem_cgroup from sudden removal.
+        *
+        * Our caller holds lru_lock, and PageCgroupUsed is updated
+        * under page_cgroup lock: between them, they make all uses
+        * of pc->mem_cgroup safe.
          */
-       mz = page_cgroup_zoneinfo(pc->mem_cgroup, page);
-       /* huge page split is done under lru_lock. so, we have no races. */
-       MEM_CGROUP_ZSTAT(mz, lru) -= 1 << compound_order(page);
-       if (mem_cgroup_is_root(pc->mem_cgroup))
-               return;
-       VM_BUG_ON(list_empty(&pc->lru));
-       list_del_init(&pc->lru);
-}
+       if (!PageCgroupUsed(pc) && memcg != root_mem_cgroup)
+               pc->mem_cgroup = memcg = root_mem_cgroup;
  
-void mem_cgroup_del_lru(struct page *page)
-{
-       mem_cgroup_del_lru_list(page, page_lru(page));
+       mz = page_cgroup_zoneinfo(memcg, page);
+       /* compound_order() is stabilized through lru_lock */
+       mz->lru_size[lru] += 1 << compound_order(page);
+       return &mz->lruvec;
  }
  
-/*
- * Writeback is about to end against a page which has been marked for immediate
- * reclaim.  If it still appears to be reclaimable, move it to the tail of the
- * inactive list.
+/**
+ * mem_cgroup_lru_del_list - account for removing an lru page
+ * @page: the page
+ * @lru: target lru
+ *
+ * This function accounts for @page being removed from @lru.
+ *
+ * The callsite is then responsible for physically unlinking
+ * @page->lru.
   */
-void mem_cgroup_rotate_reclaimable_page(struct page *page)
-{
-       struct mem_cgroup_per_zone *mz;
-       struct page_cgroup *pc;
-       enum lru_list lru = page_lru(page);
-
-       if (mem_cgroup_disabled())
-               return;
-
-       pc = lookup_page_cgroup(page);
-       /* unused or root page is not rotated. */
-       if (!PageCgroupUsed(pc))
-               return;
-       /* Ensure pc->mem_cgroup is visible after reading PCG_USED. */
-       smp_rmb();
-       if (mem_cgroup_is_root(pc->mem_cgroup))
-               return;
-       mz = page_cgroup_zoneinfo(pc->mem_cgroup, page);
-       list_move_tail(&pc->lru, &mz->lists[lru]);
-}
-
-void mem_cgroup_rotate_lru_list(struct page *page, enum lru_list lru)
+void mem_cgroup_lru_del_list(struct page *page, enum lru_list lru)
  {
         struct mem_cgroup_per_zone *mz;
+       struct mem_cgroup *memcg;
         struct page_cgroup *pc;
  
         if (mem_cgroup_disabled())
                 return;
  
         pc = lookup_page_cgroup(page);
-       /* unused or root page is not rotated. */
-       if (!PageCgroupUsed(pc))
-               return;
-       /* Ensure pc->mem_cgroup is visible after reading PCG_USED. */
-       smp_rmb();
-       if (mem_cgroup_is_root(pc->mem_cgroup))
-               return;
-       mz = page_cgroup_zoneinfo(pc->mem_cgroup, page);
-       list_move(&pc->lru, &mz->lists[lru]);
-}
-
-void mem_cgroup_add_lru_list(struct page *page, enum lru_list lru)
-{
-       struct page_cgroup *pc;
-       struct mem_cgroup_per_zone *mz;
-
-       if (mem_cgroup_disabled())
-               return;
-       pc = lookup_page_cgroup(page);
-       VM_BUG_ON(PageCgroupAcctLRU(pc));
-       if (!PageCgroupUsed(pc))
-               return;
-       /* Ensure pc->mem_cgroup is visible after reading PCG_USED. */
-       smp_rmb();
-       mz = page_cgroup_zoneinfo(pc->mem_cgroup, page);
+       memcg = pc->mem_cgroup;
+       VM_BUG_ON(!memcg);
+       mz = page_cgroup_zoneinfo(memcg, page);
         /* huge page split is done under lru_lock. so, we have no races. */
-       MEM_CGROUP_ZSTAT(mz, lru) += 1 << compound_order(page);
-       SetPageCgroupAcctLRU(pc);
-       if (mem_cgroup_is_root(pc->mem_cgroup))
-               return;
-       list_add(&pc->lru, &mz->lists[lru]);
+       VM_BUG_ON(mz->lru_size[lru] < (1 << compound_order(page)));
+       mz->lru_size[lru] -= 1 << compound_order(page);
  }
  
-/*
- * At handling SwapCache and other FUSE stuff, pc->mem_cgroup may be changed
- * while it's linked to lru because the page may be reused after it's fully
- * uncharged. To handle that, unlink page_cgroup from LRU when charge it again.
- * It's done under lock_page and expected that zone->lru_lock isnever held.
- */
-static void mem_cgroup_lru_del_before_commit(struct page *page)
+void mem_cgroup_lru_del(struct page *page)
  {
-       unsigned long flags;
-       struct zone *zone = page_zone(page);
-       struct page_cgroup *pc = lookup_page_cgroup(page);
-
-       /*
-        * Doing this check without taking ->lru_lock seems wrong but this
-        * is safe. Because if page_cgroup's USED bit is unset, the page
-        * will not be added to any memcg's LRU. If page_cgroup's USED bit is
-        * set, the commit after this will fail, anyway.
-        * This all charge/uncharge is done under some mutual execustion.
-        * So, we don't need to taking care of changes in USED bit.
-        */
-       if (likely(!PageLRU(page)))
-               return;
-
-       spin_lock_irqsave(&zone->lru_lock, flags);
-       /*
-        * Forget old LRU when this page_cgroup is *not* used. This Used bit
-        * is guarded by lock_page() because the page is SwapCache.
-        */
-       if (!PageCgroupUsed(pc))
-               mem_cgroup_del_lru_list(page, page_lru(page));
-       spin_unlock_irqrestore(&zone->lru_lock, flags);
+       mem_cgroup_lru_del_list(page, page_lru(page));
  }
  
-static void mem_cgroup_lru_add_after_commit(struct page *page)
-{
-       unsigned long flags;
-       struct zone *zone = page_zone(page);
-       struct page_cgroup *pc = lookup_page_cgroup(page);
-
-       /* taking care of that the page is added to LRU while we commit it */
-       if (likely(!PageLRU(page)))
-               return;
-       spin_lock_irqsave(&zone->lru_lock, flags);
-       /* link when the page is linked to LRU but page_cgroup isn't */
-       if (PageLRU(page) && !PageCgroupAcctLRU(pc))
-               mem_cgroup_add_lru_list(page, page_lru(page));
-       spin_unlock_irqrestore(&zone->lru_lock, flags);
-}
-
-
-void mem_cgroup_move_lists(struct page *page,
-                          enum lru_list from, enum lru_list to)
+/**
+ * mem_cgroup_lru_move_lists - account for moving a page between lrus
+ * @zone: zone of the page
+ * @page: the page
+ * @from: current lru
+ * @to: target lru
+ *
+ * This function accounts for @page being moved between the lrus @from
+ * and @to, and returns the lruvec for the given @zone and the memcg
+ * @page is charged to.
+ *
+ * The callsite is then responsible for physically relinking
+ * @page->lru to the returned lruvec->lists[@to].
+ */
+struct lruvec *mem_cgroup_lru_move_lists(struct zone *zone,
+                                        struct page *page,
+                                        enum lru_list from,
+                                        enum lru_list to)
  {
-       if (mem_cgroup_disabled())
-               return;
-       mem_cgroup_del_lru_list(page, from);
-       mem_cgroup_add_lru_list(page, to);
+       /* XXX: Optimize this, especially for @from == @to */
+       mem_cgroup_lru_del_list(page, from);
+       return mem_cgroup_lru_add_list(zone, page, to);
  }
  
  /*
- * Checks whether given mem is same or in the root_mem's
+ * Checks whether given mem is same or in the root_mem_cgroup's
   * hierarchy subtree
   */
-static bool mem_cgroup_same_or_subtree(const struct mem_cgroup *root_mem,
-               struct mem_cgroup *mem)
+static bool mem_cgroup_same_or_subtree(const struct mem_cgroup *root_memcg,
+               struct mem_cgroup *memcg)
  {
-       if (root_mem != mem) {
-               return (root_mem->use_hierarchy &&
-                       css_is_ancestor(&mem->css, &root_mem->css));
+       if (root_memcg != memcg) {
+               return (root_memcg->use_hierarchy &&
+                       css_is_ancestor(&memcg->css, &root_memcg->css));
         }
  
         return true;
  }
  
-int task_in_mem_cgroup(struct task_struct *task, const struct mem_cgroup *mem)
+int task_in_mem_cgroup(struct task_struct *task, const struct mem_cgroup *memcg)
  {
         int ret;
         struct mem_cgroup *curr = NULL;
         struct task_struct *p;
  
         p = find_lock_task_mm(task);
-       if (!p)
-               return 0;
-       curr = try_get_mem_cgroup_from_mm(p->mm);
-       task_unlock(p);
+       if (p) {
+               curr = try_get_mem_cgroup_from_mm(p->mm);
+               task_unlock(p);
+       } else {
+               /*
+                * All threads may have already detached their mm's, but the oom
+                * killer still needs to detect if they have already been oom
+                * killed to prevent needlessly killing additional tasks.
+                */
+               task_lock(task);
+               curr = mem_cgroup_from_task(task);
+               if (curr)
+                       css_get(&curr->css);
+               task_unlock(task);
+       }
         if (!curr)
                 return 0;
         /*
-        * We should check use_hierarchy of "mem" not "curr". Because checking
+        * We should check use_hierarchy of "memcg" not "curr". Because checking
          * use_hierarchy of "curr" here make this function true if hierarchy is
-        * enabled in "curr" and "curr" is a child of "mem" in *cgroup*
-        * hierarchy(even if use_hierarchy is disabled in "mem").
+        * enabled in "curr" and "curr" is a child of "memcg" in *cgroup*
+        * hierarchy(even if use_hierarchy is disabled in "memcg").
          */
-       ret = mem_cgroup_same_or_subtree(mem, curr);
+       ret = mem_cgroup_same_or_subtree(memcg, curr);
         css_put(&curr->css);
         return ret;
  }
  
-static int calc_inactive_ratio(struct mem_cgroup *memcg, unsigned long *present_pages)
+int mem_cgroup_inactive_anon_is_low(struct mem_cgroup *memcg, struct zone *zone)
  {
-       unsigned long active;
+       unsigned long inactive_ratio;
+       int nid = zone_to_nid(zone);
+       int zid = zone_idx(zone);
         unsigned long inactive;
+       unsigned long active;
         unsigned long gb;
-       unsigned long inactive_ratio;
  
-       inactive = mem_cgroup_nr_lru_pages(memcg, BIT(LRU_INACTIVE_ANON));
-       active = mem_cgroup_nr_lru_pages(memcg, BIT(LRU_ACTIVE_ANON));
+       inactive = mem_cgroup_zone_nr_lru_pages(memcg, nid, zid,
+                                               BIT(LRU_INACTIVE_ANON));
+       active = mem_cgroup_zone_nr_lru_pages(memcg, nid, zid,
+                                             BIT(LRU_ACTIVE_ANON));
  
         gb = (inactive + active) >> (30 - PAGE_SHIFT);
         if (gb)
@@ -1117,39 +1215,20 @@ static int calc_inactive_ratio(struct mem_cgroup *memcg, unsigned long *present_
         else
                 inactive_ratio = 1;
  
-       if (present_pages) {
-               present_pages[0] = inactive;
-               present_pages[1] = active;
-       }
-
-       return inactive_ratio;
-}
-
-int mem_cgroup_inactive_anon_is_low(struct mem_cgroup *memcg)
-{
-       unsigned long active;
-       unsigned long inactive;
-       unsigned long present_pages[2];
-       unsigned long inactive_ratio;
-
-       inactive_ratio = calc_inactive_ratio(memcg, present_pages);
-
-       inactive = present_pages[0];
-       active = present_pages[1];
-
-       if (inactive * inactive_ratio < active)
-               return 1;
-
-       return 0;
+       return inactive * inactive_ratio < active;
  }
  
-int mem_cgroup_inactive_file_is_low(struct mem_cgroup *memcg)
+int mem_cgroup_inactive_file_is_low(struct mem_cgroup *memcg, struct zone *zone)
  {
         unsigned long active;
         unsigned long inactive;
+       int zid = zone_idx(zone);
+       int nid = zone_to_nid(zone);
  
-       inactive = mem_cgroup_nr_lru_pages(memcg, BIT(LRU_INACTIVE_FILE));
-       active = mem_cgroup_nr_lru_pages(memcg, BIT(LRU_ACTIVE_FILE));
+       inactive = mem_cgroup_zone_nr_lru_pages(memcg, nid, zid,
+                                               BIT(LRU_INACTIVE_FILE));
+       active = mem_cgroup_zone_nr_lru_pages(memcg, nid, zid,
+                                             BIT(LRU_ACTIVE_FILE));
  
         return (active > inactive);
  }
@@ -1182,67 +1261,6 @@ mem_cgroup_get_reclaim_stat_from_page(struct page *page)
         return &mz->reclaim_stat;
  }
  
-unsigned long mem_cgroup_isolate_pages(unsigned long nr_to_scan,
-                                       struct list_head *dst,
-                                       unsigned long *scanned, int order,
-                                       int mode, struct zone *z,
-                                       struct mem_cgroup *mem_cont,
-                                       int active, int file)
-{
-       unsigned long nr_taken = 0;
-       struct page *page;
-       unsigned long scan;
-       LIST_HEAD(pc_list);
-       struct list_head *src;
-       struct page_cgroup *pc, *tmp;
-       int nid = zone_to_nid(z);
-       int zid = zone_idx(z);
-       struct mem_cgroup_per_zone *mz;
-       int lru = LRU_FILE * file + active;
-       int ret;
-
-       BUG_ON(!mem_cont);
-       mz = mem_cgroup_zoneinfo(mem_cont, nid, zid);
-       src = &mz->lists[lru];
-
-       scan = 0;
-       list_for_each_entry_safe_reverse(pc, tmp, src, lru) {
-               if (scan >= nr_to_scan)
-                       break;
-
-               if (unlikely(!PageCgroupUsed(pc)))
-                       continue;
-
-               page = lookup_cgroup_page(pc);
-
-               if (unlikely(!PageLRU(page)))
-                       continue;
-
-               scan++;
-               ret = __isolate_lru_page(page, mode, file);
-               switch (ret) {
-               case 0:
-                       list_move(&page->lru, dst);
-                       mem_cgroup_del_lru(page);
-                       nr_taken += hpage_nr_pages(page);
-                       break;
-               case -EBUSY:
-                       /* we don't affect global LRU but rotate in our LRU */
-                       mem_cgroup_rotate_lru_list(page, page_lru(page));
-                       break;
-               default:
-                       break;
-               }
-       }
-
-       *scanned = scan;
-
-       trace_mm_vmscan_memcg_isolate(0, nr_to_scan, scan, nr_taken,
-                                     0, 0, 0, mode);
-
-       return nr_taken;
-}
-
  #define mem_cgroup_from_res_counter(counter, member)   \
         container_of(counter, struct mem_cgroup, member)
  
@@ -1253,13 +1271,13 @@ unsigned long mem_cgroup_isolate_pages(unsigned long nr_to_scan,
   * Returns the maximum amount of memory @mem can be charged with, in
   * pages.
   */
-static unsigned long mem_cgroup_margin(struct mem_cgroup *mem)
+static unsigned long mem_cgroup_margin(struct mem_cgroup *memcg)
  {
         unsigned long long margin;
  
-       margin = res_counter_margin(&mem->res);
+       margin = res_counter_margin(&memcg->res);
         if (do_swap_account)
-               margin = min(margin, res_counter_margin(&mem->memsw));
+               margin = min(margin, res_counter_margin(&memcg->memsw));
         return margin >> PAGE_SHIFT;
  }
  
@@ -1274,40 +1292,48 @@ int mem_cgroup_swappiness(struct mem_cgroup *memcg)
         return memcg->swappiness;
  }
  
-static void mem_cgroup_start_move(struct mem_cgroup *mem)
-{
-       int cpu;
+/*
+ * memcg->moving_account is used for checking possibility that some thread is
+ * calling move_account(). When a thread on CPU-A starts moving pages under
+ * a memcg, other threads should check memcg->moving_account under
+ * rcu_read_lock(), like this:
+ *
+ *         CPU-A                                    CPU-B
+ *                                              rcu_read_lock()
+ *         memcg->moving_account+1              if (memcg->mocing_account)
+ *                                                   take heavy locks.
+ *         synchronize_rcu()                    update something.
+ *                                              rcu_read_unlock()
+ *         start move here.
+ */
  
-       get_online_cpus();
-       spin_lock(&mem->pcp_counter_lock);
-       for_each_online_cpu(cpu)
-               per_cpu(mem->stat->count[MEM_CGROUP_ON_MOVE], cpu) += 1;
-       mem->nocpu_base.count[MEM_CGROUP_ON_MOVE] += 1;
-       spin_unlock(&mem->pcp_counter_lock);
-       put_online_cpus();
+/* for quick checking without looking up memcg */
+atomic_t memcg_moving __read_mostly;
  
+static void mem_cgroup_start_move(struct mem_cgroup *memcg)
+{
+       atomic_inc(&memcg_moving);
+       atomic_inc(&memcg->moving_account);
         synchronize_rcu();
  }
  
-static void mem_cgroup_end_move(struct mem_cgroup *mem)
+static void mem_cgroup_end_move(struct mem_cgroup *memcg)
  {
-       int cpu;
-
-       if (!mem)
-               return;
-       get_online_cpus();
-       spin_lock(&mem->pcp_counter_lock);
-       for_each_online_cpu(cpu)
-               per_cpu(mem->stat->count[MEM_CGROUP_ON_MOVE], cpu) -= 1;
-       mem->nocpu_base.count[MEM_CGROUP_ON_MOVE] -= 1;
-       spin_unlock(&mem->pcp_counter_lock);
-       put_online_cpus();
+       /*
+        * Now, mem_cgroup_clear_mc() may call this function with NULL.
+        * We check NULL in callee rather than caller.
+        */
+       if (memcg) {
+               atomic_dec(&memcg_moving);
+               atomic_dec(&memcg->moving_account);
+       }
  }
+
  /*
   * 2 routines for checking "mem" is under move_account() or not.
   *
- * mem_cgroup_stealed() - checking a cgroup is mc.from or not. This is used
- *                       for avoiding race in accounting. If true,
+ * mem_cgroup_stolen() -  checking whether a cgroup is mc.from or not. This
+ *                       is used for avoiding races in accounting.  If true,
   *                       pc->mem_cgroup may be overwritten.
   *
   * mem_cgroup_under_move() - checking a cgroup is mc.from or mc.to or
@@ -1315,13 +1341,13 @@ static void mem_cgroup_end_move(struct mem_cgroup *mem)
   *                       waiting at hith-memory prressure caused by "move".
   */
  
-static bool mem_cgroup_stealed(struct mem_cgroup *mem)
+static bool mem_cgroup_stolen(struct mem_cgroup *memcg)
  {
         VM_BUG_ON(!rcu_read_lock_held());
-       return this_cpu_read(mem->stat->count[MEM_CGROUP_ON_MOVE]) > 0;
+       return atomic_read(&memcg->moving_account) > 0;
  }
  
-static bool mem_cgroup_under_move(struct mem_cgroup *mem)
+static bool mem_cgroup_under_move(struct mem_cgroup *memcg)
  {
         struct mem_cgroup *from;
         struct mem_cgroup *to;
@@ -1336,17 +1362,17 @@ static bool mem_cgroup_under_move(struct mem_cgroup *mem)
         if (!from)
                 goto unlock;
  
-       ret = mem_cgroup_same_or_subtree(mem, from)
-               || mem_cgroup_same_or_subtree(mem, to);
+       ret = mem_cgroup_same_or_subtree(memcg, from)
+               || mem_cgroup_same_or_subtree(memcg, to);
  unlock:
         spin_unlock(&mc.lock);
         return ret;
  }
  
-static bool mem_cgroup_wait_acct_move(struct mem_cgroup *mem)
+static bool mem_cgroup_wait_acct_move(struct mem_cgroup *memcg)
  {
         if (mc.moving_task && current != mc.moving_task) {
-               if (mem_cgroup_under_move(mem)) {
+               if (mem_cgroup_under_move(memcg)) {
                         DEFINE_WAIT(wait);
                         prepare_to_wait(&mc.waitq, &wait, TASK_INTERRUPTIBLE);
                         /* moving charge context might have finished. */
@@ -1359,6 +1385,24 @@ static bool mem_cgroup_wait_acct_move(struct mem_cgroup *mem)
         return false;
  }
  
+/*
+ * Take this lock when
+ * - a code tries to modify page's memcg while it's USED.
+ * - a code tries to modify page state accounting in a memcg.
+ * see mem_cgroup_stolen(), too.
+ */
+static void move_lock_mem_cgroup(struct mem_cgroup *memcg,
+                                 unsigned long *flags)
+{
+       spin_lock_irqsave(&memcg->move_lock, *flags);
+}
+
+static void move_unlock_mem_cgroup(struct mem_cgroup *memcg,
+                               unsigned long *flags)
+{
+       spin_unlock_irqrestore(&memcg->move_lock, *flags);
+}
+
  /**
   * mem_cgroup_print_oom_info: Called from OOM with tasklist_lock held in read mode.
   * @memcg: The memory cgroup that went over limit
@@ -1382,7 +1426,6 @@ void mem_cgroup_print_oom_info(struct mem_cgroup *memcg, struct task_struct *p)
         if (!memcg || !p)
                 return;
  
-
         rcu_read_lock();
  
         mem_cgrp = memcg->css.cgroup;
@@ -1430,12 +1473,12 @@ done:
   * This function returns the number of memcg under hierarchy tree. Returns
   * 1(self count) if no children.
   */
-static int mem_cgroup_count_children(struct mem_cgroup *mem)
+static int mem_cgroup_count_children(struct mem_cgroup *memcg)
  {
         int num = 0;
         struct mem_cgroup *iter;
  
-       for_each_mem_cgroup_tree(iter, mem)
+       for_each_mem_cgroup_tree(iter, memcg)
                 num++;
         return num;
  }
@@ -1459,41 +1502,40 @@ u64 mem_cgroup_get_limit(struct mem_cgroup *memcg)
         return min(limit, memsw);
  }
  
-/*
- * Visit the first child (need not be the first child as per the ordering
- * of the cgroup list, since we track last_scanned_child) of @mem and use
- * that to reclaim free pages from.
- */
-static struct mem_cgroup *
-mem_cgroup_select_victim(struct mem_cgroup *root_mem)
+static unsigned long mem_cgroup_reclaim(struct mem_cgroup *memcg,
+                                       gfp_t gfp_mask,
+                                       unsigned long flags)
  {
-       struct mem_cgroup *ret = NULL;
-       struct cgroup_subsys_state *css;
-       int nextid, found;
-
-       if (!root_mem->use_hierarchy) {
-               css_get(&root_mem->css);
-               ret = root_mem;
-       }
+       unsigned long total = 0;
+       bool noswap = false;
+       int loop;
  
-       while (!ret) {
-               rcu_read_lock();
-               nextid = root_mem->last_scanned_child + 1;
-               css = css_get_next(&mem_cgroup_subsys, nextid, &root_mem->css,
-                                  &found);
-               if (css && css_tryget(css))
-                       ret = container_of(css, struct mem_cgroup, css);
+       if (flags & MEM_CGROUP_RECLAIM_NOSWAP)
+               noswap = true;
+       if (!(flags & MEM_CGROUP_RECLAIM_SHRINK) && memcg->memsw_is_minimum)
+               noswap = true;
  
-               rcu_read_unlock();
-               /* Updates scanning parameter */
-               if (!css) {
-                       /* this means start scan from ID:1 */
-                       root_mem->last_scanned_child = 0;
-               } else
-                       root_mem->last_scanned_child = found;
+       for (loop = 0; loop < MEM_CGROUP_MAX_RECLAIM_LOOPS; loop++) {
+               if (loop)
+                       drain_all_stock_async(memcg);
+               total += try_to_free_mem_cgroup_pages(memcg, gfp_mask, noswap);
+               /*
+                * Allow limit shrinkers, which are triggered directly
+                * by userspace, to catch signals and stop reclaim
+                * after minimal progress, regardless of the margin.
+                */
+               if (total && (flags & MEM_CGROUP_RECLAIM_SHRINK))
+                       break;
+               if (mem_cgroup_margin(memcg))
+                       break;
+               /*
+                * If nothing was reclaimed after two attempts, there
+                * may be no reclaimable pages in this hierarchy.
+                */
+               if (loop && !total)
+                       break;
         }
-
-       return ret;
+       return total;
  }
  
  /**
@@ -1506,14 +1548,14 @@ mem_cgroup_select_victim(struct mem_cgroup *root_mem)
   * reclaimable pages on a node. Returns true if there are any reclaimable
   * pages in the node.
   */
-static bool test_mem_cgroup_node_reclaimable(struct mem_cgroup *mem,
+static bool test_mem_cgroup_node_reclaimable(struct mem_cgroup *memcg,
                 int nid, bool noswap)
  {
-       if (mem_cgroup_node_nr_lru_pages(mem, nid, LRU_ALL_FILE))
+       if (mem_cgroup_node_nr_lru_pages(memcg, nid, LRU_ALL_FILE))
                 return true;
         if (noswap || !total_swap_pages)
                 return false;
-       if (mem_cgroup_node_nr_lru_pages(mem, nid, LRU_ALL_ANON))
+       if (mem_cgroup_node_nr_lru_pages(memcg, nid, LRU_ALL_ANON))
                 return true;
         return false;
  
@@ -1526,29 +1568,29 @@ static bool test_mem_cgroup_node_reclaimable(struct mem_cgroup *mem,
   * nodes based on the zonelist. So update the list loosely once per 10 secs.
   *
   */
-static void mem_cgroup_may_update_nodemask(struct mem_cgroup *mem)
+static void mem_cgroup_may_update_nodemask(struct mem_cgroup *memcg)
  {
         int nid;
         /*
          * numainfo_events > 0 means there was at least NUMAINFO_EVENTS_TARGET
          * pagein/pageout changes since the last update.
          */
-       if (!atomic_read(&mem->numainfo_events))
+       if (!atomic_read(&memcg->numainfo_events))
                 return;
-       if (atomic_inc_return(&mem->numainfo_updating) > 1)
+       if (atomic_inc_return(&memcg->numainfo_updating) > 1)
                 return;
  
         /* make a nodemask where this memcg uses memory from */
-       mem->scan_nodes = node_states[N_HIGH_MEMORY];
+       memcg->scan_nodes = node_states[N_HIGH_MEMORY];
  
         for_each_node_mask(nid, node_states[N_HIGH_MEMORY]) {
  
-               if (!test_mem_cgroup_node_reclaimable(mem, nid, false))
-                       node_clear(nid, mem->scan_nodes);
+               if (!test_mem_cgroup_node_reclaimable(memcg, nid, false))
+                       node_clear(nid, memcg->scan_nodes);
         }
  
-       atomic_set(&mem->numainfo_events, 0);
-       atomic_set(&mem->numainfo_updating, 0);
+       atomic_set(&memcg->numainfo_events, 0);
+       atomic_set(&memcg->numainfo_updating, 0);
  }
  
  /*
@@ -1563,16 +1605,16 @@ static void mem_cgroup_may_update_nodemask(struct mem_cgroup *mem)
   *
   * Now, we use round-robin. Better algorithm is welcomed.
   */
-int mem_cgroup_select_victim_node(struct mem_cgroup *mem)
+int mem_cgroup_select_victim_node(struct mem_cgroup *memcg)
  {
         int node;
  
-       mem_cgroup_may_update_nodemask(mem);
-       node = mem->last_scanned_node;
+       mem_cgroup_may_update_nodemask(memcg);
+       node = memcg->last_scanned_node;
  
-       node = next_node(node, mem->scan_nodes);
+       node = next_node(node, memcg->scan_nodes);
         if (node == MAX_NUMNODES)
-               node = first_node(mem->scan_nodes);
+               node = first_node(memcg->scan_nodes);
         /*
          * We call this when we hit limit, not when pages are added to LRU.
          * No LRU may hold pages because all pages are UNEVICTABLE or
@@ -1582,7 +1624,7 @@ int mem_cgroup_select_victim_node(struct mem_cgroup *mem)
         if (unlikely(node == MAX_NUMNODES))
                 node = numa_node_id();
  
-       mem->last_scanned_node = node;
+       memcg->last_scanned_node = node;
         return node;
  }
  
@@ -1592,7 +1634,7 @@ int mem_cgroup_select_victim_node(struct mem_cgroup *mem)
   * unused nodes. But scan_nodes is lazily updated and may not cotain
   * enough new information. We need to do double check.
   */
-bool mem_cgroup_reclaimable(struct mem_cgroup *mem, bool noswap)
+bool mem_cgroup_reclaimable(struct mem_cgroup *memcg, bool noswap)
  {
         int nid;
  
@@ -1600,12 +1642,12 @@ bool mem_cgroup_reclaimable(struct mem_cgroup *mem, bool noswap)
          * quick check...making use of scan_node.
          * We can skip unused nodes.
          */
-       if (!nodes_empty(mem->scan_nodes)) {
-               for (nid = first_node(mem->scan_nodes);
+       if (!nodes_empty(memcg->scan_nodes)) {
+               for (nid = first_node(memcg->scan_nodes);
                      nid < MAX_NUMNODES;
-                    nid = next_node(nid, mem->scan_nodes)) {
+                    nid = next_node(nid, memcg->scan_nodes)) {
  
-                       if (test_mem_cgroup_node_reclaimable(mem, nid, noswap))
+                       if (test_mem_cgroup_node_reclaimable(memcg, nid, noswap))
                                 return true;
                 }
         }
@@ -1613,81 +1655,55 @@ bool mem_cgroup_reclaimable(struct mem_cgroup *mem, bool noswap)
          * Check rest of nodes.
          */
         for_each_node_state(nid, N_HIGH_MEMORY) {
-               if (node_isset(nid, mem->scan_nodes))
+               if (node_isset(nid, memcg->scan_nodes))
                         continue;
-               if (test_mem_cgroup_node_reclaimable(mem, nid, noswap))
+               if (test_mem_cgroup_node_reclaimable(memcg, nid, noswap))
                         return true;
         }
         return false;
  }
  
  #else
-int mem_cgroup_select_victim_node(struct mem_cgroup *mem)
+int mem_cgroup_select_victim_node(struct mem_cgroup *memcg)
  {
         return 0;
  }
  
-bool mem_cgroup_reclaimable(struct mem_cgroup *mem, bool noswap)
+bool mem_cgroup_reclaimable(struct mem_cgroup *memcg, bool noswap)
  {
-       return test_mem_cgroup_node_reclaimable(mem, 0, noswap);
+       return test_mem_cgroup_node_reclaimable(memcg, 0, noswap);
  }
  #endif
  
-/*
- * Scan the hierarchy if needed to reclaim memory. We remember the last child
- * we reclaimed from, so that we don't end up penalizing one child extensively
- * based on its position in the children list.
- *
- * root_mem is the original ancestor that we've been reclaim from.
- *
- * We give up and return to the caller when we visit root_mem twice.
- * (other groups can be removed while we're walking....)
- *
- * If shrink==true, for avoiding to free too much, this returns immedieately.
- */
-static int mem_cgroup_hierarchical_reclaim(struct mem_cgroup *root_mem,
-                                               struct zone *zone,
-                                               gfp_t gfp_mask,
-                                               unsigned long reclaim_options,
-                                               unsigned long *total_scanned)
-{
-       struct mem_cgroup *victim;
-       int ret, total = 0;
+static int mem_cgroup_soft_reclaim(struct mem_cgroup *root_memcg,
+                                  struct zone *zone,
+                                  gfp_t gfp_mask,
+                                  unsigned long *total_scanned)
+{
+       struct mem_cgroup *victim = NULL;
+       int total = 0;
         int loop = 0;
-       bool noswap = reclaim_options & MEM_CGROUP_RECLAIM_NOSWAP;
-       bool shrink = reclaim_options & MEM_CGROUP_RECLAIM_SHRINK;
-       bool check_soft = reclaim_options & MEM_CGROUP_RECLAIM_SOFT;
         unsigned long excess;
         unsigned long nr_scanned;
+       struct mem_cgroup_reclaim_cookie reclaim = {
+               .zone = zone,
+               .priority = 0,
+       };
  
-       excess = res_counter_soft_limit_excess(&root_mem->res) >> PAGE_SHIFT;
-
-       /* If memsw_is_minimum==1, swap-out is of-no-use. */
-       if (!check_soft && !shrink && root_mem->memsw_is_minimum)
-               noswap = true;
+       excess = res_counter_soft_limit_excess(&root_memcg->res) >> PAGE_SHIFT;
  
         while (1) {
-               victim = mem_cgroup_select_victim(root_mem);
-               if (victim == root_mem) {
+               victim = mem_cgroup_iter(root_memcg, victim, &reclaim);
+               if (!victim) {
                         loop++;
-                       /*
-                        * We are not draining per cpu cached charges during
-                        * soft limit reclaim  because global reclaim doesn't
-                        * care about charges. It tries to free some memory and
-                        * charges will not give any.
-                        */
-                       if (!check_soft && loop >= 1)
-                               drain_all_stock_async(root_mem);
                         if (loop >= 2) {
                                 /*
                                  * If we have not been able to reclaim
                                  * anything, it might because there are
                                  * no reclaimable pages under this hierarchy
                                  */
-                               if (!check_soft || !total) {
-                                       css_put(&victim->css);
+                               if (!total)
                                         break;
-                               }
                                 /*
                                  * We want to do more targeted reclaim.
                                  * excess >> 2 is not to excessive so as to
@@ -1695,40 +1711,20 @@ static int mem_cgroup_hierarchical_reclaim(struct mem_cgroup *root_mem,
                                  * coming back to reclaim from this cgroup
                                  */
                                 if (total >= (excess >> 2) ||
-                                       (loop > MEM_CGROUP_MAX_RECLAIM_LOOPS)) {
-                                       css_put(&victim->css);
+                                       (loop > MEM_CGROUP_MAX_RECLAIM_LOOPS))
                                         break;
-                               }
                         }
-               }
-               if (!mem_cgroup_reclaimable(victim, noswap)) {
-                       /* this cgroup's local usage == 0 */
-                       css_put(&victim->css);
                         continue;
                 }
-               /* we use swappiness of local cgroup */
-               if (check_soft) {
-                       ret = mem_cgroup_shrink_node_zone(victim, gfp_mask,
-                               noswap, zone, &nr_scanned);
-                       *total_scanned += nr_scanned;
-               } else
-                       ret = try_to_free_mem_cgroup_pages(victim, gfp_mask,
-                                               noswap);
-               css_put(&victim->css);
-               /*
-                * At shrinking usage, we can't check we should stop here or
-                * reclaim more. It's depends on callers. last_scanned_child
-                * will work enough for keeping fairness under tree.
-                */
-               if (shrink)
-                       return ret;
-               total += ret;
-               if (check_soft) {
-                       if (!res_counter_soft_limit_excess(&root_mem->res))
-                               return total;
-               } else if (mem_cgroup_margin(root_mem))
-                       return total;
+               if (!mem_cgroup_reclaimable(victim, false))
+                       continue;
+               total += mem_cgroup_shrink_node_zone(victim, gfp_mask, false,
+                                                    zone, &nr_scanned);
+               *total_scanned += nr_scanned;
+               if (!res_counter_soft_limit_excess(&root_memcg->res))
+                       break;
         }
+       mem_cgroup_iter_break(root_memcg, victim);
         return total;
  }
  
@@ -1737,19 +1733,19 @@ static int mem_cgroup_hierarchical_reclaim(struct mem_cgroup *root_mem,
   * If someone is running, return false.
   * Has to be called with memcg_oom_lock
   */
-static bool mem_cgroup_oom_lock(struct mem_cgroup *mem)
+static bool mem_cgroup_oom_lock(struct mem_cgroup *memcg)
  {
         struct mem_cgroup *iter, *failed = NULL;
-       bool cond = true;
  
-       for_each_mem_cgroup_tree_cond(iter, mem, cond) {
+       for_each_mem_cgroup_tree(iter, memcg) {
                 if (iter->oom_lock) {
                         /*
                          * this subtree of our hierarchy is already locked
                          * so we cannot give a lock.
                          */
                         failed = iter;
-                       cond = false;
+                       mem_cgroup_iter_break(memcg, iter);
+                       break;
                 } else
                         iter->oom_lock = true;
         }
@@ -1761,11 +1757,10 @@ static bool mem_cgroup_oom_lock(struct mem_cgroup *mem)
          * OK, we failed to lock the whole subtree so we have to clean up
          * what we set up to the failing subtree
          */
-       cond = true;
-       for_each_mem_cgroup_tree_cond(iter, mem, cond) {
+       for_each_mem_cgroup_tree(iter, memcg) {
                 if (iter == failed) {
-                       cond = false;
-                       continue;
+                       mem_cgroup_iter_break(memcg, iter);
+                       break;
                 }
                 iter->oom_lock = false;
         }
@@ -1775,24 +1770,24 @@ static bool mem_cgroup_oom_lock(struct mem_cgroup *mem)
  /*
   * Has to be called with memcg_oom_lock
   */
-static int mem_cgroup_oom_unlock(struct mem_cgroup *mem)
+static int mem_cgroup_oom_unlock(struct mem_cgroup *memcg)
  {
         struct mem_cgroup *iter;
  
-       for_each_mem_cgroup_tree(iter, mem)
+       for_each_mem_cgroup_tree(iter, memcg)
                 iter->oom_lock = false;
         return 0;
  }
  
-static void mem_cgroup_mark_under_oom(struct mem_cgroup *mem)
+static void mem_cgroup_mark_under_oom(struct mem_cgroup *memcg)
  {
         struct mem_cgroup *iter;
  
-       for_each_mem_cgroup_tree(iter, mem)
+       for_each_mem_cgroup_tree(iter, memcg)
                 atomic_inc(&iter->under_oom);
  }
  
-static void mem_cgroup_unmark_under_oom(struct mem_cgroup *mem)
+static void mem_cgroup_unmark_under_oom(struct mem_cgroup *memcg)
  {
         struct mem_cgroup *iter;
  
@@ -1801,7 +1796,7 @@ static void mem_cgroup_unmark_under_oom(struct mem_cgroup *mem)
          * mem_cgroup_oom_lock() may not be called. We have to use
          * atomic_add_unless() here.
          */
-       for_each_mem_cgroup_tree(iter, mem)
+       for_each_mem_cgroup_tree(iter, memcg)
                 atomic_add_unless(&iter->under_oom, -1, 0);
  }
  
@@ -1809,92 +1804,92 @@ static DEFINE_SPINLOCK(memcg_oom_lock);
  static DECLARE_WAIT_QUEUE_HEAD(memcg_oom_waitq);
  
  struct oom_wait_info {
-       struct mem_cgroup *mem;
+       struct mem_cgroup *memcg;
         wait_queue_t    wait;
  };
  
  static int memcg_oom_wake_function(wait_queue_t *wait,
         unsigned mode, int sync, void *arg)
  {
-       struct mem_cgroup *wake_mem = (struct mem_cgroup *)arg,
-                         *oom_wait_mem;
+       struct mem_cgroup *wake_memcg = (struct mem_cgroup *)arg;
+       struct mem_cgroup *oom_wait_memcg;
         struct oom_wait_info *oom_wait_info;
  
         oom_wait_info = container_of(wait, struct oom_wait_info, wait);
-       oom_wait_mem = oom_wait_info->mem;
+       oom_wait_memcg = oom_wait_info->memcg;
  
         /*
-        * Both of oom_wait_info->mem and wake_mem are stable under us.
+        * Both of oom_wait_info->memcg and wake_memcg are stable under us.
          * Then we can use css_is_ancestor without taking care of RCU.
          */
-       if (!mem_cgroup_same_or_subtree(oom_wait_mem, wake_mem)
-                       && !mem_cgroup_same_or_subtree(wake_mem, oom_wait_mem))
+       if (!mem_cgroup_same_or_subtree(oom_wait_memcg, wake_memcg)
+               && !mem_cgroup_same_or_subtree(wake_memcg, oom_wait_memcg))
                 return 0;
         return autoremove_wake_function(wait, mode, sync, arg);
  }
  
-static void memcg_wakeup_oom(struct mem_cgroup *mem)
+static void memcg_wakeup_oom(struct mem_cgroup *memcg)
  {
-       /* for filtering, pass "mem" as argument. */
-       __wake_up(&memcg_oom_waitq, TASK_NORMAL, 0, mem);
+       /* for filtering, pass "memcg" as argument. */
+       __wake_up(&memcg_oom_waitq, TASK_NORMAL, 0, memcg);
  }
  
-static void memcg_oom_recover(struct mem_cgroup *mem)
+static void memcg_oom_recover(struct mem_cgroup *memcg)
  {
-       if (mem && atomic_read(&mem->under_oom))
-               memcg_wakeup_oom(mem);
+       if (memcg && atomic_read(&memcg->under_oom))
+               memcg_wakeup_oom(memcg);
  }
  
  /*
   * try to call OOM killer. returns false if we should exit memory-reclaim loop.
   */
-bool mem_cgroup_handle_oom(struct mem_cgroup *mem, gfp_t mask)
+bool mem_cgroup_handle_oom(struct mem_cgroup *memcg, gfp_t mask, int order)
  {
         struct oom_wait_info owait;
         bool locked, need_to_kill;
  
-       owait.mem = mem;
+       owait.memcg = memcg;
         owait.wait.flags = 0;
         owait.wait.func = memcg_oom_wake_function;
         owait.wait.private = current;
         INIT_LIST_HEAD(&owait.wait.task_list);
         need_to_kill = true;
-       mem_cgroup_mark_under_oom(mem);
+       mem_cgroup_mark_under_oom(memcg);
  
-       /* At first, try to OOM lock hierarchy under mem.*/
+       /* At first, try to OOM lock hierarchy under memcg.*/
         spin_lock(&memcg_oom_lock);
-       locked = mem_cgroup_oom_lock(mem);
+       locked = mem_cgroup_oom_lock(memcg);
         /*
          * Even if signal_pending(), we can't quit charge() loop without
          * accounting. So, UNINTERRUPTIBLE is appropriate. But SIGKILL
          * under OOM is always welcomed, use TASK_KILLABLE here.
          */
         prepare_to_wait(&memcg_oom_waitq, &owait.wait, TASK_KILLABLE);
-       if (!locked || mem->oom_kill_disable)
+       if (!locked || memcg->oom_kill_disable)
                 need_to_kill = false;
         if (locked)
-               mem_cgroup_oom_notify(mem);
+               mem_cgroup_oom_notify(memcg);
         spin_unlock(&memcg_oom_lock);
  
         if (need_to_kill) {
                 finish_wait(&memcg_oom_waitq, &owait.wait);
-               mem_cgroup_out_of_memory(mem, mask);
+               mem_cgroup_out_of_memory(memcg, mask, order);
         } else {
                 schedule();
                 finish_wait(&memcg_oom_waitq, &owait.wait);
         }
         spin_lock(&memcg_oom_lock);
         if (locked)
-               mem_cgroup_oom_unlock(mem);
-       memcg_wakeup_oom(mem);
+               mem_cgroup_oom_unlock(memcg);
+       memcg_wakeup_oom(memcg);
         spin_unlock(&memcg_oom_lock);
  
-       mem_cgroup_unmark_under_oom(mem);
+       mem_cgroup_unmark_under_oom(memcg);
  
         if (test_thread_flag(TIF_MEMDIE) || fatal_signal_pending(current))
                 return false;
         /* Give chance to dying process */
-       schedule_timeout(1);
+       schedule_timeout_uninterruptible(1);
         return true;
  }
  
@@ -1918,56 +1913,74 @@ bool mem_cgroup_handle_oom(struct mem_cgroup *mem, gfp_t mask)
   * by flags.
   *
   * Considering "move", this is an only case we see a race. To make the race
- * small, we check MEM_CGROUP_ON_MOVE percpu value and detect there are
- * possibility of race condition. If there is, we take a lock.
+ * small, we check mm->moving_account and detect there are possibility of race
+ * If there is, we take a lock.
   */
  
+void __mem_cgroup_begin_update_page_stat(struct page *page,
+                               bool *locked, unsigned long *flags)
+{
+       struct mem_cgroup *memcg;
+       struct page_cgroup *pc;
+
+       pc = lookup_page_cgroup(page);
+again:
+       memcg = pc->mem_cgroup;
+       if (unlikely(!memcg || !PageCgroupUsed(pc)))
+               return;
+       /*
+        * If this memory cgroup is not under account moving, we don't
+        * need to take move_lock_page_cgroup(). Because we already hold
+        * rcu_read_lock(), any calls to move_account will be delayed until
+        * rcu_read_unlock() if mem_cgroup_stolen() == true.
+        */
+       if (!mem_cgroup_stolen(memcg))
+               return;
+
+       move_lock_mem_cgroup(memcg, flags);
+       if (memcg != pc->mem_cgroup || !PageCgroupUsed(pc)) {
+               move_unlock_mem_cgroup(memcg, flags);
+               goto again;
+       }
+       *locked = true;
+}
+
+void __mem_cgroup_end_update_page_stat(struct page *page, unsigned long *flags)
+{
+       struct page_cgroup *pc = lookup_page_cgroup(page);
+
+       /*
+        * It's guaranteed that pc->mem_cgroup never changes while
+        * lock is held because a routine modifies pc->mem_cgroup
+        * should take move_lock_page_cgroup().
+        */
+       move_unlock_mem_cgroup(pc->mem_cgroup, flags);
+}
+
  void mem_cgroup_update_page_stat(struct page *page,
                                  enum mem_cgroup_page_stat_item idx, int val)
  {
-       struct mem_cgroup *mem;
+       struct mem_cgroup *memcg;
         struct page_cgroup *pc = lookup_page_cgroup(page);
-       bool need_unlock = false;
         unsigned long uninitialized_var(flags);
  
-       if (unlikely(!pc))
+       if (mem_cgroup_disabled())
                 return;
  
-       rcu_read_lock();
-       mem = pc->mem_cgroup;
-       if (unlikely(!mem || !PageCgroupUsed(pc)))
-               goto out;
-       /* pc->mem_cgroup is unstable ? */
-       if (unlikely(mem_cgroup_stealed(mem)) || PageTransHuge(page)) {
-               /* take a lock against to access pc->mem_cgroup */
-               move_lock_page_cgroup(pc, &flags);
-               need_unlock = true;
-               mem = pc->mem_cgroup;
-               if (!mem || !PageCgroupUsed(pc))
-                       goto out;
-       }
+       memcg = pc->mem_cgroup;
+       if (unlikely(!memcg || !PageCgroupUsed(pc)))
+               return;
  
         switch (idx) {
         case MEMCG_NR_FILE_MAPPED:
-               if (val > 0)
-                       SetPageCgroupFileMapped(pc);
-               else if (!page_mapped(page))
-                       ClearPageCgroupFileMapped(pc);
                 idx = MEM_CGROUP_STAT_FILE_MAPPED;
                 break;
         default:
                 BUG();
         }
  
-       this_cpu_add(mem->stat->count[idx], val);
-
-out:
-       if (unlikely(need_unlock))
-               move_unlock_page_cgroup(pc, &flags);
-       rcu_read_unlock();
-       return;
+       this_cpu_add(memcg->stat->count[idx], val);
  }
-EXPORT_SYMBOL(mem_cgroup_update_page_stat);
  
  /*
   * size of first charge trial. "32" comes from vmscan.c's magic value.
@@ -1990,13 +2003,13 @@ static DEFINE_MUTEX(percpu_charge_mutex);
   * cgroup which is not current target, returns false. This stock will be
   * refilled.
   */
-static bool consume_stock(struct mem_cgroup *mem)
+static bool consume_stock(struct mem_cgroup *memcg)
  {
         struct memcg_stock_pcp *stock;
         bool ret = true;
  
         stock = &get_cpu_var(memcg_stock);
-       if (mem == stock->cached && stock->nr_pages)
+       if (memcg == stock->cached && stock->nr_pages)
                 stock->nr_pages--;
         else /* need to call res_counter_charge */
                 ret = false;
@@ -2037,24 +2050,24 @@ static void drain_local_stock(struct work_struct *dummy)
   * Cache charges(val) which is from res_counter, to local per_cpu area.
   * This will be consumed by consume_stock() function, later.
   */
-static void refill_stock(struct mem_cgroup *mem, unsigned int nr_pages)
+static void refill_stock(struct mem_cgroup *memcg, unsigned int nr_pages)
  {
         struct memcg_stock_pcp *stock = &get_cpu_var(memcg_stock);
  
-       if (stock->cached != mem) { /* reset if necessary */
+       if (stock->cached != memcg) { /* reset if necessary */
                 drain_stock(stock);
-               stock->cached = mem;
+               stock->cached = memcg;
         }
         stock->nr_pages += nr_pages;
         put_cpu_var(memcg_stock);
  }
  
  /*
- * Drains all per-CPU charge caches for given root_mem resp. subtree
+ * Drains all per-CPU charge caches for given root_memcg resp. subtree
   * of the hierarchy under it. sync flag says whether we should block
   * until the work is done.
   */
-static void drain_all_stock(struct mem_cgroup *root_mem, bool sync)
+static void drain_all_stock(struct mem_cgroup *root_memcg, bool sync)
  {
         int cpu, curcpu;
  
@@ -2063,12 +2076,12 @@ static void drain_all_stock(struct mem_cgroup *root_mem, bool sync)
         curcpu = get_cpu();
         for_each_online_cpu(cpu) {
                 struct memcg_stock_pcp *stock = &per_cpu(memcg_stock, cpu);
-               struct mem_cgroup *mem;
+               struct mem_cgroup *memcg;
  
-               mem = stock->cached;
-               if (!mem || !stock->nr_pages)
+               memcg = stock->cached;
+               if (!memcg || !stock->nr_pages)
                         continue;
-               if (!mem_cgroup_same_or_subtree(root_mem, mem))
+               if (!mem_cgroup_same_or_subtree(root_memcg, memcg))
                         continue;
                 if (!test_and_set_bit(FLUSHING_CACHED_CHARGE, &stock->flags)) {
                         if (cpu == curcpu)
@@ -2097,23 +2110,23 @@ out:
   * expects some charges will be back to res_counter later but cannot wait for
   * it.
   */
-static void drain_all_stock_async(struct mem_cgroup *root_mem)
+static void drain_all_stock_async(struct mem_cgroup *root_memcg)
  {
         /*
          * If someone calls draining, avoid adding more kworker runs.
          */
         if (!mutex_trylock(&percpu_charge_mutex))
                 return;
-       drain_all_stock(root_mem, false);
+       drain_all_stock(root_memcg, false);
         mutex_unlock(&percpu_charge_mutex);
  }
  
  /* This is a synchronous drain interface. */
-static void drain_all_stock_sync(struct mem_cgroup *root_mem)
+static void drain_all_stock_sync(struct mem_cgroup *root_memcg)
  {
         /* called when force_empty is called */
         mutex_lock(&percpu_charge_mutex);
-       drain_all_stock(root_mem, true);
+       drain_all_stock(root_memcg, true);
         mutex_unlock(&percpu_charge_mutex);
  }
  
@@ -2121,35 +2134,24 @@ static void drain_all_stock_sync(struct mem_cgroup *root_mem)
   * This function drains percpu counter value from DEAD cpu and
   * move it to local cpu. Note that this function can be preempted.
   */
-static void mem_cgroup_drain_pcp_counter(struct mem_cgroup *mem, int cpu)
+static void mem_cgroup_drain_pcp_counter(struct mem_cgroup *memcg, int cpu)
  {
         int i;
  
-       spin_lock(&mem->pcp_counter_lock);
+       spin_lock(&memcg->pcp_counter_lock);
         for (i = 0; i < MEM_CGROUP_STAT_DATA; i++) {
-               long x = per_cpu(mem->stat->count[i], cpu);
+               long x = per_cpu(memcg->stat->count[i], cpu);
  
-               per_cpu(mem->stat->count[i], cpu) = 0;
-               mem->nocpu_base.count[i] += x;
+               per_cpu(memcg->stat->count[i], cpu) = 0;
+               memcg->nocpu_base.count[i] += x;
         }
         for (i = 0; i < MEM_CGROUP_EVENTS_NSTATS; i++) {
-               unsigned long x = per_cpu(mem->stat->events[i], cpu);
+               unsigned long x = per_cpu(memcg->stat->events[i], cpu);
  
-               per_cpu(mem->stat->events[i], cpu) = 0;
-               mem->nocpu_base.events[i] += x;
+               per_cpu(memcg->stat->events[i], cpu) = 0;
+               memcg->nocpu_base.events[i] += x;
         }
-       /* need to clear ON_MOVE value, works as a kind of lock. */
-       per_cpu(mem->stat->count[MEM_CGROUP_ON_MOVE], cpu) = 0;
-       spin_unlock(&mem->pcp_counter_lock);
-}
-
-static void synchronize_mem_cgroup_on_move(struct mem_cgroup *mem, int cpu)
-{
-       int idx = MEM_CGROUP_ON_MOVE;
-
-       spin_lock(&mem->pcp_counter_lock);
-       per_cpu(mem->stat->count[idx], cpu) = mem->nocpu_base.count[idx];
-       spin_unlock(&mem->pcp_counter_lock);
+       spin_unlock(&memcg->pcp_counter_lock);
  }
  
  static int __cpuinit memcg_cpu_hotplug_callback(struct notifier_block *nb,
@@ -2160,16 +2162,13 @@ static int __cpuinit memcg_cpu_hotplug_callback(struct notifier_block *nb,
         struct memcg_stock_pcp *stock;
         struct mem_cgroup *iter;
  
-       if ((action == CPU_ONLINE)) {
-               for_each_mem_cgroup_all(iter)
-                       synchronize_mem_cgroup_on_move(iter, cpu);
+       if (action == CPU_ONLINE)
                 return NOTIFY_OK;
-       }
  
-       if ((action != CPU_DEAD) || action != CPU_DEAD_FROZEN)
+       if (action != CPU_DEAD && action != CPU_DEAD_FROZEN)
                 return NOTIFY_OK;
  
-       for_each_mem_cgroup_all(iter)
+       for_each_mem_cgroup(iter)
                 mem_cgroup_drain_pcp_counter(iter, cpu);
  
         stock = &per_cpu(memcg_stock, cpu);
@@ -2187,7 +2186,7 @@ enum {
         CHARGE_OOM_DIE,         /* the current is killed because of OOM */
  };
  
-static int mem_cgroup_do_charge(struct mem_cgroup *mem, gfp_t gfp_mask,
+static int mem_cgroup_do_charge(struct mem_cgroup *memcg, gfp_t gfp_mask,
                                 unsigned int nr_pages, bool oom_check)
  {
         unsigned long csize = nr_pages * PAGE_SIZE;
@@ -2196,16 +2195,16 @@ static int mem_cgroup_do_charge(struct mem_cgroup *mem, gfp_t gfp_mask,
         unsigned long flags = 0;
         int ret;
  
-       ret = res_counter_charge(&mem->res, csize, &fail_res);
+       ret = res_counter_charge(&memcg->res, csize, &fail_res);
  
         if (likely(!ret)) {
                 if (!do_swap_account)
                         return CHARGE_OK;
-               ret = res_counter_charge(&mem->memsw, csize, &fail_res);
+               ret = res_counter_charge(&memcg->memsw, csize, &fail_res);
                 if (likely(!ret))
                         return CHARGE_OK;
  
-               res_counter_uncharge(&mem->res, csize);
+               res_counter_uncharge(&memcg->res, csize);
                 mem_over_limit = mem_cgroup_from_res_counter(fail_res, memsw);
                 flags |= MEM_CGROUP_RECLAIM_NOSWAP;
         } else
@@ -2223,8 +2222,7 @@ static int mem_cgroup_do_charge(struct mem_cgroup *mem, gfp_t gfp_mask,
         if (!(gfp_mask & __GFP_WAIT))
                 return CHARGE_WOULDBLOCK;
  
-       ret = mem_cgroup_hierarchical_reclaim(mem_over_limit, NULL,
-                                             gfp_mask, flags, NULL);
+       ret = mem_cgroup_reclaim(mem_over_limit, gfp_mask, flags);
         if (mem_cgroup_margin(mem_over_limit) >= nr_pages)
                 return CHARGE_RETRY;
         /*
@@ -2250,25 +2248,42 @@ static int mem_cgroup_do_charge(struct mem_cgroup *mem, gfp_t gfp_mask,
         if (!oom_check)
                 return CHARGE_NOMEM;
         /* check OOM */
-       if (!mem_cgroup_handle_oom(mem_over_limit, gfp_mask))
+       if (!mem_cgroup_handle_oom(mem_over_limit, gfp_mask, get_order(csize)))
                 return CHARGE_OOM_DIE;
  
         return CHARGE_RETRY;
  }
  
  /*
- * Unlike exported interface, "oom" parameter is added. if oom==true,
- * oom-killer can be invoked.
+ * __mem_cgroup_try_charge() does
+ * 1. detect memcg to be charged against from passed *mm and *ptr,
+ * 2. update res_counter
+ * 3. call memory reclaim if necessary.
+ *
+ * In some special case, if the task is fatal, fatal_signal_pending() or
+ * has TIF_MEMDIE, this function returns -EINTR while writing root_mem_cgroup
+ * to *ptr. There are two reasons for this. 1: fatal threads should quit as soon
+ * as possible without any hazards. 2: all pages should have a valid
+ * pc->mem_cgroup. If mm is NULL and the caller doesn't pass a valid memcg
+ * pointer, that is treated as a charge to root_mem_cgroup.
+ *
+ * So __mem_cgroup_try_charge() will return
+ *  0       ...  on success, filling *ptr with a valid memcg pointer.
+ *  -ENOMEM ...  charge failure because of resource limits.
+ *  -EINTR  ...  if thread is fatal. *ptr is filled with root_mem_cgroup.
+ *
+ * Unlike the exported interface, an "oom" parameter is added. if oom==true,
+ * the oom-killer can be invoked.
   */
  static int __mem_cgroup_try_charge(struct mm_struct *mm,
                                    gfp_t gfp_mask,
                                    unsigned int nr_pages,
-                                  struct mem_cgroup **memcg,
+                                  struct mem_cgroup **ptr,
                                    bool oom)
  {
         unsigned int batch = max(CHARGE_BATCH, nr_pages);
         int nr_oom_retries = MEM_CGROUP_RECLAIM_RETRIES;
-       struct mem_cgroup *mem = NULL;
+       struct mem_cgroup *memcg = NULL;
         int ret;
  
         /*
@@ -2286,17 +2301,17 @@ static int __mem_cgroup_try_charge(struct mm_struct *mm,
          * thread group leader migrates. It's possible that mm is not
          * set, if so charge the init_mm (happens for pagecache usage).
          */
-       if (!*memcg && !mm)
-               goto bypass;
+       if (!*ptr && !mm)
+               *ptr = root_mem_cgroup;
  again:
-       if (*memcg) { /* css should be a valid one */
-               mem = *memcg;
-               VM_BUG_ON(css_is_removed(&mem->css));
-               if (mem_cgroup_is_root(mem))
+       if (*ptr) { /* css should be a valid one */
+               memcg = *ptr;
+               VM_BUG_ON(css_is_removed(&memcg->css));
+               if (mem_cgroup_is_root(memcg))
                         goto done;
-               if (nr_pages == 1 && consume_stock(mem))
+               if (nr_pages == 1 && consume_stock(memcg))
                         goto done;
-               css_get(&mem->css);
+               css_get(&memcg->css);
         } else {
                 struct task_struct *p;
  
@@ -2304,7 +2319,7 @@ again:
                 p = rcu_dereference(mm->owner);
                 /*
                  * Because we don't have task_lock(), "p" can exit.
-                * In that case, "mem" can point to root or p can be NULL with
+                * In that case, "memcg" can point to root or p can be NULL with
                  * race with swapoff. Then, we have small risk of mis-accouning.
                  * But such kind of mis-account by race always happens because
                  * we don't have cgroup_mutex(). It's overkill and we allo that
@@ -2312,12 +2327,14 @@ again:
                  * (*) swapoff at el will charge against mm-struct not against
                  * task-struct. So, mm->owner can be NULL.
                  */
-               mem = mem_cgroup_from_task(p);
-               if (!mem || mem_cgroup_is_root(mem)) {
+               memcg = mem_cgroup_from_task(p);
+               if (!memcg)
+                       memcg = root_mem_cgroup;
+               if (mem_cgroup_is_root(memcg)) {
                         rcu_read_unlock();
                         goto done;
                 }
-               if (nr_pages == 1 && consume_stock(mem)) {
+               if (nr_pages == 1 && consume_stock(memcg)) {
                         /*
                          * It seems dagerous to access memcg without css_get().
                          * But considering how consume_stok works, it's not
@@ -2330,7 +2347,7 @@ again:
                         goto done;
                 }
                 /* after here, we may be blocked. we need to get refcnt */
-               if (!css_tryget(&mem->css)) {
+               if (!css_tryget(&memcg->css)) {
                         rcu_read_unlock();
                         goto again;
                 }
@@ -2342,7 +2359,7 @@ again:
  
                 /* If killed, bypass charge */
                 if (fatal_signal_pending(current)) {
-                       css_put(&mem->css);
+                       css_put(&memcg->css);
                         goto bypass;
                 }
  
@@ -2352,44 +2369,44 @@ again:
                         nr_oom_retries = MEM_CGROUP_RECLAIM_RETRIES;
                 }
  
-               ret = mem_cgroup_do_charge(mem, gfp_mask, batch, oom_check);
+               ret = mem_cgroup_do_charge(memcg, gfp_mask, batch, oom_check);
                 switch (ret) {
                 case CHARGE_OK:
                         break;
                 case CHARGE_RETRY: /* not in OOM situation but retry */
                         batch = nr_pages;
-                       css_put(&mem->css);
-                       mem = NULL;
+                       css_put(&memcg->css);
+                       memcg = NULL;
                         goto again;
                 case CHARGE_WOULDBLOCK: /* !__GFP_WAIT */
-                       css_put(&mem->css);
+                       css_put(&memcg->css);
                         goto nomem;
                 case CHARGE_NOMEM: /* OOM routine works */
                         if (!oom) {
-                               css_put(&mem->css);
+                               css_put(&memcg->css);
                                 goto nomem;
                         }
                         /* If oom, we never return -ENOMEM */
                         nr_oom_retries--;
                         break;
                 case CHARGE_OOM_DIE: /* Killed by OOM Killer */
-                       css_put(&mem->css);
+                       css_put(&memcg->css);
                         goto bypass;
                 }
         } while (ret != CHARGE_OK);
  
         if (batch > nr_pages)
-               refill_stock(mem, batch - nr_pages);
-       css_put(&mem->css);
+               refill_stock(memcg, batch - nr_pages);
+       css_put(&memcg->css);
  done:
-       *memcg = mem;
+       *ptr = memcg;
         return 0;
  nomem:
-       *memcg = NULL;
+       *ptr = NULL;
         return -ENOMEM;
  bypass:
-       *memcg = NULL;
-       return 0;
+       *ptr = root_mem_cgroup;
+       return -EINTR;
  }
  
  /*
@@ -2397,15 +2414,15 @@ bypass:
   * This function is for that and do uncharge, put css's refcnt.
   * gotten by try_charge().
   */
-static void __mem_cgroup_cancel_charge(struct mem_cgroup *mem,
+static void __mem_cgroup_cancel_charge(struct mem_cgroup *memcg,
                                        unsigned int nr_pages)
  {
-       if (!mem_cgroup_is_root(mem)) {
+       if (!mem_cgroup_is_root(memcg)) {
                 unsigned long bytes = nr_pages * PAGE_SIZE;
  
-               res_counter_uncharge(&mem->res, bytes);
+               res_counter_uncharge(&memcg->res, bytes);
                 if (do_swap_account)
-                       res_counter_uncharge(&mem->memsw, bytes);
+                       res_counter_uncharge(&memcg->memsw, bytes);
         }
  }
  
@@ -2430,7 +2447,7 @@ static struct mem_cgroup *mem_cgroup_lookup(unsigned short id)
  
  struct mem_cgroup *try_get_mem_cgroup_from_page(struct page *page)
  {
-       struct mem_cgroup *mem = NULL;
+       struct mem_cgroup *memcg = NULL;
         struct page_cgroup *pc;
         unsigned short id;
         swp_entry_t ent;
@@ -2440,39 +2457,59 @@ struct mem_cgroup *try_get_mem_cgroup_from_page(struct page *page)
         pc = lookup_page_cgroup(page);
         lock_page_cgroup(pc);
         if (PageCgroupUsed(pc)) {
-               mem = pc->mem_cgroup;
-               if (mem && !css_tryget(&mem->css))
-                       mem = NULL;
+               memcg = pc->mem_cgroup;
+               if (memcg && !css_tryget(&memcg->css))
+                       memcg = NULL;
         } else if (PageSwapCache(page)) {
                 ent.val = page_private(page);
-               id = lookup_swap_cgroup(ent);
+               id = lookup_swap_cgroup_id(ent);
                 rcu_read_lock();
-               mem = mem_cgroup_lookup(id);
-               if (mem && !css_tryget(&mem->css))
-                       mem = NULL;
+               memcg = mem_cgroup_lookup(id);
+               if (memcg && !css_tryget(&memcg->css))
+                       memcg = NULL;
                 rcu_read_unlock();
         }
         unlock_page_cgroup(pc);
-       return mem;
+       return memcg;
  }
  
-static void __mem_cgroup_commit_charge(struct mem_cgroup *mem,
+static void __mem_cgroup_commit_charge(struct mem_cgroup *memcg,
                                        struct page *page,
                                        unsigned int nr_pages,
-                                      struct page_cgroup *pc,
-                                      enum charge_type ctype)
+                                      enum charge_type ctype,
+                                      bool lrucare)
  {
+       struct page_cgroup *pc = lookup_page_cgroup(page);
+       struct zone *uninitialized_var(zone);
+       bool was_on_lru = false;
+       bool anon;
+
         lock_page_cgroup(pc);
         if (unlikely(PageCgroupUsed(pc))) {
                 unlock_page_cgroup(pc);
-               __mem_cgroup_cancel_charge(mem, nr_pages);
+               __mem_cgroup_cancel_charge(memcg, nr_pages);
                 return;
         }
         /*
          * we don't need page_cgroup_lock about tail pages, becase they are not
          * accessed by any other context at this point.
          */
-       pc->mem_cgroup = mem;
+
+       /*
+        * In some cases, SwapCache and FUSE(splice_buf->radixtree), the page
+        * may already be on some other mem_cgroup's LRU.  Take care of it.
+        */
+       if (lrucare) {
+               zone = page_zone(page);
+               spin_lock_irq(&zone->lru_lock);
+               if (PageLRU(page)) {
+                       ClearPageLRU(page);
+                       del_page_from_lru_list(zone, page, page_lru(page));
+                       was_on_lru = true;
+               }
+       }
+
+       pc->mem_cgroup = memcg;
         /*
          * We access a page_cgroup asynchronously without lock_page_cgroup().
          * Especially when a page_cgroup is taken from a page, pc->mem_cgroup
@@ -2481,71 +2518,58 @@ static void __mem_cgroup_commit_charge(struct mem_cgroup *mem,
          * See mem_cgroup_add_lru_list(), etc.
          */
         smp_wmb();
-       switch (ctype) {
-       case MEM_CGROUP_CHARGE_TYPE_CACHE:
-       case MEM_CGROUP_CHARGE_TYPE_SHMEM:
-               SetPageCgroupCache(pc);
-               SetPageCgroupUsed(pc);
-               break;
-       case MEM_CGROUP_CHARGE_TYPE_MAPPED:
-               ClearPageCgroupCache(pc);
-               SetPageCgroupUsed(pc);
-               break;
-       default:
-               break;
+       SetPageCgroupUsed(pc);
+
+       if (lrucare) {
+               if (was_on_lru) {
+                       VM_BUG_ON(PageLRU(page));
+                       SetPageLRU(page);
+                       add_page_to_lru_list(zone, page, page_lru(page));
+               }
+               spin_unlock_irq(&zone->lru_lock);
         }
  
-       mem_cgroup_charge_statistics(mem, PageCgroupCache(pc), nr_pages);
+       if (ctype == MEM_CGROUP_CHARGE_TYPE_MAPPED)
+               anon = true;
+       else
+               anon = false;
+
+       mem_cgroup_charge_statistics(memcg, anon, nr_pages);
         unlock_page_cgroup(pc);
+
         /*
          * "charge_statistics" updated event counter. Then, check it.
          * Insert ancestor (and ancestor's ancestors), to softlimit RB-tree.
          * if they exceeds softlimit.
          */
-       memcg_check_events(mem, page);
+       memcg_check_events(memcg, page);
  }
  
  #ifdef CONFIG_TRANSPARENT_HUGEPAGE
  
-#define PCGF_NOCOPY_AT_SPLIT ((1 << PCG_LOCK) | (1 << PCG_MOVE_LOCK) |\
-                       (1 << PCG_ACCT_LRU) | (1 << PCG_MIGRATION))
+#define PCGF_NOCOPY_AT_SPLIT ((1 << PCG_LOCK) | (1 << PCG_MIGRATION))
  /*
   * Because tail pages are not marked as "used", set it. We're under
- * zone->lru_lock, 'splitting on pmd' and compund_lock.
+ * zone->lru_lock, 'splitting on pmd' and compound_lock.
+ * charge/uncharge will be never happen and move_account() is done under
+ * compound_lock(), so we don't have to take care of races.
   */
-void mem_cgroup_split_huge_fixup(struct page *head, struct page *tail)
+void mem_cgroup_split_huge_fixup(struct page *head)
  {
         struct page_cgroup *head_pc = lookup_page_cgroup(head);
-       struct page_cgroup *tail_pc = lookup_page_cgroup(tail);
-       unsigned long flags;
+       struct page_cgroup *pc;
+       int i;
  
         if (mem_cgroup_disabled())
                 return;
-       /*
-        * We have no races with charge/uncharge but will have races with
-        * page state accounting.
-        */
-       move_lock_page_cgroup(head_pc, &flags);
-
-       tail_pc->mem_cgroup = head_pc->mem_cgroup;
-       smp_wmb(); /* see __commit_charge() */
-       if (PageCgroupAcctLRU(head_pc)) {
-               enum lru_list lru;
-               struct mem_cgroup_per_zone *mz;
-
-               /*
-                * LRU flags cannot be copied because we need to add tail
-                *.page to LRU by generic call and our hook will be called.
-                * We hold lru_lock, then, reduce counter directly.
-                */
-               lru = page_lru(head);
-               mz = page_cgroup_zoneinfo(head_pc->mem_cgroup, head);
-               MEM_CGROUP_ZSTAT(mz, lru) -= 1;
+       for (i = 1; i < HPAGE_PMD_NR; i++) {
+               pc = head_pc + i;
+               pc->mem_cgroup = head_pc->mem_cgroup;
+               smp_wmb();/* see __commit_charge() */
+               pc->flags = head_pc->flags & ~PCGF_NOCOPY_AT_SPLIT;
         }
-       tail_pc->flags = head_pc->flags & ~PCGF_NOCOPY_AT_SPLIT;
-       move_unlock_page_cgroup(head_pc, &flags);
  }
-#endif
+#endif /* CONFIG_TRANSPARENT_HUGEPAGE */
  
  /**
   * mem_cgroup_move_account - move account of the page
@@ -2574,6 +2598,7 @@ static int mem_cgroup_move_account(struct page *page,
  {
         unsigned long flags;
         int ret;
+       bool anon = PageAnon(page);
  
         VM_BUG_ON(from == to);
         VM_BUG_ON(PageLRU(page));
@@ -2593,23 +2618,23 @@ static int mem_cgroup_move_account(struct page *page,
         if (!PageCgroupUsed(pc) || pc->mem_cgroup != from)
                 goto unlock;
  
-       move_lock_page_cgroup(pc, &flags);
+       move_lock_mem_cgroup(from, &flags);
  
-       if (PageCgroupFileMapped(pc)) {
+       if (!anon && page_mapped(page)) {
                 /* Update mapped_file data for mem_cgroup */
                 preempt_disable();
                 __this_cpu_dec(from->stat->count[MEM_CGROUP_STAT_FILE_MAPPED]);
                 __this_cpu_inc(to->stat->count[MEM_CGROUP_STAT_FILE_MAPPED]);
                 preempt_enable();
         }
-       mem_cgroup_charge_statistics(from, PageCgroupCache(pc), -nr_pages);
+       mem_cgroup_charge_statistics(from, anon, -nr_pages);
         if (uncharge)
                 /* This is not "cancel", but cancel_charge does all we need. */
                 __mem_cgroup_cancel_charge(from, nr_pages);
  
         /* caller should have done css_get */
         pc->mem_cgroup = to;
-       mem_cgroup_charge_statistics(to, PageCgroupCache(pc), nr_pages);
+       mem_cgroup_charge_statistics(to, anon, nr_pages);
         /*
          * We charges against "to" which may not have any tasks. Then, "to"
          * can be under rmdir(). But in current implementation, caller of
@@ -2617,7 +2642,7 @@ static int mem_cgroup_move_account(struct page *page,
          * guaranteed that "to" is never removed. So, we don't check rmdir
          * status here.
          */
-       move_unlock_page_cgroup(pc, &flags);
+       move_unlock_mem_cgroup(from, &flags);
         ret = 0;
  unlock:
         unlock_page_cgroup(pc);
@@ -2660,7 +2685,7 @@ static int mem_cgroup_move_parent(struct page *page,
  
         parent = mem_cgroup_from_cont(pcg);
         ret = __mem_cgroup_try_charge(NULL, gfp_mask, nr_pages, &parent, false);
-       if (ret || !parent)
+       if (ret)
                 goto put_back;
  
         if (nr_pages > 1)
@@ -2689,9 +2714,8 @@ out:
  static int mem_cgroup_charge_common(struct page *page, struct mm_struct *mm,
                                 gfp_t gfp_mask, enum charge_type ctype)
  {
-       struct mem_cgroup *mem = NULL;
+       struct mem_cgroup *memcg = NULL;
         unsigned int nr_pages = 1;
-       struct page_cgroup *pc;
         bool oom = true;
         int ret;
  
@@ -2705,14 +2729,10 @@ static int mem_cgroup_charge_common(struct page *page, struct mm_struct *mm,
                 oom = false;
         }
  
-       pc = lookup_page_cgroup(page);
-       BUG_ON(!pc); /* XXX: remove this and move pc lookup into commit */
-
-       ret = __mem_cgroup_try_charge(mm, gfp_mask, nr_pages, &mem, oom);
-       if (ret || !mem)
+       ret = __mem_cgroup_try_charge(mm, gfp_mask, nr_pages, &memcg, oom);
+       if (ret == -ENOMEM)
                 return ret;
-
-       __mem_cgroup_commit_charge(mem, page, nr_pages, pc, ctype);
+       __mem_cgroup_commit_charge(memcg, page, nr_pages, ctype, false);
         return 0;
  }
  
@@ -2721,45 +2741,22 @@ int mem_cgroup_newpage_charge(struct page *page,
  {
         if (mem_cgroup_disabled())
                 return 0;
-       /*
-        * If already mapped, we don't have to account.
-        * If page cache, page->mapping has address_space.
-        * But page->mapping may have out-of-use anon_vma pointer,
-        * detecit it by PageAnon() check. newly-mapped-anon's page->mapping
-        * is NULL.
-        */
-       if (page_mapped(page) || (page->mapping && !PageAnon(page)))
-               return 0;
-       if (unlikely(!mm))
-               mm = &init_mm;
+       VM_BUG_ON(page_mapped(page));
+       VM_BUG_ON(page->mapping && !PageAnon(page));
+       VM_BUG_ON(!mm);
         return mem_cgroup_charge_common(page, mm, gfp_mask,
-                               MEM_CGROUP_CHARGE_TYPE_MAPPED);
+                                       MEM_CGROUP_CHARGE_TYPE_MAPPED);
  }
  
  static void
  __mem_cgroup_commit_charge_swapin(struct page *page, struct mem_cgroup *ptr,
                                         enum charge_type ctype);
  
-static void
-__mem_cgroup_commit_charge_lrucare(struct page *page, struct mem_cgroup *mem,
-                                       enum charge_type ctype)
-{
-       struct page_cgroup *pc = lookup_page_cgroup(page);
-       /*
-        * In some case, SwapCache, FUSE(splice_buf->radixtree), the page
-        * is already on LRU. It means the page may on some other page_cgroup's
-        * LRU. Take care of it.
-        */
-       mem_cgroup_lru_del_before_commit(page);
-       __mem_cgroup_commit_charge(mem, page, 1, pc, ctype);
-       mem_cgroup_lru_add_after_commit(page);
-       return;
-}
-
  int mem_cgroup_cache_charge(struct page *page, struct mm_struct *mm,
                                 gfp_t gfp_mask)
  {
-       struct mem_cgroup *mem = NULL;
+       struct mem_cgroup *memcg = NULL;
+       enum charge_type type = MEM_CGROUP_CHARGE_TYPE_CACHE;
         int ret;
  
         if (mem_cgroup_disabled())
@@ -2769,31 +2766,16 @@ int mem_cgroup_cache_charge(struct page *page, struct mm_struct *mm,
  
         if (unlikely(!mm))
                 mm = &init_mm;
+       if (!page_is_file_cache(page))
+               type = MEM_CGROUP_CHARGE_TYPE_SHMEM;
  
-       if (page_is_file_cache(page)) {
-               ret = __mem_cgroup_try_charge(mm, gfp_mask, 1, &mem, true);
-               if (ret || !mem)
-                       return ret;
-
-               /*
-                * FUSE reuses pages without going through the final
-                * put that would remove them from the LRU list, make
-                * sure that they get relinked properly.
-                */
-               __mem_cgroup_commit_charge_lrucare(page, mem,
-                                       MEM_CGROUP_CHARGE_TYPE_CACHE);
-               return ret;
-       }
-       /* shmem */
-       if (PageSwapCache(page)) {
-               ret = mem_cgroup_try_charge_swapin(mm, page, gfp_mask, &mem);
+       if (!PageSwapCache(page))
+               ret = mem_cgroup_charge_common(page, mm, gfp_mask, type);
+       else { /* page is swapcache/shmem */
+               ret = mem_cgroup_try_charge_swapin(mm, page, gfp_mask, &memcg);
                 if (!ret)
-                       __mem_cgroup_commit_charge_swapin(page, mem,
-                                       MEM_CGROUP_CHARGE_TYPE_SHMEM);
-       } else
-               ret = mem_cgroup_charge_common(page, mm, gfp_mask,
-                                       MEM_CGROUP_CHARGE_TYPE_SHMEM);
-
+                       __mem_cgroup_commit_charge_swapin(page, memcg, type);
+       }
         return ret;
  }
  
@@ -2805,12 +2787,12 @@ int mem_cgroup_cache_charge(struct page *page, struct mm_struct *mm,
   */
  int mem_cgroup_try_charge_swapin(struct mm_struct *mm,
                                  struct page *page,
-                                gfp_t mask, struct mem_cgroup **ptr)
+                                gfp_t mask, struct mem_cgroup **memcgp)
  {
-       struct mem_cgroup *mem;
+       struct mem_cgroup *memcg;
         int ret;
  
-       *ptr = NULL;
+       *memcgp = NULL;
  
         if (mem_cgroup_disabled())
                 return 0;
@@ -2825,30 +2807,35 @@ int mem_cgroup_try_charge_swapin(struct mm_struct *mm,
          */
         if (!PageSwapCache(page))
                 goto charge_cur_mm;
-       mem = try_get_mem_cgroup_from_page(page);
-       if (!mem)
+       memcg = try_get_mem_cgroup_from_page(page);
+       if (!memcg)
                 goto charge_cur_mm;
-       *ptr = mem;
-       ret = __mem_cgroup_try_charge(NULL, mask, 1, ptr, true);
-       css_put(&mem->css);
+       *memcgp = memcg;
+       ret = __mem_cgroup_try_charge(NULL, mask, 1, memcgp, true);
+       css_put(&memcg->css);
+       if (ret == -EINTR)
+               ret = 0;
         return ret;
  charge_cur_mm:
         if (unlikely(!mm))
                 mm = &init_mm;
-       return __mem_cgroup_try_charge(mm, mask, 1, ptr, true);
+       ret = __mem_cgroup_try_charge(mm, mask, 1, memcgp, true);
+       if (ret == -EINTR)
+               ret = 0;
+       return ret;
  }
  
  static void
-__mem_cgroup_commit_charge_swapin(struct page *page, struct mem_cgroup *ptr,
+__mem_cgroup_commit_charge_swapin(struct page *page, struct mem_cgroup *memcg,
                                         enum charge_type ctype)
  {
         if (mem_cgroup_disabled())
                 return;
-       if (!ptr)
+       if (!memcg)
                 return;
-       cgroup_exclude_rmdir(&ptr->css);
+       cgroup_exclude_rmdir(&memcg->css);
  
-       __mem_cgroup_commit_charge_lrucare(page, ptr, ctype);
+       __mem_cgroup_commit_charge(memcg, page, 1, ctype, true);
         /*
          * Now swap is on-memory. This means this page may be
          * counted both as mem and swap....double count.
@@ -2858,21 +2845,22 @@ __mem_cgroup_commit_charge_swapin(struct page *page, struct mem_cgroup *ptr,
          */
         if (do_swap_account && PageSwapCache(page)) {
                 swp_entry_t ent = {.val = page_private(page)};
+               struct mem_cgroup *swap_memcg;
                 unsigned short id;
-               struct mem_cgroup *memcg;
  
                 id = swap_cgroup_record(ent, 0);
                 rcu_read_lock();
-               memcg = mem_cgroup_lookup(id);
-               if (memcg) {
+               swap_memcg = mem_cgroup_lookup(id);
+               if (swap_memcg) {
                         /*
                          * This recorded memcg can be obsolete one. So, avoid
                          * calling css_tryget
                          */
-                       if (!mem_cgroup_is_root(memcg))
-                               res_counter_uncharge(&memcg->memsw, PAGE_SIZE);
-                       mem_cgroup_swap_statistics(memcg, false);
-                       mem_cgroup_put(memcg);
+                       if (!mem_cgroup_is_root(swap_memcg))
+                               res_counter_uncharge(&swap_memcg->memsw,
+                                                    PAGE_SIZE);
+                       mem_cgroup_swap_statistics(swap_memcg, false);
+                       mem_cgroup_put(swap_memcg);
                 }
                 rcu_read_unlock();
         }
@@ -2881,25 +2869,26 @@ __mem_cgroup_commit_charge_swapin(struct page *page, struct mem_cgroup *ptr,
          * So, rmdir()->pre_destroy() can be called while we do this charge.
          * In that case, we need to call pre_destroy() again. check it here.
          */
-       cgroup_release_and_wakeup_rmdir(&ptr->css);
+       cgroup_release_and_wakeup_rmdir(&memcg->css);
  }
  
-void mem_cgroup_commit_charge_swapin(struct page *page, struct mem_cgroup *ptr)
+void mem_cgroup_commit_charge_swapin(struct page *page,
+                                    struct mem_cgroup *memcg)
  {
-       __mem_cgroup_commit_charge_swapin(page, ptr,
-                                       MEM_CGROUP_CHARGE_TYPE_MAPPED);
+       __mem_cgroup_commit_charge_swapin(page, memcg,
+                                         MEM_CGROUP_CHARGE_TYPE_MAPPED);
  }
  
-void mem_cgroup_cancel_charge_swapin(struct mem_cgroup *mem)
+void mem_cgroup_cancel_charge_swapin(struct mem_cgroup *memcg)
  {
         if (mem_cgroup_disabled())
                 return;
-       if (!mem)
+       if (!memcg)
                 return;
-       __mem_cgroup_cancel_charge(mem, 1);
+       __mem_cgroup_cancel_charge(memcg, 1);
  }
  
-static void mem_cgroup_do_uncharge(struct mem_cgroup *mem,
+static void mem_cgroup_do_uncharge(struct mem_cgroup *memcg,
                                    unsigned int nr_pages,
                                    const enum charge_type ctype)
  {
@@ -2917,7 +2906,7 @@ static void mem_cgroup_do_uncharge(struct mem_cgroup *mem,
          * uncharges. Then, it's ok to ignore memcg's refcnt.
          */
         if (!batch->memcg)
-               batch->memcg = mem;
+               batch->memcg = memcg;
         /*
          * do_batch > 0 when unmapping pages or inode invalidate/truncate.
          * In those cases, all pages freed continuously can be expected to be in
@@ -2937,7 +2926,7 @@ static void mem_cgroup_do_uncharge(struct mem_cgroup *mem,
          * merge a series of uncharges to an uncharge of res_counter.
          * If not, we uncharge res_counter ony by one.
          */
-       if (batch->memcg != mem)
+       if (batch->memcg != memcg)
                 goto direct_uncharge;
         /* remember freed charge and uncharge it later */
         batch->nr_pages++;
@@ -2945,12 +2934,11 @@ static void mem_cgroup_do_uncharge(struct mem_cgroup *mem,
                 batch->memsw_nr_pages++;
         return;
  direct_uncharge:
-       res_counter_uncharge(&mem->res, nr_pages * PAGE_SIZE);
+       res_counter_uncharge(&memcg->res, nr_pages * PAGE_SIZE);
         if (uncharge_memsw)
-               res_counter_uncharge(&mem->memsw, nr_pages * PAGE_SIZE);
-       if (unlikely(batch->memcg != mem))
-               memcg_oom_recover(mem);
-       return;
+               res_counter_uncharge(&memcg->memsw, nr_pages * PAGE_SIZE);
+       if (unlikely(batch->memcg != memcg))
+               memcg_oom_recover(memcg);
  }
  
  /*
@@ -2959,9 +2947,10 @@ direct_uncharge:
  static struct mem_cgroup *
  __mem_cgroup_uncharge_common(struct page *page, enum charge_type ctype)
  {
-       struct mem_cgroup *mem = NULL;
+       struct mem_cgroup *memcg = NULL;
         unsigned int nr_pages = 1;
         struct page_cgroup *pc;
+       bool anon;
  
         if (mem_cgroup_disabled())
                 return NULL;
@@ -2977,18 +2966,27 @@ __mem_cgroup_uncharge_common(struct page *page, enum charge_type ctype)
          * Check if our page_cgroup is valid
          */
         pc = lookup_page_cgroup(page);
-       if (unlikely(!pc || !PageCgroupUsed(pc)))
+       if (unlikely(!PageCgroupUsed(pc)))
                 return NULL;
  
         lock_page_cgroup(pc);
  
-       mem = pc->mem_cgroup;
+       memcg = pc->mem_cgroup;
  
         if (!PageCgroupUsed(pc))
                 goto unlock_out;
  
+       anon = PageAnon(page);
+
         switch (ctype) {
         case MEM_CGROUP_CHARGE_TYPE_MAPPED:
+               /*
+                * Generally PageAnon tells if it's the anon statistics to be
+                * updated; but sometimes e.g. mem_cgroup_uncharge_page() is
+                * used before page reached the stage of being marked PageAnon.
+                */
+               anon = true;
+               /* fallthrough */
         case MEM_CGROUP_CHARGE_TYPE_DROP:
                 /* See mem_cgroup_prepare_migration() */
                 if (page_mapped(page) || PageCgroupMigration(pc))
@@ -3005,7 +3003,7 @@ __mem_cgroup_uncharge_common(struct page *page, enum charge_type ctype)
                 break;
         }
  
-       mem_cgroup_charge_statistics(mem, PageCgroupCache(pc), -nr_pages);
+       mem_cgroup_charge_statistics(memcg, anon, -nr_pages);
  
         ClearPageCgroupUsed(pc);
         /*
@@ -3017,18 +3015,18 @@ __mem_cgroup_uncharge_common(struct page *page, enum charge_type ctype)
  
         unlock_page_cgroup(pc);
         /*
-        * even after unlock, we have mem->res.usage here and this memcg
+        * even after unlock, we have memcg->res.usage here and this memcg
          * will never be freed.
          */
-       memcg_check_events(mem, page);
+       memcg_check_events(memcg, page);
         if (do_swap_account && ctype == MEM_CGROUP_CHARGE_TYPE_SWAPOUT) {
-               mem_cgroup_swap_statistics(mem, true);
-               mem_cgroup_get(mem);
+               mem_cgroup_swap_statistics(memcg, true);
+               mem_cgroup_get(memcg);
         }
-       if (!mem_cgroup_is_root(mem))
-               mem_cgroup_do_uncharge(mem, nr_pages, ctype);
+       if (!mem_cgroup_is_root(memcg))
+               mem_cgroup_do_uncharge(memcg, nr_pages, ctype);
  
-       return mem;
+       return memcg;
  
  unlock_out:
         unlock_page_cgroup(pc);
@@ -3040,8 +3038,7 @@ void mem_cgroup_uncharge_page(struct page *page)
         /* early check. */
         if (page_mapped(page))
                 return;
-       if (page->mapping && !PageAnon(page))
-               return;
+       VM_BUG_ON(page->mapping && !PageAnon(page));
         __mem_cgroup_uncharge_common(page, MEM_CGROUP_CHARGE_TYPE_MAPPED);
  }
  
@@ -3216,14 +3213,14 @@ static inline int mem_cgroup_move_swap_account(swp_entry_t entry,
   * page belongs to.
   */
  int mem_cgroup_prepare_migration(struct page *page,
-       struct page *newpage, struct mem_cgroup **ptr, gfp_t gfp_mask)
+       struct page *newpage, struct mem_cgroup **memcgp, gfp_t gfp_mask)
  {
-       struct mem_cgroup *mem = NULL;
+       struct mem_cgroup *memcg = NULL;
         struct page_cgroup *pc;
         enum charge_type ctype;
         int ret = 0;
  
-       *ptr = NULL;
+       *memcgp = NULL;
  
         VM_BUG_ON(PageTransHuge(page));
         if (mem_cgroup_disabled())
@@ -3232,8 +3229,8 @@ int mem_cgroup_prepare_migration(struct page *page,
         pc = lookup_page_cgroup(page);
         lock_page_cgroup(pc);
         if (PageCgroupUsed(pc)) {
-               mem = pc->mem_cgroup;
-               css_get(&mem->css);
+               memcg = pc->mem_cgroup;
+               css_get(&memcg->css);
                 /*
                  * At migrating an anonymous page, its mapcount goes down
                  * to 0 and uncharge() will be called. But, even if it's fully
@@ -3271,13 +3268,13 @@ int mem_cgroup_prepare_migration(struct page *page,
          * If the page is not charged at this point,
          * we return here.
          */
-       if (!mem)
+       if (!memcg)
                 return 0;
  
-       *ptr = mem;
-       ret = __mem_cgroup_try_charge(NULL, gfp_mask, 1, ptr, false);
-       css_put(&mem->css);/* drop extra refcnt */
-       if (ret || *ptr == NULL) {
+       *memcgp = memcg;
+       ret = __mem_cgroup_try_charge(NULL, gfp_mask, 1, memcgp, false);
+       css_put(&memcg->css);/* drop extra refcnt */
+       if (ret) {
                 if (PageAnon(page)) {
                         lock_page_cgroup(pc);
                         ClearPageCgroupMigration(pc);
@@ -3287,6 +3284,7 @@ int mem_cgroup_prepare_migration(struct page *page,
                          */
                         mem_cgroup_uncharge_page(page);
                 }
+               /* we'll need to revisit this error code (we have -EINTR) */
                 return -ENOMEM;
         }
         /*
@@ -3295,28 +3293,28 @@ int mem_cgroup_prepare_migration(struct page *page,
          * page. In the case new page is migrated but not remapped, new page's
          * mapcount will be finally 0 and we call uncharge in end_migration().
          */
-       pc = lookup_page_cgroup(newpage);
         if (PageAnon(page))
                 ctype = MEM_CGROUP_CHARGE_TYPE_MAPPED;
         else if (page_is_file_cache(page))
                 ctype = MEM_CGROUP_CHARGE_TYPE_CACHE;
         else
                 ctype = MEM_CGROUP_CHARGE_TYPE_SHMEM;
-       __mem_cgroup_commit_charge(mem, page, 1, pc, ctype);
+       __mem_cgroup_commit_charge(memcg, newpage, 1, ctype, false);
         return ret;
  }
  
  /* remove redundant charge if migration failed*/
-void mem_cgroup_end_migration(struct mem_cgroup *mem,
+void mem_cgroup_end_migration(struct mem_cgroup *memcg,
         struct page *oldpage, struct page *newpage, bool migration_ok)
  {
         struct page *used, *unused;
         struct page_cgroup *pc;
+       bool anon;
  
-       if (!mem)
+       if (!memcg)
                 return;
         /* blocks rmdir() */
-       cgroup_exclude_rmdir(&mem->css);
+       cgroup_exclude_rmdir(&memcg->css);
         if (!migration_ok) {
                 used = oldpage;
                 unused = newpage;
@@ -3333,8 +3331,10 @@ void mem_cgroup_end_migration(struct mem_cgroup *mem,
         lock_page_cgroup(pc);
         ClearPageCgroupMigration(pc);
         unlock_page_cgroup(pc);
-
-       __mem_cgroup_uncharge_common(unused, MEM_CGROUP_CHARGE_TYPE_FORCE);
+       anon = PageAnon(used);
+       __mem_cgroup_uncharge_common(unused,
+               anon ? MEM_CGROUP_CHARGE_TYPE_MAPPED
+                    : MEM_CGROUP_CHARGE_TYPE_CACHE);
  
         /*
          * If a page is a file cache, radix-tree replacement is very atomic
@@ -3344,7 +3344,7 @@ void mem_cgroup_end_migration(struct mem_cgroup *mem,
          * and USED bit check in mem_cgroup_uncharge_page() will do enough
          * check. (see prepare_charge() also)
          */
-       if (PageAnon(used))
+       if (anon)
                 mem_cgroup_uncharge_page(used);
         /*
          * At migration, we may charge account against cgroup which has no
@@ -3352,7 +3352,41 @@ void mem_cgroup_end_migration(struct mem_cgroup *mem,
          * So, rmdir()->pre_destroy() can be called while we do this charge.
          * In that case, we need to call pre_destroy() again. check it here.
          */
-       cgroup_release_and_wakeup_rmdir(&mem->css);
+       cgroup_release_and_wakeup_rmdir(&memcg->css);
+}
+
+/*
+ * At replace page cache, newpage is not under any memcg but it's on
+ * LRU. So, this function doesn't touch res_counter but handles LRU
+ * in correct way. Both pages are locked so we cannot race with uncharge.
+ */
+void mem_cgroup_replace_page_cache(struct page *oldpage,
+                                 struct page *newpage)
+{
+       struct mem_cgroup *memcg;
+       struct page_cgroup *pc;
+       enum charge_type type = MEM_CGROUP_CHARGE_TYPE_CACHE;
+
+       if (mem_cgroup_disabled())
+               return;
+
+       pc = lookup_page_cgroup(oldpage);
+       /* fix accounting on old pages */
+       lock_page_cgroup(pc);
+       memcg = pc->mem_cgroup;
+       mem_cgroup_charge_statistics(memcg, false, -1);
+       ClearPageCgroupUsed(pc);
+       unlock_page_cgroup(pc);
+
+       if (PageSwapBacked(oldpage))
+               type = MEM_CGROUP_CHARGE_TYPE_SHMEM;
+
+       /*
+        * Even if newpage->mapping was NULL before starting replacement,
+        * the newpage may be on LRU(or pagevec for LRU) already. We lock
+        * LRU while we overwrite pc->mem_cgroup.
+        */
+       __mem_cgroup_commit_charge(memcg, newpage, 1, type, true);
  }
  
  #ifdef CONFIG_DEBUG_VM
@@ -3361,6 +3395,11 @@ static struct page_cgroup *lookup_page_cgroup_used(struct page *page)
         struct page_cgroup *pc;
  
         pc = lookup_page_cgroup(page);
+       /*
+        * Can be NULL while feeding pages into the page allocator for
+        * the first time, i.e. during boot or memory hotplug;
+        * or when mem_cgroup_disabled().
+        */
         if (likely(pc) && PageCgroupUsed(pc))
                 return pc;
         return NULL;
@@ -3380,23 +3419,8 @@ void mem_cgroup_print_bad_page(struct page *page)
  
         pc = lookup_page_cgroup_used(page);
         if (pc) {
-               int ret = -1;
-               char *path;
-
-               printk(KERN_ALERT "pc:%p pc->flags:%lx pc->mem_cgroup:%p",
+               printk(KERN_ALERT "pc:%p pc->flags:%lx pc->mem_cgroup:%p\n",
                        pc, pc->flags, pc->mem_cgroup);
-
-               path = kmalloc(PATH_MAX, GFP_KERNEL);
-               if (path) {
-                       rcu_read_lock();
-                       ret = cgroup_path(pc->mem_cgroup->css.cgroup,
-                                                       path, PATH_MAX);
-                       rcu_read_unlock();
-               }
-
-               printk(KERN_CONT "(%s)\n",
-                               (ret < 0) ? "cannot get the path" : path);
-               kfree(path);
         }
  }
  #endif
@@ -3431,7 +3455,7 @@ static int mem_cgroup_resize_limit(struct mem_cgroup *memcg,
                 /*
                  * Rather than hide all in some function, I do this in
                  * open coded manner. You see what this really does.
-                * We have to guarantee mem->res.limit < mem->memsw.limit.
+                * We have to guarantee memcg->res.limit < memcg->memsw.limit.
                  */
                 mutex_lock(&set_limit_mutex);
                 memswlimit = res_counter_read_u64(&memcg->memsw, RES_LIMIT);
@@ -3457,9 +3481,8 @@ static int mem_cgroup_resize_limit(struct mem_cgroup *memcg,
                 if (!ret)
                         break;
  
-               mem_cgroup_hierarchical_reclaim(memcg, NULL, GFP_KERNEL,
-                                               MEM_CGROUP_RECLAIM_SHRINK,
-                                               NULL);
+               mem_cgroup_reclaim(memcg, GFP_KERNEL,
+                                  MEM_CGROUP_RECLAIM_SHRINK);
                 curusage = res_counter_read_u64(&memcg->res, RES_USAGE);
                 /* Usage is reduced ? */
                 if (curusage >= oldusage)
@@ -3493,7 +3516,7 @@ static int mem_cgroup_resize_memsw_limit(struct mem_cgroup *memcg,
                 /*
                  * Rather than hide all in some function, I do this in
                  * open coded manner. You see what this really does.
-                * We have to guarantee mem->res.limit < mem->memsw.limit.
+                * We have to guarantee memcg->res.limit < memcg->memsw.limit.
                  */
                 mutex_lock(&set_limit_mutex);
                 memlimit = res_counter_read_u64(&memcg->res, RES_LIMIT);
@@ -3517,10 +3540,9 @@ static int mem_cgroup_resize_memsw_limit(struct mem_cgroup *memcg,
                 if (!ret)
                         break;
  
-               mem_cgroup_hierarchical_reclaim(memcg, NULL, GFP_KERNEL,
-                                               MEM_CGROUP_RECLAIM_NOSWAP |
-                                               MEM_CGROUP_RECLAIM_SHRINK,
-                                               NULL);
+               mem_cgroup_reclaim(memcg, GFP_KERNEL,
+                                  MEM_CGROUP_RECLAIM_NOSWAP |
+                                  MEM_CGROUP_RECLAIM_SHRINK);
                 curusage = res_counter_read_u64(&memcg->memsw, RES_USAGE);
                 /* Usage is reduced ? */
                 if (curusage >= oldusage)
@@ -3563,10 +3585,8 @@ unsigned long mem_cgroup_soft_limit_reclaim(struct zone *zone, int order,
                         break;
  
                 nr_scanned = 0;
-               reclaimed = mem_cgroup_hierarchical_reclaim(mz->mem, zone,
-                                               gfp_mask,
-                                               MEM_CGROUP_RECLAIM_SOFT,
-                                               &nr_scanned);
+               reclaimed = mem_cgroup_soft_reclaim(mz->memcg, zone,
+                                                   gfp_mask, &nr_scanned);
                 nr_reclaimed += reclaimed;
                 *total_scanned += nr_scanned;
                 spin_lock(&mctz->lock);
@@ -3592,13 +3612,13 @@ unsigned long mem_cgroup_soft_limit_reclaim(struct zone *zone, int order,
                                 next_mz =
                                 __mem_cgroup_largest_soft_limit_node(mctz);
                                 if (next_mz == mz)
-                                       css_put(&next_mz->mem->css);
+                                       css_put(&next_mz->memcg->css);
                                 else /* next_mz == NULL or other memcg */
                                         break;
                         } while (1);
                 }
-               __mem_cgroup_remove_exceeded(mz->mem, mz, mctz);
-               excess = res_counter_soft_limit_excess(&mz->mem->res);
+               __mem_cgroup_remove_exceeded(mz->memcg, mz, mctz);
+               excess = res_counter_soft_limit_excess(&mz->memcg->res);
                 /*
                  * One school of thought says that we should not add
                  * back the node to the tree if reclaim returns 0.
@@ -3608,9 +3628,9 @@ unsigned long mem_cgroup_soft_limit_reclaim(struct zone *zone, int order,
                  * term TODO.
                  */
                 /* If excess == 0, no tree ops */
-               __mem_cgroup_insert_exceeded(mz->mem, mz, mctz, excess);
+               __mem_cgroup_insert_exceeded(mz->memcg, mz, mctz, excess);
                 spin_unlock(&mctz->lock);
-               css_put(&mz->mem->css);
+               css_put(&mz->memcg->css);
                 loop++;
                 /*
                  * Could not reclaim anything and there are no more
@@ -3623,7 +3643,7 @@ unsigned long mem_cgroup_soft_limit_reclaim(struct zone *zone, int order,
                         break;
         } while (!nr_reclaimed);
         if (next_mz)
-               css_put(&next_mz->mem->css);
+               css_put(&next_mz->memcg->css);
         return nr_reclaimed;
  }
  
@@ -3631,25 +3651,26 @@ unsigned long mem_cgroup_soft_limit_reclaim(struct zone *zone, int order,
   * This routine traverse page_cgroup in given list and drop them all.
   * *And* this routine doesn't reclaim page itself, just removes page_cgroup.
   */
-static int mem_cgroup_force_empty_list(struct mem_cgroup *mem,
+static int mem_cgroup_force_empty_list(struct mem_cgroup *memcg,
                                 int node, int zid, enum lru_list lru)
  {
-       struct zone *zone;
         struct mem_cgroup_per_zone *mz;
-       struct page_cgroup *pc, *busy;
         unsigned long flags, loop;
         struct list_head *list;
+       struct page *busy;
+       struct zone *zone;
         int ret = 0;
  
         zone = &NODE_DATA(node)->node_zones[zid];
-       mz = mem_cgroup_zoneinfo(mem, node, zid);
-       list = &mz->lists[lru];
+       mz = mem_cgroup_zoneinfo(memcg, node, zid);
+       list = &mz->lruvec.lists[lru];
  
-       loop = MEM_CGROUP_ZSTAT(mz, lru);
+       loop = mz->lru_size[lru];
         /* give some margin against EBUSY etc...*/
         loop += 256;
         busy = NULL;
         while (loop--) {
+               struct page_cgroup *pc;
                 struct page *page;
  
                 ret = 0;
@@ -3658,24 +3679,24 @@ static int mem_cgroup_force_empty_list(struct mem_cgroup *mem,
                         spin_unlock_irqrestore(&zone->lru_lock, flags);
                         break;
                 }
-               pc = list_entry(list->prev, struct page_cgroup, lru);
-               if (busy == pc) {
-                       list_move(&pc->lru, list);
+               page = list_entry(list->prev, struct page, lru);
+               if (busy == page) {
+                       list_move(&page->lru, list);
                         busy = NULL;
                         spin_unlock_irqrestore(&zone->lru_lock, flags);
                         continue;
                 }
                 spin_unlock_irqrestore(&zone->lru_lock, flags);
  
-               page = lookup_cgroup_page(pc);
+               pc = lookup_page_cgroup(page);
  
-               ret = mem_cgroup_move_parent(page, pc, mem, GFP_KERNEL);
-               if (ret == -ENOMEM)
+               ret = mem_cgroup_move_parent(page, pc, memcg, GFP_KERNEL);
+               if (ret == -ENOMEM || ret == -EINTR)
                         break;
  
                 if (ret == -EBUSY || ret == -EINVAL) {
                         /* found lock contention or "pc" is obsolete. */
-                       busy = pc;
+                       busy = page;
                         cond_resched();
                 } else
                         busy = NULL;
@@ -3690,14 +3711,14 @@ static int mem_cgroup_force_empty_list(struct mem_cgroup *mem,
   * make mem_cgroup's charge to be 0 if there is no task.
   * This enables deleting this mem_cgroup.
   */
-static int mem_cgroup_force_empty(struct mem_cgroup *mem, bool free_all)
+static int mem_cgroup_force_empty(struct mem_cgroup *memcg, bool free_all)
  {
         int ret;
         int node, zid, shrink;
         int nr_retries = MEM_CGROUP_RECLAIM_RETRIES;
-       struct cgroup *cgrp = mem->css.cgroup;
+       struct cgroup *cgrp = memcg->css.cgroup;
  
-       css_get(&mem->css);
+       css_get(&memcg->css);
  
         shrink = 0;
         /* should free all ? */
@@ -3713,15 +3734,15 @@ move_account:
                         goto out;
                 /* This is for making all *used* pages to be on LRU. */
                 lru_add_drain_all();
-               drain_all_stock_sync(mem);
+               drain_all_stock_sync(memcg);
                 ret = 0;
-               mem_cgroup_start_move(mem);
+               mem_cgroup_start_move(memcg);
                 for_each_node_state(node, N_HIGH_MEMORY) {
                         for (zid = 0; !ret && zid < MAX_NR_ZONES; zid++) {
-                               enum lru_list l;
-                               for_each_lru(l) {
-                                       ret = mem_cgroup_force_empty_list(mem,
-                                                       node, zid, l);
+                               enum lru_list lru;
+                               for_each_lru(lru) {
+                                       ret = mem_cgroup_force_empty_list(memcg,
+                                                       node, zid, lru);
                                         if (ret)
                                                 break;
                                 }
@@ -3729,16 +3750,16 @@ move_account:
                         if (ret)
                                 break;
                 }
-               mem_cgroup_end_move(mem);
-               memcg_oom_recover(mem);
+               mem_cgroup_end_move(memcg);
+               memcg_oom_recover(memcg);
                 /* it seems parent cgroup doesn't have enough mem */
                 if (ret == -ENOMEM)
                         goto try_to_free;
                 cond_resched();
         /* "ret" should also be checked to ensure all lists are empty. */
-       } while (mem->res.usage > 0 || ret);
+       } while (res_counter_read_u64(&memcg->res, RES_USAGE) > 0 || ret);
  out:
-       css_put(&mem->css);
+       css_put(&memcg->css);
         return ret;
  
  try_to_free:
@@ -3751,14 +3772,14 @@ try_to_free:
         lru_add_drain_all();
         /* try to free all pages in this cgroup */
         shrink = 1;
-       while (nr_retries && mem->res.usage > 0) {
+       while (nr_retries && res_counter_read_u64(&memcg->res, RES_USAGE) > 0) {
                 int progress;
  
                 if (signal_pending(current)) {
                         ret = -EINTR;
                         goto out;
                 }
-               progress = try_to_free_mem_cgroup_pages(mem, GFP_KERNEL,
+               progress = try_to_free_mem_cgroup_pages(memcg, GFP_KERNEL,
                                                 false);
                 if (!progress) {
                         nr_retries--;
@@ -3787,12 +3808,12 @@ static int mem_cgroup_hierarchy_write(struct cgroup *cont, struct cftype *cft,
                                         u64 val)
  {
         int retval = 0;
-       struct mem_cgroup *mem = mem_cgroup_from_cont(cont);
+       struct mem_cgroup *memcg = mem_cgroup_from_cont(cont);
         struct cgroup *parent = cont->parent;
-       struct mem_cgroup *parent_mem = NULL;
+       struct mem_cgroup *parent_memcg = NULL;
  
         if (parent)
-               parent_mem = mem_cgroup_from_cont(parent);
+               parent_memcg = mem_cgroup_from_cont(parent);
  
         cgroup_lock();
         /*
@@ -3803,10 +3824,10 @@ static int mem_cgroup_hierarchy_write(struct cgroup *cont, struct cftype *cft,
          * For the root cgroup, parent_mem is NULL, we allow value to be
          * set if there are no children.
          */
-       if ((!parent_mem || !parent_mem->use_hierarchy) &&
+       if ((!parent_memcg || !parent_memcg->use_hierarchy) &&
                                 (val == 1 || val == 0)) {
                 if (list_empty(&cont->children))
-                       mem->use_hierarchy = val;
+                       memcg->use_hierarchy = val;
                 else
                         retval = -EBUSY;
         } else
@@ -3817,14 +3838,14 @@ static int mem_cgroup_hierarchy_write(struct cgroup *cont, struct cftype *cft,
  }
  
  
-static unsigned long mem_cgroup_recursive_stat(struct mem_cgroup *mem,
+static unsigned long mem_cgroup_recursive_stat(struct mem_cgroup *memcg,
                                                enum mem_cgroup_stat_index idx)
  {
         struct mem_cgroup *iter;
         long val = 0;
  
         /* Per-cpu values can be negative, use a signed accumulator */
-       for_each_mem_cgroup_tree(iter, mem)
+       for_each_mem_cgroup_tree(iter, memcg)
                 val += mem_cgroup_read_stat(iter, idx);
  
         if (val < 0) /* race ? */
@@ -3832,29 +3853,29 @@ static unsigned long mem_cgroup_recursive_stat(struct mem_cgroup *mem,
         return val;
  }
  
-static inline u64 mem_cgroup_usage(struct mem_cgroup *mem, bool swap)
+static inline u64 mem_cgroup_usage(struct mem_cgroup *memcg, bool swap)
  {
         u64 val;
  
-       if (!mem_cgroup_is_root(mem)) {
+       if (!mem_cgroup_is_root(memcg)) {
                 if (!swap)
-                       return res_counter_read_u64(&mem->res, RES_USAGE);
+                       return res_counter_read_u64(&memcg->res, RES_USAGE);
                 else
-                       return res_counter_read_u64(&mem->memsw, RES_USAGE);
+                       return res_counter_read_u64(&memcg->memsw, RES_USAGE);
         }
  
-       val = mem_cgroup_recursive_stat(mem, MEM_CGROUP_STAT_CACHE);
-       val += mem_cgroup_recursive_stat(mem, MEM_CGROUP_STAT_RSS);
+       val = mem_cgroup_recursive_stat(memcg, MEM_CGROUP_STAT_CACHE);
+       val += mem_cgroup_recursive_stat(memcg, MEM_CGROUP_STAT_RSS);
  
         if (swap)
-               val += mem_cgroup_recursive_stat(mem, MEM_CGROUP_STAT_SWAPOUT);
+               val += mem_cgroup_recursive_stat(memcg, MEM_CGROUP_STAT_SWAPOUT);
  
         return val << PAGE_SHIFT;
  }
  
  static u64 mem_cgroup_read(struct cgroup *cont, struct cftype *cft)
  {
-       struct mem_cgroup *mem = mem_cgroup_from_cont(cont);
+       struct mem_cgroup *memcg = mem_cgroup_from_cont(cont);
         u64 val;
         int type, name;
  
@@ -3863,19 +3884,18 @@ static u64 mem_cgroup_read(struct cgroup *cont, struct cftype *cft)
         switch (type) {
         case _MEM:
                 if (name == RES_USAGE)
-                       val = mem_cgroup_usage(mem, false);
+                       val = mem_cgroup_usage(memcg, false);
                 else
-                       val = res_counter_read_u64(&mem->res, name);
+                       val = res_counter_read_u64(&memcg->res, name);
                 break;
         case _MEMSWAP:
                 if (name == RES_USAGE)
-                       val = mem_cgroup_usage(mem, true);
+                       val = mem_cgroup_usage(memcg, true);
                 else
-                       val = res_counter_read_u64(&mem->memsw, name);
+                       val = res_counter_read_u64(&memcg->memsw, name);
                 break;
         default:
                 BUG();
-               break;
         }
         return val;
  }
@@ -3954,29 +3974,28 @@ static void memcg_get_hierarchical_limit(struct mem_cgroup *memcg,
  out:
         *mem_limit = min_limit;
         *memsw_limit = min_memsw_limit;
-       return;
  }
  
  static int mem_cgroup_reset(struct cgroup *cont, unsigned int event)
  {
-       struct mem_cgroup *mem;
+       struct mem_cgroup *memcg;
         int type, name;
  
-       mem = mem_cgroup_from_cont(cont);
+       memcg = mem_cgroup_from_cont(cont);
         type = MEMFILE_TYPE(event);
         name = MEMFILE_ATTR(event);
         switch (name) {
         case RES_MAX_USAGE:
                 if (type == _MEM)
-                       res_counter_reset_max(&mem->res);
+                       res_counter_reset_max(&memcg->res);
                 else
-                       res_counter_reset_max(&mem->memsw);
+                       res_counter_reset_max(&memcg->memsw);
                 break;
         case RES_FAILCNT:
                 if (type == _MEM)
-                       res_counter_reset_failcnt(&mem->res);
+                       res_counter_reset_failcnt(&memcg->res);
                 else
-                       res_counter_reset_failcnt(&mem->memsw);
+                       res_counter_reset_failcnt(&memcg->memsw);
                 break;
         }
  
@@ -3993,7 +4012,7 @@ static u64 mem_cgroup_move_charge_read(struct cgroup *cgrp,
  static int mem_cgroup_move_charge_write(struct cgroup *cgrp,
                                         struct cftype *cft, u64 val)
  {
-       struct mem_cgroup *mem = mem_cgroup_from_cont(cgrp);
+       struct mem_cgroup *memcg = mem_cgroup_from_cont(cgrp);
  
         if (val >= (1 << NR_MOVE_TYPE))
                 return -EINVAL;
@@ -4003,7 +4022,7 @@ static int mem_cgroup_move_charge_write(struct cgroup *cgrp,
          * inconsistent.
          */
         cgroup_lock();
-       mem->move_charge_at_immigrate = val;
+       memcg->move_charge_at_immigrate = val;
         cgroup_unlock();
  
         return 0;
@@ -4060,49 +4079,49 @@ struct {
  
  
  static void
-mem_cgroup_get_local_stat(struct mem_cgroup *mem, struct mcs_total_stat *s)
+mem_cgroup_get_local_stat(struct mem_cgroup *memcg, struct mcs_total_stat *s)
  {
         s64 val;
  
         /* per cpu stat */
-       val = mem_cgroup_read_stat(mem, MEM_CGROUP_STAT_CACHE);
+       val = mem_cgroup_read_stat(memcg, MEM_CGROUP_STAT_CACHE);
         s->stat[MCS_CACHE] += val * PAGE_SIZE;
-       val = mem_cgroup_read_stat(mem, MEM_CGROUP_STAT_RSS);
+       val = mem_cgroup_read_stat(memcg, MEM_CGROUP_STAT_RSS);
         s->stat[MCS_RSS] += val * PAGE_SIZE;
-       val = mem_cgroup_read_stat(mem, MEM_CGROUP_STAT_FILE_MAPPED);
+       val = mem_cgroup_read_stat(memcg, MEM_CGROUP_STAT_FILE_MAPPED);
         s->stat[MCS_FILE_MAPPED] += val * PAGE_SIZE;
-       val = mem_cgroup_read_events(mem, MEM_CGROUP_EVENTS_PGPGIN);
+       val = mem_cgroup_read_events(memcg, MEM_CGROUP_EVENTS_PGPGIN);
         s->stat[MCS_PGPGIN] += val;
-       val = mem_cgroup_read_events(mem, MEM_CGROUP_EVENTS_PGPGOUT);
+       val = mem_cgroup_read_events(memcg, MEM_CGROUP_EVENTS_PGPGOUT);
         s->stat[MCS_PGPGOUT] += val;
         if (do_swap_account) {
-               val = mem_cgroup_read_stat(mem, MEM_CGROUP_STAT_SWAPOUT);
+               val = mem_cgroup_read_stat(memcg, MEM_CGROUP_STAT_SWAPOUT);
                 s->stat[MCS_SWAP] += val * PAGE_SIZE;
         }
-       val = mem_cgroup_read_events(mem, MEM_CGROUP_EVENTS_PGFAULT);
+       val = mem_cgroup_read_events(memcg, MEM_CGROUP_EVENTS_PGFAULT);
         s->stat[MCS_PGFAULT] += val;
-       val = mem_cgroup_read_events(mem, MEM_CGROUP_EVENTS_PGMAJFAULT);
+       val = mem_cgroup_read_events(memcg, MEM_CGROUP_EVENTS_PGMAJFAULT);
         s->stat[MCS_PGMAJFAULT] += val;
  
         /* per zone stat */
-       val = mem_cgroup_nr_lru_pages(mem, BIT(LRU_INACTIVE_ANON));
+       val = mem_cgroup_nr_lru_pages(memcg, BIT(LRU_INACTIVE_ANON));
         s->stat[MCS_INACTIVE_ANON] += val * PAGE_SIZE;
-       val = mem_cgroup_nr_lru_pages(mem, BIT(LRU_ACTIVE_ANON));
+       val = mem_cgroup_nr_lru_pages(memcg, BIT(LRU_ACTIVE_ANON));
         s->stat[MCS_ACTIVE_ANON] += val * PAGE_SIZE;
-       val = mem_cgroup_nr_lru_pages(mem, BIT(LRU_INACTIVE_FILE));
+       val = mem_cgroup_nr_lru_pages(memcg, BIT(LRU_INACTIVE_FILE));
         s->stat[MCS_INACTIVE_FILE] += val * PAGE_SIZE;
-       val = mem_cgroup_nr_lru_pages(mem, BIT(LRU_ACTIVE_FILE));
+       val = mem_cgroup_nr_lru_pages(memcg, BIT(LRU_ACTIVE_FILE));
         s->stat[MCS_ACTIVE_FILE] += val * PAGE_SIZE;
-       val = mem_cgroup_nr_lru_pages(mem, BIT(LRU_UNEVICTABLE));
+       val = mem_cgroup_nr_lru_pages(memcg, BIT(LRU_UNEVICTABLE));
         s->stat[MCS_UNEVICTABLE] += val * PAGE_SIZE;
  }
  
  static void
-mem_cgroup_get_total_stat(struct mem_cgroup *mem, struct mcs_total_stat *s)
+mem_cgroup_get_total_stat(struct mem_cgroup *memcg, struct mcs_total_stat *s)
  {
         struct mem_cgroup *iter;
  
-       for_each_mem_cgroup_tree(iter, mem)
+       for_each_mem_cgroup_tree(iter, memcg)
                 mem_cgroup_get_local_stat(iter, s);
  }
  
@@ -4113,38 +4132,38 @@ static int mem_control_numa_stat_show(struct seq_file *m, void *arg)
         unsigned long total_nr, file_nr, anon_nr, unevictable_nr;
         unsigned long node_nr;
         struct cgroup *cont = m->private;
-       struct mem_cgroup *mem_cont = mem_cgroup_from_cont(cont);
+       struct mem_cgroup *memcg = mem_cgroup_from_cont(cont);
  
-       total_nr = mem_cgroup_nr_lru_pages(mem_cont, LRU_ALL);
+       total_nr = mem_cgroup_nr_lru_pages(memcg, LRU_ALL);
         seq_printf(m, "total=%lu", total_nr);
         for_each_node_state(nid, N_HIGH_MEMORY) {
-               node_nr = mem_cgroup_node_nr_lru_pages(mem_cont, nid, LRU_ALL);
+               node_nr = mem_cgroup_node_nr_lru_pages(memcg, nid, LRU_ALL);
                 seq_printf(m, " N%d=%lu", nid, node_nr);
         }
         seq_putc(m, '\n');
  
-       file_nr = mem_cgroup_nr_lru_pages(mem_cont, LRU_ALL_FILE);
+       file_nr = mem_cgroup_nr_lru_pages(memcg, LRU_ALL_FILE);
         seq_printf(m, "file=%lu", file_nr);
         for_each_node_state(nid, N_HIGH_MEMORY) {
-               node_nr = mem_cgroup_node_nr_lru_pages(mem_cont, nid,
+               node_nr = mem_cgroup_node_nr_lru_pages(memcg, nid,
                                 LRU_ALL_FILE);
                 seq_printf(m, " N%d=%lu", nid, node_nr);
         }
         seq_putc(m, '\n');
  
-       anon_nr = mem_cgroup_nr_lru_pages(mem_cont, LRU_ALL_ANON);
+       anon_nr = mem_cgroup_nr_lru_pages(memcg, LRU_ALL_ANON);
         seq_printf(m, "anon=%lu", anon_nr);
         for_each_node_state(nid, N_HIGH_MEMORY) {
-               node_nr = mem_cgroup_node_nr_lru_pages(mem_cont, nid,
+               node_nr = mem_cgroup_node_nr_lru_pages(memcg, nid,
                                 LRU_ALL_ANON);
                 seq_printf(m, " N%d=%lu", nid, node_nr);
         }
         seq_putc(m, '\n');
  
-       unevictable_nr = mem_cgroup_nr_lru_pages(mem_cont, BIT(LRU_UNEVICTABLE));
+       unevictable_nr = mem_cgroup_nr_lru_pages(memcg, BIT(LRU_UNEVICTABLE));
         seq_printf(m, "unevictable=%lu", unevictable_nr);
         for_each_node_state(nid, N_HIGH_MEMORY) {
-               node_nr = mem_cgroup_node_nr_lru_pages(mem_cont, nid,
+               node_nr = mem_cgroup_node_nr_lru_pages(memcg, nid,
                                 BIT(LRU_UNEVICTABLE));
                 seq_printf(m, " N%d=%lu", nid, node_nr);
         }
@@ -4156,12 +4175,12 @@ static int mem_control_numa_stat_show(struct seq_file *m, void *arg)
  static int mem_control_stat_show(struct cgroup *cont, struct cftype *cft,
                                  struct cgroup_map_cb *cb)
  {
-       struct mem_cgroup *mem_cont = mem_cgroup_from_cont(cont);
+       struct mem_cgroup *memcg = mem_cgroup_from_cont(cont);
         struct mcs_total_stat mystat;
         int i;
  
         memset(&mystat, 0, sizeof(mystat));
-       mem_cgroup_get_local_stat(mem_cont, &mystat);
+       mem_cgroup_get_local_stat(memcg, &mystat);
  
  
         for (i = 0; i < NR_MCS_STAT; i++) {
@@ -4173,14 +4192,14 @@ static int mem_control_stat_show(struct cgroup *cont, struct cftype *cft,
         /* Hierarchical information */
         {
                 unsigned long long limit, memsw_limit;
-               memcg_get_hierarchical_limit(mem_cont, &limit, &memsw_limit);
+               memcg_get_hierarchical_limit(memcg, &limit, &memsw_limit);
                 cb->fill(cb, "hierarchical_memory_limit", limit);
                 if (do_swap_account)
                         cb->fill(cb, "hierarchical_memsw_limit", memsw_limit);
         }
  
         memset(&mystat, 0, sizeof(mystat));
-       mem_cgroup_get_total_stat(mem_cont, &mystat);
+       mem_cgroup_get_total_stat(memcg, &mystat);
         for (i = 0; i < NR_MCS_STAT; i++) {
                 if (i == MCS_SWAP && !do_swap_account)
                         continue;
@@ -4188,8 +4207,6 @@ static int mem_control_stat_show(struct cgroup *cont, struct cftype *cft,
         }
  
  #ifdef CONFIG_DEBUG_VM
-       cb->fill(cb, "inactive_ratio", calc_inactive_ratio(mem_cont, NULL));
-
         {
                 int nid, zid;
                 struct mem_cgroup_per_zone *mz;
@@ -4198,7 +4215,7 @@ static int mem_control_stat_show(struct cgroup *cont, struct cftype *cft,
  
                 for_each_online_node(nid)
                         for (zid = 0; zid < MAX_NR_ZONES; zid++) {
-                               mz = mem_cgroup_zoneinfo(mem_cont, nid, zid);
+                               mz = mem_cgroup_zoneinfo(memcg, nid, zid);
  
                                 recent_rotated[0] +=
                                         mz->reclaim_stat.recent_rotated[0];
@@ -4326,20 +4343,20 @@ static int compare_thresholds(const void *a, const void *b)
         return _a->threshold - _b->threshold;
  }
  
-static int mem_cgroup_oom_notify_cb(struct mem_cgroup *mem)
+static int mem_cgroup_oom_notify_cb(struct mem_cgroup *memcg)
  {
         struct mem_cgroup_eventfd_list *ev;
  
-       list_for_each_entry(ev, &mem->oom_notify, list)
+       list_for_each_entry(ev, &memcg->oom_notify, list)
                 eventfd_signal(ev->eventfd, 1);
         return 0;
  }
  
-static void mem_cgroup_oom_notify(struct mem_cgroup *mem)
+static void mem_cgroup_oom_notify(struct mem_cgroup *memcg)
  {
         struct mem_cgroup *iter;
  
-       for_each_mem_cgroup_tree(iter, mem)
+       for_each_mem_cgroup_tree(iter, memcg)
                 mem_cgroup_oom_notify_cb(iter);
  }
  
@@ -4443,11 +4460,8 @@ static void mem_cgroup_usage_unregister_event(struct cgroup *cgrp,
         else
                 BUG();
  
-       /*
-        * Something went wrong if we trying to unregister a threshold
-        * if we don't have thresholds
-        */
-       BUG_ON(!thresholds);
+       if (!thresholds->primary)
+               goto unlock;
  
         usage = mem_cgroup_usage(memcg, type == _MEMSWAP);
  
@@ -4493,11 +4507,17 @@ static void mem_cgroup_usage_unregister_event(struct cgroup *cgrp,
  swap_buffers:
         /* Swap primary and spare array */
         thresholds->spare = thresholds->primary;
+       /* If all events are unregistered, free the spare array */
+       if (!new) {
+               kfree(thresholds->spare);
+               thresholds->spare = NULL;
+       }
+
         rcu_assign_pointer(thresholds->primary, new);
  
         /* To be sure that nobody uses thresholds */
         synchronize_rcu();
-
+unlock:
         mutex_unlock(&memcg->thresholds_lock);
  }
  
@@ -4529,7 +4549,7 @@ static int mem_cgroup_oom_register_event(struct cgroup *cgrp,
  static void mem_cgroup_oom_unregister_event(struct cgroup *cgrp,
         struct cftype *cft, struct eventfd_ctx *eventfd)
  {
-       struct mem_cgroup *mem = mem_cgroup_from_cont(cgrp);
+       struct mem_cgroup *memcg = mem_cgroup_from_cont(cgrp);
         struct mem_cgroup_eventfd_list *ev, *tmp;
         int type = MEMFILE_TYPE(cft->private);
  
@@ -4537,7 +4557,7 @@ static void mem_cgroup_oom_unregister_event(struct cgroup *cgrp,
  
         spin_lock(&memcg_oom_lock);
  
-       list_for_each_entry_safe(ev, tmp, &mem->oom_notify, list) {
+       list_for_each_entry_safe(ev, tmp, &memcg->oom_notify, list) {
                 if (ev->eventfd == eventfd) {
                         list_del(&ev->list);
                         kfree(ev);
@@ -4550,11 +4570,11 @@ static void mem_cgroup_oom_unregister_event(struct cgroup *cgrp,
  static int mem_cgroup_oom_control_read(struct cgroup *cgrp,
         struct cftype *cft,  struct cgroup_map_cb *cb)
  {
-       struct mem_cgroup *mem = mem_cgroup_from_cont(cgrp);
+       struct mem_cgroup *memcg = mem_cgroup_from_cont(cgrp);
  
-       cb->fill(cb, "oom_kill_disable", mem->oom_kill_disable);
+       cb->fill(cb, "oom_kill_disable", memcg->oom_kill_disable);
  
-       if (atomic_read(&mem->under_oom))
+       if (atomic_read(&memcg->under_oom))
                 cb->fill(cb, "under_oom", 1);
         else
                 cb->fill(cb, "under_oom", 0);
@@ -4564,7 +4584,7 @@ static int mem_cgroup_oom_control_read(struct cgroup *cgrp,
  static int mem_cgroup_oom_control_write(struct cgroup *cgrp,
         struct cftype *cft, u64 val)
  {
-       struct mem_cgroup *mem = mem_cgroup_from_cont(cgrp);
+       struct mem_cgroup *memcg = mem_cgroup_from_cont(cgrp);
         struct mem_cgroup *parent;
  
         /* cannot set to root cgroup and only 0 and 1 are allowed */
@@ -4576,13 +4596,13 @@ static int mem_cgroup_oom_control_write(struct cgroup *cgrp,
         cgroup_lock();
         /* oom-kill-disable is a flag for subhierarchy. */
         if ((parent->use_hierarchy) ||
-           (mem->use_hierarchy && !list_empty(&cgrp->children))) {
+           (memcg->use_hierarchy && !list_empty(&cgrp->children))) {
                 cgroup_unlock();
                 return -EINVAL;
         }
-       mem->oom_kill_disable = val;
+       memcg->oom_kill_disable = val;
         if (!val)
-               memcg_oom_recover(mem);
+               memcg_oom_recover(memcg);
         cgroup_unlock();
         return 0;
  }
@@ -4603,6 +4623,34 @@ static int mem_control_numa_stat_open(struct inode *unused, struct file *file)
  }
  #endif /* CONFIG_NUMA */
  
+#ifdef CONFIG_CGROUP_MEM_RES_CTLR_KMEM
+static int register_kmem_files(struct cgroup *cont, struct cgroup_subsys *ss)
+{
+       /*
+        * Part of this would be better living in a separate allocation
+        * function, leaving us with just the cgroup tree population work.
+        * We, however, depend on state such as network's proto_list that
+        * is only initialized after cgroup creation. I found the less
+        * cumbersome way to deal with it to defer it all to populate time
+        */
+       return mem_cgroup_sockets_init(cont, ss);
+};
+
+static void kmem_cgroup_destroy(struct cgroup *cont)
+{
+       mem_cgroup_sockets_destroy(cont);
+}
+#else
+static int register_kmem_files(struct cgroup *cont, struct cgroup_subsys *ss)
+{
+       return 0;
+}
+
+static void kmem_cgroup_destroy(struct cgroup *cont)
+{
+}
+#endif
+
  static struct cftype mem_cgroup_files[] = {
         {
                 .name = "usage_in_bytes",
@@ -4718,11 +4766,11 @@ static int register_memsw_files(struct cgroup *cont, struct cgroup_subsys *ss)
  }
  #endif
  
-static int alloc_mem_cgroup_per_zone_info(struct mem_cgroup *mem, int node)
+static int alloc_mem_cgroup_per_zone_info(struct mem_cgroup *memcg, int node)
  {
         struct mem_cgroup_per_node *pn;
         struct mem_cgroup_per_zone *mz;
-       enum lru_list l;
+       enum lru_list lru;
         int zone, tmp = node;
         /*
          * This routine is called against possible nodes.
@@ -4738,52 +4786,73 @@ static int alloc_mem_cgroup_per_zone_info(struct mem_cgroup *mem, int node)
         if (!pn)
                 return 1;
  
-       mem->info.nodeinfo[node] = pn;
         for (zone = 0; zone < MAX_NR_ZONES; zone++) {
                 mz = &pn->zoneinfo[zone];
-               for_each_lru(l)
-                       INIT_LIST_HEAD(&mz->lists[l]);
+               for_each_lru(lru)
+                       INIT_LIST_HEAD(&mz->lruvec.lists[lru]);
                 mz->usage_in_excess = 0;
                 mz->on_tree = false;
-               mz->mem = mem;
+               mz->memcg = memcg;
         }
+       memcg->info.nodeinfo[node] = pn;
         return 0;
  }
  
-static void free_mem_cgroup_per_zone_info(struct mem_cgroup *mem, int node)
+static void free_mem_cgroup_per_zone_info(struct mem_cgroup *memcg, int node)
  {
-       kfree(mem->info.nodeinfo[node]);
+       kfree(memcg->info.nodeinfo[node]);
  }
  
  static struct mem_cgroup *mem_cgroup_alloc(void)
  {
-       struct mem_cgroup *mem;
+       struct mem_cgroup *memcg;
         int size = sizeof(struct mem_cgroup);
  
         /* Can be very big if MAX_NUMNODES is very big */
         if (size < PAGE_SIZE)
-               mem = kzalloc(size, GFP_KERNEL);
+               memcg = kzalloc(size, GFP_KERNEL);
         else
-               mem = vzalloc(size);
+               memcg = vzalloc(size);
  
-       if (!mem)
+       if (!memcg)
                 return NULL;
  
-       mem->stat = alloc_percpu(struct mem_cgroup_stat_cpu);
-       if (!mem->stat)
+       memcg->stat = alloc_percpu(struct mem_cgroup_stat_cpu);
+       if (!memcg->stat)
                 goto out_free;
-       spin_lock_init(&mem->pcp_counter_lock);
-       return mem;
+       spin_lock_init(&memcg->pcp_counter_lock);
+       return memcg;
  
  out_free:
         if (size < PAGE_SIZE)
-               kfree(mem);
+               kfree(memcg);
         else
-               vfree(mem);
+               vfree(memcg);
         return NULL;
  }
  
  /*
+ * Helpers for freeing a vzalloc()ed mem_cgroup by RCU,
+ * but in process context.  The work_freeing structure is overlaid
+ * on the rcu_freeing structure, which itself is overlaid on memsw.
+ */
+static void vfree_work(struct work_struct *work)
+{
+       struct mem_cgroup *memcg;
+
+       memcg = container_of(work, struct mem_cgroup, work_freeing);
+       vfree(memcg);
+}
+static void vfree_rcu(struct rcu_head *rcu_head)
+{
+       struct mem_cgroup *memcg;
+
+       memcg = container_of(rcu_head, struct mem_cgroup, rcu_freeing);
+       INIT_WORK(&memcg->work_freeing, vfree_work);
+       schedule_work(&memcg->work_freeing);
+}
+
+/*
   * At destroying mem_cgroup, references from swap_cgroup can remain.
   * (scanning all at force_empty is too costly...)
   *
@@ -4794,52 +4863,53 @@ out_free:
   * Removal of cgroup itself succeeds regardless of refs from swap.
   */
  
-static void __mem_cgroup_free(struct mem_cgroup *mem)
+static void __mem_cgroup_free(struct mem_cgroup *memcg)
  {
         int node;
  
-       mem_cgroup_remove_from_trees(mem);
-       free_css_id(&mem_cgroup_subsys, &mem->css);
+       mem_cgroup_remove_from_trees(memcg);
+       free_css_id(&mem_cgroup_subsys, &memcg->css);
  
-       for_each_node_state(node, N_POSSIBLE)
-               free_mem_cgroup_per_zone_info(mem, node);
+       for_each_node(node)
+               free_mem_cgroup_per_zone_info(memcg, node);
  
-       free_percpu(mem->stat);
+       free_percpu(memcg->stat);
         if (sizeof(struct mem_cgroup) < PAGE_SIZE)
-               kfree(mem);
+               kfree_rcu(memcg, rcu_freeing);
         else
-               vfree(mem);
+               call_rcu(&memcg->rcu_freeing, vfree_rcu);
  }
  
-static void mem_cgroup_get(struct mem_cgroup *mem)
+static void mem_cgroup_get(struct mem_cgroup *memcg)
  {
-       atomic_inc(&mem->refcnt);
+       atomic_inc(&memcg->refcnt);
  }
  
-static void __mem_cgroup_put(struct mem_cgroup *mem, int count)
+static void __mem_cgroup_put(struct mem_cgroup *memcg, int count)
  {
-       if (atomic_sub_and_test(count, &mem->refcnt)) {
-               struct mem_cgroup *parent = parent_mem_cgroup(mem);
-               __mem_cgroup_free(mem);
+       if (atomic_sub_and_test(count, &memcg->refcnt)) {
+               struct mem_cgroup *parent = parent_mem_cgroup(memcg);
+               __mem_cgroup_free(memcg);
                 if (parent)
                         mem_cgroup_put(parent);
         }
  }
  
-static void mem_cgroup_put(struct mem_cgroup *mem)
+static void mem_cgroup_put(struct mem_cgroup *memcg)
  {
-       __mem_cgroup_put(mem, 1);
+       __mem_cgroup_put(memcg, 1);
  }
  
  /*
   * Returns the parent mem_cgroup in memcgroup hierarchy with hierarchy enabled.
   */
-static struct mem_cgroup *parent_mem_cgroup(struct mem_cgroup *mem)
+struct mem_cgroup *parent_mem_cgroup(struct mem_cgroup *memcg)
  {
-       if (!mem->res.parent)
+       if (!memcg->res.parent)
                 return NULL;
-       return mem_cgroup_from_res_counter(mem->res.parent, res);
+       return mem_cgroup_from_res_counter(memcg->res.parent, res);
  }
+EXPORT_SYMBOL(parent_mem_cgroup);
  
  #ifdef CONFIG_CGROUP_MEM_RES_CTLR_SWAP
  static void __init enable_swap_cgroup(void)
@@ -4859,13 +4929,13 @@ static int mem_cgroup_soft_limit_tree_init(void)
         struct mem_cgroup_tree_per_zone *rtpz;
         int tmp, node, zone;
  
-       for_each_node_state(node, N_POSSIBLE) {
+       for_each_node(node) {
                 tmp = node;
                 if (!node_state(node, N_NORMAL_MEMORY))
                         tmp = -1;
                 rtpn = kzalloc_node(sizeof(*rtpn), GFP_KERNEL, tmp);
                 if (!rtpn)
-                       return 1;
+                       goto err_cleanup;
  
                 soft_limit_tree.rb_tree_per_node[node] = rtpn;
  
@@ -4876,21 +4946,31 @@ static int mem_cgroup_soft_limit_tree_init(void)
                 }
         }
         return 0;
+
+err_cleanup:
+       for_each_node(node) {
+               if (!soft_limit_tree.rb_tree_per_node[node])
+                       break;
+               kfree(soft_limit_tree.rb_tree_per_node[node]);
+               soft_limit_tree.rb_tree_per_node[node] = NULL;
+       }
+       return 1;
+
  }
  
  static struct cgroup_subsys_state * __ref
-mem_cgroup_create(struct cgroup_subsys *ss, struct cgroup *cont)
+mem_cgroup_create(struct cgroup *cont)
  {
-       struct mem_cgroup *mem, *parent;
+       struct mem_cgroup *memcg, *parent;
         long error = -ENOMEM;
         int node;
  
-       mem = mem_cgroup_alloc();
-       if (!mem)
+       memcg = mem_cgroup_alloc();
+       if (!memcg)
                 return ERR_PTR(error);
  
-       for_each_node_state(node, N_POSSIBLE)
-               if (alloc_mem_cgroup_per_zone_info(mem, node))
+       for_each_node(node)
+               if (alloc_mem_cgroup_per_zone_info(memcg, node))
                         goto free_out;
  
         /* root ? */
@@ -4898,9 +4978,9 @@ mem_cgroup_create(struct cgroup_subsys *ss, struct cgroup *cont)
                 int cpu;
                 enable_swap_cgroup();
                 parent = NULL;
-               root_mem_cgroup = mem;
                 if (mem_cgroup_soft_limit_tree_init())
                         goto free_out;
+               root_mem_cgroup = memcg;
                 for_each_possible_cpu(cpu) {
                         struct memcg_stock_pcp *stock =
                                                 &per_cpu(memcg_stock, cpu);
@@ -4909,13 +4989,13 @@ mem_cgroup_create(struct cgroup_subsys *ss, struct cgroup *cont)
                 hotcpu_notifier(memcg_cpu_hotplug_callback, 0);
         } else {
                 parent = mem_cgroup_from_cont(cont->parent);
-               mem->use_hierarchy = parent->use_hierarchy;
-               mem->oom_kill_disable = parent->oom_kill_disable;
+               memcg->use_hierarchy = parent->use_hierarchy;
+               memcg->oom_kill_disable = parent->oom_kill_disable;
         }
  
         if (parent && parent->use_hierarchy) {
-               res_counter_init(&mem->res, &parent->res);
-               res_counter_init(&mem->memsw, &parent->memsw);
+               res_counter_init(&memcg->res, &parent->res);
+               res_counter_init(&memcg->memsw, &parent->memsw);
                 /*
                  * We increment refcnt of the parent to ensure that we can
                  * safely access it on res_counter_charge/uncharge.
@@ -4924,39 +5004,38 @@ mem_cgroup_create(struct cgroup_subsys *ss, struct cgroup *cont)
                  */
                 mem_cgroup_get(parent);
         } else {
-               res_counter_init(&mem->res, NULL);
-               res_counter_init(&mem->memsw, NULL);
+               res_counter_init(&memcg->res, NULL);
+               res_counter_init(&memcg->memsw, NULL);
         }
-       mem->last_scanned_child = 0;
-       mem->last_scanned_node = MAX_NUMNODES;
-       INIT_LIST_HEAD(&mem->oom_notify);
+       memcg->last_scanned_node = MAX_NUMNODES;
+       INIT_LIST_HEAD(&memcg->oom_notify);
  
         if (parent)
-               mem->swappiness = mem_cgroup_swappiness(parent);
-       atomic_set(&mem->refcnt, 1);
-       mem->move_charge_at_immigrate = 0;
-       mutex_init(&mem->thresholds_lock);
-       return &mem->css;
+               memcg->swappiness = mem_cgroup_swappiness(parent);
+       atomic_set(&memcg->refcnt, 1);
+       memcg->move_charge_at_immigrate = 0;
+       mutex_init(&memcg->thresholds_lock);
+       spin_lock_init(&memcg->move_lock);
+       return &memcg->css;
  free_out:
-       __mem_cgroup_free(mem);
-       root_mem_cgroup = NULL;
+       __mem_cgroup_free(memcg);
         return ERR_PTR(error);
  }
  
-static int mem_cgroup_pre_destroy(struct cgroup_subsys *ss,
-                                       struct cgroup *cont)
+static int mem_cgroup_pre_destroy(struct cgroup *cont)
  {
-       struct mem_cgroup *mem = mem_cgroup_from_cont(cont);
+       struct mem_cgroup *memcg = mem_cgroup_from_cont(cont);
  
-       return mem_cgroup_force_empty(mem, false);
+       return mem_cgroup_force_empty(memcg, false);
  }
  
-static void mem_cgroup_destroy(struct cgroup_subsys *ss,
-                               struct cgroup *cont)
+static void mem_cgroup_destroy(struct cgroup *cont)
  {
-       struct mem_cgroup *mem = mem_cgroup_from_cont(cont);
+       struct mem_cgroup *memcg = mem_cgroup_from_cont(cont);
+
+       kmem_cgroup_destroy(cont);
  
-       mem_cgroup_put(mem);
+       mem_cgroup_put(memcg);
  }
  
  static int mem_cgroup_populate(struct cgroup_subsys *ss,
@@ -4969,6 +5048,10 @@ static int mem_cgroup_populate(struct cgroup_subsys *ss,
  
         if (!ret)
                 ret = register_memsw_files(cont, ss);
+
+       if (!ret)
+               ret = register_kmem_files(cont, ss);
+
         return ret;
  }
  
@@ -4979,9 +5062,9 @@ static int mem_cgroup_do_precharge(unsigned long count)
  {
         int ret = 0;
         int batch_count = PRECHARGE_COUNT_AT_ONCE;
-       struct mem_cgroup *mem = mc.to;
+       struct mem_cgroup *memcg = mc.to;
  
-       if (mem_cgroup_is_root(mem)) {
+       if (mem_cgroup_is_root(memcg)) {
                 mc.precharge += count;
                 /* we don't need css_get for root */
                 return ret;
@@ -4990,16 +5073,16 @@ static int mem_cgroup_do_precharge(unsigned long count)
         if (count > 1) {
                 struct res_counter *dummy;
                 /*
-                * "mem" cannot be under rmdir() because we've already checked
+                * "memcg" cannot be under rmdir() because we've already checked
                  * by cgroup_lock_live_cgroup() that it is not removed and we
                  * are still under the same cgroup_mutex. So we can postpone
                  * css_get().
                  */
-               if (res_counter_charge(&mem->res, PAGE_SIZE * count, &dummy))
+               if (res_counter_charge(&memcg->res, PAGE_SIZE * count, &dummy))
                         goto one_by_one;
-               if (do_swap_account && res_counter_charge(&mem->memsw,
+               if (do_swap_account && res_counter_charge(&memcg->memsw,
                                                 PAGE_SIZE * count, &dummy)) {
-                       res_counter_uncharge(&mem->res, PAGE_SIZE * count);
+                       res_counter_uncharge(&memcg->res, PAGE_SIZE * count);
                         goto one_by_one;
                 }
                 mc.precharge += count;
@@ -5016,17 +5099,18 @@ one_by_one:
                         batch_count = PRECHARGE_COUNT_AT_ONCE;
                         cond_resched();
                 }
-               ret = __mem_cgroup_try_charge(NULL, GFP_KERNEL, 1, &mem, false);
-               if (ret || !mem)
+               ret = __mem_cgroup_try_charge(NULL,
+                                       GFP_KERNEL, 1, &memcg, false);
+               if (ret)
                         /* mem_cgroup_clear_mc() will do uncharge later */
-                       return -ENOMEM;
+                       return ret;
                 mc.precharge++;
         }
         return ret;
  }
  
  /**
- * is_target_pte_for_mc - check a pte whether it is valid for move charge
+ * get_mctgt_type - get target type of moving charge
   * @vma: the vma the pte to be checked belongs
   * @addr: the address corresponding to the pte to be checked
   * @ptent: the pte to be checked
@@ -5049,7 +5133,7 @@ union mc_target {
  };
  
  enum mc_target_type {
-       MC_TARGET_NONE, /* not used */
+       MC_TARGET_NONE = 0,
         MC_TARGET_PAGE,
         MC_TARGET_SWAP,
  };
@@ -5130,12 +5214,12 @@ static struct page *mc_handle_file_pte(struct vm_area_struct *vma,
         return page;
  }
  
-static int is_target_pte_for_mc(struct vm_area_struct *vma,
+static enum mc_target_type get_mctgt_type(struct vm_area_struct *vma,
                 unsigned long addr, pte_t ptent, union mc_target *target)
  {
         struct page *page = NULL;
         struct page_cgroup *pc;
-       int ret = 0;
+       enum mc_target_type ret = MC_TARGET_NONE;
         swp_entry_t ent = { .val = 0 };
  
         if (pte_present(ptent))
@@ -5146,7 +5230,7 @@ static int is_target_pte_for_mc(struct vm_area_struct *vma,
                 page = mc_handle_file_pte(vma, addr, ptent, &ent);
  
         if (!page && !ent.val)
-               return 0;
+               return ret;
         if (page) {
                 pc = lookup_page_cgroup(page);
                 /*
@@ -5164,7 +5248,7 @@ static int is_target_pte_for_mc(struct vm_area_struct *vma,
         }
         /* There is a swap entry and a page doesn't exist or isn't charged */
         if (ent.val && !ret &&
-                       css_id(&mc.from->css) == lookup_swap_cgroup(ent)) {
+                       css_id(&mc.from->css) == lookup_swap_cgroup_id(ent)) {
                 ret = MC_TARGET_SWAP;
                 if (target)
                         target->ent = ent;
@@ -5172,6 +5256,41 @@ static int is_target_pte_for_mc(struct vm_area_struct *vma,
         return ret;
  }
  
+#ifdef CONFIG_TRANSPARENT_HUGEPAGE
+/*
+ * We don't consider swapping or file mapped pages because THP does not
+ * support them for now.
+ * Caller should make sure that pmd_trans_huge(pmd) is true.
+ */
+static enum mc_target_type get_mctgt_type_thp(struct vm_area_struct *vma,
+               unsigned long addr, pmd_t pmd, union mc_target *target)
+{
+       struct page *page = NULL;
+       struct page_cgroup *pc;
+       enum mc_target_type ret = MC_TARGET_NONE;
+
+       page = pmd_page(pmd);
+       VM_BUG_ON(!page || !PageHead(page));
+       if (!move_anon())
+               return ret;
+       pc = lookup_page_cgroup(page);
+       if (PageCgroupUsed(pc) && pc->mem_cgroup == mc.from) {
+               ret = MC_TARGET_PAGE;
+               if (target) {
+                       get_page(page);
+                       target->page = page;
+               }
+       }
+       return ret;
+}
+#else
+static inline enum mc_target_type get_mctgt_type_thp(struct vm_area_struct *vma,
+               unsigned long addr, pmd_t pmd, union mc_target *target)
+{
+       return MC_TARGET_NONE;
+}
+#endif
+
  static int mem_cgroup_count_precharge_pte_range(pmd_t *pmd,
                                         unsigned long addr, unsigned long end,
                                         struct mm_walk *walk)
@@ -5180,11 +5299,18 @@ static int mem_cgroup_count_precharge_pte_range(pmd_t *pmd,
         pte_t *pte;
         spinlock_t *ptl;
  
-       split_huge_page_pmd(walk->mm, pmd);
+       if (pmd_trans_huge_lock(pmd, vma) == 1) {
+               if (get_mctgt_type_thp(vma, addr, *pmd, NULL) == MC_TARGET_PAGE)
+                       mc.precharge += HPAGE_PMD_NR;
+               spin_unlock(&vma->vm_mm->page_table_lock);
+               return 0;
+       }
  
+       if (pmd_trans_unstable(pmd))
+               return 0;
         pte = pte_offset_map_lock(vma->vm_mm, pmd, addr, &ptl);
         for (; addr != end; pte++, addr += PAGE_SIZE)
-               if (is_target_pte_for_mc(vma, addr, *pte, NULL))
+               if (get_mctgt_type(vma, addr, *pte, NULL))
                         mc.precharge++; /* increment precharge temporarily */
         pte_unmap_unlock(pte - 1, ptl);
         cond_resched();
@@ -5286,18 +5412,18 @@ static void mem_cgroup_clear_mc(void)
         mem_cgroup_end_move(from);
  }
  
-static int mem_cgroup_can_attach(struct cgroup_subsys *ss,
-                               struct cgroup *cgroup,
-                               struct task_struct *p)
+static int mem_cgroup_can_attach(struct cgroup *cgroup,
+                                struct cgroup_taskset *tset)
  {
+       struct task_struct *p = cgroup_taskset_first(tset);
         int ret = 0;
-       struct mem_cgroup *mem = mem_cgroup_from_cont(cgroup);
+       struct mem_cgroup *memcg = mem_cgroup_from_cont(cgroup);
  
-       if (mem->move_charge_at_immigrate) {
+       if (memcg->move_charge_at_immigrate) {
                 struct mm_struct *mm;
                 struct mem_cgroup *from = mem_cgroup_from_task(p);
  
-               VM_BUG_ON(from == mem);
+               VM_BUG_ON(from == memcg);
  
                 mm = get_task_mm(p);
                 if (!mm)
@@ -5312,7 +5438,7 @@ static int mem_cgroup_can_attach(struct cgroup_subsys *ss,
                         mem_cgroup_start_move(from);
                         spin_lock(&mc.lock);
                         mc.from = from;
-                       mc.to = mem;
+                       mc.to = memcg;
                         spin_unlock(&mc.lock);
                         /* We set mc.moving_task later */
  
@@ -5325,9 +5451,8 @@ static int mem_cgroup_can_attach(struct cgroup_subsys *ss,
         return ret;
  }
  
-static void mem_cgroup_cancel_attach(struct cgroup_subsys *ss,
-                               struct cgroup *cgroup,
-                               struct task_struct *p)
+static void mem_cgroup_cancel_attach(struct cgroup *cgroup,
+                                    struct cgroup_taskset *tset)
  {
         mem_cgroup_clear_mc();
  }
@@ -5340,23 +5465,57 @@ static int mem_cgroup_move_charge_pte_range(pmd_t *pmd,
         struct vm_area_struct *vma = walk->private;
         pte_t *pte;
         spinlock_t *ptl;
+       enum mc_target_type target_type;
+       union mc_target target;
+       struct page *page;
+       struct page_cgroup *pc;
+
+       /*
+        * We don't take compound_lock() here but no race with splitting thp
+        * happens because:
+        *  - if pmd_trans_huge_lock() returns 1, the relevant thp is not
+        *    under splitting, which means there's no concurrent thp split,
+        *  - if another thread runs into split_huge_page() just after we
+        *    entered this if-block, the thread must wait for page table lock
+        *    to be unlocked in __split_huge_page_splitting(), where the main
+        *    part of thp split is not executed yet.
+        */
+       if (pmd_trans_huge_lock(pmd, vma) == 1) {
+               if (mc.precharge < HPAGE_PMD_NR) {
+                       spin_unlock(&vma->vm_mm->page_table_lock);
+                       return 0;
+               }
+               target_type = get_mctgt_type_thp(vma, addr, *pmd, &target);
+               if (target_type == MC_TARGET_PAGE) {
+                       page = target.page;
+                       if (!isolate_lru_page(page)) {
+                               pc = lookup_page_cgroup(page);
+                               if (!mem_cgroup_move_account(page, HPAGE_PMD_NR,
+                                                            pc, mc.from, mc.to,
+                                                            false)) {
+                                       mc.precharge -= HPAGE_PMD_NR;
+                                       mc.moved_charge += HPAGE_PMD_NR;
+                               }
+                               putback_lru_page(page);
+                       }
+                       put_page(page);
+               }
+               spin_unlock(&vma->vm_mm->page_table_lock);
+               return 0;
+       }
  
-       split_huge_page_pmd(walk->mm, pmd);
+       if (pmd_trans_unstable(pmd))
+               return 0;
  retry:
         pte = pte_offset_map_lock(vma->vm_mm, pmd, addr, &ptl);
         for (; addr != end; addr += PAGE_SIZE) {
                 pte_t ptent = *(pte++);
-               union mc_target target;
-               int type;
-               struct page *page;
-               struct page_cgroup *pc;
                 swp_entry_t ent;
  
                 if (!mc.precharge)
                         break;
  
-               type = is_target_pte_for_mc(vma, addr, ptent, &target);
-               switch (type) {
+               switch (get_mctgt_type(vma, addr, ptent, &target)) {
                 case MC_TARGET_PAGE:
                         page = target.page;
                         if (isolate_lru_page(page))
@@ -5369,7 +5528,7 @@ retry:
                                 mc.moved_charge++;
                         }
                         putback_lru_page(page);
-put:                   /* is_target_pte_for_mc() gets the page */
+put:                   /* get_mctgt_type() gets the page */
                         put_page(page);
                         break;
                 case MC_TARGET_SWAP:
@@ -5442,11 +5601,10 @@ retry:
         up_read(&mm->mmap_sem);
  }
  
-static void mem_cgroup_move_task(struct cgroup_subsys *ss,
-                               struct cgroup *cont,
-                               struct cgroup *old_cont,
-                               struct task_struct *p)
+static void mem_cgroup_move_task(struct cgroup *cont,
+                                struct cgroup_taskset *tset)
  {
+       struct task_struct *p = cgroup_taskset_first(tset);
         struct mm_struct *mm = get_task_mm(p);
  
         if (mm) {
@@ -5459,21 +5617,17 @@ static void mem_cgroup_move_task(struct cgroup_subsys *ss,
                 mem_cgroup_clear_mc();
  }
  #else  /* !CONFIG_MMU */
-static int mem_cgroup_can_attach(struct cgroup_subsys *ss,
-                               struct cgroup *cgroup,
-                               struct task_struct *p)
+static int mem_cgroup_can_attach(struct cgroup *cgroup,
+                                struct cgroup_taskset *tset)
  {
         return 0;
  }
-static void mem_cgroup_cancel_attach(struct cgroup_subsys *ss,
-                               struct cgroup *cgroup,
-                               struct task_struct *p)
+static void mem_cgroup_cancel_attach(struct cgroup *cgroup,
+                                    struct cgroup_taskset *tset)
  {
  }
-static void mem_cgroup_move_task(struct cgroup_subsys *ss,
-                               struct cgroup *cont,
-                               struct cgroup *old_cont,
-                               struct task_struct *p)
+static void mem_cgroup_move_task(struct cgroup *cont,
+                                struct cgroup_taskset *tset)
  {
  }
  #endif