memcg,thp: fix res_counter:96 regression

[linux-flexiantxendom0-3.2.10.git] / mm / memcontrol.c
diff --git a/mm/memcontrol.c b/mm/memcontrol.c

index 6edef95..7685d4a 100644 (file)
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -89,7 +89,6 @@ enum mem_cgroup_stat_index {
         MEM_CGROUP_STAT_FILE_MAPPED,  /* # of pages charged as file rss */
         MEM_CGROUP_STAT_SWAPOUT, /* # of pages, swapped out */
         MEM_CGROUP_STAT_DATA, /* end of data requires synchronization */
-       MEM_CGROUP_ON_MOVE,     /* someone is moving account between groups */
         MEM_CGROUP_STAT_NSTATS,
  };
  
@@ -123,26 +122,30 @@ struct mem_cgroup_stat_cpu {
         unsigned long targets[MEM_CGROUP_NTARGETS];
  };
  
+struct mem_cgroup_reclaim_iter {
+       /* css_id of the last scanned hierarchy member */
+       int position;
+       /* scan generation, increased every round-trip */
+       unsigned int generation;
+};
+
  /*
   * per-zone information in memory controller.
   */
  struct mem_cgroup_per_zone {
-       /*
-        * spin_lock to protect the per cgroup LRU
-        */
-       struct list_head        lists[NR_LRU_LISTS];
-       unsigned long           count[NR_LRU_LISTS];
+       struct lruvec           lruvec;
+       unsigned long           lru_size[NR_LRU_LISTS];
+
+       struct mem_cgroup_reclaim_iter reclaim_iter[DEF_PRIORITY + 1];
  
         struct zone_reclaim_stat reclaim_stat;
         struct rb_node          tree_node;      /* RB tree node */
         unsigned long long      usage_in_excess;/* Set to the value by which */
                                                 /* the soft limit is exceeded*/
         bool                    on_tree;
-       struct mem_cgroup       *mem;           /* Back pointer, we cannot */
+       struct mem_cgroup       *memcg;         /* Back pointer, we cannot */
                                                 /* use container_of        */
  };
-/* Macro for accessing counter */
-#define MEM_CGROUP_ZSTAT(mz, idx)      ((mz)->count[(idx)])
  
  struct mem_cgroup_per_node {
         struct mem_cgroup_per_zone zoneinfo[MAX_NR_ZONES];
@@ -224,20 +227,35 @@ struct mem_cgroup {
          * the counter to account for memory usage
          */
         struct res_counter res;
-       /*
-        * the counter to account for mem+swap usage.
-        */
-       struct res_counter memsw;
+
+       union {
+               /*
+                * the counter to account for mem+swap usage.
+                */
+               struct res_counter memsw;
+
+               /*
+                * rcu_freeing is used only when freeing struct mem_cgroup,
+                * so put it into a union to avoid wasting more memory.
+                * It must be disjoint from the css field.  It could be
+                * in a union with the res field, but res plays a much
+                * larger part in mem_cgroup life than memsw, and might
+                * be of interest, even at time of free, when debugging.
+                * So share rcu_head with the less interesting memsw.
+                */
+               struct rcu_head rcu_freeing;
+               /*
+                * But when using vfree(), that cannot be done at
+                * interrupt time, so we must then queue the work.
+                */
+               struct work_struct work_freeing;
+       };
+
         /*
          * Per cgroup active and inactive list, similar to the
          * per zone LRU lists.
          */
         struct mem_cgroup_lru_info info;
-       /*
-        * While reclaiming in a hierarchy, we cache the last child we
-        * reclaimed from.
-        */
-       int last_scanned_child;
         int last_scanned_node;
  #if MAX_NUMNODES > 1
         nodemask_t      scan_nodes;
@@ -279,6 +297,12 @@ struct mem_cgroup {
          */
         unsigned long   move_charge_at_immigrate;
         /*
+        * set > 0 if pages under this cgroup are moving to other cgroup.
+        */
+       atomic_t        moving_account;
+       /* taken only while moving_account > 0 */
+       spinlock_t      move_lock;
+       /*
          * percpu counter.
          */
         struct mem_cgroup_stat_cpu *stat;
@@ -366,22 +390,19 @@ enum charge_type {
  #define MEM_CGROUP_RECLAIM_NOSWAP      (1 << MEM_CGROUP_RECLAIM_NOSWAP_BIT)
  #define MEM_CGROUP_RECLAIM_SHRINK_BIT  0x1
  #define MEM_CGROUP_RECLAIM_SHRINK      (1 << MEM_CGROUP_RECLAIM_SHRINK_BIT)
-#define MEM_CGROUP_RECLAIM_SOFT_BIT    0x2
-#define MEM_CGROUP_RECLAIM_SOFT                (1 << MEM_CGROUP_RECLAIM_SOFT_BIT)
  
  static void mem_cgroup_get(struct mem_cgroup *memcg);
  static void mem_cgroup_put(struct mem_cgroup *memcg);
  
  /* Writing them here to avoid exposing memcg's inner layout */
  #ifdef CONFIG_CGROUP_MEM_RES_CTLR_KMEM
-#ifdef CONFIG_INET
  #include <net/sock.h>
  #include <net/ip.h>
  
  static bool mem_cgroup_is_root(struct mem_cgroup *memcg);
  void sock_update_memcg(struct sock *sk)
  {
-       if (static_branch(&memcg_socket_limit_enabled)) {
+       if (mem_cgroup_sockets_enabled) {
                 struct mem_cgroup *memcg;
  
                 BUG_ON(!sk->sk_prot->proto_cgroup);
@@ -413,7 +434,7 @@ EXPORT_SYMBOL(sock_update_memcg);
  
  void sock_release_memcg(struct sock *sk)
  {
-       if (static_branch(&memcg_socket_limit_enabled) && sk->sk_cgrp) {
+       if (mem_cgroup_sockets_enabled && sk->sk_cgrp) {
                 struct mem_cgroup *memcg;
                 WARN_ON(!sk->sk_cgrp->memcg);
                 memcg = sk->sk_cgrp->memcg;
@@ -421,6 +442,7 @@ void sock_release_memcg(struct sock *sk)
         }
  }
  
+#ifdef CONFIG_INET
  struct cg_proto *tcp_proto_cgroup(struct mem_cgroup *memcg)
  {
         if (!memcg || mem_cgroup_is_root(memcg))
@@ -566,7 +588,7 @@ static void mem_cgroup_remove_from_trees(struct mem_cgroup *memcg)
         struct mem_cgroup_per_zone *mz;
         struct mem_cgroup_tree_per_zone *mctz;
  
-       for_each_node_state(node, N_POSSIBLE) {
+       for_each_node(node) {
                 for (zone = 0; zone < MAX_NR_ZONES; zone++) {
                         mz = mem_cgroup_zoneinfo(memcg, node, zone);
                         mctz = soft_limit_tree_node_zone(node, zone);
@@ -593,9 +615,9 @@ retry:
          * we will to add it back at the end of reclaim to its correct
          * position in the tree.
          */
-       __mem_cgroup_remove_exceeded(mz->mem, mz, mctz);
-       if (!res_counter_soft_limit_excess(&mz->mem->res) ||
-               !css_tryget(&mz->mem->css))
+       __mem_cgroup_remove_exceeded(mz->memcg, mz, mctz);
+       if (!res_counter_soft_limit_excess(&mz->memcg->res) ||
+               !css_tryget(&mz->memcg->css))
                 goto retry;
  done:
         return mz;
@@ -656,16 +678,6 @@ static void mem_cgroup_swap_statistics(struct mem_cgroup *memcg,
         this_cpu_add(memcg->stat->count[MEM_CGROUP_STAT_SWAPOUT], val);
  }
  
-void mem_cgroup_pgfault(struct mem_cgroup *memcg, int val)
-{
-       this_cpu_add(memcg->stat->events[MEM_CGROUP_EVENTS_PGFAULT], val);
-}
-
-void mem_cgroup_pgmajfault(struct mem_cgroup *memcg, int val)
-{
-       this_cpu_add(memcg->stat->events[MEM_CGROUP_EVENTS_PGMAJFAULT], val);
-}
-
  static unsigned long mem_cgroup_read_events(struct mem_cgroup *memcg,
                                             enum mem_cgroup_events_index idx)
  {
@@ -683,15 +695,19 @@ static unsigned long mem_cgroup_read_events(struct mem_cgroup *memcg,
  }
  
  static void mem_cgroup_charge_statistics(struct mem_cgroup *memcg,
-                                        bool file, int nr_pages)
+                                        bool anon, int nr_pages)
  {
         preempt_disable();
  
-       if (file)
-               __this_cpu_add(memcg->stat->count[MEM_CGROUP_STAT_CACHE],
+       /*
+        * Here, RSS means 'mapped anon' and anon's SwapCache. Shmem/tmpfs is
+        * counted as CACHE even if it's on ANON LRU.
+        */
+       if (anon)
+               __this_cpu_add(memcg->stat->count[MEM_CGROUP_STAT_RSS],
                                 nr_pages);
         else
-               __this_cpu_add(memcg->stat->count[MEM_CGROUP_STAT_RSS],
+               __this_cpu_add(memcg->stat->count[MEM_CGROUP_STAT_CACHE],
                                 nr_pages);
  
         /* pagein of a big page is an event. So, ignore page size */
@@ -712,14 +728,14 @@ mem_cgroup_zone_nr_lru_pages(struct mem_cgroup *memcg, int nid, int zid,
                         unsigned int lru_mask)
  {
         struct mem_cgroup_per_zone *mz;
-       enum lru_list l;
+       enum lru_list lru;
         unsigned long ret = 0;
  
         mz = mem_cgroup_zoneinfo(memcg, nid, zid);
  
-       for_each_lru(l) {
-               if (BIT(l) & lru_mask)
-                       ret += MEM_CGROUP_ZSTAT(mz, l);
+       for_each_lru(lru) {
+               if (BIT(lru) & lru_mask)
+                       ret += mz->lru_size[lru];
         }
         return ret;
  }
@@ -749,37 +765,32 @@ static unsigned long mem_cgroup_nr_lru_pages(struct mem_cgroup *memcg,
         return total;
  }
  
-static bool __memcg_event_check(struct mem_cgroup *memcg, int target)
+static bool mem_cgroup_event_ratelimit(struct mem_cgroup *memcg,
+                                      enum mem_cgroup_events_target target)
  {
         unsigned long val, next;
  
         val = __this_cpu_read(memcg->stat->events[MEM_CGROUP_EVENTS_COUNT]);
         next = __this_cpu_read(memcg->stat->targets[target]);
         /* from time_after() in jiffies.h */
-       return ((long)next - (long)val < 0);
-}
-
-static void __mem_cgroup_target_update(struct mem_cgroup *memcg, int target)
-{
-       unsigned long val, next;
-
-       val = __this_cpu_read(memcg->stat->events[MEM_CGROUP_EVENTS_COUNT]);
-
-       switch (target) {
-       case MEM_CGROUP_TARGET_THRESH:
-               next = val + THRESHOLDS_EVENTS_TARGET;
-               break;
-       case MEM_CGROUP_TARGET_SOFTLIMIT:
-               next = val + SOFTLIMIT_EVENTS_TARGET;
-               break;
-       case MEM_CGROUP_TARGET_NUMAINFO:
-               next = val + NUMAINFO_EVENTS_TARGET;
-               break;
-       default:
-               return;
+       if ((long)next - (long)val < 0) {
+               switch (target) {
+               case MEM_CGROUP_TARGET_THRESH:
+                       next = val + THRESHOLDS_EVENTS_TARGET;
+                       break;
+               case MEM_CGROUP_TARGET_SOFTLIMIT:
+                       next = val + SOFTLIMIT_EVENTS_TARGET;
+                       break;
+               case MEM_CGROUP_TARGET_NUMAINFO:
+                       next = val + NUMAINFO_EVENTS_TARGET;
+                       break;
+               default:
+                       break;
+               }
+               __this_cpu_write(memcg->stat->targets[target], next);
+               return true;
         }
-
-       __this_cpu_write(memcg->stat->targets[target], next);
+       return false;
  }
  
  /*
@@ -790,25 +801,28 @@ static void memcg_check_events(struct mem_cgroup *memcg, struct page *page)
  {
         preempt_disable();
         /* threshold event is triggered in finer grain than soft limit */
-       if (unlikely(__memcg_event_check(memcg, MEM_CGROUP_TARGET_THRESH))) {
+       if (unlikely(mem_cgroup_event_ratelimit(memcg,
+                                               MEM_CGROUP_TARGET_THRESH))) {
+               bool do_softlimit;
+               bool do_numainfo __maybe_unused;
+
+               do_softlimit = mem_cgroup_event_ratelimit(memcg,
+                                               MEM_CGROUP_TARGET_SOFTLIMIT);
+#if MAX_NUMNODES > 1
+               do_numainfo = mem_cgroup_event_ratelimit(memcg,
+                                               MEM_CGROUP_TARGET_NUMAINFO);
+#endif
+               preempt_enable();
+
                 mem_cgroup_threshold(memcg);
-               __mem_cgroup_target_update(memcg, MEM_CGROUP_TARGET_THRESH);
-               if (unlikely(__memcg_event_check(memcg,
-                            MEM_CGROUP_TARGET_SOFTLIMIT))) {
+               if (unlikely(do_softlimit))
                         mem_cgroup_update_tree(memcg, page);
-                       __mem_cgroup_target_update(memcg,
-                                                  MEM_CGROUP_TARGET_SOFTLIMIT);
-               }
  #if MAX_NUMNODES > 1
-               if (unlikely(__memcg_event_check(memcg,
-                       MEM_CGROUP_TARGET_NUMAINFO))) {
+               if (unlikely(do_numainfo))
                         atomic_inc(&memcg->numainfo_events);
-                       __mem_cgroup_target_update(memcg,
-                               MEM_CGROUP_TARGET_NUMAINFO);
-               }
  #endif
-       }
-       preempt_enable();
+       } else
+               preempt_enable();
  }
  
  struct mem_cgroup *mem_cgroup_from_cont(struct cgroup *cont)
@@ -853,13 +867,33 @@ struct mem_cgroup *try_get_mem_cgroup_from_mm(struct mm_struct *mm)
         return memcg;
  }
  
-static struct mem_cgroup *mem_cgroup_iter(struct mem_cgroup *root,
-                                         struct mem_cgroup *prev,
-                                         bool reclaim)
+/**
+ * mem_cgroup_iter - iterate over memory cgroup hierarchy
+ * @root: hierarchy root
+ * @prev: previously returned memcg, NULL on first invocation
+ * @reclaim: cookie for shared reclaim walks, NULL for full walks
+ *
+ * Returns references to children of the hierarchy below @root, or
+ * @root itself, or %NULL after a full round-trip.
+ *
+ * Caller must pass the return value in @prev on subsequent
+ * invocations for reference counting, or use mem_cgroup_iter_break()
+ * to cancel a hierarchy walk before the round-trip is complete.
+ *
+ * Reclaimers can specify a zone and a priority level in @reclaim to
+ * divide up the memcgs in the hierarchy among all concurrent
+ * reclaimers operating on the same zone and priority.
+ */
+struct mem_cgroup *mem_cgroup_iter(struct mem_cgroup *root,
+                                  struct mem_cgroup *prev,
+                                  struct mem_cgroup_reclaim_cookie *reclaim)
  {
         struct mem_cgroup *memcg = NULL;
         int id = 0;
  
+       if (mem_cgroup_disabled())
+               return NULL;
+
         if (!root)
                 root = root_mem_cgroup;
  
@@ -876,10 +910,20 @@ static struct mem_cgroup *mem_cgroup_iter(struct mem_cgroup *root,
         }
  
         while (!memcg) {
+               struct mem_cgroup_reclaim_iter *uninitialized_var(iter);
                 struct cgroup_subsys_state *css;
  
-               if (reclaim)
-                       id = root->last_scanned_child;
+               if (reclaim) {
+                       int nid = zone_to_nid(reclaim->zone);
+                       int zid = zone_idx(reclaim->zone);
+                       struct mem_cgroup_per_zone *mz;
+
+                       mz = mem_cgroup_zoneinfo(root, nid, zid);
+                       iter = &mz->reclaim_iter[reclaim->priority];
+                       if (prev && reclaim->generation != iter->generation)
+                               return NULL;
+                       id = iter->position;
+               }
  
                 rcu_read_lock();
                 css = css_get_next(&mem_cgroup_subsys, id + 1, &root->css, &id);
@@ -891,8 +935,13 @@ static struct mem_cgroup *mem_cgroup_iter(struct mem_cgroup *root,
                         id = 0;
                 rcu_read_unlock();
  
-               if (reclaim)
-                       root->last_scanned_child = id;
+               if (reclaim) {
+                       iter->position = id;
+                       if (!css)
+                               iter->generation++;
+                       else if (!prev && memcg)
+                               reclaim->generation = iter->generation;
+               }
  
                 if (prev && !css)
                         return NULL;
@@ -900,8 +949,13 @@ static struct mem_cgroup *mem_cgroup_iter(struct mem_cgroup *root,
         return memcg;
  }
  
-static void mem_cgroup_iter_break(struct mem_cgroup *root,
-                                 struct mem_cgroup *prev)
+/**
+ * mem_cgroup_iter_break - abort a hierarchy walk prematurely
+ * @root: hierarchy root
+ * @prev: last visited hierarchy member as returned by mem_cgroup_iter()
+ */
+void mem_cgroup_iter_break(struct mem_cgroup *root,
+                          struct mem_cgroup *prev)
  {
         if (!root)
                 root = root_mem_cgroup;
@@ -915,14 +969,14 @@ static void mem_cgroup_iter_break(struct mem_cgroup *root,
   * be used for reference counting.
   */
  #define for_each_mem_cgroup_tree(iter, root)           \
-       for (iter = mem_cgroup_iter(root, NULL, false); \
+       for (iter = mem_cgroup_iter(root, NULL, NULL);  \
              iter != NULL;                              \
-            iter = mem_cgroup_iter(root, iter, false))
+            iter = mem_cgroup_iter(root, iter, NULL))
  
  #define for_each_mem_cgroup(iter)                      \
-       for (iter = mem_cgroup_iter(NULL, NULL, false); \
+       for (iter = mem_cgroup_iter(NULL, NULL, NULL);  \
              iter != NULL;                              \
-            iter = mem_cgroup_iter(NULL, iter, false))
+            iter = mem_cgroup_iter(NULL, iter, NULL))
  
  static inline bool mem_cgroup_is_root(struct mem_cgroup *memcg)
  {
@@ -942,11 +996,11 @@ void mem_cgroup_count_vm_event(struct mm_struct *mm, enum vm_event_item idx)
                 goto out;
  
         switch (idx) {
-       case PGMAJFAULT:
-               mem_cgroup_pgmajfault(memcg, 1);
-               break;
         case PGFAULT:
-               mem_cgroup_pgfault(memcg, 1);
+               this_cpu_inc(memcg->stat->events[MEM_CGROUP_EVENTS_PGFAULT]);
+               break;
+       case PGMAJFAULT:
+               this_cpu_inc(memcg->stat->events[MEM_CGROUP_EVENTS_PGMAJFAULT]);
                 break;
         default:
                 BUG();
@@ -956,6 +1010,27 @@ out:
  }
  EXPORT_SYMBOL(mem_cgroup_count_vm_event);
  
+/**
+ * mem_cgroup_zone_lruvec - get the lru list vector for a zone and memcg
+ * @zone: zone of the wanted lruvec
+ * @mem: memcg of the wanted lruvec
+ *
+ * Returns the lru list vector holding pages for the given @zone and
+ * @mem.  This can be the global zone lruvec, if the memory controller
+ * is disabled.
+ */
+struct lruvec *mem_cgroup_zone_lruvec(struct zone *zone,
+                                     struct mem_cgroup *memcg)
+{
+       struct mem_cgroup_per_zone *mz;
+
+       if (mem_cgroup_disabled())
+               return &zone->lruvec;
+
+       mz = mem_cgroup_zoneinfo(memcg, zone_to_nid(zone), zone_idx(zone));
+       return &mz->lruvec;
+}
+
  /*
   * Following LRU functions are allowed to be used without PCG_LOCK.
   * Operations are called by routine of global LRU independently from memcg.
@@ -970,180 +1045,104 @@ EXPORT_SYMBOL(mem_cgroup_count_vm_event);
   * When moving account, the page is not on LRU. It's isolated.
   */
  
-void mem_cgroup_del_lru_list(struct page *page, enum lru_list lru)
+/**
+ * mem_cgroup_lru_add_list - account for adding an lru page and return lruvec
+ * @zone: zone of the page
+ * @page: the page
+ * @lru: current lru
+ *
+ * This function accounts for @page being added to @lru, and returns
+ * the lruvec for the given @zone and the memcg @page is charged to.
+ *
+ * The callsite is then responsible for physically linking the page to
+ * the returned lruvec->lists[@lru].
+ */
+struct lruvec *mem_cgroup_lru_add_list(struct zone *zone, struct page *page,
+                                      enum lru_list lru)
  {
-       struct page_cgroup *pc;
         struct mem_cgroup_per_zone *mz;
+       struct mem_cgroup *memcg;
+       struct page_cgroup *pc;
  
         if (mem_cgroup_disabled())
-               return;
+               return &zone->lruvec;
+
         pc = lookup_page_cgroup(page);
-       /* can happen while we handle swapcache. */
-       if (!TestClearPageCgroupAcctLRU(pc))
-               return;
-       VM_BUG_ON(!pc->mem_cgroup);
+       memcg = pc->mem_cgroup;
+
         /*
-        * We don't check PCG_USED bit. It's cleared when the "page" is finally
-        * removed from global LRU.
+        * Surreptitiously switch any uncharged page to root:
+        * an uncharged page off lru does nothing to secure
+        * its former mem_cgroup from sudden removal.
+        *
+        * Our caller holds lru_lock, and PageCgroupUsed is updated
+        * under page_cgroup lock: between them, they make all uses
+        * of pc->mem_cgroup safe.
          */
-       mz = page_cgroup_zoneinfo(pc->mem_cgroup, page);
-       /* huge page split is done under lru_lock. so, we have no races. */
-       MEM_CGROUP_ZSTAT(mz, lru) -= 1 << compound_order(page);
-       if (mem_cgroup_is_root(pc->mem_cgroup))
-               return;
-       VM_BUG_ON(list_empty(&pc->lru));
-       list_del_init(&pc->lru);
-}
+       if (!PageCgroupUsed(pc) && memcg != root_mem_cgroup)
+               pc->mem_cgroup = memcg = root_mem_cgroup;
  
-void mem_cgroup_del_lru(struct page *page)
-{
-       mem_cgroup_del_lru_list(page, page_lru(page));
+       mz = page_cgroup_zoneinfo(memcg, page);
+       /* compound_order() is stabilized through lru_lock */
+       mz->lru_size[lru] += 1 << compound_order(page);
+       return &mz->lruvec;
  }
  
-/*
- * Writeback is about to end against a page which has been marked for immediate
- * reclaim.  If it still appears to be reclaimable, move it to the tail of the
- * inactive list.
+/**
+ * mem_cgroup_lru_del_list - account for removing an lru page
+ * @page: the page
+ * @lru: target lru
+ *
+ * This function accounts for @page being removed from @lru.
+ *
+ * The callsite is then responsible for physically unlinking
+ * @page->lru.
   */
-void mem_cgroup_rotate_reclaimable_page(struct page *page)
-{
-       struct mem_cgroup_per_zone *mz;
-       struct page_cgroup *pc;
-       enum lru_list lru = page_lru(page);
-
-       if (mem_cgroup_disabled())
-               return;
-
-       pc = lookup_page_cgroup(page);
-       /* unused or root page is not rotated. */
-       if (!PageCgroupUsed(pc))
-               return;
-       /* Ensure pc->mem_cgroup is visible after reading PCG_USED. */
-       smp_rmb();
-       if (mem_cgroup_is_root(pc->mem_cgroup))
-               return;
-       mz = page_cgroup_zoneinfo(pc->mem_cgroup, page);
-       list_move_tail(&pc->lru, &mz->lists[lru]);
-}
-
-void mem_cgroup_rotate_lru_list(struct page *page, enum lru_list lru)
+void mem_cgroup_lru_del_list(struct page *page, enum lru_list lru)
  {
         struct mem_cgroup_per_zone *mz;
+       struct mem_cgroup *memcg;
         struct page_cgroup *pc;
  
         if (mem_cgroup_disabled())
                 return;
  
         pc = lookup_page_cgroup(page);
-       /* unused or root page is not rotated. */
-       if (!PageCgroupUsed(pc))
-               return;
-       /* Ensure pc->mem_cgroup is visible after reading PCG_USED. */
-       smp_rmb();
-       if (mem_cgroup_is_root(pc->mem_cgroup))
-               return;
-       mz = page_cgroup_zoneinfo(pc->mem_cgroup, page);
-       list_move(&pc->lru, &mz->lists[lru]);
-}
-
-void mem_cgroup_add_lru_list(struct page *page, enum lru_list lru)
-{
-       struct page_cgroup *pc;
-       struct mem_cgroup_per_zone *mz;
-
-       if (mem_cgroup_disabled())
-               return;
-       pc = lookup_page_cgroup(page);
-       VM_BUG_ON(PageCgroupAcctLRU(pc));
-       /*
-        * putback:                             charge:
-        * SetPageLRU                           SetPageCgroupUsed
-        * smp_mb                               smp_mb
-        * PageCgroupUsed && add to memcg LRU   PageLRU && add to memcg LRU
-        *
-        * Ensure that one of the two sides adds the page to the memcg
-        * LRU during a race.
-        */
-       smp_mb();
-       if (!PageCgroupUsed(pc))
-               return;
-       /* Ensure pc->mem_cgroup is visible after reading PCG_USED. */
-       smp_rmb();
-       mz = page_cgroup_zoneinfo(pc->mem_cgroup, page);
+       memcg = pc->mem_cgroup;
+       VM_BUG_ON(!memcg);
+       mz = page_cgroup_zoneinfo(memcg, page);
         /* huge page split is done under lru_lock. so, we have no races. */
-       MEM_CGROUP_ZSTAT(mz, lru) += 1 << compound_order(page);
-       SetPageCgroupAcctLRU(pc);
-       if (mem_cgroup_is_root(pc->mem_cgroup))
-               return;
-       list_add(&pc->lru, &mz->lists[lru]);
-}
-
-/*
- * At handling SwapCache and other FUSE stuff, pc->mem_cgroup may be changed
- * while it's linked to lru because the page may be reused after it's fully
- * uncharged. To handle that, unlink page_cgroup from LRU when charge it again.
- * It's done under lock_page and expected that zone->lru_lock isnever held.
- */
-static void mem_cgroup_lru_del_before_commit(struct page *page)
-{
-       unsigned long flags;
-       struct zone *zone = page_zone(page);
-       struct page_cgroup *pc = lookup_page_cgroup(page);
-
-       /*
-        * Doing this check without taking ->lru_lock seems wrong but this
-        * is safe. Because if page_cgroup's USED bit is unset, the page
-        * will not be added to any memcg's LRU. If page_cgroup's USED bit is
-        * set, the commit after this will fail, anyway.
-        * This all charge/uncharge is done under some mutual execustion.
-        * So, we don't need to taking care of changes in USED bit.
-        */
-       if (likely(!PageLRU(page)))
-               return;
-
-       spin_lock_irqsave(&zone->lru_lock, flags);
-       /*
-        * Forget old LRU when this page_cgroup is *not* used. This Used bit
-        * is guarded by lock_page() because the page is SwapCache.
-        */
-       if (!PageCgroupUsed(pc))
-               mem_cgroup_del_lru_list(page, page_lru(page));
-       spin_unlock_irqrestore(&zone->lru_lock, flags);
+       VM_BUG_ON(mz->lru_size[lru] < (1 << compound_order(page)));
+       mz->lru_size[lru] -= 1 << compound_order(page);
  }
  
-static void mem_cgroup_lru_add_after_commit(struct page *page)
+void mem_cgroup_lru_del(struct page *page)
  {
-       unsigned long flags;
-       struct zone *zone = page_zone(page);
-       struct page_cgroup *pc = lookup_page_cgroup(page);
-       /*
-        * putback:                             charge:
-        * SetPageLRU                           SetPageCgroupUsed
-        * smp_mb                               smp_mb
-        * PageCgroupUsed && add to memcg LRU   PageLRU && add to memcg LRU
-        *
-        * Ensure that one of the two sides adds the page to the memcg
-        * LRU during a race.
-        */
-       smp_mb();
-       /* taking care of that the page is added to LRU while we commit it */
-       if (likely(!PageLRU(page)))
-               return;
-       spin_lock_irqsave(&zone->lru_lock, flags);
-       /* link when the page is linked to LRU but page_cgroup isn't */
-       if (PageLRU(page) && !PageCgroupAcctLRU(pc))
-               mem_cgroup_add_lru_list(page, page_lru(page));
-       spin_unlock_irqrestore(&zone->lru_lock, flags);
+       mem_cgroup_lru_del_list(page, page_lru(page));
  }
  
-
-void mem_cgroup_move_lists(struct page *page,
-                          enum lru_list from, enum lru_list to)
+/**
+ * mem_cgroup_lru_move_lists - account for moving a page between lrus
+ * @zone: zone of the page
+ * @page: the page
+ * @from: current lru
+ * @to: target lru
+ *
+ * This function accounts for @page being moved between the lrus @from
+ * and @to, and returns the lruvec for the given @zone and the memcg
+ * @page is charged to.
+ *
+ * The callsite is then responsible for physically relinking
+ * @page->lru to the returned lruvec->lists[@to].
+ */
+struct lruvec *mem_cgroup_lru_move_lists(struct zone *zone,
+                                        struct page *page,
+                                        enum lru_list from,
+                                        enum lru_list to)
  {
-       if (mem_cgroup_disabled())
-               return;
-       mem_cgroup_del_lru_list(page, from);
-       mem_cgroup_add_lru_list(page, to);
+       /* XXX: Optimize this, especially for @from == @to */
+       mem_cgroup_lru_del_list(page, from);
+       return mem_cgroup_lru_add_list(zone, page, to);
  }
  
  /*
@@ -1168,10 +1167,21 @@ int task_in_mem_cgroup(struct task_struct *task, const struct mem_cgroup *memcg)
         struct task_struct *p;
  
         p = find_lock_task_mm(task);
-       if (!p)
-               return 0;
-       curr = try_get_mem_cgroup_from_mm(p->mm);
-       task_unlock(p);
+       if (p) {
+               curr = try_get_mem_cgroup_from_mm(p->mm);
+               task_unlock(p);
+       } else {
+               /*
+                * All threads may have already detached their mm's, but the oom
+                * killer still needs to detect if they have already been oom
+                * killed to prevent needlessly killing additional tasks.
+                */
+               task_lock(task);
+               curr = mem_cgroup_from_task(task);
+               if (curr)
+                       css_get(&curr->css);
+               task_unlock(task);
+       }
         if (!curr)
                 return 0;
         /*
@@ -1251,68 +1261,6 @@ mem_cgroup_get_reclaim_stat_from_page(struct page *page)
         return &mz->reclaim_stat;
  }
  
-unsigned long mem_cgroup_isolate_pages(unsigned long nr_to_scan,
-                                       struct list_head *dst,
-                                       unsigned long *scanned, int order,
-                                       isolate_mode_t mode,
-                                       struct zone *z,
-                                       struct mem_cgroup *mem_cont,
-                                       int active, int file)
-{
-       unsigned long nr_taken = 0;
-       struct page *page;
-       unsigned long scan;
-       LIST_HEAD(pc_list);
-       struct list_head *src;
-       struct page_cgroup *pc, *tmp;
-       int nid = zone_to_nid(z);
-       int zid = zone_idx(z);
-       struct mem_cgroup_per_zone *mz;
-       int lru = LRU_FILE * file + active;
-       int ret;
-
-       BUG_ON(!mem_cont);
-       mz = mem_cgroup_zoneinfo(mem_cont, nid, zid);
-       src = &mz->lists[lru];
-
-       scan = 0;
-       list_for_each_entry_safe_reverse(pc, tmp, src, lru) {
-               if (scan >= nr_to_scan)
-                       break;
-
-               if (unlikely(!PageCgroupUsed(pc)))
-                       continue;
-
-               page = lookup_cgroup_page(pc);
-
-               if (unlikely(!PageLRU(page)))
-                       continue;
-
-               scan++;
-               ret = __isolate_lru_page(page, mode, file);
-               switch (ret) {
-               case 0:
-                       list_move(&page->lru, dst);
-                       mem_cgroup_del_lru(page);
-                       nr_taken += hpage_nr_pages(page);
-                       break;
-               case -EBUSY:
-                       /* we don't affect global LRU but rotate in our LRU */
-                       mem_cgroup_rotate_lru_list(page, page_lru(page));
-                       break;
-               default:
-                       break;
-               }
-       }
-
-       *scanned = scan;
-
-       trace_mm_vmscan_memcg_isolate(0, nr_to_scan, scan, nr_taken,
-                                     0, 0, 0, mode);
-
-       return nr_taken;
-}
-
  #define mem_cgroup_from_res_counter(counter, member)   \
         container_of(counter, struct mem_cgroup, member)
  
@@ -1344,40 +1292,48 @@ int mem_cgroup_swappiness(struct mem_cgroup *memcg)
         return memcg->swappiness;
  }
  
-static void mem_cgroup_start_move(struct mem_cgroup *memcg)
-{
-       int cpu;
+/*
+ * memcg->moving_account is used for checking possibility that some thread is
+ * calling move_account(). When a thread on CPU-A starts moving pages under
+ * a memcg, other threads should check memcg->moving_account under
+ * rcu_read_lock(), like this:
+ *
+ *         CPU-A                                    CPU-B
+ *                                              rcu_read_lock()
+ *         memcg->moving_account+1              if (memcg->mocing_account)
+ *                                                   take heavy locks.
+ *         synchronize_rcu()                    update something.
+ *                                              rcu_read_unlock()
+ *         start move here.
+ */
  
-       get_online_cpus();
-       spin_lock(&memcg->pcp_counter_lock);
-       for_each_online_cpu(cpu)
-               per_cpu(memcg->stat->count[MEM_CGROUP_ON_MOVE], cpu) += 1;
-       memcg->nocpu_base.count[MEM_CGROUP_ON_MOVE] += 1;
-       spin_unlock(&memcg->pcp_counter_lock);
-       put_online_cpus();
+/* for quick checking without looking up memcg */
+atomic_t memcg_moving __read_mostly;
  
+static void mem_cgroup_start_move(struct mem_cgroup *memcg)
+{
+       atomic_inc(&memcg_moving);
+       atomic_inc(&memcg->moving_account);
         synchronize_rcu();
  }
  
  static void mem_cgroup_end_move(struct mem_cgroup *memcg)
  {
-       int cpu;
-
-       if (!memcg)
-               return;
-       get_online_cpus();
-       spin_lock(&memcg->pcp_counter_lock);
-       for_each_online_cpu(cpu)
-               per_cpu(memcg->stat->count[MEM_CGROUP_ON_MOVE], cpu) -= 1;
-       memcg->nocpu_base.count[MEM_CGROUP_ON_MOVE] -= 1;
-       spin_unlock(&memcg->pcp_counter_lock);
-       put_online_cpus();
+       /*
+        * Now, mem_cgroup_clear_mc() may call this function with NULL.
+        * We check NULL in callee rather than caller.
+        */
+       if (memcg) {
+               atomic_dec(&memcg_moving);
+               atomic_dec(&memcg->moving_account);
+       }
  }
+
  /*
   * 2 routines for checking "mem" is under move_account() or not.
   *
- * mem_cgroup_stealed() - checking a cgroup is mc.from or not. This is used
- *                       for avoiding race in accounting. If true,
+ * mem_cgroup_stolen() -  checking whether a cgroup is mc.from or not. This
+ *                       is used for avoiding races in accounting.  If true,
   *                       pc->mem_cgroup may be overwritten.
   *
   * mem_cgroup_under_move() - checking a cgroup is mc.from or mc.to or
@@ -1385,10 +1341,10 @@ static void mem_cgroup_end_move(struct mem_cgroup *memcg)
   *                       waiting at hith-memory prressure caused by "move".
   */
  
-static bool mem_cgroup_stealed(struct mem_cgroup *memcg)
+static bool mem_cgroup_stolen(struct mem_cgroup *memcg)
  {
         VM_BUG_ON(!rcu_read_lock_held());
-       return this_cpu_read(memcg->stat->count[MEM_CGROUP_ON_MOVE]) > 0;
+       return atomic_read(&memcg->moving_account) > 0;
  }
  
  static bool mem_cgroup_under_move(struct mem_cgroup *memcg)
@@ -1429,6 +1385,24 @@ static bool mem_cgroup_wait_acct_move(struct mem_cgroup *memcg)
         return false;
  }
  
+/*
+ * Take this lock when
+ * - a code tries to modify page's memcg while it's USED.
+ * - a code tries to modify page state accounting in a memcg.
+ * see mem_cgroup_stolen(), too.
+ */
+static void move_lock_mem_cgroup(struct mem_cgroup *memcg,
+                                 unsigned long *flags)
+{
+       spin_lock_irqsave(&memcg->move_lock, *flags);
+}
+
+static void move_unlock_mem_cgroup(struct mem_cgroup *memcg,
+                               unsigned long *flags)
+{
+       spin_unlock_irqrestore(&memcg->move_lock, *flags);
+}
+
  /**
   * mem_cgroup_print_oom_info: Called from OOM with tasklist_lock held in read mode.
   * @memcg: The memory cgroup that went over limit
@@ -1452,7 +1426,6 @@ void mem_cgroup_print_oom_info(struct mem_cgroup *memcg, struct task_struct *p)
         if (!memcg || !p)
                 return;
  
-
         rcu_read_lock();
  
         mem_cgrp = memcg->css.cgroup;
@@ -1529,6 +1502,42 @@ u64 mem_cgroup_get_limit(struct mem_cgroup *memcg)
         return min(limit, memsw);
  }
  
+static unsigned long mem_cgroup_reclaim(struct mem_cgroup *memcg,
+                                       gfp_t gfp_mask,
+                                       unsigned long flags)
+{
+       unsigned long total = 0;
+       bool noswap = false;
+       int loop;
+
+       if (flags & MEM_CGROUP_RECLAIM_NOSWAP)
+               noswap = true;
+       if (!(flags & MEM_CGROUP_RECLAIM_SHRINK) && memcg->memsw_is_minimum)
+               noswap = true;
+
+       for (loop = 0; loop < MEM_CGROUP_MAX_RECLAIM_LOOPS; loop++) {
+               if (loop)
+                       drain_all_stock_async(memcg);
+               total += try_to_free_mem_cgroup_pages(memcg, gfp_mask, noswap);
+               /*
+                * Allow limit shrinkers, which are triggered directly
+                * by userspace, to catch signals and stop reclaim
+                * after minimal progress, regardless of the margin.
+                */
+               if (total && (flags & MEM_CGROUP_RECLAIM_SHRINK))
+                       break;
+               if (mem_cgroup_margin(memcg))
+                       break;
+               /*
+                * If nothing was reclaimed after two attempts, there
+                * may be no reclaimable pages in this hierarchy.
+                */
+               if (loop && !total)
+                       break;
+       }
+       return total;
+}
+
  /**
   * test_mem_cgroup_node_reclaimable
   * @mem: the target memcg
@@ -1666,58 +1675,34 @@ bool mem_cgroup_reclaimable(struct mem_cgroup *memcg, bool noswap)
  }
  #endif
  
-/*
- * Scan the hierarchy if needed to reclaim memory. We remember the last child
- * we reclaimed from, so that we don't end up penalizing one child extensively
- * based on its position in the children list.
- *
- * root_memcg is the original ancestor that we've been reclaim from.
- *
- * We give up and return to the caller when we visit root_memcg twice.
- * (other groups can be removed while we're walking....)
- *
- * If shrink==true, for avoiding to free too much, this returns immedieately.
- */
-static int mem_cgroup_hierarchical_reclaim(struct mem_cgroup *root_memcg,
-                                               struct zone *zone,
-                                               gfp_t gfp_mask,
-                                               unsigned long reclaim_options,
-                                               unsigned long *total_scanned)
+static int mem_cgroup_soft_reclaim(struct mem_cgroup *root_memcg,
+                                  struct zone *zone,
+                                  gfp_t gfp_mask,
+                                  unsigned long *total_scanned)
  {
         struct mem_cgroup *victim = NULL;
-       int ret, total = 0;
+       int total = 0;
         int loop = 0;
-       bool noswap = reclaim_options & MEM_CGROUP_RECLAIM_NOSWAP;
-       bool shrink = reclaim_options & MEM_CGROUP_RECLAIM_SHRINK;
-       bool check_soft = reclaim_options & MEM_CGROUP_RECLAIM_SOFT;
         unsigned long excess;
         unsigned long nr_scanned;
+       struct mem_cgroup_reclaim_cookie reclaim = {
+               .zone = zone,
+               .priority = 0,
+       };
  
         excess = res_counter_soft_limit_excess(&root_memcg->res) >> PAGE_SHIFT;
  
-       /* If memsw_is_minimum==1, swap-out is of-no-use. */
-       if (!check_soft && !shrink && root_memcg->memsw_is_minimum)
-               noswap = true;
-
         while (1) {
-               victim = mem_cgroup_iter(root_memcg, victim, true);
+               victim = mem_cgroup_iter(root_memcg, victim, &reclaim);
                 if (!victim) {
                         loop++;
-                       /*
-                        * We are not draining per cpu cached charges during
-                        * soft limit reclaim  because global reclaim doesn't
-                        * care about charges. It tries to free some memory and
-                        * charges will not give any.
-                        */
-                       if (!check_soft && loop >= 1)
-                               drain_all_stock_async(root_memcg);
                         if (loop >= 2) {
                                 /*
                                  * If we have not been able to reclaim
                                  * anything, it might because there are
                                  * no reclaimable pages under this hierarchy
                                  */
-                               if (!check_soft || !total)
+                               if (!total)
                                         break;
                                 /*
                                  * We want to do more targeted reclaim.
@@ -1731,30 +1716,12 @@ static int mem_cgroup_hierarchical_reclaim(struct mem_cgroup *root_memcg,
                         }
                         continue;
                 }
-               if (!mem_cgroup_reclaimable(victim, noswap)) {
-                       /* this cgroup's local usage == 0 */
+               if (!mem_cgroup_reclaimable(victim, false))
                         continue;
-               }
-               /* we use swappiness of local cgroup */
-               if (check_soft) {
-                       ret = mem_cgroup_shrink_node_zone(victim, gfp_mask,
-                               noswap, zone, &nr_scanned);
-                       *total_scanned += nr_scanned;
-               } else
-                       ret = try_to_free_mem_cgroup_pages(victim, gfp_mask,
-                                               noswap);
-               total += ret;
-               /*
-                * At shrinking usage, we can't check we should stop here or
-                * reclaim more. It's depends on callers. last_scanned_child
-                * will work enough for keeping fairness under tree.
-                */
-               if (shrink)
-                       break;
-               if (check_soft) {
-                       if (!res_counter_soft_limit_excess(&root_memcg->res))
-                               break;
-               } else if (mem_cgroup_margin(root_memcg))
+               total += mem_cgroup_shrink_node_zone(victim, gfp_mask, false,
+                                                    zone, &nr_scanned);
+               *total_scanned += nr_scanned;
+               if (!res_counter_soft_limit_excess(&root_memcg->res))
                         break;
         }
         mem_cgroup_iter_break(root_memcg, victim);
@@ -1837,22 +1804,22 @@ static DEFINE_SPINLOCK(memcg_oom_lock);
  static DECLARE_WAIT_QUEUE_HEAD(memcg_oom_waitq);
  
  struct oom_wait_info {
-       struct mem_cgroup *mem;
+       struct mem_cgroup *memcg;
         wait_queue_t    wait;
  };
  
  static int memcg_oom_wake_function(wait_queue_t *wait,
         unsigned mode, int sync, void *arg)
  {
-       struct mem_cgroup *wake_memcg = (struct mem_cgroup *)arg,
-                         *oom_wait_memcg;
+       struct mem_cgroup *wake_memcg = (struct mem_cgroup *)arg;
+       struct mem_cgroup *oom_wait_memcg;
         struct oom_wait_info *oom_wait_info;
  
         oom_wait_info = container_of(wait, struct oom_wait_info, wait);
-       oom_wait_memcg = oom_wait_info->mem;
+       oom_wait_memcg = oom_wait_info->memcg;
  
         /*
-        * Both of oom_wait_info->mem and wake_mem are stable under us.
+        * Both of oom_wait_info->memcg and wake_memcg are stable under us.
          * Then we can use css_is_ancestor without taking care of RCU.
          */
         if (!mem_cgroup_same_or_subtree(oom_wait_memcg, wake_memcg)
@@ -1876,12 +1843,12 @@ static void memcg_oom_recover(struct mem_cgroup *memcg)
  /*
   * try to call OOM killer. returns false if we should exit memory-reclaim loop.
   */
-bool mem_cgroup_handle_oom(struct mem_cgroup *memcg, gfp_t mask)
+bool mem_cgroup_handle_oom(struct mem_cgroup *memcg, gfp_t mask, int order)
  {
         struct oom_wait_info owait;
         bool locked, need_to_kill;
  
-       owait.mem = memcg;
+       owait.memcg = memcg;
         owait.wait.flags = 0;
         owait.wait.func = memcg_oom_wake_function;
         owait.wait.private = current;
@@ -1906,7 +1873,7 @@ bool mem_cgroup_handle_oom(struct mem_cgroup *memcg, gfp_t mask)
  
         if (need_to_kill) {
                 finish_wait(&memcg_oom_waitq, &owait.wait);
-               mem_cgroup_out_of_memory(memcg, mask);
+               mem_cgroup_out_of_memory(memcg, mask, order);
         } else {
                 schedule();
                 finish_wait(&memcg_oom_waitq, &owait.wait);
@@ -1946,41 +1913,66 @@ bool mem_cgroup_handle_oom(struct mem_cgroup *memcg, gfp_t mask)
   * by flags.
   *
   * Considering "move", this is an only case we see a race. To make the race
- * small, we check MEM_CGROUP_ON_MOVE percpu value and detect there are
- * possibility of race condition. If there is, we take a lock.
+ * small, we check mm->moving_account and detect there are possibility of race
+ * If there is, we take a lock.
   */
  
+void __mem_cgroup_begin_update_page_stat(struct page *page,
+                               bool *locked, unsigned long *flags)
+{
+       struct mem_cgroup *memcg;
+       struct page_cgroup *pc;
+
+       pc = lookup_page_cgroup(page);
+again:
+       memcg = pc->mem_cgroup;
+       if (unlikely(!memcg || !PageCgroupUsed(pc)))
+               return;
+       /*
+        * If this memory cgroup is not under account moving, we don't
+        * need to take move_lock_page_cgroup(). Because we already hold
+        * rcu_read_lock(), any calls to move_account will be delayed until
+        * rcu_read_unlock() if mem_cgroup_stolen() == true.
+        */
+       if (!mem_cgroup_stolen(memcg))
+               return;
+
+       move_lock_mem_cgroup(memcg, flags);
+       if (memcg != pc->mem_cgroup || !PageCgroupUsed(pc)) {
+               move_unlock_mem_cgroup(memcg, flags);
+               goto again;
+       }
+       *locked = true;
+}
+
+void __mem_cgroup_end_update_page_stat(struct page *page, unsigned long *flags)
+{
+       struct page_cgroup *pc = lookup_page_cgroup(page);
+
+       /*
+        * It's guaranteed that pc->mem_cgroup never changes while
+        * lock is held because a routine modifies pc->mem_cgroup
+        * should take move_lock_page_cgroup().
+        */
+       move_unlock_mem_cgroup(pc->mem_cgroup, flags);
+}
+
  void mem_cgroup_update_page_stat(struct page *page,
                                  enum mem_cgroup_page_stat_item idx, int val)
  {
         struct mem_cgroup *memcg;
         struct page_cgroup *pc = lookup_page_cgroup(page);
-       bool need_unlock = false;
         unsigned long uninitialized_var(flags);
  
-       if (unlikely(!pc))
+       if (mem_cgroup_disabled())
                 return;
  
-       rcu_read_lock();
         memcg = pc->mem_cgroup;
         if (unlikely(!memcg || !PageCgroupUsed(pc)))
-               goto out;
-       /* pc->mem_cgroup is unstable ? */
-       if (unlikely(mem_cgroup_stealed(memcg)) || PageTransHuge(page)) {
-               /* take a lock against to access pc->mem_cgroup */
-               move_lock_page_cgroup(pc, &flags);
-               need_unlock = true;
-               memcg = pc->mem_cgroup;
-               if (!memcg || !PageCgroupUsed(pc))
-                       goto out;
-       }
+               return;
  
         switch (idx) {
         case MEMCG_NR_FILE_MAPPED:
-               if (val > 0)
-                       SetPageCgroupFileMapped(pc);
-               else if (!page_mapped(page))
-                       ClearPageCgroupFileMapped(pc);
                 idx = MEM_CGROUP_STAT_FILE_MAPPED;
                 break;
         default:
@@ -1988,14 +1980,7 @@ void mem_cgroup_update_page_stat(struct page *page,
         }
  
         this_cpu_add(memcg->stat->count[idx], val);
-
-out:
-       if (unlikely(need_unlock))
-               move_unlock_page_cgroup(pc, &flags);
-       rcu_read_unlock();
-       return;
  }
-EXPORT_SYMBOL(mem_cgroup_update_page_stat);
  
  /*
   * size of first charge trial. "32" comes from vmscan.c's magic value.
@@ -2166,17 +2151,6 @@ static void mem_cgroup_drain_pcp_counter(struct mem_cgroup *memcg, int cpu)
                 per_cpu(memcg->stat->events[i], cpu) = 0;
                 memcg->nocpu_base.events[i] += x;
         }
-       /* need to clear ON_MOVE value, works as a kind of lock. */
-       per_cpu(memcg->stat->count[MEM_CGROUP_ON_MOVE], cpu) = 0;
-       spin_unlock(&memcg->pcp_counter_lock);
-}
-
-static void synchronize_mem_cgroup_on_move(struct mem_cgroup *memcg, int cpu)
-{
-       int idx = MEM_CGROUP_ON_MOVE;
-
-       spin_lock(&memcg->pcp_counter_lock);
-       per_cpu(memcg->stat->count[idx], cpu) = memcg->nocpu_base.count[idx];
         spin_unlock(&memcg->pcp_counter_lock);
  }
  
@@ -2188,13 +2162,10 @@ static int __cpuinit memcg_cpu_hotplug_callback(struct notifier_block *nb,
         struct memcg_stock_pcp *stock;
         struct mem_cgroup *iter;
  
-       if ((action == CPU_ONLINE)) {
-               for_each_mem_cgroup(iter)
-                       synchronize_mem_cgroup_on_move(iter, cpu);
+       if (action == CPU_ONLINE)
                 return NOTIFY_OK;
-       }
  
-       if ((action != CPU_DEAD) || action != CPU_DEAD_FROZEN)
+       if (action != CPU_DEAD && action != CPU_DEAD_FROZEN)
                 return NOTIFY_OK;
  
         for_each_mem_cgroup(iter)
@@ -2251,8 +2222,7 @@ static int mem_cgroup_do_charge(struct mem_cgroup *memcg, gfp_t gfp_mask,
         if (!(gfp_mask & __GFP_WAIT))
                 return CHARGE_WOULDBLOCK;
  
-       ret = mem_cgroup_hierarchical_reclaim(mem_over_limit, NULL,
-                                             gfp_mask, flags, NULL);
+       ret = mem_cgroup_reclaim(mem_over_limit, gfp_mask, flags);
         if (mem_cgroup_margin(mem_over_limit) >= nr_pages)
                 return CHARGE_RETRY;
         /*
@@ -2278,15 +2248,32 @@ static int mem_cgroup_do_charge(struct mem_cgroup *memcg, gfp_t gfp_mask,
         if (!oom_check)
                 return CHARGE_NOMEM;
         /* check OOM */
-       if (!mem_cgroup_handle_oom(mem_over_limit, gfp_mask))
+       if (!mem_cgroup_handle_oom(mem_over_limit, gfp_mask, get_order(csize)))
                 return CHARGE_OOM_DIE;
  
         return CHARGE_RETRY;
  }
  
  /*
- * Unlike exported interface, "oom" parameter is added. if oom==true,
- * oom-killer can be invoked.
+ * __mem_cgroup_try_charge() does
+ * 1. detect memcg to be charged against from passed *mm and *ptr,
+ * 2. update res_counter
+ * 3. call memory reclaim if necessary.
+ *
+ * In some special case, if the task is fatal, fatal_signal_pending() or
+ * has TIF_MEMDIE, this function returns -EINTR while writing root_mem_cgroup
+ * to *ptr. There are two reasons for this. 1: fatal threads should quit as soon
+ * as possible without any hazards. 2: all pages should have a valid
+ * pc->mem_cgroup. If mm is NULL and the caller doesn't pass a valid memcg
+ * pointer, that is treated as a charge to root_mem_cgroup.
+ *
+ * So __mem_cgroup_try_charge() will return
+ *  0       ...  on success, filling *ptr with a valid memcg pointer.
+ *  -ENOMEM ...  charge failure because of resource limits.
+ *  -EINTR  ...  if thread is fatal. *ptr is filled with root_mem_cgroup.
+ *
+ * Unlike the exported interface, an "oom" parameter is added. if oom==true,
+ * the oom-killer can be invoked.
   */
  static int __mem_cgroup_try_charge(struct mm_struct *mm,
                                    gfp_t gfp_mask,
@@ -2315,7 +2302,7 @@ static int __mem_cgroup_try_charge(struct mm_struct *mm,
          * set, if so charge the init_mm (happens for pagecache usage).
          */
         if (!*ptr && !mm)
-               goto bypass;
+               *ptr = root_mem_cgroup;
  again:
         if (*ptr) { /* css should be a valid one */
                 memcg = *ptr;
@@ -2341,7 +2328,9 @@ again:
                  * task-struct. So, mm->owner can be NULL.
                  */
                 memcg = mem_cgroup_from_task(p);
-               if (!memcg || mem_cgroup_is_root(memcg)) {
+               if (!memcg)
+                       memcg = root_mem_cgroup;
+               if (mem_cgroup_is_root(memcg)) {
                         rcu_read_unlock();
                         goto done;
                 }
@@ -2416,8 +2405,8 @@ nomem:
         *ptr = NULL;
         return -ENOMEM;
  bypass:
-       *ptr = NULL;
-       return 0;
+       *ptr = root_mem_cgroup;
+       return -EINTR;
  }
  
  /*
@@ -2473,7 +2462,7 @@ struct mem_cgroup *try_get_mem_cgroup_from_page(struct page *page)
                         memcg = NULL;
         } else if (PageSwapCache(page)) {
                 ent.val = page_private(page);
-               id = lookup_swap_cgroup(ent);
+               id = lookup_swap_cgroup_id(ent);
                 rcu_read_lock();
                 memcg = mem_cgroup_lookup(id);
                 if (memcg && !css_tryget(&memcg->css))
@@ -2487,9 +2476,14 @@ struct mem_cgroup *try_get_mem_cgroup_from_page(struct page *page)
  static void __mem_cgroup_commit_charge(struct mem_cgroup *memcg,
                                        struct page *page,
                                        unsigned int nr_pages,
-                                      struct page_cgroup *pc,
-                                      enum charge_type ctype)
+                                      enum charge_type ctype,
+                                      bool lrucare)
  {
+       struct page_cgroup *pc = lookup_page_cgroup(page);
+       struct zone *uninitialized_var(zone);
+       bool was_on_lru = false;
+       bool anon;
+
         lock_page_cgroup(pc);
         if (unlikely(PageCgroupUsed(pc))) {
                 unlock_page_cgroup(pc);
@@ -2500,6 +2494,21 @@ static void __mem_cgroup_commit_charge(struct mem_cgroup *memcg,
          * we don't need page_cgroup_lock about tail pages, becase they are not
          * accessed by any other context at this point.
          */
+
+       /*
+        * In some cases, SwapCache and FUSE(splice_buf->radixtree), the page
+        * may already be on some other mem_cgroup's LRU.  Take care of it.
+        */
+       if (lrucare) {
+               zone = page_zone(page);
+               spin_lock_irq(&zone->lru_lock);
+               if (PageLRU(page)) {
+                       ClearPageLRU(page);
+                       del_page_from_lru_list(zone, page, page_lru(page));
+                       was_on_lru = true;
+               }
+       }
+
         pc->mem_cgroup = memcg;
         /*
          * We access a page_cgroup asynchronously without lock_page_cgroup().
@@ -2509,22 +2518,25 @@ static void __mem_cgroup_commit_charge(struct mem_cgroup *memcg,
          * See mem_cgroup_add_lru_list(), etc.
          */
         smp_wmb();
-       switch (ctype) {
-       case MEM_CGROUP_CHARGE_TYPE_CACHE:
-       case MEM_CGROUP_CHARGE_TYPE_SHMEM:
-               SetPageCgroupCache(pc);
-               SetPageCgroupUsed(pc);
-               break;
-       case MEM_CGROUP_CHARGE_TYPE_MAPPED:
-               ClearPageCgroupCache(pc);
-               SetPageCgroupUsed(pc);
-               break;
-       default:
-               break;
+       SetPageCgroupUsed(pc);
+
+       if (lrucare) {
+               if (was_on_lru) {
+                       VM_BUG_ON(PageLRU(page));
+                       SetPageLRU(page);
+                       add_page_to_lru_list(zone, page, page_lru(page));
+               }
+               spin_unlock_irq(&zone->lru_lock);
         }
  
-       mem_cgroup_charge_statistics(memcg, PageCgroupCache(pc), nr_pages);
+       if (ctype == MEM_CGROUP_CHARGE_TYPE_MAPPED)
+               anon = true;
+       else
+               anon = false;
+
+       mem_cgroup_charge_statistics(memcg, anon, nr_pages);
         unlock_page_cgroup(pc);
+
         /*
          * "charge_statistics" updated event counter. Then, check it.
          * Insert ancestor (and ancestor's ancestors), to softlimit RB-tree.
@@ -2535,45 +2547,29 @@ static void __mem_cgroup_commit_charge(struct mem_cgroup *memcg,
  
  #ifdef CONFIG_TRANSPARENT_HUGEPAGE
  
-#define PCGF_NOCOPY_AT_SPLIT ((1 << PCG_LOCK) | (1 << PCG_MOVE_LOCK) |\
-                       (1 << PCG_ACCT_LRU) | (1 << PCG_MIGRATION))
+#define PCGF_NOCOPY_AT_SPLIT ((1 << PCG_LOCK) | (1 << PCG_MIGRATION))
  /*
   * Because tail pages are not marked as "used", set it. We're under
- * zone->lru_lock, 'splitting on pmd' and compund_lock.
+ * zone->lru_lock, 'splitting on pmd' and compound_lock.
+ * charge/uncharge will be never happen and move_account() is done under
+ * compound_lock(), so we don't have to take care of races.
   */
-void mem_cgroup_split_huge_fixup(struct page *head, struct page *tail)
+void mem_cgroup_split_huge_fixup(struct page *head)
  {
         struct page_cgroup *head_pc = lookup_page_cgroup(head);
-       struct page_cgroup *tail_pc = lookup_page_cgroup(tail);
-       unsigned long flags;
+       struct page_cgroup *pc;
+       int i;
  
         if (mem_cgroup_disabled())
                 return;
-       /*
-        * We have no races with charge/uncharge but will have races with
-        * page state accounting.
-        */
-       move_lock_page_cgroup(head_pc, &flags);
-
-       tail_pc->mem_cgroup = head_pc->mem_cgroup;
-       smp_wmb(); /* see __commit_charge() */
-       if (PageCgroupAcctLRU(head_pc)) {
-               enum lru_list lru;
-               struct mem_cgroup_per_zone *mz;
-
-               /*
-                * LRU flags cannot be copied because we need to add tail
-                *.page to LRU by generic call and our hook will be called.
-                * We hold lru_lock, then, reduce counter directly.
-                */
-               lru = page_lru(head);
-               mz = page_cgroup_zoneinfo(head_pc->mem_cgroup, head);
-               MEM_CGROUP_ZSTAT(mz, lru) -= 1;
+       for (i = 1; i < HPAGE_PMD_NR; i++) {
+               pc = head_pc + i;
+               pc->mem_cgroup = head_pc->mem_cgroup;
+               smp_wmb();/* see __commit_charge() */
+               pc->flags = head_pc->flags & ~PCGF_NOCOPY_AT_SPLIT;
         }
-       tail_pc->flags = head_pc->flags & ~PCGF_NOCOPY_AT_SPLIT;
-       move_unlock_page_cgroup(head_pc, &flags);
  }
-#endif
+#endif /* CONFIG_TRANSPARENT_HUGEPAGE */
  
  /**
   * mem_cgroup_move_account - move account of the page
@@ -2602,6 +2598,7 @@ static int mem_cgroup_move_account(struct page *page,
  {
         unsigned long flags;
         int ret;
+       bool anon = PageAnon(page);
  
         VM_BUG_ON(from == to);
         VM_BUG_ON(PageLRU(page));
@@ -2621,23 +2618,23 @@ static int mem_cgroup_move_account(struct page *page,
         if (!PageCgroupUsed(pc) || pc->mem_cgroup != from)
                 goto unlock;
  
-       move_lock_page_cgroup(pc, &flags);
+       move_lock_mem_cgroup(from, &flags);
  
-       if (PageCgroupFileMapped(pc)) {
+       if (!anon && page_mapped(page)) {
                 /* Update mapped_file data for mem_cgroup */
                 preempt_disable();
                 __this_cpu_dec(from->stat->count[MEM_CGROUP_STAT_FILE_MAPPED]);
                 __this_cpu_inc(to->stat->count[MEM_CGROUP_STAT_FILE_MAPPED]);
                 preempt_enable();
         }
-       mem_cgroup_charge_statistics(from, PageCgroupCache(pc), -nr_pages);
+       mem_cgroup_charge_statistics(from, anon, -nr_pages);
         if (uncharge)
                 /* This is not "cancel", but cancel_charge does all we need. */
                 __mem_cgroup_cancel_charge(from, nr_pages);
  
         /* caller should have done css_get */
         pc->mem_cgroup = to;
-       mem_cgroup_charge_statistics(to, PageCgroupCache(pc), nr_pages);
+       mem_cgroup_charge_statistics(to, anon, nr_pages);
         /*
          * We charges against "to" which may not have any tasks. Then, "to"
          * can be under rmdir(). But in current implementation, caller of
@@ -2645,7 +2642,7 @@ static int mem_cgroup_move_account(struct page *page,
          * guaranteed that "to" is never removed. So, we don't check rmdir
          * status here.
          */
-       move_unlock_page_cgroup(pc, &flags);
+       move_unlock_mem_cgroup(from, &flags);
         ret = 0;
  unlock:
         unlock_page_cgroup(pc);
@@ -2688,7 +2685,7 @@ static int mem_cgroup_move_parent(struct page *page,
  
         parent = mem_cgroup_from_cont(pcg);
         ret = __mem_cgroup_try_charge(NULL, gfp_mask, nr_pages, &parent, false);
-       if (ret || !parent)
+       if (ret)
                 goto put_back;
  
         if (nr_pages > 1)
@@ -2719,7 +2716,6 @@ static int mem_cgroup_charge_common(struct page *page, struct mm_struct *mm,
  {
         struct mem_cgroup *memcg = NULL;
         unsigned int nr_pages = 1;
-       struct page_cgroup *pc;
         bool oom = true;
         int ret;
  
@@ -2733,14 +2729,10 @@ static int mem_cgroup_charge_common(struct page *page, struct mm_struct *mm,
                 oom = false;
         }
  
-       pc = lookup_page_cgroup(page);
-       BUG_ON(!pc); /* XXX: remove this and move pc lookup into commit */
-
         ret = __mem_cgroup_try_charge(mm, gfp_mask, nr_pages, &memcg, oom);
-       if (ret || !memcg)
+       if (ret == -ENOMEM)
                 return ret;
-
-       __mem_cgroup_commit_charge(memcg, page, nr_pages, pc, ctype);
+       __mem_cgroup_commit_charge(memcg, page, nr_pages, ctype, false);
         return 0;
  }
  
@@ -2749,45 +2741,22 @@ int mem_cgroup_newpage_charge(struct page *page,
  {
         if (mem_cgroup_disabled())
                 return 0;
-       /*
-        * If already mapped, we don't have to account.
-        * If page cache, page->mapping has address_space.
-        * But page->mapping may have out-of-use anon_vma pointer,
-        * detecit it by PageAnon() check. newly-mapped-anon's page->mapping
-        * is NULL.
-        */
-       if (page_mapped(page) || (page->mapping && !PageAnon(page)))
-               return 0;
-       if (unlikely(!mm))
-               mm = &init_mm;
+       VM_BUG_ON(page_mapped(page));
+       VM_BUG_ON(page->mapping && !PageAnon(page));
+       VM_BUG_ON(!mm);
         return mem_cgroup_charge_common(page, mm, gfp_mask,
-                               MEM_CGROUP_CHARGE_TYPE_MAPPED);
+                                       MEM_CGROUP_CHARGE_TYPE_MAPPED);
  }
  
  static void
  __mem_cgroup_commit_charge_swapin(struct page *page, struct mem_cgroup *ptr,
                                         enum charge_type ctype);
  
-static void
-__mem_cgroup_commit_charge_lrucare(struct page *page, struct mem_cgroup *memcg,
-                                       enum charge_type ctype)
-{
-       struct page_cgroup *pc = lookup_page_cgroup(page);
-       /*
-        * In some case, SwapCache, FUSE(splice_buf->radixtree), the page
-        * is already on LRU. It means the page may on some other page_cgroup's
-        * LRU. Take care of it.
-        */
-       mem_cgroup_lru_del_before_commit(page);
-       __mem_cgroup_commit_charge(memcg, page, 1, pc, ctype);
-       mem_cgroup_lru_add_after_commit(page);
-       return;
-}
-
  int mem_cgroup_cache_charge(struct page *page, struct mm_struct *mm,
                                 gfp_t gfp_mask)
  {
         struct mem_cgroup *memcg = NULL;
+       enum charge_type type = MEM_CGROUP_CHARGE_TYPE_CACHE;
         int ret;
  
         if (mem_cgroup_disabled())
@@ -2797,31 +2766,16 @@ int mem_cgroup_cache_charge(struct page *page, struct mm_struct *mm,
  
         if (unlikely(!mm))
                 mm = &init_mm;
+       if (!page_is_file_cache(page))
+               type = MEM_CGROUP_CHARGE_TYPE_SHMEM;
  
-       if (page_is_file_cache(page)) {
-               ret = __mem_cgroup_try_charge(mm, gfp_mask, 1, &memcg, true);
-               if (ret || !memcg)
-                       return ret;
-
-               /*
-                * FUSE reuses pages without going through the final
-                * put that would remove them from the LRU list, make
-                * sure that they get relinked properly.
-                */
-               __mem_cgroup_commit_charge_lrucare(page, memcg,
-                                       MEM_CGROUP_CHARGE_TYPE_CACHE);
-               return ret;
-       }
-       /* shmem */
-       if (PageSwapCache(page)) {
+       if (!PageSwapCache(page))
+               ret = mem_cgroup_charge_common(page, mm, gfp_mask, type);
+       else { /* page is swapcache/shmem */
                 ret = mem_cgroup_try_charge_swapin(mm, page, gfp_mask, &memcg);
                 if (!ret)
-                       __mem_cgroup_commit_charge_swapin(page, memcg,
-                                       MEM_CGROUP_CHARGE_TYPE_SHMEM);
-       } else
-               ret = mem_cgroup_charge_common(page, mm, gfp_mask,
-                                       MEM_CGROUP_CHARGE_TYPE_SHMEM);
-
+                       __mem_cgroup_commit_charge_swapin(page, memcg, type);
+       }
         return ret;
  }
  
@@ -2833,12 +2787,12 @@ int mem_cgroup_cache_charge(struct page *page, struct mm_struct *mm,
   */
  int mem_cgroup_try_charge_swapin(struct mm_struct *mm,
                                  struct page *page,
-                                gfp_t mask, struct mem_cgroup **ptr)
+                                gfp_t mask, struct mem_cgroup **memcgp)
  {
         struct mem_cgroup *memcg;
         int ret;
  
-       *ptr = NULL;
+       *memcgp = NULL;
  
         if (mem_cgroup_disabled())
                 return 0;
@@ -2856,27 +2810,32 @@ int mem_cgroup_try_charge_swapin(struct mm_struct *mm,
         memcg = try_get_mem_cgroup_from_page(page);
         if (!memcg)
                 goto charge_cur_mm;
-       *ptr = memcg;
-       ret = __mem_cgroup_try_charge(NULL, mask, 1, ptr, true);
+       *memcgp = memcg;
+       ret = __mem_cgroup_try_charge(NULL, mask, 1, memcgp, true);
         css_put(&memcg->css);
+       if (ret == -EINTR)
+               ret = 0;
         return ret;
  charge_cur_mm:
         if (unlikely(!mm))
                 mm = &init_mm;
-       return __mem_cgroup_try_charge(mm, mask, 1, ptr, true);
+       ret = __mem_cgroup_try_charge(mm, mask, 1, memcgp, true);
+       if (ret == -EINTR)
+               ret = 0;
+       return ret;
  }
  
  static void
-__mem_cgroup_commit_charge_swapin(struct page *page, struct mem_cgroup *ptr,
+__mem_cgroup_commit_charge_swapin(struct page *page, struct mem_cgroup *memcg,
                                         enum charge_type ctype)
  {
         if (mem_cgroup_disabled())
                 return;
-       if (!ptr)
+       if (!memcg)
                 return;
-       cgroup_exclude_rmdir(&ptr->css);
+       cgroup_exclude_rmdir(&memcg->css);
  
-       __mem_cgroup_commit_charge_lrucare(page, ptr, ctype);
+       __mem_cgroup_commit_charge(memcg, page, 1, ctype, true);
         /*
          * Now swap is on-memory. This means this page may be
          * counted both as mem and swap....double count.
@@ -2886,21 +2845,22 @@ __mem_cgroup_commit_charge_swapin(struct page *page, struct mem_cgroup *ptr,
          */
         if (do_swap_account && PageSwapCache(page)) {
                 swp_entry_t ent = {.val = page_private(page)};
+               struct mem_cgroup *swap_memcg;
                 unsigned short id;
-               struct mem_cgroup *memcg;
  
                 id = swap_cgroup_record(ent, 0);
                 rcu_read_lock();
-               memcg = mem_cgroup_lookup(id);
-               if (memcg) {
+               swap_memcg = mem_cgroup_lookup(id);
+               if (swap_memcg) {
                         /*
                          * This recorded memcg can be obsolete one. So, avoid
                          * calling css_tryget
                          */
-                       if (!mem_cgroup_is_root(memcg))
-                               res_counter_uncharge(&memcg->memsw, PAGE_SIZE);
-                       mem_cgroup_swap_statistics(memcg, false);
-                       mem_cgroup_put(memcg);
+                       if (!mem_cgroup_is_root(swap_memcg))
+                               res_counter_uncharge(&swap_memcg->memsw,
+                                                    PAGE_SIZE);
+                       mem_cgroup_swap_statistics(swap_memcg, false);
+                       mem_cgroup_put(swap_memcg);
                 }
                 rcu_read_unlock();
         }
@@ -2909,13 +2869,14 @@ __mem_cgroup_commit_charge_swapin(struct page *page, struct mem_cgroup *ptr,
          * So, rmdir()->pre_destroy() can be called while we do this charge.
          * In that case, we need to call pre_destroy() again. check it here.
          */
-       cgroup_release_and_wakeup_rmdir(&ptr->css);
+       cgroup_release_and_wakeup_rmdir(&memcg->css);
  }
  
-void mem_cgroup_commit_charge_swapin(struct page *page, struct mem_cgroup *ptr)
+void mem_cgroup_commit_charge_swapin(struct page *page,
+                                    struct mem_cgroup *memcg)
  {
-       __mem_cgroup_commit_charge_swapin(page, ptr,
-                                       MEM_CGROUP_CHARGE_TYPE_MAPPED);
+       __mem_cgroup_commit_charge_swapin(page, memcg,
+                                         MEM_CGROUP_CHARGE_TYPE_MAPPED);
  }
  
  void mem_cgroup_cancel_charge_swapin(struct mem_cgroup *memcg)
@@ -2978,7 +2939,6 @@ direct_uncharge:
                 res_counter_uncharge(&memcg->memsw, nr_pages * PAGE_SIZE);
         if (unlikely(batch->memcg != memcg))
                 memcg_oom_recover(memcg);
-       return;
  }
  
  /*
@@ -2990,6 +2950,7 @@ __mem_cgroup_uncharge_common(struct page *page, enum charge_type ctype)
         struct mem_cgroup *memcg = NULL;
         unsigned int nr_pages = 1;
         struct page_cgroup *pc;
+       bool anon;
  
         if (mem_cgroup_disabled())
                 return NULL;
@@ -3005,7 +2966,7 @@ __mem_cgroup_uncharge_common(struct page *page, enum charge_type ctype)
          * Check if our page_cgroup is valid
          */
         pc = lookup_page_cgroup(page);
-       if (unlikely(!pc || !PageCgroupUsed(pc)))
+       if (unlikely(!PageCgroupUsed(pc)))
                 return NULL;
  
         lock_page_cgroup(pc);
@@ -3015,8 +2976,17 @@ __mem_cgroup_uncharge_common(struct page *page, enum charge_type ctype)
         if (!PageCgroupUsed(pc))
                 goto unlock_out;
  
+       anon = PageAnon(page);
+
         switch (ctype) {
         case MEM_CGROUP_CHARGE_TYPE_MAPPED:
+               /*
+                * Generally PageAnon tells if it's the anon statistics to be
+                * updated; but sometimes e.g. mem_cgroup_uncharge_page() is
+                * used before page reached the stage of being marked PageAnon.
+                */
+               anon = true;
+               /* fallthrough */
         case MEM_CGROUP_CHARGE_TYPE_DROP:
                 /* See mem_cgroup_prepare_migration() */
                 if (page_mapped(page) || PageCgroupMigration(pc))
@@ -3033,7 +3003,7 @@ __mem_cgroup_uncharge_common(struct page *page, enum charge_type ctype)
                 break;
         }
  
-       mem_cgroup_charge_statistics(memcg, PageCgroupCache(pc), -nr_pages);
+       mem_cgroup_charge_statistics(memcg, anon, -nr_pages);
  
         ClearPageCgroupUsed(pc);
         /*
@@ -3068,8 +3038,7 @@ void mem_cgroup_uncharge_page(struct page *page)
         /* early check. */
         if (page_mapped(page))
                 return;
-       if (page->mapping && !PageAnon(page))
-               return;
+       VM_BUG_ON(page->mapping && !PageAnon(page));
         __mem_cgroup_uncharge_common(page, MEM_CGROUP_CHARGE_TYPE_MAPPED);
  }
  
@@ -3244,14 +3213,14 @@ static inline int mem_cgroup_move_swap_account(swp_entry_t entry,
   * page belongs to.
   */
  int mem_cgroup_prepare_migration(struct page *page,
-       struct page *newpage, struct mem_cgroup **ptr, gfp_t gfp_mask)
+       struct page *newpage, struct mem_cgroup **memcgp, gfp_t gfp_mask)
  {
         struct mem_cgroup *memcg = NULL;
         struct page_cgroup *pc;
         enum charge_type ctype;
         int ret = 0;
  
-       *ptr = NULL;
+       *memcgp = NULL;
  
         VM_BUG_ON(PageTransHuge(page));
         if (mem_cgroup_disabled())
@@ -3302,10 +3271,10 @@ int mem_cgroup_prepare_migration(struct page *page,
         if (!memcg)
                 return 0;
  
-       *ptr = memcg;
-       ret = __mem_cgroup_try_charge(NULL, gfp_mask, 1, ptr, false);
+       *memcgp = memcg;
+       ret = __mem_cgroup_try_charge(NULL, gfp_mask, 1, memcgp, false);
         css_put(&memcg->css);/* drop extra refcnt */
-       if (ret || *ptr == NULL) {
+       if (ret) {
                 if (PageAnon(page)) {
                         lock_page_cgroup(pc);
                         ClearPageCgroupMigration(pc);
@@ -3315,6 +3284,7 @@ int mem_cgroup_prepare_migration(struct page *page,
                          */
                         mem_cgroup_uncharge_page(page);
                 }
+               /* we'll need to revisit this error code (we have -EINTR) */
                 return -ENOMEM;
         }
         /*
@@ -3323,14 +3293,13 @@ int mem_cgroup_prepare_migration(struct page *page,
          * page. In the case new page is migrated but not remapped, new page's
          * mapcount will be finally 0 and we call uncharge in end_migration().
          */
-       pc = lookup_page_cgroup(newpage);
         if (PageAnon(page))
                 ctype = MEM_CGROUP_CHARGE_TYPE_MAPPED;
         else if (page_is_file_cache(page))
                 ctype = MEM_CGROUP_CHARGE_TYPE_CACHE;
         else
                 ctype = MEM_CGROUP_CHARGE_TYPE_SHMEM;
-       __mem_cgroup_commit_charge(memcg, page, 1, pc, ctype);
+       __mem_cgroup_commit_charge(memcg, newpage, 1, ctype, false);
         return ret;
  }
  
@@ -3340,6 +3309,7 @@ void mem_cgroup_end_migration(struct mem_cgroup *memcg,
  {
         struct page *used, *unused;
         struct page_cgroup *pc;
+       bool anon;
  
         if (!memcg)
                 return;
@@ -3361,8 +3331,10 @@ void mem_cgroup_end_migration(struct mem_cgroup *memcg,
         lock_page_cgroup(pc);
         ClearPageCgroupMigration(pc);
         unlock_page_cgroup(pc);
-
-       __mem_cgroup_uncharge_common(unused, MEM_CGROUP_CHARGE_TYPE_FORCE);
+       anon = PageAnon(used);
+       __mem_cgroup_uncharge_common(unused,
+               anon ? MEM_CGROUP_CHARGE_TYPE_MAPPED
+                    : MEM_CGROUP_CHARGE_TYPE_CACHE);
  
         /*
          * If a page is a file cache, radix-tree replacement is very atomic
@@ -3372,7 +3344,7 @@ void mem_cgroup_end_migration(struct mem_cgroup *memcg,
          * and USED bit check in mem_cgroup_uncharge_page() will do enough
          * check. (see prepare_charge() also)
          */
-       if (PageAnon(used))
+       if (anon)
                 mem_cgroup_uncharge_page(used);
         /*
          * At migration, we may charge account against cgroup which has no
@@ -3393,9 +3365,7 @@ void mem_cgroup_replace_page_cache(struct page *oldpage,
  {
         struct mem_cgroup *memcg;
         struct page_cgroup *pc;
-       struct zone *zone;
         enum charge_type type = MEM_CGROUP_CHARGE_TYPE_CACHE;
-       unsigned long flags;
  
         if (mem_cgroup_disabled())
                 return;
@@ -3404,27 +3374,19 @@ void mem_cgroup_replace_page_cache(struct page *oldpage,
         /* fix accounting on old pages */
         lock_page_cgroup(pc);
         memcg = pc->mem_cgroup;
-       mem_cgroup_charge_statistics(memcg, PageCgroupCache(pc), -1);
+       mem_cgroup_charge_statistics(memcg, false, -1);
         ClearPageCgroupUsed(pc);
         unlock_page_cgroup(pc);
  
         if (PageSwapBacked(oldpage))
                 type = MEM_CGROUP_CHARGE_TYPE_SHMEM;
  
-       zone = page_zone(newpage);
-       pc = lookup_page_cgroup(newpage);
         /*
          * Even if newpage->mapping was NULL before starting replacement,
          * the newpage may be on LRU(or pagevec for LRU) already. We lock
          * LRU while we overwrite pc->mem_cgroup.
          */
-       spin_lock_irqsave(&zone->lru_lock, flags);
-       if (PageLRU(newpage))
-               del_page_from_lru_list(zone, newpage, page_lru(newpage));
-       __mem_cgroup_commit_charge(memcg, newpage, 1, pc, type);
-       if (PageLRU(newpage))
-               add_page_to_lru_list(zone, newpage, page_lru(newpage));
-       spin_unlock_irqrestore(&zone->lru_lock, flags);
+       __mem_cgroup_commit_charge(memcg, newpage, 1, type, true);
  }
  
  #ifdef CONFIG_DEBUG_VM
@@ -3433,6 +3395,11 @@ static struct page_cgroup *lookup_page_cgroup_used(struct page *page)
         struct page_cgroup *pc;
  
         pc = lookup_page_cgroup(page);
+       /*
+        * Can be NULL while feeding pages into the page allocator for
+        * the first time, i.e. during boot or memory hotplug;
+        * or when mem_cgroup_disabled().
+        */
         if (likely(pc) && PageCgroupUsed(pc))
                 return pc;
         return NULL;
@@ -3452,23 +3419,8 @@ void mem_cgroup_print_bad_page(struct page *page)
  
         pc = lookup_page_cgroup_used(page);
         if (pc) {
-               int ret = -1;
-               char *path;
-
-               printk(KERN_ALERT "pc:%p pc->flags:%lx pc->mem_cgroup:%p",
+               printk(KERN_ALERT "pc:%p pc->flags:%lx pc->mem_cgroup:%p\n",
                        pc, pc->flags, pc->mem_cgroup);
-
-               path = kmalloc(PATH_MAX, GFP_KERNEL);
-               if (path) {
-                       rcu_read_lock();
-                       ret = cgroup_path(pc->mem_cgroup->css.cgroup,
-                                                       path, PATH_MAX);
-                       rcu_read_unlock();
-               }
-
-               printk(KERN_CONT "(%s)\n",
-                               (ret < 0) ? "cannot get the path" : path);
-               kfree(path);
         }
  }
  #endif
@@ -3529,9 +3481,8 @@ static int mem_cgroup_resize_limit(struct mem_cgroup *memcg,
                 if (!ret)
                         break;
  
-               mem_cgroup_hierarchical_reclaim(memcg, NULL, GFP_KERNEL,
-                                               MEM_CGROUP_RECLAIM_SHRINK,
-                                               NULL);
+               mem_cgroup_reclaim(memcg, GFP_KERNEL,
+                                  MEM_CGROUP_RECLAIM_SHRINK);
                 curusage = res_counter_read_u64(&memcg->res, RES_USAGE);
                 /* Usage is reduced ? */
                 if (curusage >= oldusage)
@@ -3589,10 +3540,9 @@ static int mem_cgroup_resize_memsw_limit(struct mem_cgroup *memcg,
                 if (!ret)
                         break;
  
-               mem_cgroup_hierarchical_reclaim(memcg, NULL, GFP_KERNEL,
-                                               MEM_CGROUP_RECLAIM_NOSWAP |
-                                               MEM_CGROUP_RECLAIM_SHRINK,
-                                               NULL);
+               mem_cgroup_reclaim(memcg, GFP_KERNEL,
+                                  MEM_CGROUP_RECLAIM_NOSWAP |
+                                  MEM_CGROUP_RECLAIM_SHRINK);
                 curusage = res_counter_read_u64(&memcg->memsw, RES_USAGE);
                 /* Usage is reduced ? */
                 if (curusage >= oldusage)
@@ -3635,10 +3585,8 @@ unsigned long mem_cgroup_soft_limit_reclaim(struct zone *zone, int order,
                         break;
  
                 nr_scanned = 0;
-               reclaimed = mem_cgroup_hierarchical_reclaim(mz->mem, zone,
-                                               gfp_mask,
-                                               MEM_CGROUP_RECLAIM_SOFT,
-                                               &nr_scanned);
+               reclaimed = mem_cgroup_soft_reclaim(mz->memcg, zone,
+                                                   gfp_mask, &nr_scanned);
                 nr_reclaimed += reclaimed;
                 *total_scanned += nr_scanned;
                 spin_lock(&mctz->lock);
@@ -3664,13 +3612,13 @@ unsigned long mem_cgroup_soft_limit_reclaim(struct zone *zone, int order,
                                 next_mz =
                                 __mem_cgroup_largest_soft_limit_node(mctz);
                                 if (next_mz == mz)
-                                       css_put(&next_mz->mem->css);
+                                       css_put(&next_mz->memcg->css);
                                 else /* next_mz == NULL or other memcg */
                                         break;
                         } while (1);
                 }
-               __mem_cgroup_remove_exceeded(mz->mem, mz, mctz);
-               excess = res_counter_soft_limit_excess(&mz->mem->res);
+               __mem_cgroup_remove_exceeded(mz->memcg, mz, mctz);
+               excess = res_counter_soft_limit_excess(&mz->memcg->res);
                 /*
                  * One school of thought says that we should not add
                  * back the node to the tree if reclaim returns 0.
@@ -3680,9 +3628,9 @@ unsigned long mem_cgroup_soft_limit_reclaim(struct zone *zone, int order,
                  * term TODO.
                  */
                 /* If excess == 0, no tree ops */
-               __mem_cgroup_insert_exceeded(mz->mem, mz, mctz, excess);
+               __mem_cgroup_insert_exceeded(mz->memcg, mz, mctz, excess);
                 spin_unlock(&mctz->lock);
-               css_put(&mz->mem->css);
+               css_put(&mz->memcg->css);
                 loop++;
                 /*
                  * Could not reclaim anything and there are no more
@@ -3695,7 +3643,7 @@ unsigned long mem_cgroup_soft_limit_reclaim(struct zone *zone, int order,
                         break;
         } while (!nr_reclaimed);
         if (next_mz)
-               css_put(&next_mz->mem->css);
+               css_put(&next_mz->memcg->css);
         return nr_reclaimed;
  }
  
@@ -3706,22 +3654,23 @@ unsigned long mem_cgroup_soft_limit_reclaim(struct zone *zone, int order,
  static int mem_cgroup_force_empty_list(struct mem_cgroup *memcg,
                                 int node, int zid, enum lru_list lru)
  {
-       struct zone *zone;
         struct mem_cgroup_per_zone *mz;
-       struct page_cgroup *pc, *busy;
         unsigned long flags, loop;
         struct list_head *list;
+       struct page *busy;
+       struct zone *zone;
         int ret = 0;
  
         zone = &NODE_DATA(node)->node_zones[zid];
         mz = mem_cgroup_zoneinfo(memcg, node, zid);
-       list = &mz->lists[lru];
+       list = &mz->lruvec.lists[lru];
  
-       loop = MEM_CGROUP_ZSTAT(mz, lru);
+       loop = mz->lru_size[lru];
         /* give some margin against EBUSY etc...*/
         loop += 256;
         busy = NULL;
         while (loop--) {
+               struct page_cgroup *pc;
                 struct page *page;
  
                 ret = 0;
@@ -3730,24 +3679,24 @@ static int mem_cgroup_force_empty_list(struct mem_cgroup *memcg,
                         spin_unlock_irqrestore(&zone->lru_lock, flags);
                         break;
                 }
-               pc = list_entry(list->prev, struct page_cgroup, lru);
-               if (busy == pc) {
-                       list_move(&pc->lru, list);
+               page = list_entry(list->prev, struct page, lru);
+               if (busy == page) {
+                       list_move(&page->lru, list);
                         busy = NULL;
                         spin_unlock_irqrestore(&zone->lru_lock, flags);
                         continue;
                 }
                 spin_unlock_irqrestore(&zone->lru_lock, flags);
  
-               page = lookup_cgroup_page(pc);
+               pc = lookup_page_cgroup(page);
  
                 ret = mem_cgroup_move_parent(page, pc, memcg, GFP_KERNEL);
-               if (ret == -ENOMEM)
+               if (ret == -ENOMEM || ret == -EINTR)
                         break;
  
                 if (ret == -EBUSY || ret == -EINVAL) {
                         /* found lock contention or "pc" is obsolete. */
-                       busy = pc;
+                       busy = page;
                         cond_resched();
                 } else
                         busy = NULL;
@@ -3790,10 +3739,10 @@ move_account:
                 mem_cgroup_start_move(memcg);
                 for_each_node_state(node, N_HIGH_MEMORY) {
                         for (zid = 0; !ret && zid < MAX_NR_ZONES; zid++) {
-                               enum lru_list l;
-                               for_each_lru(l) {
+                               enum lru_list lru;
+                               for_each_lru(lru) {
                                         ret = mem_cgroup_force_empty_list(memcg,
-                                                       node, zid, l);
+                                                       node, zid, lru);
                                         if (ret)
                                                 break;
                                 }
@@ -3808,7 +3757,7 @@ move_account:
                         goto try_to_free;
                 cond_resched();
         /* "ret" should also be checked to ensure all lists are empty. */
-       } while (memcg->res.usage > 0 || ret);
+       } while (res_counter_read_u64(&memcg->res, RES_USAGE) > 0 || ret);
  out:
         css_put(&memcg->css);
         return ret;
@@ -3823,7 +3772,7 @@ try_to_free:
         lru_add_drain_all();
         /* try to free all pages in this cgroup */
         shrink = 1;
-       while (nr_retries && memcg->res.usage > 0) {
+       while (nr_retries && res_counter_read_u64(&memcg->res, RES_USAGE) > 0) {
                 int progress;
  
                 if (signal_pending(current)) {
@@ -3947,7 +3896,6 @@ static u64 mem_cgroup_read(struct cgroup *cont, struct cftype *cft)
                 break;
         default:
                 BUG();
-               break;
         }
         return val;
  }
@@ -4026,7 +3974,6 @@ static void memcg_get_hierarchical_limit(struct mem_cgroup *memcg,
  out:
         *mem_limit = min_limit;
         *memsw_limit = min_memsw_limit;
-       return;
  }
  
  static int mem_cgroup_reset(struct cgroup *cont, unsigned int event)
@@ -4185,38 +4132,38 @@ static int mem_control_numa_stat_show(struct seq_file *m, void *arg)
         unsigned long total_nr, file_nr, anon_nr, unevictable_nr;
         unsigned long node_nr;
         struct cgroup *cont = m->private;
-       struct mem_cgroup *mem_cont = mem_cgroup_from_cont(cont);
+       struct mem_cgroup *memcg = mem_cgroup_from_cont(cont);
  
-       total_nr = mem_cgroup_nr_lru_pages(mem_cont, LRU_ALL);
+       total_nr = mem_cgroup_nr_lru_pages(memcg, LRU_ALL);
         seq_printf(m, "total=%lu", total_nr);
         for_each_node_state(nid, N_HIGH_MEMORY) {
-               node_nr = mem_cgroup_node_nr_lru_pages(mem_cont, nid, LRU_ALL);
+               node_nr = mem_cgroup_node_nr_lru_pages(memcg, nid, LRU_ALL);
                 seq_printf(m, " N%d=%lu", nid, node_nr);
         }
         seq_putc(m, '\n');
  
-       file_nr = mem_cgroup_nr_lru_pages(mem_cont, LRU_ALL_FILE);
+       file_nr = mem_cgroup_nr_lru_pages(memcg, LRU_ALL_FILE);
         seq_printf(m, "file=%lu", file_nr);
         for_each_node_state(nid, N_HIGH_MEMORY) {
-               node_nr = mem_cgroup_node_nr_lru_pages(mem_cont, nid,
+               node_nr = mem_cgroup_node_nr_lru_pages(memcg, nid,
                                 LRU_ALL_FILE);
                 seq_printf(m, " N%d=%lu", nid, node_nr);
         }
         seq_putc(m, '\n');
  
-       anon_nr = mem_cgroup_nr_lru_pages(mem_cont, LRU_ALL_ANON);
+       anon_nr = mem_cgroup_nr_lru_pages(memcg, LRU_ALL_ANON);
         seq_printf(m, "anon=%lu", anon_nr);
         for_each_node_state(nid, N_HIGH_MEMORY) {
-               node_nr = mem_cgroup_node_nr_lru_pages(mem_cont, nid,
+               node_nr = mem_cgroup_node_nr_lru_pages(memcg, nid,
                                 LRU_ALL_ANON);
                 seq_printf(m, " N%d=%lu", nid, node_nr);
         }
         seq_putc(m, '\n');
  
-       unevictable_nr = mem_cgroup_nr_lru_pages(mem_cont, BIT(LRU_UNEVICTABLE));
+       unevictable_nr = mem_cgroup_nr_lru_pages(memcg, BIT(LRU_UNEVICTABLE));
         seq_printf(m, "unevictable=%lu", unevictable_nr);
         for_each_node_state(nid, N_HIGH_MEMORY) {
-               node_nr = mem_cgroup_node_nr_lru_pages(mem_cont, nid,
+               node_nr = mem_cgroup_node_nr_lru_pages(memcg, nid,
                                 BIT(LRU_UNEVICTABLE));
                 seq_printf(m, " N%d=%lu", nid, node_nr);
         }
@@ -4228,12 +4175,12 @@ static int mem_control_numa_stat_show(struct seq_file *m, void *arg)
  static int mem_control_stat_show(struct cgroup *cont, struct cftype *cft,
                                  struct cgroup_map_cb *cb)
  {
-       struct mem_cgroup *mem_cont = mem_cgroup_from_cont(cont);
+       struct mem_cgroup *memcg = mem_cgroup_from_cont(cont);
         struct mcs_total_stat mystat;
         int i;
  
         memset(&mystat, 0, sizeof(mystat));
-       mem_cgroup_get_local_stat(mem_cont, &mystat);
+       mem_cgroup_get_local_stat(memcg, &mystat);
  
  
         for (i = 0; i < NR_MCS_STAT; i++) {
@@ -4245,14 +4192,14 @@ static int mem_control_stat_show(struct cgroup *cont, struct cftype *cft,
         /* Hierarchical information */
         {
                 unsigned long long limit, memsw_limit;
-               memcg_get_hierarchical_limit(mem_cont, &limit, &memsw_limit);
+               memcg_get_hierarchical_limit(memcg, &limit, &memsw_limit);
                 cb->fill(cb, "hierarchical_memory_limit", limit);
                 if (do_swap_account)
                         cb->fill(cb, "hierarchical_memsw_limit", memsw_limit);
         }
  
         memset(&mystat, 0, sizeof(mystat));
-       mem_cgroup_get_total_stat(mem_cont, &mystat);
+       mem_cgroup_get_total_stat(memcg, &mystat);
         for (i = 0; i < NR_MCS_STAT; i++) {
                 if (i == MCS_SWAP && !do_swap_account)
                         continue;
@@ -4268,7 +4215,7 @@ static int mem_control_stat_show(struct cgroup *cont, struct cftype *cft,
  
                 for_each_online_node(nid)
                         for (zid = 0; zid < MAX_NR_ZONES; zid++) {
-                               mz = mem_cgroup_zoneinfo(mem_cont, nid, zid);
+                               mz = mem_cgroup_zoneinfo(memcg, nid, zid);
  
                                 recent_rotated[0] +=
                                         mz->reclaim_stat.recent_rotated[0];
@@ -4513,11 +4460,8 @@ static void mem_cgroup_usage_unregister_event(struct cgroup *cgrp,
         else
                 BUG();
  
-       /*
-        * Something went wrong if we trying to unregister a threshold
-        * if we don't have thresholds
-        */
-       BUG_ON(!thresholds);
+       if (!thresholds->primary)
+               goto unlock;
  
         usage = mem_cgroup_usage(memcg, type == _MEMSWAP);
  
@@ -4563,11 +4507,17 @@ static void mem_cgroup_usage_unregister_event(struct cgroup *cgrp,
  swap_buffers:
         /* Swap primary and spare array */
         thresholds->spare = thresholds->primary;
+       /* If all events are unregistered, free the spare array */
+       if (!new) {
+               kfree(thresholds->spare);
+               thresholds->spare = NULL;
+       }
+
         rcu_assign_pointer(thresholds->primary, new);
  
         /* To be sure that nobody uses thresholds */
         synchronize_rcu();
-
+unlock:
         mutex_unlock(&memcg->thresholds_lock);
  }
  
@@ -4686,10 +4636,9 @@ static int register_kmem_files(struct cgroup *cont, struct cgroup_subsys *ss)
         return mem_cgroup_sockets_init(cont, ss);
  };
  
-static void kmem_cgroup_destroy(struct cgroup_subsys *ss,
-                               struct cgroup *cont)
+static void kmem_cgroup_destroy(struct cgroup *cont)
  {
-       mem_cgroup_sockets_destroy(cont, ss);
+       mem_cgroup_sockets_destroy(cont);
  }
  #else
  static int register_kmem_files(struct cgroup *cont, struct cgroup_subsys *ss)
@@ -4697,8 +4646,7 @@ static int register_kmem_files(struct cgroup *cont, struct cgroup_subsys *ss)
         return 0;
  }
  
-static void kmem_cgroup_destroy(struct cgroup_subsys *ss,
-                               struct cgroup *cont)
+static void kmem_cgroup_destroy(struct cgroup *cont)
  {
  }
  #endif
@@ -4822,7 +4770,7 @@ static int alloc_mem_cgroup_per_zone_info(struct mem_cgroup *memcg, int node)
  {
         struct mem_cgroup_per_node *pn;
         struct mem_cgroup_per_zone *mz;
-       enum lru_list l;
+       enum lru_list lru;
         int zone, tmp = node;
         /*
          * This routine is called against possible nodes.
@@ -4840,11 +4788,11 @@ static int alloc_mem_cgroup_per_zone_info(struct mem_cgroup *memcg, int node)
  
         for (zone = 0; zone < MAX_NR_ZONES; zone++) {
                 mz = &pn->zoneinfo[zone];
-               for_each_lru(l)
-                       INIT_LIST_HEAD(&mz->lists[l]);
+               for_each_lru(lru)
+                       INIT_LIST_HEAD(&mz->lruvec.lists[lru]);
                 mz->usage_in_excess = 0;
                 mz->on_tree = false;
-               mz->mem = memcg;
+               mz->memcg = memcg;
         }
         memcg->info.nodeinfo[node] = pn;
         return 0;
@@ -4857,33 +4805,54 @@ static void free_mem_cgroup_per_zone_info(struct mem_cgroup *memcg, int node)
  
  static struct mem_cgroup *mem_cgroup_alloc(void)
  {
-       struct mem_cgroup *mem;
+       struct mem_cgroup *memcg;
         int size = sizeof(struct mem_cgroup);
  
         /* Can be very big if MAX_NUMNODES is very big */
         if (size < PAGE_SIZE)
-               mem = kzalloc(size, GFP_KERNEL);
+               memcg = kzalloc(size, GFP_KERNEL);
         else
-               mem = vzalloc(size);
+               memcg = vzalloc(size);
  
-       if (!mem)
+       if (!memcg)
                 return NULL;
  
-       mem->stat = alloc_percpu(struct mem_cgroup_stat_cpu);
-       if (!mem->stat)
+       memcg->stat = alloc_percpu(struct mem_cgroup_stat_cpu);
+       if (!memcg->stat)
                 goto out_free;
-       spin_lock_init(&mem->pcp_counter_lock);
-       return mem;
+       spin_lock_init(&memcg->pcp_counter_lock);
+       return memcg;
  
  out_free:
         if (size < PAGE_SIZE)
-               kfree(mem);
+               kfree(memcg);
         else
-               vfree(mem);
+               vfree(memcg);
         return NULL;
  }
  
  /*
+ * Helpers for freeing a vzalloc()ed mem_cgroup by RCU,
+ * but in process context.  The work_freeing structure is overlaid
+ * on the rcu_freeing structure, which itself is overlaid on memsw.
+ */
+static void vfree_work(struct work_struct *work)
+{
+       struct mem_cgroup *memcg;
+
+       memcg = container_of(work, struct mem_cgroup, work_freeing);
+       vfree(memcg);
+}
+static void vfree_rcu(struct rcu_head *rcu_head)
+{
+       struct mem_cgroup *memcg;
+
+       memcg = container_of(rcu_head, struct mem_cgroup, rcu_freeing);
+       INIT_WORK(&memcg->work_freeing, vfree_work);
+       schedule_work(&memcg->work_freeing);
+}
+
+/*
   * At destroying mem_cgroup, references from swap_cgroup can remain.
   * (scanning all at force_empty is too costly...)
   *
@@ -4901,14 +4870,14 @@ static void __mem_cgroup_free(struct mem_cgroup *memcg)
         mem_cgroup_remove_from_trees(memcg);
         free_css_id(&mem_cgroup_subsys, &memcg->css);
  
-       for_each_node_state(node, N_POSSIBLE)
+       for_each_node(node)
                 free_mem_cgroup_per_zone_info(memcg, node);
  
         free_percpu(memcg->stat);
         if (sizeof(struct mem_cgroup) < PAGE_SIZE)
-               kfree(memcg);
+               kfree_rcu(memcg, rcu_freeing);
         else
-               vfree(memcg);
+               call_rcu(&memcg->rcu_freeing, vfree_rcu);
  }
  
  static void mem_cgroup_get(struct mem_cgroup *memcg)
@@ -4960,13 +4929,13 @@ static int mem_cgroup_soft_limit_tree_init(void)
         struct mem_cgroup_tree_per_zone *rtpz;
         int tmp, node, zone;
  
-       for_each_node_state(node, N_POSSIBLE) {
+       for_each_node(node) {
                 tmp = node;
                 if (!node_state(node, N_NORMAL_MEMORY))
                         tmp = -1;
                 rtpn = kzalloc_node(sizeof(*rtpn), GFP_KERNEL, tmp);
                 if (!rtpn)
-                       return 1;
+                       goto err_cleanup;
  
                 soft_limit_tree.rb_tree_per_node[node] = rtpn;
  
@@ -4977,10 +4946,20 @@ static int mem_cgroup_soft_limit_tree_init(void)
                 }
         }
         return 0;
+
+err_cleanup:
+       for_each_node(node) {
+               if (!soft_limit_tree.rb_tree_per_node[node])
+                       break;
+               kfree(soft_limit_tree.rb_tree_per_node[node]);
+               soft_limit_tree.rb_tree_per_node[node] = NULL;
+       }
+       return 1;
+
  }
  
  static struct cgroup_subsys_state * __ref
-mem_cgroup_create(struct cgroup_subsys *ss, struct cgroup *cont)
+mem_cgroup_create(struct cgroup *cont)
  {
         struct mem_cgroup *memcg, *parent;
         long error = -ENOMEM;
@@ -4990,7 +4969,7 @@ mem_cgroup_create(struct cgroup_subsys *ss, struct cgroup *cont)
         if (!memcg)
                 return ERR_PTR(error);
  
-       for_each_node_state(node, N_POSSIBLE)
+       for_each_node(node)
                 if (alloc_mem_cgroup_per_zone_info(memcg, node))
                         goto free_out;
  
@@ -5028,7 +5007,6 @@ mem_cgroup_create(struct cgroup_subsys *ss, struct cgroup *cont)
                 res_counter_init(&memcg->res, NULL);
                 res_counter_init(&memcg->memsw, NULL);
         }
-       memcg->last_scanned_child = 0;
         memcg->last_scanned_node = MAX_NUMNODES;
         INIT_LIST_HEAD(&memcg->oom_notify);
  
@@ -5037,26 +5015,25 @@ mem_cgroup_create(struct cgroup_subsys *ss, struct cgroup *cont)
         atomic_set(&memcg->refcnt, 1);
         memcg->move_charge_at_immigrate = 0;
         mutex_init(&memcg->thresholds_lock);
+       spin_lock_init(&memcg->move_lock);
         return &memcg->css;
  free_out:
         __mem_cgroup_free(memcg);
         return ERR_PTR(error);
  }
  
-static int mem_cgroup_pre_destroy(struct cgroup_subsys *ss,
-                                       struct cgroup *cont)
+static int mem_cgroup_pre_destroy(struct cgroup *cont)
  {
         struct mem_cgroup *memcg = mem_cgroup_from_cont(cont);
  
         return mem_cgroup_force_empty(memcg, false);
  }
  
-static void mem_cgroup_destroy(struct cgroup_subsys *ss,
-                               struct cgroup *cont)
+static void mem_cgroup_destroy(struct cgroup *cont)
  {
         struct mem_cgroup *memcg = mem_cgroup_from_cont(cont);
  
-       kmem_cgroup_destroy(ss, cont);
+       kmem_cgroup_destroy(cont);
  
         mem_cgroup_put(memcg);
  }
@@ -5124,16 +5101,16 @@ one_by_one:
                 }
                 ret = __mem_cgroup_try_charge(NULL,
                                         GFP_KERNEL, 1, &memcg, false);
-               if (ret || !memcg)
+               if (ret)
                         /* mem_cgroup_clear_mc() will do uncharge later */
-                       return -ENOMEM;
+                       return ret;
                 mc.precharge++;
         }
         return ret;
  }
  
  /**
- * is_target_pte_for_mc - check a pte whether it is valid for move charge
+ * get_mctgt_type - get target type of moving charge
   * @vma: the vma the pte to be checked belongs
   * @addr: the address corresponding to the pte to be checked
   * @ptent: the pte to be checked
@@ -5156,7 +5133,7 @@ union mc_target {
  };
  
  enum mc_target_type {
-       MC_TARGET_NONE, /* not used */
+       MC_TARGET_NONE = 0,
         MC_TARGET_PAGE,
         MC_TARGET_SWAP,
  };
@@ -5237,12 +5214,12 @@ static struct page *mc_handle_file_pte(struct vm_area_struct *vma,
         return page;
  }
  
-static int is_target_pte_for_mc(struct vm_area_struct *vma,
+static enum mc_target_type get_mctgt_type(struct vm_area_struct *vma,
                 unsigned long addr, pte_t ptent, union mc_target *target)
  {
         struct page *page = NULL;
         struct page_cgroup *pc;
-       int ret = 0;
+       enum mc_target_type ret = MC_TARGET_NONE;
         swp_entry_t ent = { .val = 0 };
  
         if (pte_present(ptent))
@@ -5253,7 +5230,7 @@ static int is_target_pte_for_mc(struct vm_area_struct *vma,
                 page = mc_handle_file_pte(vma, addr, ptent, &ent);
  
         if (!page && !ent.val)
-               return 0;
+               return ret;
         if (page) {
                 pc = lookup_page_cgroup(page);
                 /*
@@ -5271,7 +5248,7 @@ static int is_target_pte_for_mc(struct vm_area_struct *vma,
         }
         /* There is a swap entry and a page doesn't exist or isn't charged */
         if (ent.val && !ret &&
-                       css_id(&mc.from->css) == lookup_swap_cgroup(ent)) {
+                       css_id(&mc.from->css) == lookup_swap_cgroup_id(ent)) {
                 ret = MC_TARGET_SWAP;
                 if (target)
                         target->ent = ent;
@@ -5279,6 +5256,41 @@ static int is_target_pte_for_mc(struct vm_area_struct *vma,
         return ret;
  }
  
+#ifdef CONFIG_TRANSPARENT_HUGEPAGE
+/*
+ * We don't consider swapping or file mapped pages because THP does not
+ * support them for now.
+ * Caller should make sure that pmd_trans_huge(pmd) is true.
+ */
+static enum mc_target_type get_mctgt_type_thp(struct vm_area_struct *vma,
+               unsigned long addr, pmd_t pmd, union mc_target *target)
+{
+       struct page *page = NULL;
+       struct page_cgroup *pc;
+       enum mc_target_type ret = MC_TARGET_NONE;
+
+       page = pmd_page(pmd);
+       VM_BUG_ON(!page || !PageHead(page));
+       if (!move_anon())
+               return ret;
+       pc = lookup_page_cgroup(page);
+       if (PageCgroupUsed(pc) && pc->mem_cgroup == mc.from) {
+               ret = MC_TARGET_PAGE;
+               if (target) {
+                       get_page(page);
+                       target->page = page;
+               }
+       }
+       return ret;
+}
+#else
+static inline enum mc_target_type get_mctgt_type_thp(struct vm_area_struct *vma,
+               unsigned long addr, pmd_t pmd, union mc_target *target)
+{
+       return MC_TARGET_NONE;
+}
+#endif
+
  static int mem_cgroup_count_precharge_pte_range(pmd_t *pmd,
                                         unsigned long addr, unsigned long end,
                                         struct mm_walk *walk)
@@ -5287,11 +5299,18 @@ static int mem_cgroup_count_precharge_pte_range(pmd_t *pmd,
         pte_t *pte;
         spinlock_t *ptl;
  
-       split_huge_page_pmd(walk->mm, pmd);
+       if (pmd_trans_huge_lock(pmd, vma) == 1) {
+               if (get_mctgt_type_thp(vma, addr, *pmd, NULL) == MC_TARGET_PAGE)
+                       mc.precharge += HPAGE_PMD_NR;
+               spin_unlock(&vma->vm_mm->page_table_lock);
+               return 0;
+       }
  
+       if (pmd_trans_unstable(pmd))
+               return 0;
         pte = pte_offset_map_lock(vma->vm_mm, pmd, addr, &ptl);
         for (; addr != end; pte++, addr += PAGE_SIZE)
-               if (is_target_pte_for_mc(vma, addr, *pte, NULL))
+               if (get_mctgt_type(vma, addr, *pte, NULL))
                         mc.precharge++; /* increment precharge temporarily */
         pte_unmap_unlock(pte - 1, ptl);
         cond_resched();
@@ -5393,9 +5412,8 @@ static void mem_cgroup_clear_mc(void)
         mem_cgroup_end_move(from);
  }
  
-static int mem_cgroup_can_attach(struct cgroup_subsys *ss,
-                               struct cgroup *cgroup,
-                               struct cgroup_taskset *tset)
+static int mem_cgroup_can_attach(struct cgroup *cgroup,
+                                struct cgroup_taskset *tset)
  {
         struct task_struct *p = cgroup_taskset_first(tset);
         int ret = 0;
@@ -5433,9 +5451,8 @@ static int mem_cgroup_can_attach(struct cgroup_subsys *ss,
         return ret;
  }
  
-static void mem_cgroup_cancel_attach(struct cgroup_subsys *ss,
-                               struct cgroup *cgroup,
-                               struct cgroup_taskset *tset)
+static void mem_cgroup_cancel_attach(struct cgroup *cgroup,
+                                    struct cgroup_taskset *tset)
  {
         mem_cgroup_clear_mc();
  }
@@ -5448,23 +5465,57 @@ static int mem_cgroup_move_charge_pte_range(pmd_t *pmd,
         struct vm_area_struct *vma = walk->private;
         pte_t *pte;
         spinlock_t *ptl;
+       enum mc_target_type target_type;
+       union mc_target target;
+       struct page *page;
+       struct page_cgroup *pc;
+
+       /*
+        * We don't take compound_lock() here but no race with splitting thp
+        * happens because:
+        *  - if pmd_trans_huge_lock() returns 1, the relevant thp is not
+        *    under splitting, which means there's no concurrent thp split,
+        *  - if another thread runs into split_huge_page() just after we
+        *    entered this if-block, the thread must wait for page table lock
+        *    to be unlocked in __split_huge_page_splitting(), where the main
+        *    part of thp split is not executed yet.
+        */
+       if (pmd_trans_huge_lock(pmd, vma) == 1) {
+               if (mc.precharge < HPAGE_PMD_NR) {
+                       spin_unlock(&vma->vm_mm->page_table_lock);
+                       return 0;
+               }
+               target_type = get_mctgt_type_thp(vma, addr, *pmd, &target);
+               if (target_type == MC_TARGET_PAGE) {
+                       page = target.page;
+                       if (!isolate_lru_page(page)) {
+                               pc = lookup_page_cgroup(page);
+                               if (!mem_cgroup_move_account(page, HPAGE_PMD_NR,
+                                                            pc, mc.from, mc.to,
+                                                            false)) {
+                                       mc.precharge -= HPAGE_PMD_NR;
+                                       mc.moved_charge += HPAGE_PMD_NR;
+                               }
+                               putback_lru_page(page);
+                       }
+                       put_page(page);
+               }
+               spin_unlock(&vma->vm_mm->page_table_lock);
+               return 0;
+       }
  
-       split_huge_page_pmd(walk->mm, pmd);
+       if (pmd_trans_unstable(pmd))
+               return 0;
  retry:
         pte = pte_offset_map_lock(vma->vm_mm, pmd, addr, &ptl);
         for (; addr != end; addr += PAGE_SIZE) {
                 pte_t ptent = *(pte++);
-               union mc_target target;
-               int type;
-               struct page *page;
-               struct page_cgroup *pc;
                 swp_entry_t ent;
  
                 if (!mc.precharge)
                         break;
  
-               type = is_target_pte_for_mc(vma, addr, ptent, &target);
-               switch (type) {
+               switch (get_mctgt_type(vma, addr, ptent, &target)) {
                 case MC_TARGET_PAGE:
                         page = target.page;
                         if (isolate_lru_page(page))
@@ -5477,7 +5528,7 @@ retry:
                                 mc.moved_charge++;
                         }
                         putback_lru_page(page);
-put:                   /* is_target_pte_for_mc() gets the page */
+put:                   /* get_mctgt_type() gets the page */
                         put_page(page);
                         break;
                 case MC_TARGET_SWAP:
@@ -5550,9 +5601,8 @@ retry:
         up_read(&mm->mmap_sem);
  }
  
-static void mem_cgroup_move_task(struct cgroup_subsys *ss,
-                               struct cgroup *cont,
-                               struct cgroup_taskset *tset)
+static void mem_cgroup_move_task(struct cgroup *cont,
+                                struct cgroup_taskset *tset)
  {
         struct task_struct *p = cgroup_taskset_first(tset);
         struct mm_struct *mm = get_task_mm(p);
@@ -5567,20 +5617,17 @@ static void mem_cgroup_move_task(struct cgroup_subsys *ss,
                 mem_cgroup_clear_mc();
  }
  #else  /* !CONFIG_MMU */
-static int mem_cgroup_can_attach(struct cgroup_subsys *ss,
-                               struct cgroup *cgroup,
-                               struct cgroup_taskset *tset)
+static int mem_cgroup_can_attach(struct cgroup *cgroup,
+                                struct cgroup_taskset *tset)
  {
         return 0;
  }
-static void mem_cgroup_cancel_attach(struct cgroup_subsys *ss,
-                               struct cgroup *cgroup,
-                               struct cgroup_taskset *tset)
+static void mem_cgroup_cancel_attach(struct cgroup *cgroup,
+                                    struct cgroup_taskset *tset)
  {
  }
-static void mem_cgroup_move_task(struct cgroup_subsys *ss,
-                               struct cgroup *cont,
-                               struct cgroup_taskset *tset)
+static void mem_cgroup_move_task(struct cgroup *cont,
+                                struct cgroup_taskset *tset)
  {
  }
  #endif