Re: Common10 [06/20] Extract a common function for kmem_cache_destroy

linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed

From: JoonSoo Kim <js1304@gmail.com>
To: Christoph Lameter <cl@linux.com>
Cc: Glauber Costa <glommer@parallels.com>,
	Pekka Enberg <penberg@kernel.org>,
	linux-mm@kvack.org, David Rientjes <rientjes@google.com>
Subject: Re: Common10 [06/20] Extract a common function for kmem_cache_destroy
Date: Sun, 5 Aug 2012 02:21:46 +0900	[thread overview]
Message-ID: <CAAmzW4NVxsV2pOWYkrq0e7CSafafEq7QBsvD6Zh3ztuYzaLJSQ@mail.gmail.com> (raw)
In-Reply-To: <20120803192151.110627928@linux.com>

> Index: linux-2.6/mm/slab_common.c
> ===================================================================
> --- linux-2.6.orig/mm/slab_common.c     2012-08-02 14:21:12.797779926 -0500
> +++ linux-2.6/mm/slab_common.c  2012-08-02 14:21:17.301860675 -0500
> @@ -130,6 +130,31 @@
>  }
>  EXPORT_SYMBOL(kmem_cache_create);
>
> +void kmem_cache_destroy(struct kmem_cache *s)
> +{
> +       get_online_cpus();
> +       mutex_lock(&slab_mutex);
> +       s->refcount--;
> +       if (!s->refcount) {
> +               list_del(&s->list);
> +
> +               if (!__kmem_cache_shutdown(s)) {
> +                       if (s->flags & SLAB_DESTROY_BY_RCU)
> +                               rcu_barrier();
> +
> +                       __kmem_cache_destroy(s);
> +               } else {
> +                       list_add(&s->list, &slab_caches);
> +                       printk(KERN_ERR "kmem_cache_destroy %s: Slab cache still has objects\n",
> +                               s->name);
> +                       dump_stack();
> +               }
> +       }
> +       mutex_unlock(&slab_mutex);
> +       put_online_cpus();
> +}
> +EXPORT_SYMBOL(kmem_cache_destroy);

This common code diverts behavior of slub when objects is remained.
Before patch, regardless of number of remaining objects, kmem_cache is
always destroyed.
After patch, when objects is remained, kmem_cache is also remained.
This is problematic behavior as kmem_cache_close() already free
per-cpu structure.
If we reuse this kmem_cache, we may encounter NULL pointer dereference.

I suggest following modification.
I thinks it is sufficient to prevent above mentioned case.

diff --git a/mm/slub.c b/mm/slub.c
index cfe4abb..7f26b39 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -3184,7 +3184,6 @@ static inline int kmem_cache_close(struct kmem_cache *s)
        int node;

        flush_all(s);
-       free_percpu(s->cpu_slab);
        /* Attempt to free all objects */
        for_each_node_state(node, N_NORMAL_MEMORY) {
                struct kmem_cache_node *n = get_node(s, node);
@@ -3193,6 +3192,7 @@ static inline int kmem_cache_close(struct kmem_cache *s)
                if (n->nr_partial || slabs_node(s, node))
                        return 1;
        }
+       free_percpu(s->cpu_slab);
        free_kmem_cache_nodes(s);
        return 0;
 }

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

next prev parent reply	other threads:[~2012-08-04 17:21 UTC|newest]

Thread overview: 39+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-08-03 19:20 Common10 [00/20] Sl[auo]b: Common code rework V10 Christoph Lameter
2012-08-03 19:20 ` Common10 [01/20] slub: Add debugging to verify correct cache use on kmem_cache_free() Christoph Lameter
2012-08-03 19:20 ` Common10 [02/20] slub: Use kmem_cache for the kmem_cache structure Christoph Lameter
2012-08-03 19:20 ` Common10 [03/20] Rename oops label Christoph Lameter
2012-08-03 19:20 ` Common10 [04/20] Improve error handling in kmem_cache_create Christoph Lameter
2012-08-03 19:20 ` Common10 [05/20] Move list_add() to slab_common.c Christoph Lameter
2012-08-04 17:01   ` JoonSoo Kim
2012-08-08 14:47     ` Christoph Lameter (Open Source)
2012-08-03 19:20 ` Common10 [06/20] Extract a common function for kmem_cache_destroy Christoph Lameter
2012-08-04 17:21   ` JoonSoo Kim [this message]
2012-08-08 14:51     ` Christoph Lameter (Open Source)
2012-08-03 19:20 ` Common10 [07/20] Always use the name "kmem_cache" for the slab cache with the kmem_cache structure Christoph Lameter
2012-08-03 19:21 ` Common10 [08/20] Move freeing of kmem_cache structure to common code Christoph Lameter
2012-08-03 19:21 ` Common10 [09/20] Get rid of __kmem_cache_destroy Christoph Lameter
2012-08-03 19:21 ` Common10 [10/20] Move duping of slab name to slab_common.c Christoph Lameter
2012-08-04 17:34   ` JoonSoo Kim
2012-08-08 14:59     ` Christoph Lameter (Open Source)
2012-08-14 18:42       ` JoonSoo Kim
2012-08-03 19:21 ` Common10 [11/20] Do slab aliasing call from common code Christoph Lameter
2012-08-04 17:44   ` JoonSoo Kim
2012-08-08 15:40     ` Christoph Lameter (Open Source)
2012-08-03 19:21 ` Common10 [12/20] Move sysfs_slab_add to common Christoph Lameter
2012-08-04 17:46   ` JoonSoo Kim
2012-08-08 15:51     ` Christoph Lameter (Open Source)
2012-08-03 19:21 ` Common10 [13/20] Move kmem_cache allocations into common code Christoph Lameter
2012-08-04 17:48   ` JoonSoo Kim
2012-08-08 17:31     ` Christoph Lameter (Open Source)
2012-08-08 13:51   ` Glauber Costa
2012-08-08 17:56     ` Christoph Lameter (Open Source)
2012-08-03 19:21 ` Common10 [14/20] Shrink __kmem_cache_create() parameter lists Christoph Lameter
2012-08-08 13:15   ` Glauber Costa
2012-08-08 17:45     ` Christoph Lameter (Open Source)
2012-08-03 19:21 ` Common10 [15/20] Move kmem_cache refcounting to common code Christoph Lameter
2012-08-03 19:21 ` Common10 [16/20] slub: Use a statically allocated kmem_cache boot structure for bootstrap Christoph Lameter
2012-08-04 17:50   ` JoonSoo Kim
2012-08-03 19:21 ` Common10 [17/20] slab: Simplify bootstrap Christoph Lameter
2012-08-03 19:21 ` Common10 [18/20] create common functions for boot slab creation Christoph Lameter
2012-08-03 19:21 ` Common10 [19/20] slab: Use the new create_boot_cache function to simplify bootstrap Christoph Lameter
2012-08-03 19:21 ` Common10 [20/20] Common alignment code Christoph Lameter

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:cfe4abb dfblob:7f26b39 )
 OR (
bs:"Re: Common10 [06/20] Extract a common function for kmem_cache_destroy" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAAmzW4NVxsV2pOWYkrq0e7CSafafEq7QBsvD6Zh3ztuYzaLJSQ@mail.gmail.com \
    --to=js1304@gmail.com \
    --cc=cl@linux.com \
    --cc=glommer@parallels.com \
    --cc=linux-mm@kvack.org \
    --cc=penberg@kernel.org \
    --cc=rientjes@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).