Re: [PATCH v5.6-rt] mm: slub: Always flush the delayed empty slubs in flush_all()

From: David Rientjes
Date: Mon May 04 2020 - 17:25:17 EST

Next message: Dave Chinner: "Re: [PATCH] fs: xfs: fix a possible data race in xfs_inode_set_reclaim_tag()"
Previous message: Venu Busireddy: "Re: [PATCH v7 03/18] KVM: SVM: Add KVM_SEV_SEND_FINISH command"
In reply to: Sebastian Andrzej Siewior: "Re: [PATCH v5.6-rt] mm: slub: Always flush the delayed empty slubs in flush_all()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 4 May 2020, Kevin Hao wrote:

> After commit f0b231101c94 ("mm/SLUB: delay giving back empty slubs to
> IRQ enabled regions"), when the free_slab() is invoked with the IRQ
> disabled, the empty slubs are moved to a per-CPU list and will be
> freed after IRQ enabled later. But in the current codes, there is
> a check to see if there really has the cpu slub on a specific cpu
> before flushing the delayed empty slubs, this may cause a reference
> of already released kmem_cache in a scenario like below:
> cpu 0 cpu 1
> kmem_cache_destroy()
> flush_all()
> --->IPI flush_cpu_slab()
> flush_slab()
> deactivate_slab()
> discard_slab()
> free_slab()
> c->page = NULL;
> for_each_online_cpu(cpu)
> if (!has_cpu_slab(1, s))
> continue
> this skip to flush the delayed
> empty slub released by cpu1
> kmem_cache_free(kmem_cache, s)
>
> kmalloc()
> __slab_alloc()
> free_delayed()
> __free_slab()
> reference to released kmem_cache
>
> Fixes: f0b231101c94 ("mm/SLUB: delay giving back empty slubs to IRQ enabled regions")
> Signed-off-by: Kevin Hao <haokexin@xxxxxxxxx>

Acked-by: David Rientjes <rientjes@xxxxxxxxxx>

Next message: Dave Chinner: "Re: [PATCH] fs: xfs: fix a possible data race in xfs_inode_set_reclaim_tag()"
Previous message: Venu Busireddy: "Re: [PATCH v7 03/18] KVM: SVM: Add KVM_SEV_SEND_FINISH command"
In reply to: Sebastian Andrzej Siewior: "Re: [PATCH v5.6-rt] mm: slub: Always flush the delayed empty slubs in flush_all()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]