Re: [PATCH] rmaplock 2/6 SLAB_DESTROY_BY_RCU

From: Manfred Spraul
Date: Tue Jul 13 2004 - 15:37:00 EST


Hugh Dickins wrote:

On Tue, 13 Jul 2004, Manfred Spraul wrote:


An interesting idea:
The slab caches are object caches. If a rcu user only needs a valid object but doesn't care which one then there is no need to wait for a quiescent cycle after free - the quiescent cycle can be delayed until the destructor is called.



Sorry, to be honest, I've not understood you there at all.
I wonder if you're seeing some other use than I intended.



No, I just tried to reworden your idea and I obviously failed.
Previously, I always assumed that the free call had to be delayed, but you have shown that this is wrong: If a rcu user can detect that an object changed its identity (or if he doesn't care), then it's not necessary to delay the free call, it's sufficient to delay the object destruction. And since the slab cache is an object cache delaying destruction causes virtually no overhead at all.
A second restriction is that it must be possible to recover from identity changes. I think this rules out the dentry cache - the hash chains point to wrong positions after a free/alloc/reuse cycle, it's not possible to recover from that.

But there are two flaws in your patch:
- you must disable poisoning and unmapping if SLAB_DESTROY_BY_RCU is set.



How right you are! Thank you. Does the further patch below suit?



Yes, that should work.

- either delay the dtor calls a well or fail if an object has a non-NULL dtor and SLAB_DESTROY_BY_RCU is set.



Doesn't that rather depend on what the dtor does? I'm not used to how
destructors are commonly used, but I can easily imagine a destructor
which, say, frees up some attached objects, but still leaves this cache
object recognizably itself, good enough for the reference-after-free
which SLAB_DESTROY_BY_RCU is allowing - all we need to avoid is the
page being freed (or poisoned or unmapped) and reused.

This would introduce a concept of a half destroyed object. I think it's a bad idea, too easy to introduce bugs.
The correct fix would be to move the whole slab_destroy call into the rcu callback instead of just the kmem_cache_free call, but locking would be tricky - kmem_cache_destroy would have to wait for completion of outstanding rcu calls, etc.
Thus I'd propose a quick fix (fail if there is a dtor - are there any slab caches with dtors at all?) and in the long run slab_destroy should be moved into the rcu callback.

--
Manfred
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/