projects / GitHub / LineageOS / android_kernel_motorola_exynos9610.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 28d0325)
fix RCU-callback-after-kmem_cache_destroy problem in sl[aou]b
authorPaul E. McKenney <paulmck@linux.vnet.ibm.com>
Thu, 25 Jun 2009 19:31:37 +0000 (12:31 -0700)
committerPekka Enberg <penberg@cs.helsinki.fi>
Fri, 26 Jun 2009 09:10:47 +0000 (12:10 +0300)
Jesper noted that kmem_cache_destroy() invokes synchronize_rcu() rather than
rcu_barrier() in the SLAB_DESTROY_BY_RCU case, which could result in RCU
callbacks accessing a kmem_cache after it had been destroyed.

Cc: <stable@kernel.org>
Acked-by: Matt Mackall <mpm@selenic.com>
Reported-by: Jesper Dangaard Brouer <hawk@comx.dk>
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: Pekka Enberg <penberg@cs.helsinki.fi>
mm/slab.c patch | blob | blame | history
mm/slob.c patch | blob | blame | history
mm/slub.c patch | blob | blame | history

diff --git a/mm/slab.c b/mm/slab.c
index e74a16e4ced605111bd0f84154273c038bb0d9e3..5241b6598ba3838c0750fe08d5f0ba4fe3a6e2a2 100644 (file)
--- a/mm/slab.c
+++ b/mm/slab.c
@@ -2547,7 +2547,7 @@ void kmem_cache_destroy(struct kmem_cache *cachep)
        }
 
        if (unlikely(cachep->flags & SLAB_DESTROY_BY_RCU))
-               synchronize_rcu();
+               rcu_barrier();
 
        __kmem_cache_destroy(cachep);
        mutex_unlock(&cache_chain_mutex);
diff --git a/mm/slob.c b/mm/slob.c
index c78742defdc6477ef7474ebc1fc8117173aaabfc..9641da3d5e58dfca1d7c79dbef99760364fa98b2 100644 (file)
--- a/mm/slob.c
+++ b/mm/slob.c
@@ -595,6 +595,8 @@ EXPORT_SYMBOL(kmem_cache_create);
 void kmem_cache_destroy(struct kmem_cache *c)
 {
        kmemleak_free(c);
+       if (c->flags & SLAB_DESTROY_BY_RCU)
+               rcu_barrier();
        slob_free(c, sizeof(struct kmem_cache));
 }
 EXPORT_SYMBOL(kmem_cache_destroy);
diff --git a/mm/slub.c b/mm/slub.c
index 819f056b39c6f27100e8b89f91acc42b3c5f5bd6..a9201d83178b8d47d38897ff44814225e37b3102 100644 (file)
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -2595,6 +2595,8 @@ static inline int kmem_cache_close(struct kmem_cache *s)
  */
 void kmem_cache_destroy(struct kmem_cache *s)
 {
+       if (s->flags & SLAB_DESTROY_BY_RCU)
+               rcu_barrier();
        down_write(&slub_lock);
        s->refcount--;
        if (!s->refcount) {