Thread (26 messages) 26 messages, 2 authors, 2012-07-31

Re: Common [13/20] Extract a common function for kmem_cache_destroy

From: Glauber Costa <hidden>
Date: 2012-07-31 12:04:13

On 06/01/2012 11:52 PM, Christoph Lameter wrote:
kmem_cache_destroy does basically the same in all allocators.

Extract common code which is easy since we already have common mutex handling.

Signed-off-by: Christoph Lameter <redacted>


---

+	return kmem_cache_close(s);
+}
+
+void __kmem_cache_destroy(struct kmem_cache *s)
+{
+	sysfs_slab_remove(s);
+	kfree(s);
 }
-EXPORT_SYMBOL(kmem_cache_destroy);
 
Christoph,

While testing corner cases of slab memcg, I reached a bug that can be
tracked down to those patches. They are not merged yet, so please mind
them in your next submission. The problem seem to be a consequence of
more than one patch, this one included.

Problem is that you are now allocating objects from kmem_cache with
kmem_cache_alloc, but freeing it with kfree - and in multiple locations.

In particular, after the whole series is applied, you will have a call
to "kfree(s)" in sysfs_slab_remove() that is called from
kmem_cache_shutdown(), and later on kmem_cache_free(kmem_cache, s) from
the destruction common code -> a double free.

Please fix this for the next round.

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help