On Wed, 23 Jan 2013, Simon Jeons wrote:

On Wed, 2013-01-23 at 21:45 +0000, Christoph Lameter wrote:

quoted

The variables accessed in slab_alloc are volatile and therefore
the page pointer passed to node_match can be NULL. The processing
of data in slab_alloc is tentative until either the cmpxhchg
succeeds or the __slab_alloc slowpath is invoked. Both are
able to perform the same allocation from the freelist.

Check for the NULL pointer in node_match.

A false positive will lead to a retry of the loop in __slab_alloc.

Hi Christoph,

Since page_to_nid(NULL) will trigger bug, then how can run into
__slab_alloc?

page = NULL

	 ->

node_match(NULL, xx) = 0

 	->

call into __slab_alloc.

__slab_alloc() will check for !c->page which requires the assignment of a
new per cpu slab page.

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>